1. What is this notice?

The Academy of Medical Royal Colleges (“Academy”, “we”, “our” and “us”) is a registered charity in England and Wales (1056565).

This Privacy Notice relates to our website (www.aomrc.org.uk) (the “Website”).

The Academy may collect personal information about users of the Website (“you”). When we mention “personal information” in this Notice, we mean any information that relates to an identifiable natural person (also known as “personal data”). Your name, address, date of birth and contact details are all examples of your personal information, if they identify you.  Where we talk about where we “process” your personal information (and “processing” and “processed”) we mean any activity relating to personal information, including, by way of example, collection, storage, use, consultation and transmission.

The Academy takes the lawful and correct treatment of personal information very seriously. The Academy is fully committed to treating your personal information in accordance with the principles of data protection, as set out in the General Data Protection Regulation (EU) 2016/679 (the “GDPR”).

This Privacy Notice describes why and how we collect and use personal information and provides information about your rights.  It applies to all the personal information you provide to us.  We may use personal information provided to us for any of the purposes described in this Privacy Notice or as otherwise stated at the point of collection.

You should read this Notice, so that you know what we are doing with your personal information. Please also read any other privacy notices that we give you, that might apply to our use of your personal information in specific circumstances in the future.

Please note that this Privacy Notice covers our Website only. Other websites linked to or from this Website are not covered by this Notice. Such other sites may also make use of their own cookies and will have their own privacy policies. You should carefully review the privacy policies and practices of other sites, as we cannot control or be responsible for their privacy practices. We do not accept any liability for the privacy practices of third-party websites and your use of such websites is at your own risk.

2. What information do we collect about you and how do we use this?

Under the GDPR, the Academy is a ‘data controller’, which means that we make decisions about how and why we process your personal information and, because of this, we are responsible for making sure it is used in accordance with data protection laws.

We collect different types of personal information about you for lots of reasons. We cannot administer your organisational membership without your personal information. Where we don’t need your personal information, we will make this clear, for instance we will explain if any data fields in our forms or surveys are optional and can be left blank.

 

Category of personal informationExamples of your personal information
Contact informationIf you interact with our website, we may collect certain technical information, such as your browsing activity across our website and your IP address. An IP address provides the location of server you are contacting us from. We only use this information to ensure website security and undertake management reporting (based on country of access) and does not allow us to identify you as an individual.

Name, title, address, e-mail address, telephone number, social media handle
Website usage informationIf you interact with our website, we may collect certain technical information, such as your browsing activity across our website and your IP address. An IP address provides the location of server you are contacting us from. We only use this information to ensure website security and undertake management reporting (based on country of access) and does not allow us to identify you as an individual.

Please also refer to the Cookie notice.
Feedback informationInformation you provide us when you give us feedback on our Website
3. What we do with the information

We process your personal information for various purposes.

We are required by law to always have a permitted reason or justification (called a “lawful basis”) for processing your personal information. There are six such permitted lawful bases for processing personal information. The table below sets out the different purposes for which we process your personal information and the relevant lawful basis on which we rely for that processing.

Lawful basis and purposeWhat categories of personal information do we use
Legitimate interests
Administration of membership - management and administration of membership records; promotion of Academy products and services; sharing information about Academy activities.Contact information
Feedback information
To share information with you about our activitiesInformation you provide us when you give us feedback on our Website
Administration of eventsContact information
Feedback information
To provide you with any information you requestContact information
Feedback information
So that we can communicate with you as necessaryContact information
Communication information
To carry out analysis about the use of our websiteWebsite usage information
Feedback information
To carry out research and statistical analysisWebsite usage information
Feedback information
4. How we store and protect your information

The Academy takes the security of your personal information seriously. In order to prevent unauthorised access or disclosure and unlawful or unauthorised processing and accidental loss, destruction or damage, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. For example, we have adopted internal data protection procedures and trained our staff on them with a view to preventing breaches of security.

We take all reasonable steps to protect any personal information you submit via the website. However, as our website is linked to the internet, which is inherently insecure, we cannot guarantee the information you supply will not be intercepted while being transmitted over the internet.  Accordingly, we have no responsibility or liability for the security of personal information transmitted via our website.

5. How long does the Academy keep your data?

We hold your personal information only as long as necessary and in line with our Data Retention Policy, which can be viewed on request.

We will only retain your personal information for a limited period of time. This will depend on a number of factors, including:

  • Any laws or regulations that we are required to follow;
  • Whether we are in a legal or other type of dispute with each other or any third party;
  • The type of information that we hold about you; and
  • Whether we are asked by you or a regulatory authority to keep your personal information for a valid reason.
6. Who we share your data with outside the Academy

The Academy shares information across internal teams to improve our communications and services to our services. We will not sell information about website users and other service users to third parties.

All data sharing outside the EU is covered by full written agreements which include GDPR requirements.

7. Your data protection rights

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

  • Your consent. You are able to remove your consent at any time. You can do this by contacting (details below section 9)

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information
  • Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances
  • Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. However, where the request is manifestly unfounded or excessive the Academy may charge a “reasonable fee” for the administrative costs of complying with the request. Such a decision will be made by the Chief Executive following discussion with the Chair of Trustees.

If you make a request, we have one month to respond to you.

8. How to complain

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House. Water Lane

Wilmslow

Cheshire SK9 5AF

Helpline number: 0303 123 1113

https://ico.org.uk/concerns/

9. Our contact details

Questions, comments and the exercise of your rights regarding this Privacy Notice and your personal information are welcomed.  The Academy has a Data Protection Officer – Alastair Henderson who can help you with any queries about the information in this Privacy Notice. He can be contacted at the following:

10. Changes

We may make changes to this statement from time to time. If we change our Privacy Notice we will post the changes on this page. The amended notices will apply from the date it is posted on our site and will govern the way in which we collect and use personal information from the date of the change.

This statement was last updated in July 2020.