The Royal College of Emergency Medicine (RCEM) recognises the importance of protecting personal information and we are committed to safeguarding members, non-members and staff (known as “The User” in this document) privacy both on-line and off-line. We have instituted policies and security measures intended to ensure that personal information is handled in a safe and responsible manner. This Privacy statement is also published on the RCEM web site so that you can agree to the kind of information that is collected, handled and with whom this data is shared with.
The Royal College of Emergency Medicine
7-9 Breams Buildings
Our nominated Data Protection Officer is Jenny Dyer, and she can be contacted at the address above, or via email at email@example.com.
When does RCEM collect information?
If you only visit our website and do not create an account, we will not gather any personal information about you, information is only collected once you create an account on the RCEM system. The collection of this information is essential to ensure that we can provide the best possible service and experience.
RCEM collects information about you for the following reasons:
- To process membership applications
- To process E-Portfolio and training applications
- To process examination applications
- To process Direct Debit payments
- To process event and conference bookings
- Complainant and other individual in relation to enquiries made of the College
- Usage of RCEM Learning and CPD recording
- Job applications and details of current/former employees
Procurement of supplies and services
If at any point you wish to stop the processing of your data, please contact the relevant member of staff at RCEM, who will cease the processing of your data promptly and without delay, within one month of your contact.
This data is primarily collected as part of a ‘contract’ with you, i.e. for us to provide a service to you as listed above.
We may use the data that you have provided to let you know of any events that may count towards your CPD. RCEM intends to rely on the lawful basis of ‘legitimate interests’ for our existing members when sending direct marketing about events that may be of interest to you. RCEM will not send direct marketing to those who are not current members without their explicit consent.
These emails may come from RCEM, or from one of three third parties that we may pass your personal data on to, as they run events that may be applicable to you and your continuing professional development:
- Emergency Medicine Trainees’ Association (EMTA)
- European Society for Emergency Medicine (EUSEM)
- Forum for Associate Specialist and Staff Grade Doctors in Emergency Medicine (FASSGEM)
The marketing of such events will always be related to our missions, values and objectives. The content of these events will always be professionally or socially relevant and should therefore always result in a positive benefit to you.
Please note that consent for this direct marketing can be withdrawn at any time via your account on the College website, or by contacting any member of staff.
What information is collected?
RCEM requests personal information as you create an account or for one of the purposes listed above. The type of information generally required is:
- Mailing address (Home and/or Work)
- Contact details (telephone, mobile and email address)
- Current employment grade
- Date of Birth
- GMC or equivalent number
- Employment History
- Bank Details if paying by Direct Debit or being paid by us
By creating an account and becoming either a member, trainee or examination candidate, or by becoming a supplier of goods and/or services to us, you agree to allow RCEM to store personal information into the software or service that resides on our servers.
Please note that you have the right to request that we remove your personal information at any time. You can do this by contacting any member of staff at the College, who will be happy to help.
CEM does not hold credit/debit card details for those who pay on-line or ring the office to make a payment off-site, this data is held securely on RCEM’s payment service provider Sagepay, and only the last 4 digits of your card number are visible for reconciliation purposes only.
We will never collect sensitive personal data about you without your explicit consent.
We will endeavour to hold accurate and up-to-date information. Some information can be amended by you and some can be amended by RCEM. If you are aware of an inaccuracy that you are unable to amend, please contact RCEM who will correct or delete it promptly and within one month of receipt.
How we use your information
This privacy notice tells you what to expect when the Royal College of Emergency Medicine (RCEM) collects personal information. It applies to information we collect about:
- our Members and Fellows
- examination candidates
- trainees and users of the Eportfolio
- visitors to our websites
- complainants and other individuals in relation to enquiries made of RCEM
- people who use our services, e.g. who subscribe to our newsletter, request a publication from us, book to attend our events and conferences, use our Continuing Professional Development, Revalidation and Eportolio systems
- job applicants and our current and former employees
- Procurement of supplies and services
All decisions regarding your data, i.e. membership categories or examination requirements are made via a human interaction, there are no automatic decision making processes within RCEM, this includes profiling.
We automatically gather generic information automatically to monitor traffic patterns and site usage to help us refine and improve design and layout of our Site and the user experience. Cookies are also used within the RCEM Learning environment to enhance the user experience.
Emails and personal correspondence (regular mailings) will be stored securely on our database, as a record of that correspondence.
Any sensitive personal data collected from you is stored securely and is collected to provide generic information to the GMC on an annual basis. Account holders can choose whether to supply this information, please contact the College if you wish to remove any sensitive personal data from your record.
We do not sell, trade or rent personal details to third parties. Some data is passed to Regional and National Chairs who sit on the RCEM Council within their respective Regions and Nations. This is generally to gain assessment of their regional or national workforce for Emergency Medicine policy decisions.
Your data will never be passed to any third countries.
People who use College services
The Royal College of Emergency Medicine provides many services, some of which are run by organisations outside of the College. Personal data may be provided to these third-party organisations in order to facilitate these services.
We have contractual arrangements with suppliers who provide RCEM IT systems. We take important steps to make sure that these companies deal with your data in a secure way, they are required to sign an agreement to state that they will handle your data in accordance with the requirements of the College. This may include taking payments for services and subscriptions, administering our membership database and maintaining services such as our Eportfolio system, Continuing Professional Development (CPD) system and Revalidation data storage
We have a partnership arrangement with the British Medical Journal (BMJ) with whom we produce the Emergency Medicine Journal (EMJ). In order for the BMJ to send out the EMJ, we provide them with contact details such as your name and mailing address. This information is sent via a Secure File Transfer Protocol process and is securely disposed of as soon as the publications have been sent.
We share also membership information with the Emergency Medicine Trainees’ Association (EMTA), European Society for Emergency Medicine (EUSEM) and Forum for Associate Specialist and Staff Grade Doctors in Emergency Medicine (FASSGEM) to encourage appropriate development opportunities for our Members. It is a requirement of those using our systems to record Audit information that no patient identifiable data is entered in these by the users.
Access to Personal Information
A lot of your personal information can be accessible via My Account on the RCEM website, but there are some data that is not visible via your account. If you would like access to this information, then you can request it via a ‘Subject Access Request’ under the General Data Protection Regulation (GDPR)(2018).
This request can be made free of charge, and may be made verbally (over the telephone) or in writing (either by email or in letter form), and RCEM may contact you to gain more information about your request before the information is provided.
If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
If you would like to make a request in writing, please contact the Data Protection Officer; Jenny Dyer at firstname.lastname@example.org, or send a letter to Jenny Dyer, Data Protection Officer, 7-9 Breams Buildings, Chancery Lane, London, EC4A 1DT. Please try to include as much information as possible to help us with your request.
If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting any member of staff.
How long is my information kept for?
Under GDPR (2018) your information will be kept “in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed” (GDPR, Article 5, 2018)
Any information related to your membership of the college, including trainee data, will be maintained while you are a member, and will be kept for 7 years after your membership lapses.
Access to the eportfolio system will be changed to read-only once your membership has lapsed, and trainee-type roles and associated data will be removed from user accounts if they do not contain a current/future post or at least one historic post that has ended within the last 7 years. Where a user account has no trainee type roles and has not been logged into for 7 years it will be deleted.
Individuals who have access to the RCEMLearning platform have full access while they are members. Once your membership lapses, this access is withdrawn, your record remains on the system, but you do not have access unless your subscriptions are paid, and your access is reinstated.
Individuals who have access to the L2S2 system for audit entry have access indefinitely, as it is not related to their membership status. Past audit data is also accessible via the L2S2 system, data is not removed from the system, as it may need to be accessed at any point.
Any data surrounding qualifications gained through RCEM will be kept on our systems indefinitely, as this information may be used to verify qualifications with the GMC and other organisations at any time.
Cardholder information is not stored on any RCEM system or on the premises as per our PCI compliance. On-line payment data is protected and is not forwarded to any third parties.
Security measures are in place to secure personal information include encryption technology and firewalls as well as restrictions regarding the storage of sensitive information.
Your RCEM website account is password protected, and you can log on using your username and password to edit any personal information held on your account. If you do not know your username or password, please use the ‘Forgot my password’ function, or contact the Membership department at email@example.com
Staff access to the customer relationship management (CRM) system is also password protected and is not accessible by members of the public.
Job applicants, current and former College employees
When individuals apply to work at College, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference we will not do so without informing them beforehand.
Personal information about unsuccessful candidates will be held for six months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with RCEM, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with College has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
Cookies on our website
This site, like many other sites, uses small files called cookies to help customize your experience. Find out more about cookies and how you can control them
Quick description of cookies
‘Cookies’ are small text files that are stored by the browser (e.g. Internet Explorer, Firefox, Chrome or Safari) or by a mobile phone (e.g. Android or iPhone) on your computer or mobile device. They allow websites to store such things as user preferences. You can think of cookies as providing a “memory” for the website, enabling it to recognize a user and respond appropriately.
Cookies and their use
There are different types of cookies based on their use:
- Some cookies we use to remember your preferences for tools found on our web sites, so you don’t have to reenter them each time you switch a page or each time you visit. They will remember your user login, the language you prefer and other things such as what video streaming speeds you use.
- Some are created and used by web analytics software (such as Google Analytics) to track how many individual unique users we have, and how often they visit the site. Unless you are signed in to the site, these cookies cannot be used to identify you personally. If you are logged in, the login process links you to your stored membership record that includes your username and email address.
- Some cookies are used by geo-targeting software which tries to identify what country you are in based on the information supplied by your browser when it requests a web page. This cookie is completely anonymous, and is only used to help target content – such as whether you see our UK or another home page – and advertising.
- When you register with us, we generate cookies that signal whether you are signed in or not. We use these cookies to determine which account you are signed in with, and if you should get access to a service. It also allows us to associate any comments you post with your Advertising cookies
- On some of our pages, third parties may also set their own anonymous cookies, for the purposes of tracking the use of their application, or tailoring the application for you. Because of how cookies work, we cannot access these cookies, nor can the third parties access the data in cookies used by us. As an example, when you share an article using a social media sharing button on our sites, the social network that has created the button will record that you have done this.
Turning off cookies
Most browsers and phones have a way to stop accepting classes of cookies, or to stop it accepting cookies from a particular website. For example, using cookies is needed in order to use our shopping cart, so you would not be able to buy things through our web site if you turned off our cookies.
Help in turning off cookies can be found in your browser or mobile phone help files
If you are concerned about third party cookies generated by advertisers from Europe, you can turn some of these off by going to the Your Online Choices site.
Disclosure of personal information
In many circumstances we will not disclose personal data without consent. However if we are involved in the investigation of a complaint, for example, we may need to share personal information with regulatory organisations and with other relevant bodies, for example suppliers, deaneries, and others for the purposes of training, assessment, e-Portfolio, research and other College purposes.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Concerns or complaints
If you have any concerns or complaints about RCEM’s Data Protection and Privacy processes, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or another supervisory authority.
You can contact the ICO via their website at www.ico.org.uk
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 24th May 2018
If you still have questions, please contact us.