The College of Anaesthesiologists of Ireland
Who We Are
The College is the Controller of your personal data which means that we are responsible for how your personal data is collected, used and protected. We take our data protection obligations very seriously and take great care to ensure security and confidentiality are maintained at all times.
We ask that you read this statement very carefully as it contains important information about how and why we process your personal data.
Please note that this notice while intended to be complete and as accurate as possible, is not exhaustive and may be updated from time to time.
We are required under the General Data Protection Regulation (GDPR) to appoint a Data Protection Officer (DPO). Our DPO is Mr Martin McCormack and can be contacted at:
Information that We Collect
We collect information in the following ways:
Information you give us, about you when you apply to become a Trainee of the College or via our website. We only collect information which is necessary, relevant and adequate for the purpose you are providing it for.
We may collect information about you from your employer, previous employer, the HSE, the medical council, any professional body of which you are a member, and any referees which you have provided.
The personal data that we collect includes but is not limited to:
- Name (including title)
- Date of Birth
- Contact Details
- Email address
- Home/Mobile Telephone Numbers
- Irish Medical Council (IMC) ID Number
- College ID or NDB ID
- PPS Number
- Next of Kin/emergency contact details
- EU/EEA Residency Status
- Details of your education (including your colleges, the courses you have completed, dates of study, details of any awards achieved)
- Financial information
- Bank details
- Credit card details
- Academic history
- Grade information
- Qualifications awarded
- Information about parties who are providing funding of your course, including names and financial information to allow us to contact them and process payments
- Information to enable us to carry out vetting procedures, to meet our social and legal obligations
- CCTV in our premises
- In some cases, vetting procedures may require us to process criminal conviction information
We may also process the following special categories of more personal information:
- Information about your health (for example, for absence records, maternity leave records)
We collect information in a number of ways, which include but are not limited to:
- Trainees/Fellows who provide personal information to us so that they can have an online account with the College. This personal information may be provided over the phone, through email and online forms or in hard copy through the postal system.
- Trainees booking and paying for examinations online or over the phone
- Members/Fellows being issued with and paying invoices for the Professional Competence Scheme (PCS) and/or Annual Subscriptions
- Members/Fellows/Trainees booking courses/events online or over the phone
- Registration of attendees at various courses and events
- Participants’ pre-course and post-course evaluation questionnaires and confidence questionnaires
How We Use Your Personal Data
We will process your personal data for a range of purposes including the following:
- To deliver and administer your education, record details of your studies (including any hospital placements) and to determine and confirm your academic achievements.
- To monitor, evaluate and support your education.
- To administer the relationship of between CAI and those who fund your education.
- To deliver IT facilities to you.
- To enable you to participate at events including graduation.
- To communicate with you by post, email and phone, including the distribution of relevant newsletters.
- To operate security (including CCTV), governance, discipline, audit and quality insurance processes and arrangements.
- To carry out effective management and operation of the college.
We will only use your personal information when we have a legal basis to do so. Most commonly we will use your information on the following legal basis’:
- Where it is necessary for the performance of our obligations as a post-graduate training college recognised by the Medical Council and as a provider of the Professional Competency Scheme as required under the Medical Practitioners Act 2007.
- Where it is necessary for compliance with a legal obligation, such as visa monitoring, emigration rules, or reporting information to funding or regulatory bodies where the law provides for this.
- Where it is necessary for the pursuit of legitimate interests of the College, such as to enable you access to courses, providing you with newsletters and your interest and fundamental rights do not override those interests.
- To protect your vital interests (for example in the case of a medical emergency).
- Where it is necessary for the performance of a contract we have entered into with you or are about to enter into with you.
- Where it is necessary for the prevention, investigation detection or prosecution of a criminal offence.
- Where we have your consent to do so. Should we require your consent for any specific use of your personal information, we will collect it at the appropriate time and you can withdraw this consent at any time.
- Where the processing of any criminal convictions is under the control of official authority which is required to protection the public against harm arising from dishonesty, malpractice, breach of eithers or other improper conduct by, or the unfitness or incompetence of, persons who are or were authorised to carry on a profession or other activity.
Special Category Data
We may only process special category personal data where we have one of the following lawful basis’ for doing so:
- Explicit consent – where you have given us explicit consent.
- Legal obligation related to employment – the processing is necessary for legal obligation in the field of employment and social security laws.
- Vital interests – processing is necessary in order to protect the vital interests of an individual or of another natural person.
- Public Information – the processing relates to public data which is manifested made public by the data subject
- Legal Claims – the processing is necessary for the establishment, exercise or defence of a legal claim.
- Substantial Public Interest – processing is necessary for reasons of substantial public interest on basis of union law.
You have a number of rights in relation to your personal data including:
- Right of access – you have the right to know what type of personal data we hold about you and to obtain a copy of this data. We will only charge you for making such an access request where we feel your request is unjustified or excessive.
- Right of erasure – under certain circumstances, you have the right to have personal data erased.
- Right to object – you have the right to object at any time to the processing of your personal information where we process your personal information on the legal basis of pursuing our legitimate interest.
- Right to withdraw consent – where we rely on your consent to process your personal information, you have the right to withdraw your consent free of charge at any stage.
- Right to rectification – you have the right to have any inaccurate personal information we hold about you updated and corrected.
- Right to restriction of processing – you have the right to ask us to restrict processing your information in certain circumstances, including if you believe your personal information we hold about you is inaccurate or use of your information is unlawful. If you validly exercise this right, we will store your personal information and will not carry out any other processing until the issue is resolved.
- Right to data portability – you may request us to provide you with your personal information which you have given us in a structured, commonly used and machine readable format and you may request us to transmit your personal information directly to another controller where it is technically feasible. This right only arises where we process your personal information with your consent or where it is necessary to perform our contract with you and the processing is carried out by automated means.
You can exercise any of these rights by submitting a request in writing to our data protection officer using the contact details set out in section one above. Please note that we may ask you to verify your identity when you seek to exercise any of your data protection rights. Please note that these rights are not absolute and may be restricted by data protection law.
You also have the right to lodge a complaint with the data protection commission. For further information see www.dataprotection.ie.
Sharing and Disclosing Your Personal Information
We may share your personal data with the following third parties:
- External companies to process information about you on our behalf such as third party service providers. For example we send payment of financial information to our payment service provider, Realex to administer your payments, we use Soft Touch Technology to provide IT services to us and we use Electoral Reform Services to administer elections for the college.
- Professional, educational or similar institutions and individuals which you have authorised or with who we are collaborating in respect of the education, including the Medial Council.
- Some of your information may be sent to the HSE, the Higher Education Authority or other regulatory bodies, where we are required to do so. Your information may be shared with government department and agencies such as the Department for Justice and Equality, Revenue Commissioners and Department of Social Services where we are required to do so by law.
- We may share your information with any hospital where you are carrying out your placement.
The College takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:
- Only College staff who have a legitimate need and necessarily require access to your personal data in order to carry out their job in providing our services to you are given access to that data. We do not give generic access to your personal data to all employees of the College. For example, only staff in the Finance Office have access to the financial elements of your personal data
- All paper records of your personal data, such as forms containing credit card information obtained over the phone, are destroyed regularly in order to protect your data.
- We employ various technological solutions in order to protect your data including password access on all workstations/laptops, firewalls, anti-virus and anti-malware software.
Transfers Outside the EU
We may transfer your personal information outside the European Economic Area to certain of our service providers and to other educational and professional bodies who are based in a country that does not provide adequate level of protection to your personal information. Where such a transfer occurs, an appropriate transfer agreement or other approved transfer mechanism will be put in place to protect your personal data.
Consequences of Not Providing Your Data
You are not obligated to provide your personal information to The College. However, as this information is required for us to provide our services, we will not be able to offer our services without it.
We may send you updates and newsletters from time to time. You have the right to opt out of receiving newsletters at any time by contacting us on the details set out above or following any unsubscribe link in any newsletters or emails which we send you.
How Long We Keep Your Data
When we determine for how long we keep your information, we consider a number of factors such as legal, reporting and accounting requirements. For example, in order to defend ourselves against a legal claim based on contract we will keep your personal data for seven years.
Lodging a Complaint
The College only processes your personal information in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.