We are the Intercollegiate Committee on Basic Surgical Training (ICBSE), an intercollegiate body of the four surgical Royal Colleges of the United Kingdom and Ireland, managed and administered by the Royal College of Surgeons of England (RCS), a charity established by Royal Charter, with charity number 212808
This Policy sets out the basis on which any personal data we (ICBSE) collect from you, or that you provide to us, will be used or processed by us.
As part of our operations, we deal with information relating to individuals. Our Data Protection Officer can be contacted on firstname.lastname@example.org
1.1. We deal with information relating to examination candidates for the purposes of candidate application forms. We do this because of contractual obligation. The information we deal with may include (for example) contact details, exam history, medical qualification, and training level.
1.2. We deal with information relating to examination candidates for the purposes of candidate results data (by candidate number). We do this in the public interest. The information we deal with may include (for example) results and performance feedback
1.3. We deal with information relating to examination candidates for the purposes of a reasonable adjustment register. We do this because of legitimate interest of the candidate. The information we deal with may include (for example) dyslexia and hidden disability reports.
1.4. We deal with information relating to MRCS Examiners for the purposes of examiner feedback. We do this in the public interest. The information we deal with may include (for example) marking and examination performance details.
1.5. We deal with information relating to MRCS and DO-HNS examiners for the purposes of examiner applications and training. We do this because of contractual obligation. The information we deal with may include (for example) contact details, education, employment history, training records and referee's details.
2. Transferring Information Outside the European Economic Area (EEA)
In some circumstances your information may be transferred outside the EEA. This is usually where we are providing a service you have applied for where delivery is outside of the EEA, such as an exam or a course. The countries we transfer information to may not have similar data protection laws as in the UK. If you are applying for, or helping us deliver, a service delivered outside of the EEA, you are agreeing to this transfer of data.
If we transfer your information outside of the EEA, we will take steps to ensure your data is secure. We work with trusted service providers, and require them to hold information securely and confidentially.
3. Your Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal information, as summarised below.
You have the right to:
3.1. Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
3.2. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
3.3. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
3.4. Object to processing of your personal information where we are relying on a legitimate interest (of our own or of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
3.5. Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
3.6. Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
3.7. Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact our DPO at email@example.com. We aim to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive - alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
3 Your right to lodge a complaint with the ICO
If you feel that we have not handled information relating to you properly, or if you have contacted us about how we use that information and are unhappy with our response, you have the right to lodge a complaint with the Information Commissioner’s Office.
By phone: 0303 123 1113
Definition of a cookie
ICBSE website cookies
Purpose: stores an authentication token, used to recognise a user has logged into the website
Third party cookies
The ICBSE makes use of the Google Analytics service to record anonymous information about visitors to the website. This information is used to gauge the effectiveness of the content, layout and navigation. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. We do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are. We do not allow Google to use or share our analytics data.
Name: Cookies beginning with '_utm'