2. How we define personal information (personal data)
‘Personal data’ means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other data that is likely to come into our possession. This may be, for example, a name, address, phone number, email address or even an IP address. It does not include anonymised data. This policy applies to all personal data, whether it is stored electronically, on paper or on other materials. We will comply with the lawful basis processing requirements under Article 6 of the GDPR.
3. How we define sensitive personal data (Special Category Data)
Special categories of personal data are those which contain information about your:
- race or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic or biometric data
- health, and/or
- sex life and sexual orientation
We recognise the need for stronger protections in terms of storage and retention of sensitive personal data.
When processing sensitive personal data, we will comply with the lawful basis for processing requirements for sensitive personal data under the GDPR.
4. How long we hold personal data for
We will only retain personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. This means that we may keep your personal data after a particular matter or exchange has concluded, for record-keeping purposes, and to be able to respond to queries. If you would like more information on our retention policy for your particular matter then please contact us.
5. Types of data we collect / what we use it for
6. How do we collect your data?
We collect your personal data in a number of ways. The collection of your information depends on your relationship with the RCVS and with VN Futures.
When you give it to us directly
As a registered veterinary surgeon, veterinary nurse or member of the public, you may give us your personal data/sensitive personal data, in order to discuss a personal issue with us, to participate in activities of VN Futures or to take part in surveys.
When you use our websites and designated products
When you connect with us on social media
We use several social media sites and applications (e.g. Twitter and Instagram) to raise awareness on our work and promote good mental health and wellbeing. Your use of these sites and applications will be subject to each one’s terms and conditions. Please read their privacy and cookie notices carefully and ensure you are happy with how your information is being used by those sites.
7. Disclosing your details to third parties
We are strongly committed to keeping any information you share with our team strictly confidential. We deal with third-party processors in order to fulfil functions. We seek to use service providers who are able to provide appropriate data privacy and security standards. There are certain circumstances under which we may disclose your personal information to third parties, which are as follows: • We will only disclose personal data to our service providers who process data on our behalf and on our instructions. • Where we are under a duty to disclose and if asked to do so by the police or other authority investigating suspected illegal activities. • If any of your personal data/personal sensitive data is to be transferred to another country outside of the EU/EEA, we will ensure that suitable safeguards are in place before personal data is shared. We will not transfer, process or store your data anywhere that is outside of the European Economic Area unless we have a contractual agreement in place that is of an equivalent standard to GDPR. We do not sell personal details to third parties for any purpose.
8. Security of your personal data
We place the highest importance on the securing of your personal data. We employ industry-leading approaches to secure your digital (files and database entries) data. For cyber security reasons we do not publicly disclose the exact nature of the methods / techniques we use to secure your data. We make every effort to protect our databases against loss, theft, unauthorised access, disclosure, copying, unauthorised use or modification. The RCVS/VN Futures only allows those of its employees who require access to such information in order to fulfil their duties; not every member or employee of the RCVS has or can have access to our databases or members’ personal data. For security purposes we use software programs to monitor traffic to identify unauthorised attempts to upload or change personal data, to screen our system for viruses, or otherwise cause damage to our database. In addition to a broad range of cyber security provision, across all our systems and information stores, certain sections of our web sites and web applications encrypt your data in transit using SSL and comparable encryption standards. However, no data transmission over the Internet can be guaranteed to be totally secure. As a result, whilst we strive to protect your personal information, we cannot ensure or warrant the security of any information which you send to us, and so you do so at your own risk. When we outsource any processes, we require the third-party supplier to have appropriate security measures in place and be compliant with the GDPR principles. We require all third parties to respect the privacy of your personal data and to treat it in accordance with the law. Third-party service providers should process your personal data for specified purposes and in accordance with our instructions and should not use your personal data for their own purposes.
9. Your Legal Rights
The General Data Protection Regulation provides certain rights for individuals. Please note that you may only use/benefit from these in defined circumstances. For more information you can check the ICO website or contact us using the details in section 10 of this policy. We are committed to upholding those rights, which are as follows.
Request access to your personal data
You have a right to request a copy of the personal data that we hold about you. Please use the contact details at the end of this policy if you would like to exercise this right also please view our Access to Information Policy for further guidance.
Request correction of your personal data
You have the right to request that we correct the personal data we hold about you, although we may verify the accuracy of the new information you provide to us.
Request ‘erasure’ of your personal data (The right to be forgotten)
You have the right to request that we delete or remove personal data where there is no good reason for us continuing to process it. Please note that we may not always be able to comply with your request for erasure if there are specific legal reasons. These reasons will be conveyed when the application is made and assessed.
Object to processing of your personal data
You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
Right to withdraw consent
In circumstances where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide services to you. We will advise you if this is the case at the time you withdraw your consent.
Right to data portability
In certain circumstances, we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated data which you initially provided consent for us to use or where we used the data to perform a contract with you.
If you have any queries or concerns then please contact us. If you are unhappy with the way in which we have handled your personal data. Please contact us at: Ms Eleanor Ferguson Registrar Royal College of Veterinary Surgeons Belgravia House 62-64 Horseferry Road London SW1P 2AF T 020 7222 2001 F 020 7202 0740 www.rcvs.org.uk You are entitled to make a complaint to the ICO for further information please visit the ICO website.
The information on this page was last updated on Wednesday, 20 May 2020.