Personal data refers to any information that identifies you as a specific individual. This page explains the what, how and why of the information we collect about you when you visit our website or use our services. It also explains the specific ways we use and disclose that information.
We take your privacy extremely seriously and we never sell your data.
Royal College of Surgeons of Edinburgh is the Data Controller for the personal information we hold to (i) operate our business including managing contracts with customers and partners, and (ii) market and sell to existing and potential customers and partners.
Below “we” “us” and “Royal College of Surgeons of Edinburgh” refer to Royal College of Surgeons of Edinburgh
In order to provide our services, we must process some personal information about you. We may collect:
There are different legal grounds (or bases) on which we rely to use your personal information, namely:
We will process your data in the course of providing our products and services to you, in performance of our contract (or in the course of creating a quote, and gathering information to create a quote, for providing products and services to you).
Royal College of Surgeons of Edinburgh collect information from you in the course of our business including through your use of our website, your relationship or interactions with our staff or when you engage us in the provision of services for the following purposes:
Based upon conducting a Legitimate Interest Assessment (LIA) – as advised by the ICO – it is deemed that the rights and freedoms of the data subjects would not be overridden in our correspondence regarding our services and that in no way would a data subject be caused harm by our correspondence.
Where you have given your explicit consent, we may use your data for specific purposes. Such as when you sign up to receive our blog email updates, we will process your contact details in order to send you those emails
We use your personal data, including any of the personal data listed in the “What types of Information we collect” section above, for the following purposes:
We also use your personal data for:
We may use your personal data to send you marketing communications about services, publications, industry updates, events, courses, surveys, promotions and competitions by Royal College of Surgeons of Edinburgh to display content that we believe may be of interest to you.
We will only contact you for these marketing purposes in accordance with our legitimate business interests or where you have explicitly agreed to this. Your agreement to the use of your personal data for these purposes is optional and if you do not wish to provide your agreement, your visit and use of our website and/or provision of services by Royal College of Surgeons of Edinburgh will not be affected.
You have the right to request us not to use your personal data for marketing communications. You can opt out of receiving these by clicking on the ‘unsubscribe’ link at the bottom of any such electronic communication or through following the opt-out instructions provided in any marketing communication.
There are facilities on our website which invite you to provide us with personal data including our contact us form and contact email addresses. The purpose of these facilities is apparent from the point at which you provide your personal data to us and we only use the information for those purposes.
We will only use your personal data when the law allows us to. In particular, we will use your personal data:
In line with ICO guidelines, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. If you have a question about explicit retention periods for particular types of personal data we hold, please contact us (contact details below).
Royal College of Surgeons of Edinburgh uses trusted third parties to provide support services for certain aspects of our business. Specifically, these include secure data storage, facilitating secure online transactions, website visitor analytics and sending email marketing communications.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may also provide your information to regulators and law enforcement agencies where we are legally required to do so and where necessary for the purposes of preventing and detecting fraud or other criminal offences. If legally permitted, we will use reasonable efforts to notify you prior to disclosing your information to such parties.
Royal College of Surgeons of Edinburgh has ensured that all of the third party organisations we share your data with are GDPR compliant and have signed a data processor agreement with us. We will never sell your data.
We take our responsibilities around the safety and security of your data very seriously and are committed to ensuring this.
As such we take steps to safeguard this, including:
From time to time, your information may be transferred to and stored in a country outside the EEA in relation to provision of the services (i.e. the USA). The laws in these countries may not provide you with the same protection as in the EEA; however, any third party referred to above outside of the EEA has agreed with us to abide by European levels of data protection in respect of the transfer, processing and storage of any personal data.
Under the GDPR you have several rights regarding your personal data, including the right to be informed about the data we hold about you, the right to ask us to rectify that data if it is incorrect, and the right to ask for a copy of that data (called a Subject Access Request).
If you would like to request a copy of the data that we hold about you, please complete our Subject Access Request form and send it to firstname.lastname@example.org. We will aim to acknowledge your request promptly and in any event will respond to your request within one month.
If you are unhappy with how we have collected or processed your personal data you have the right to make a complaint at any time to the Information Commissioner’s Office (https://ico.org.uk/) (ICO), which is the UK supervisory authority for data protection issues.
However, if you have such a grievance we would politely request the chance to deal with your concerns before you approach the ICO – so please do contact us in the first instance.
If you have any queries regarding the above or would like update or obtain a copy of your data held by us, our appointed privacy representative is Jacqueline Cahif, College Archivist who can be contacted via email at email@example.com.
Whenever we make a material change to the information we collect or how we use it we’ll update the policy posted here. When this policy changes, we’ll announce it to let you know — or you can check back here for each update.
This policy was last updated on 1st August 2018