Who We Are
The College’s registered office is at 22 Merrion Square North, Dublin 2 and we are a company registered in Ireland under company number 249517. We are registered on the Data Protection Commissioner’s Office Register and act as the data controller and data processor when processing your data. Our designated Data Protection Officer/Appointed Person can be contacted at:
Information that We Collect
The College needs to collect certain personal information in order to effectively carry out our everyday organisational functions and activities in the provision of services (including digital services) to our Trainees, Fellows and other parties. The College processes your personal information to meet our legal, statutory and contractual obligations. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
The personal data that we collect from includes but is not limited to:
- Date of Birth
- Home Address
- Email address
- Home/Mobile Telephone Numbers
- Mobile Telephone Number
- Irish Medical Council (IMC) ID Number
- College ID or NDB ID
We collect information in a number of ways, which include but are not limited to:
- Trainees/Fellows who provide personal information to us so that they can have an online account with the College. This personal information may be provided over the phone, through and online form or in hard copy through the postal system.
- Trainees booking and paying for exams online or over the phone
- Members/Fellows being issued with and paying invoices for the Professional Competence Scheme (PCS) and/or subscriptions
- Members/Fellows/Trainees booking courses/events online or over the phone
How We Use Your Personal Data (Legal basis for processing)
The College takes your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time. The purposes and reasons for processing your personal data include:
- We collect your personal data in the performance of a contract or to provide a service and to ensure that bookings for exams, courses, workshops and other College events are completed and that invoices are sent to the correct address.
- We collect and store your personal data to fulfil our legal obligation as a postgraduate training college recognized by the Medical Council and as a provider of the Professional Competence Scheme (PCS) accredited by the medical council. This is a requirement of the Medical Practitioners Act 2007.
- Trainee PCS records are accessible to those individuals within the College who are required to review, approve and monitor progress. Access is at all times limited to those individuals having a legitimate need to access the data to fulfill their obligations under the PCS.
You have the right to access any personal information that we process about you and to request information about:
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
Sharing and Disclosing Your Personal Information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. The College uses third parties to provide the below services and business functions (not limited to the below and subject to change); however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
Invoicing System – SoftTouch Technologies
- We use SoftTouch Technologies to help in the design, building, operation and the provision of ongoing support for our invoicing and events/exams management database.
Payment Services Provider – Realex Payments
- For more information about Realex Payments, please read their Privacy Statement at https://www.globalpaymentsinc.com/en-ie/accept-payments/ecommerce/privacy
College Elections – Electoral Reform Services
- We use Electoral Reform Services to administer elections for The College.
The College takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:
- Only College staff who have a legitimate need and necessarily require access to your personal data in order to carry out their job in providing our services to you are given access to that data. We do not give generic access to your personal data to all employees of the College. For example, only staff in the Finance Office have access to the financial elements of your personal data
- All paper records of your personal data, such as forms containing credit card information obtained over the phone, are destroyed regularly in order to protect your data.
- We employ various technological solutions in order to protect your data including password access on all workstations/laptops, firewalls, anti-virus and anti-malware software.
Transfers Outside the EU
Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data. We do not transfer or store any personal data outside the EU.
Consequences of Not Providing Your Data
You are not obligated to provide your personal information to The College. However, as this information is required for us to provide our services, we will not be able to offer our services without it.
As noted in the ‘How We Use Your Personal Data’ section of this notice, we occasionally process your personal information under the legitimate interests’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate.
The College will occasionally send you information on upcoming College courses, workshops and events by email or post that have been identified as being beneficial to our Trainees/Members/Fellows and in our interests. Such information will be relevant to you as a Trainee/Member/Fellow and is non-intrusive and you will always have the option to opt-out/unsubscribe at any time.
If you would prefer not to receive above-mentioned marketing and offers, please send an email to firstname.lastname@example.org stating that you do not wish to receive notification of upcoming College exams, courses, workshops or other events.
How Long We Keep Your Data
The College only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. For example, we are required under Irish tax law to keep payroll records of employees, invigilators and actors for a minimum of 6 years after which time it will be destroyed.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
Lodging a Complaint
The College only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.