We are the Joint Committee on Surgical Training (JCST), an intercollegiate
body of the four surgical Royal Colleges of the United Kingdom and Ireland,
managed and administered by the Royal College of Surgeons of England (RCS),
a charity established by Royal Charter, with charity number 212808.
This Policy sets out the basis on which any personal data we (JCST) collect
from you, or that you provide to us, will be used or processed by us.
As part of our operations, we deal with information relating to
individuals. The RCS Data Protection Officer can be contacted on firstname.lastname@example.org
1 Privacy Notices
1.1 We deal with information relating to our Surgical Trainees and Applicants
1.1.1 We deal with information relating to surgical trainees for assessments for the
purpose of monitoring those assessments. We do this because we have a
contract with those surgical trainees and need to use the information for
the purposes of that contract. The information we deal with may include
(for example) GMC number (or other medical number), contact details,
details about surgical trainees and their history and experience, details
relating to equality and diversity (although we deal with this because we
have a legal obligation to do so or because it is in our legitimate
interests to make a reasonable adjustment or allowance for these reasons)
and details relating to exams. (Please note that for some exam results we
deal with information about these because we are undertaking a public task.
Also, for some information we also share responsibility with the General
Medical Council, other relevant professional bodies, or with the other
three Surgical Royal Colleges through the intercollegiate committees.)
1.1.2 We deal with information relating to Surgical Trainees for the purpose of Recommending for
Certification & Reporting and Research purposes. We do this because it
is necessary as we are carrying out a task in the public interest. The
information we deal with may include (for example) GMC numbers (or other
medical number) contact details, gender, CV details, assessments (RITAs,
ARCPs, Trainee Assessment Forms, Training Post Assessment Forms, other
forms of assessment), details of certifications and education. Please note
that for some of this information where relevant we share responsibility
for it with the General Medical Council, General Dental Council, Medical
Council in Ireland and other relevant professional bodies.
1.1.3 We deal with information relating to Applicants for
the purpose of staff recruitment. We do this because it is necessary for a
contract we have with each of these people. The information we deal with
may include (for example) contact and identification details and CVs.
1.2 We deal with information relating to our Service Users
1.2.1 We deal with information relating to
ISCP users with no surgical training records (dental trainees, SAS
doctors, Deanery/Local Offices, etc.)
for the purpose of Training management, Curriculum development, Quality
Assurance & Reporting and Research. We do this because it is necessary
for a contract we have with each of these people through the use of the
ISCP tool. The information we deal with may include (for example) GMC
numbers (or other medical number), contact and identification details,
gender, CV details, assessments, details of training and exams.
1.2.2 We deal with information relating to
our ISCP users with surgical training records (StR, SpR, Core, LAT
for the purposes of Training management, Curriculum development, Quality
Assurance & Reporting and Research purposes. We do this because of
contractual obligations. The information we deal with may include (for
example) GMC number (or other medical number), title and name, contact
details, CV, examinations and training data (placements, Learning
agreement, Out of Programme, leave, Workplace Based Assessments, Annual
Review of Competence Progression (ARCP), Other evidence, etc.)
1.3 We deal with information relating to our Contacts
1.3.1 We deal with information relating to employees of an NHS Trust and employees of HEE and the Schools of Surgery to notify them
about professional issues or about the JCST and we do this because it is in
our mutual legitimate interests to inform them about the JCST, or to inform
them about issues in the surgical profession which may have an impact on
1.3.2 We deal with information relating to
Medical directors and Clinical leaders, and Specialty Association
for the purpose of providing information relating to their role (where
relevant) and to update them about professional issues. We do this because
it is in our legitimate interests as we need to work with these
individuals, to conduct JCST-related activity with them and it is in our
mutual legitimate interests to be updated about professional issues. The
information we deal with may include (for example) contact details and
details of each individual’s interaction with the JCST.
1.3.3 We deal with information relating to our
Committee/Group members & TPDs, Heads of School, Deaneries/LETBs,
Specialty Associations, Health Education Authorities, Medical &
Dental Councils, Trainee Associations, Colleges & Local Education
for the purposes of Training Management, Training system & Curriculum
development, Quality Assurance and CESR Evaluation. We do this because of
contractual obligations. The information we deal with may include (for
example) GMC number (or other medical number) title and name, contact
details, training roles and tenure, and specialty.
1.3.4 We deal with information relating to applicants for
the purposes of Recommendation for Certification - CESR & Reporting. We
do this in the public interest. The information we deal with may include
(for example) GMC number (or other medical number), Name, Primary
Qualification and CESR Evaluation & Recommendation.
1.3.5 We deal with information relating to our JCST Administrators for the purposes of ISCP Helpdesk and
Administration. We do this because of contractual obligations. The
information we deal with may include (for example) title and name and
Transferring Information Outside the European Economic Area (EEA)
In some circumstances your information may be transferred outside the EEA.
This is usually where we are providing a service you have applied for where
delivery is outside of the EEA. The countries we transfer information to
may not have similar data protection laws as in the UK. If you are applying
for, or helping us deliver, a service delivered outside of the EEA, you are
agreeing to this transfer of data.
If we transfer your information outside of the EEA, we will take steps to
ensure your data is secure. We work with trusted service providers, and
require them to hold information securely and confidentially.
3 Your Rights
Under certain circumstances, you have rights under data protection laws in
relation to your personal information, as summarised below.
You have the right to:
3.1 Request access to your personal information (commonly
known as a “data subject access request”). This enables you to receive a
copy of the personal information we hold about you and to check that we are
lawfully processing it.
Request correction of the personal information that we hold about you.
This enables you to have any incomplete or inaccurate data we hold about
you corrected, though we may need to verify the accuracy of the new data
you provide to us.
3.3 Request erasure of your personal information. This
enables you to ask us to delete or remove personal information where there
is no good reason for us continuing to process it. You also have the right
to ask us to delete or remove your personal information where you have
successfully exercised your right to object to processing (see below),
where we may have processed your information unlawfully or where we are
required to erase your personal information to comply with local law.
Note, however, that we may not always be able to comply with your
request for erasure for specific legal reasons which will be notified
to you, if applicable, at the time of your request
Object to processing of your personal information where we are relying
on a legitimate interest
(of our own or of a third party) and there is something about your
particular situation which makes you want to object to processing on this
ground as you feel it impacts on your fundamental rights and freedoms. You
also have the right to object where we are processing your personal
information for direct marketing purposes.
In some cases, we may demonstrate that we have compelling legitimate
grounds to process your information which override your rights and
Request restriction of processing of your personal information.
This enables you to ask us to suspend the processing of your personal
information in the following scenarios: (a) if you want us to establish the
data's accuracy; (b) where our use of the data is unlawful but you do not
want us to erase it; (c) where you need us to hold the data even if we no
longer require it as you need it to establish, exercise or defend legal
claims; or (d) you have objected to our use of your data but
we need to verify whether we have overriding legitimate grounds to use
Request the transfer of your personal information to you or to a third
We will provide to you, or a third party you have chosen, your personal
information in a structured, commonly used, machine-readable format. Note
that this right only applies to automated information which you initially
provided consent for us to use or where we used the information to perform
a contract with you.
Withdraw consent at any time where we are relying on consent to process
your personal information.
However, this will not affect the lawfulness of any processing carried out
before you withdraw your consent. If you withdraw your consent, we may not
be able to provide certain products or services to you. We will advise you
if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact the
RCS DPO at email@example.com. We aim
to respond to all legitimate requests within one month. Occasionally it may
take us longer than a month if your request is particularly complex or you
have made a number of requests. In this case, we will notify you and keep
You will not have to pay a fee to access your personal information (or to
exercise any of the other rights). However, we may charge a reasonable fee
if your request is clearly unfounded, repetitive or excessive -
alternatively, we may refuse to comply with your request in these
We may need to request specific information from you to help us confirm
your identity and ensure your right to access your personal information (or
to exercise any of your other rights). This is a security measure to ensure
that personal information is not disclosed to any person who has no right
to receive it. We may also contact you to ask for further information in
relation to your request to speed up our response.
As a body administered by the Royal College of Surgeons of England, we are
4 Your right to lodge a complaint with the ICO
If you feel that we have not handled information relating to you properly,
or if you have contacted us about how we use that information and are
unhappy with our response, you have the right to lodge a complaint with the
Information Commissioner’s Office.
By phone: 0303 123 1113.
Thank you for your feedback.