The Academy of Medical Royal Colleges (AoMRC) takes your privacy seriously. We are committed to protecting your personal information and being open and transparent about how it is used. This policy describes how and why we obtain, store and process data about you.
This privacy policy was updated in May 2018 to meet the requirements of the General Data Protection Regulation (GDPR). We will update this Privacy Policy whenever we change the type of processing we carry out. Please regularly come back to this page and check this policy for any changes.
The AoMRC was established in 1996. It speaks on standards of care and medical education across the UK. By bringing together the expertise of the medical Royal Colleges and Faculties it drives improvement in health and patient care through education, training and quality standards.
Our address and telephone number are available via the contact us link on our website. The Academy is the data controller for your information.
Queries about the use of your data by the Academy should be directed to the Chief Executive, Alastair.henderson@aomrc.org.uk
We can only process your personal information if we have a lawful basis to do this. The legal bases which can be used to process your information are:
This is the basis we use when you agree to us using your information to send you reports or other products or communications that you would be interested in by providing us with your name and email address.
This is the basis we use when it is necessary for us to take specific steps before entering into a contract with you to supply you a service or vice versa. An example of this would be the information we hold on our staff for employment purposes and on our suppliers.
This is the basis we use when it is necessary for us to comply with the law (not including contractual obligations)
This basis is used to protect someone’s life. This is unlikely to be relevant to the Academy.
This basis is used if we need to perform a task in the public interest or for our official functions and that task or function has a clear basis in law. Our work as the National Sponsor of MTI applications would be an example of this.
This basis is used to the where processing is necessary for to carry out our legitimate interests. This would apply to contact details for members nominated to join our Committees.
We use your information in the following ways:
Your personal data may be shared within the Academy and, if required with our third-party suppliers and partners.
MTI participants’ information is shared with UKVI to obtain your CoS. Some of this data may also be shared with your employing NHS Trust and/or sponsoring Royal College, to ensure all information is correct before processing a Certificate of Sponsorship.
For these third parties
We will only keep information for as long as it is required. This will vary according to the category of information
We know your personal information is important to you. Therefore, we securely store the personal information we receive and use appropriate security features to prevent any unauthorised access. We have internal policies which set out and guide our data security. All staff adhere to this approach and are regularly trained in data protection.
Access to your personal data is password-protected and the Academy’s IT supplier regularly monitors our system for possible vulnerabilities and attacks. Our systems meet the standards of the Governments Cyber Essentials assurance programme. Our IT and website providers carry out regular penetration testing to identify ways to further strengthen security.
You have the right to:
You can ask for any of the above, in writing by emailing dataprotection@aomrc.org.uk calling us on 020 7490 6810. If you prefer you can write to us at the address above. We will make requested changes within one calendar month. This will be carried out free of charge in most cases.
If we choose not to action your request, we will explain to you the reasons for our refusal.
If you are not satisfied, by the way your data is being handled by the Academy or the way a concern has been dealt with and wish to make a complaint to the Information Commissioner’s Office (ICO) you can visit their website for information on how to make a data protection complaint https://ico.org.uk/concerns/