The Royal College of Pathologists is committed to protecting and respecting your privacy. This policy (together with any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
The College’s website (www.rcpath.org) is owned and operated by the Royal College of Pathologists.
What kind of personal data do we collect?
- Member data: In order to provide the range of membership services for you, we need to process certain information about you. We only ask for details that are necessary for providing you with information about how the College is fulfilling its objectives or to help us to help you with professional development or in pathology matters. This includes details such as your name, contact details, qualifications, workplace, professional specialism(s), CPD records, attendance at events, and other information. Where appropriate and in accordance with regulatory or legal requirements, we may also collect information related to your gender, diversity information or details of any professional misconduct. We also collect your banking details in order to process subscription fees or for payments for other services which you contract from the College.
- Prospective member data: If you are in training and/or working towards a College qualification, we need to collect and use information about you, or individuals at your organisation, in the course of providing you services such as: (i) providing examinations; (ii) monitoring your progress through training; (iii) providing you with support in your training programme (or assisting another organisation to do so); (iv) providing you with trainee/work placement services (or assisting another organisation to do so); and/or (v) notifying you of content provided by the College which is likely to be relevant and useful for your career in pathology to you (for example our Bulletin). We also collect your banking details in order to process any fees payable or for payments for other services which you contract from the College.
If you are enquiring about how to become a member of the College or looking for information about a career in pathology we need to collect and use information so that we can supply such information directly to you by post, email or telephone. We also collect your banking details in order to process any fees payable or for payments for services which you contract from the College that you request for this purpose.
- Supplier data: We need a small amount of information from our Suppliers to ensure that things run smoothly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).
How do we collect your personal data?
directly via our website (www.rcpath.org) by entering your details through the MYRCPATH member area
emailing your CV to a College employee with regard to a voluntary appointment
providing information via on-line forms, surveys or via MYRCPATH related to College activities such as consultations or pathology workforce matters
collecting your data through a contractual or commercial relationship with you e.g. for membership subscriptions or attending a fee paying event
via a form which could be online as part of our website or a form provided to us as a hard copy or electronically. Examples of these include:
an application form, as part of the membership registration process
a form to apply for a voluntary role at the College
a form or other request for information about the College, an event, a professional or pathology matter
a form to participate in a training programme
a form to sit an examination
a form to register for events and any hard copy registration at events
contacting us with enquiries or comments by telephone, email or hard copy correspondence.
via a regulatory body such as the General Medical Council
via another authorised body with whom joint education or professional development takes place
via professional bodies with whom there is a sharing of registration for events or activities.
We collect your data automatically via cookies when you visit our website, in line with cookie settings in your browser. We will also collect data from you when you contact us via the website, for example by using the MyRCPath function. Please see our Cookies Policy for more information.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
How do we use your personal data?
We will process any of your personal data, in accordance with our obligations under applicable data protection laws and regulations, for the following reasons: to provide you with the services you have requested; to comply with applicable laws and regulations; for administrative purposes; to assess enquiries; and to provide you with information about us and our services. If, at any time, you do not wish to receive further information about us and our services, contact us at (firstname.lastname@example.org).
What lawful bases do we use to process your information?
The lawful bases for processing personal data are set out in Article 6 of the UK GDPR. At least one of these must apply whenever personal data is to be processed:
- Consent: you have given your consent for us to process your personal data for a specific purpose.
- Performance of a contract: the processing is necessary for the performance of a contract that you have with us, including for the purposes of entering a contract with us.
- Compliance with legal obligation: our processing of your personal information is necessary to comply with the law (e.g. the tax/social security obligation/employment law) (not including contractual obligations).
- Vital interests: the processing is in yours, or someone else’s vital interests.
- Public interest: the processing is necessary to enable us to perform a task in the public interest or an official function, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary in your legitimate interests or the legitimate interests of the College, or those of a third-party, unless the need to protect your personal data overrides those legitimate interests.
Our legitimate interests
enable committee member to committee member (peer to peer) communication about committee matters and outputs according to agreed, defined terms of reference;
benefit the work of a committee, its members and effectiveness of supporting committee administration and management; and,
ensure that the work of the committee is not curtailed, which is a specific benefit for both the member and the College.
Who do we share your personal data with?
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements; or to protect the rights, property, or safety of the College, or others. This includes exchanging information with other companies and organisations for the purposes of safeguarding or other statutory regulations we have to comply with as well as those organisations with whom you and we have reciprocal agreements for providing services for education or professional development.
How do we safeguard your personal data?
We care about protecting your information. That's why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data. The data that we collect from you may be transferred to, and stored at, our servers in the UK. It may also be processed by persons operating in the EEA who work for us or an organisation we have instructed. If we do send your personal data outside the EEA we will take steps to ensure that the recipient implements appropriate measures to protect your information. If we send your data to organisations outside of the EEA area and Switzerland, we will take steps to ensure that there are binding commercial agreements to uphold the security and integrity of your data.
How do we uphold your rights to use personal data?
In order to best tailor our communication to suit you and ensure that you are able to ‘opt-in’ to receive the information that you want, we have a Preferences centre within the members only (myrcpath) area of the website. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You have the right to ask us not to process your personal data for marketing purposes. You can also exercise the right at any time by contacting us at email@example.com.
What are cookies and how do we use them?
Please see our Cookies Policy for more information.
What are my data subject rights?
We support your data subject rights in relation to the processing of your information under the Data Protection Act 2018 and the UK GDPR, including your:
- right to be informed (chiefly via this policy)
- right of access
- right to rectification
- right to erasure
- right to restrict processing
- right to data portability
- right to object
- rights related to automated decision-making including profiling.
You can exercise any of these rights by contacting us using any of the methods shown below in the ‘How do I contact you?’ section. We will respond to your request as quickly as possible. Usually, this will be within one month of receiving your request.
Access rights to academic performance
You are advised that under the UK GDPR, you may use your right of access to request information about you and your academic performance, this may include:
- the examiner's assessment
- written comments about the provisional grade
- records of past performance
However, you do not have the right to access any information that you have recorded yourself. This means that you cannot get copies of your answers from examinations or assessments.
Provided the results have been announced, we must respond to your request within one month. However, if you request this information before the results are announced, we must respond:
- within five months of the date of your request; or
- within 40 days from when the results are announced (whichever is earlier).
In some circumstances it may be necessary for us to withhold some of the information you have requested. For example, the information you have requested may reveal something about another individual.
You can request a copy of the information we hold about you by using any of the methods shown below in the ‘How do I contact you?’ section. We will respond to your request as quickly as possible. Usually, this will be within one month of receiving your request.
How do I update my information?
You may choose to correct, update, or delete your personal data, including your membership information, by contacting us using any of the methods shown below in the ‘How do I contact you?’ section.
If you have opted-in to receiving communications form us, your preferences will remain in effect until you tell us that you want to opt-out of receiving any further communications. Normally, you can do this by clicking the link at the footer of the email you have received.
You can change your preferences at any time by clicking the relevant link in the emails we send you or by contacting using any of the methods shown below in the ‘How do I contact you?’ section.
How do I withdraw my consent?
Where we process your information based on your consent, you may withdraw your consent at any time. You can do this by contacting us using any of the methods shown below in the ‘How do I contact you?’ section.
How do I make a complaint?
We hope you’ll never have the need to do so, but if you do want to complain about our use of your personal data, or our facilitation of your data subject rights requests, you can contact us using any of the methods shown below in the ‘How do I contact you?’ section.
Our Data Protection Officer will investigate your complaint and provide you with an appropriate response as quickly as possible.
How do I contact you?
You may contact us using any of the following methods:
By email: firstname.lastname@example.org
What if I am still not happy?
You can lodge a complaint with the Information Commissioner at any time if you are unhappy with the way in which we are processing your information, or we have failed to facilitate your data subject rights. The Information Commissioner can be contacted as follows:
For further information about your data subject rights and how to complain to the ICO, please refer to the ICO website: ICO Make a Complaint