We are the Joint Committee on Surgical Training (JCST), an intercollegiate body of the four surgical Royal Colleges of the United Kingdom and Ireland, managed and administered by the Royal College of Surgeons of England (RCS), a charity established by Royal Charter, with charity number 212808.
This Policy sets out the basis on which any personal data we (JCST) collect from you, or that you provide to us, will be used or processed by us.
As part of our operations, we deal with information relating to individuals. The RCS Data Protection Officer can be contacted on firstname.lastname@example.org
1.1 We deal with information relating to our Surgical Trainees and Applicants
1.1.1 We deal with information relating to surgical trainees for assessments for the purpose of monitoring those assessments. We do this because we have a contract with those surgical trainees and need to use the information for the purposes of that contract. The information we deal with may include (for example) GMC number (or other medical number), contact details, details about surgical trainees and their history and experience, details relating to equality and diversity (although we deal with this because we have a legal obligation to do so or because it is in our legitimate interests to make a reasonable adjustment or allowance for these reasons) and details relating to exams. (Please note that for some exam results we deal with information about these because we are undertaking a public task. Also, for some information we also share responsibility with the General Medical Council, other relevant professional bodies, or with the other three Surgical Royal Colleges through the intercollegiate committees.)
1.1.2 We deal with information relating to Surgical Trainees for the purpose of Recommending for Certification & Reporting and Research purposes. We do this because it is necessary as we are carrying out a task in the public interest. The information we deal with may include (for example) GMC numbers (or other medical number) contact details, gender, CV details, assessments (RITAs, ARCPs, Trainee Assessment Forms, Training Post Assessment Forms, other forms of assessment), details of certifications and education. Please note that for some of this information where relevant we share responsibility for it with the General Medical Council, General Dental Council, Medical Council in Ireland and other relevant professional bodies.
1.1.3 We deal with information relating to Applicants for the purpose of staff recruitment. We do this because it is necessary for a contract we have with each of these people. The information we deal with may include (for example) contact and identification details and CVs.
1.2 We deal with information relating to our Service Users
1.2.1 We deal with information relating to ISCP users with no surgical training records (dental trainees, SAS doctors, Deanery/LETB, etc.) for the purpose of Training management, Curriculum development, Quality Assurance & Reporting and Research. We do this because it is necessary for a contract we have with each of these people through the use of the ISCP tool. The information we deal with may include (for example) GMC numbers (or other medical number), contact and identification details, gender, CV details, assessments, details of training and exams.
1.2.2 We deal with information relating to our ISCP users with surgical training records (StR, SpR, Core, LAT etc.) for the purposes of Training management, Curriculum development, Quality Assurance & Reporting and Research purposes. We do this because of contractual obligations. The information we deal with may include (for example) GMC number (or other medical number), title and name, contact details, CV, examinations and training data (placements, Learning agreement, Out of Programme, leave, Workplace Based Assessments, Annual Review of Competence Progression (ARCP), Other evidence, etc.)
1.3 We deal with information relating to our Contacts
1.3.1 We deal with information relating to employees of an NHS Trust and employees of HEE and the Schools of Surgery to notify them about professional issues or about the JCST and we do this because it is in our mutual legitimate interests to inform them about the JCST, or to inform them about issues in the surgical profession which may have an impact on the individuals.
1.3.2 We deal with information relating to Medical directors and Clinical leaders, and Specialty Association communications contacts for the purpose of providing information relating to their role (where relevant) and to update them about professional issues. We do this because it is in our legitimate interests as we need to work with these individuals, to conduct JCST-related activity with them and it is in our mutual legitimate interests to be updated about professional issues. The information we deal with may include (for example) contact details and details of each individual’s interaction with the JCST.
1.3.3 We deal with information relating to our Committee/Group members & TPDs, Heads of School, Deaneries/LETBs, Specialty Associations, Health Education Authorities, Medical & Dental Councils, Trainee Associations, Colleges & Local Education Providers for the purposes of Training Management, Training system & Curriculum development, Quality Assurance and CESR Evaluation. We do this because of contractual obligations. The information we deal with may include (for example) GMC number (or other medical number) title and name, contact details, training roles and tenure, and specialty.
1.3.4 We deal with information relating to applicants for the purposes of Recommendation for Certification - CESR & Reporting. We do this in the public interest. The information we deal with may include (for example) GMC number (or other medical number), Name, Primary Qualification and CESR Evaluation & Recommendation.
1.3.5 We deal with information relating to our JCST Administrators for the purposes of ISCP Helpdesk and Administration. We do this because of contractual obligations. The information we deal with may include (for example) title and name and contact details.
2 Transferring Information Outside the European Economic Area (EEA)
In some circumstances your information may be transferred outside the EEA. This is usually where we are providing a service you have applied for where delivery is outside of the EEA. The countries we transfer information to may not have similar data protection laws as in the UK. If you are applying for, or helping us deliver, a service delivered outside of the EEA, you are agreeing to this transfer of data.
If we transfer your information outside of the EEA, we will take steps to ensure your data is secure. We work with trusted service providers, and require them to hold information securely and confidentially.
3 Your Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal information, as summarised below.
You have the right to:
3.1 Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
3.2 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
3.3 Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
3.4 Object to processing of your personal information where we are relying on a legitimate interest (of our own or of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
3.5 Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
3.6 Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
3.7 Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact the RCS DPO at email@example.com. We aim to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive - alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
4 Your right to lodge a complaint with the ICO
If you feel that we have not handled information relating to you properly, or if you have contacted us about how we use that information and are unhappy with our response, you have the right to lodge a complaint with the Information Commissioner’s Office.
By phone: 0303 123 1113
This cookies policy only covers the Website of the Joint Committee on Surgical Training at www.jcst.org.
Links within this site to websites of other organisations are not covered by this policy.
Definition of a cookie
JCST website cookies
Purpose: stores an authentication token, used to recognise a user has logged into the website
Third party cookies
The JCST makes use of the Google Analytics service to record anonymous information about visitors to the website. This information is used to gauge the effectiveness of the content, layout and navigation. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. We do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are. We do not allow Google to use or share our analytics data.
Name: Cookies beginning with '_utm'