Thanks for visiting the European Society of Coloproctology's website. ESCP is keen to wholly comply with EU General Data Protection Regulation (GDPR); that along with our values and principles support our willing of good practice. Please take some time to familiarise yourself with our privacy notice below. If you have any queries about it,
Contents
- Introduction
- Who we are
- Information we collect
- When do we collect your personal data?
- Personally identifiable information you choose to provide
- Why do we collect this information?
- We use your personal data in the following ways
- How we use your personal data and why
- Legal basis for processing your personal data
- Who we share your information with
- Information about doctors and other medical practitioners (including trainees on our courses)
- How we use sensitive personal information
- Automated decision-making
- Security
- Where is your data stored?
- How long do we keep hold of your information?
- Your rights
- Changes to our privacy notice
- Contacting the Regulator
- Any questions?
1) Introduction
When you interact with us, you are trusting us with your personal data. We understand that this is a big responsibility and we work hard to protect your personal data and put you in control. This Privacy Notice is meant to help you understand what personal data we collect or generate. It also explains why we collect your personal data, how you can update, manage, export and delete your personal data, what choices you have relating to your personal data and how you can contact us.
'Personal Data' is data that can be used to identify you, directly or indirectly, alone or together with other information. ESCP collects, uses, discloses and processes Personal Data as outlined in this Privacy Notice, including to operate and improve the services and our business; for education, training, advertising and marketing.
2) Who we are
We are European Society of Coloproctology, a company limited by guarantee under company number SC205553 and a registered charity under number SC029997, and with our registered office at c/o Lindsays, Caledonian Exchange,19A Canning Street, Edinburgh EH3 8HE UK (referred to in this Privacy Notice as 'ESCP', 'we', 'us' or 'our'). We are the data controller and we may interact with other data controllers and data processors. When we do so, we act as an independent data controller and not a joint data controller.
3) Information we collect
- Bank account details, payroll records and tax status information;
- CCTV footage and other information obtained through electronic means;
- Compensation history;
- Contact details, including name, email, telephone number and address;
- Copy of driving licence;
- Date of birth;
- Details of any criminal convictions;
- Disciplinary and grievance information;
- Employment records (including job titles, work history, working hours, holidays, training records and professional memberships);
- Financial personal data including account details for direct debits;
- Gender, occupation;
- Information about your use of our information and communications systems;
- Leaving date and your reason for leaving;
- Location of employment or workplace;
- Login and account information, including screen name, password and unique user ID;
- Marital status and dependants;
- National insurance number;
- Next of kin and emergency contact information;
- Payment or credit card information;
- Performance information;
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
- Personal details including your gender identity, your sexual orientation, your age, date of birth, and ethnicity, vaccinations, and your use of medication, food supplements and vitamins;
- Personal preferences including your marketing and cookie preferences;
- Photographs;
- Recreational activities or sports;
- Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process);
- Results of HMRC employment status check, details of your interest in and connection with the intermediary through which your services are supplied;
- Qualification information (including rights to practise) and details of your professional affiliations
- Salary, annual leave, pension and benefits information;
- Special categories of personal data;
- Start date and, if different, the date of your continuous employment;
4) When do we collect your personal data?
- When you become a member of ESCP, purchase services or select and participate in ESCP activities, such as education, training, research activities;
- When you create an account with us to use specific sections of the websites;
- When you engage with us on social media;
- When you download or install one of our apps;
- When you contact us by any means with queries, complaints etc;
- When you ask one of our staff to email you information about a product or service;
- When you apply for a fellowship;
- When you choose to complete any surveys we send you. Much of our research work requires anonymous participation but some pieces of work request that you identify yourself if you wish;
- When you comment on or review our products and services;
- Any individual may access personal data related to them, including opinions. So, if your comment or review includes information about a member who provided that service, it may be passed on to them;
- When you fill in any forms such as to book an event, register for a course, apply for membership or complete a Staying in Touch form;
- When you've given a third party permission to share with us the information they hold about you, such as when you book to attend the ESCP events and training and give your consent for your information to be passed to us;
- When our suppliers and partners share information with us about the services you have purchased or activities you have been involved in;
- When you use our offices or chosen venues, which often have CCTV, systems operated for the security of both customers and staff. These systems may record your image during your visit.
5) Personal identifiable information you choose to provide
We may ask for certain personal information from you for providing to you content and/or services that you request. For example:
- You may provide us with details about yourself so that we can send you information about our services. This includes information such as name, phone number, email address, etc. provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services.
- If you wish to purchase a membership of the ESCP through our site, you may need to provide us with information so that we can complete that transaction, including your debit or credit card information.
- You may be asked to disclose personal information to us so that we can provide assistance and information to you. For example, we may collect personal information from you (such as an e-mail address, system information and problem descriptions) in order to provide online technical support and troubleshooting.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them. Participation in surveys and consultations is voluntary and you will have the option to choose which of your individual data you agree to be disclosed and/or published if the case; or you might want to choose to participate / contribute but to be published as an anonymous opinion.
- Most of the personal data we collect is provided to us directly by you. We use this data to provide you with our services as per our Terms and for our own legitimate business reasons.
- Aside from data we collect directly from you, we collect your personal data in a number of ways, including:
- When you provide us feedback or contact us for support;
- When you register for an account or interact with our services;
- When you share training and activity data with us or use our services that collect or infer such data;
- When you communicate with us or sign up for promotional materials;
- When you participate in special activities, offers, or programs;
- When you engage with our online partners, communities or advertising;
- When you access third party products and services;
- When you connect with us through social media;
- When your progress and training record are monitored;
- When you participate in examinations and testing;
- When we collect data from third parties or publicly available sources;
- When we comply with legal requirements, law enforcement and for public safety purposes; and
- When you participate in a survey.
Sometimes if you fail to provide us with this information, it may impact on our ability to provide our services to you (eg if you fail to provide us with information relating to a course you are taking, we may not be able to properly assess your progress in that course).
6) Why do we collect this information?
We use your personal information you submitted to enable us to supply you with the information and services you have requested. We will contact you by post, telephone, social media or e-mail to send you details of our services that you have asked, having the right of specify the way of being contacted in the future or withdraw your query at any time by contacting us.
7) We use your personal data in the following ways
- To identify you: To identify you as a user of our services.
- To provide the features of the website, any App we provide and services you request: When you use our website and any App we may provide, we will use your personal data to provide the requested product or service. For example, if you participate in an event or promotion, we will use the contact information you give us to communicate with you
- To communicate information about our services, website and App and for other promotional purposes: If required, we will ask for your consent to send you marketing communications and news concerning ESCP's products, services, events and other promotions. You can opt-out at any time after you have given your consent. If you are an existing subscriber or member of ESCP (for example, you have created an account on the App), we may use the contact details you provided to send you marketing communications about similar ESCP products or services where permitted by applicable law. We may use your personal data that you provide to us to personalise communications on products and services that may be interesting to you. Marketing and advertising material provided by ESCP may appear within any App we provide, on our website, on Apps owned by third parties, or on websites controlled by third parties. The marketing and advertising may relate to ESCP's services, or any affiliated third party.
- To operate, improve and maintain our organisation and services; we use the personal data you provide to us to operate our organisation. For example, we may use personal data about how you use our services to enhance your user experience and to help us diagnose technical and service problems and administer our website and App or we may use the data to assist in our operation of events or training courses.
- To protect our rights or safety; we may also use your personal data about how you use our website and any App to prevent or detect fraud, abuse, illegal use, violations of our Terms, and to comply with court orders, governmental requests or applicable law.
For the same reasons, we may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalised service. Some of the cookies we use are essential for the site to operate.
Cookies are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Cookie | Name | Purpose |
---|---|---|
escp.eu.com | htmltemplate | If you register with us or complete our online forms, we will use cookies to remember your details during your current visit, and any future visits provided the cookie was not deleted in the interim. |
Please note that our advertisers may also use cookies, over which we have no control.
You block cookies by activating the setting on your browser, which allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be to access all or parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon you visit our site.
Except for essential cookies, all cookies will normally expire after 7 days.
8) How we use your personal data and why
We use information held about you in the following ways:
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you have requested from us and where you have previously consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered into between you and us. To allow you to participate in interactive features of our service, when you choose to do so. To notify you about changes to our service.
- To process any orders that you make by using our websites, apps or at an event. If we do not collect your personal data during checkout, we won't be able to process your order and comply with our legal obligations. For example, your details may need to be passed to a third party to supply or deliver the product or service that you ordered, and we may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds and so on.
- To respond to your queries, refund requests and complaints. Handling the information you sent enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this based on our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
- To protect our organisation and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We will also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We will do all of this as part of our legitimate interest. For example, by checking your password when you login and using automated monitoring of IP addresses to identify possible fraudulent log-ins from unexpected locations.
- To protect our members, premises, assets and staff from crime, we may operate CCTV systems in our offices and chosen venues, which record images for security. We do this based on our legitimate business interests. Where you attend an event at a chosen venue such as a hotel or conference centre, they will have their own Privacy Notices, which we cannot influence.
- To process payments and to prevent fraudulent transactions. We do this based on our legitimate business interests. This also helps to protect our members from fraud. If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim is to protect the individuals we interact with from criminal activities. With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, web, text, telephone and through our contact centres about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on
- You are free to opt out of hearing from us via any of these channels at any time.
- To send you relevant, personalised communications by post in relation to updates offers, services and products. We'll do this on the basis of our legitimate business interest
- You can opt out of hearing from us by post at any time.
- To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, product recall notices, and legally required information relating to your membership or orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations
- To display the most interesting content to you on our websites or any apps we make available. We do so on the basis of your consent to receive app notifications and/or for our website to place cookies or similar technology on your device. For example, we might display a list of items you've recently looked at, or offer you recommendations based on your interactions with us and any other data you've shared with us
- To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering
- To develop, test and improve the systems, services and products we provide to you. We will do this based on our legitimate business interests. For example, we'll record your browser's Session ID to help us understand more when you leave us online feedback about any problems you're having
- To comply with our contractual or legal obligations to share data with law enforcement
- To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you
- (unless required as a fundamental part of any service or offering we are providing to you (such as a training course) and in such circumstances we are processing this data to fulfil a contract with you) You are free to opt out of receiving these requests from us at any time by [updating your preferences in your online account].
- For example, by combining this data, this will help us personalise your experience and decide which inspiration or content to share with you. We also use anonymised data from transactions or enquiries to identify trends in different areas of the country
- To process your event attendance requests. Sometimes, we will need to share your details with a third party who is providing a service (such as the venue for health and safety reasons). We do so to maintain our arrangement with you. Without sharing your personal data, we would be unable to fulfil your request.
- We need all the categories of information in the list above primarily to allow us to either:
- Perform our contract with you;
- To enable us to comply with legal obligations; and
- In some cases, we may use your personal information to pursue legitimate interests (provided your interests and fundamental rights do not override those interests).
- Some of the above grounds for processing will overlap and there may be several grounds, which justify our use of your personal information.
9) Legal basis for processing your personal data
As a Data Controller, we process the personal data in accordance with this privacy notice.
We collect and process your personal data for a variety of purposes outlined in this privacy notice. In certain cases, separate consent is not required, including:
- The performance of a contract. To perform our contractual obligations to you, including account registration, and contacting you in relation to our services.
- To meet legal obligations. To comply with laws, regulations, court orders, or other legal obligations or to assist in an investigation.
- For legitimate interests. To operate our organisation and provide the services to you, except where your rights and freedoms override our legitimate interest. For example, we may process based on legitimate interest when communicating with you regarding our services, including to provide you with important updates regarding changes to our Terms, or in order to respond to your requests. We may also rely on legitimate interest in order to improve and develop our services and your experience, or to send you a survey request.
Consent:
- In some cases, we will ask for your consent to process your personal data. You may indicate your consent in a number of ways, including, as permitted by law, ticking a box (or equivalent action) to indicate your consent when (i) providing us with your personal data through our services or a form (including enrolling in promotions); or (ii) registering or creating an account with us.
- We may request your consent to contact you by telephone or email or SMS/text message about other offers, products or services we think may be of interest to you.
- We may also request your consent when processing sensitive personal data, such as medical information or health data.
- We may require this data to provide services to you. If you choose not to provide sensitive personal data, certain services may be unavailable.
10) Who we share your information with
We may disclose your personal information to any member of our group, which means any subsidiaries, or ultimate holding company and its subsidiaries, (which we define using section 1159 of the UK Companies Act 2006).
We may disclose your personal information to third parties:
- If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our terms of use or Member Network ESCP Rules or Acceptable Use Policy and other agreements; or to protect the rights, property, or safety of the European Society of Coloproctology, our members, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets.
- If we or substantially all of our assets are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets.
- We sometimes share your personal data with trusted third parties.
- For example, delivery couriers, exhibitors, partners who provide a membership-based service, for fraud management, to handle complaints, to help us personalise our offers to you and so on.
- Examples of the kind of third parties we work with are:
- Members or consultants who assist in the performance of our services;
- IT companies or our partners who support our website and other business systems;
- Our event management and secretariat service provider;
- Operational companies such as delivery couriers;
- Direct marketing companies who help us manage our electronic communications with you
- Google/Facebook to show you products that might interest you while you're browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites;
- Data insight companies to ensure your details are up to date and accurate;
- Sharing your data with third parties for their own purposes. We will only do this in very specific circumstances, for example:
- With your consent, given at the time you supply your personal data, we may pass that data to a third party fraud management company. We may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
- We may also disclose your personal data to the police or other enforcement, regulatory or Government body when we believe such disclosure is appropriate to comply with the law. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
- We may, from time to time, expand, reduce or evolve the ESCP and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
11) Information about doctors and other medical practitioners (including trainees on our courses)
We hold information about doctors who are registered with us. We also hold information about doctors who apply for registration, and doctors who are no longer registered.
For registration purposes, we hold information about a doctor's nationality, qualifications, employment history, and other relevant evidence in support of their application for registration.
We hold data about doctors' health and criminal convictions if they have told us this information as part of their application.
When a doctor applies for registration as an international medical graduate we verify their primary medical qualification and, if appropriate, their post graduate qualification. The verification process can be out on our behalf by an external organisation and may require data to be transferred outside the European Economic Area. We are provided with confirmation of the verification, or with information about any concerns raised through the process.
We may hold information about fitness to practise incidents which take place while a trainee is undertaking our courses.
Where you participate in one of our courses, we will keep information as to your progress on such course and any results that you achieve.
- How we share information about doctors and medical practitioners
- We may be required to make some of this information publicly available on the medical register. Organisations can subscribe to download the medical register; these details are the same as those on the online medical register and do not contain doctors' contact details.
- We may share non-public registration information with relevant third parties when it is necessary to assist them with their functions or legitimate interests. Third parties include governmental health departments, employers, designated bodies, responsible officers, suitable persons and other bodies where appropriate. This information includes date of birth, photograph, passport details, registered email address, registered address and may include whether a doctor is being investigated under our fitness to practise procedures.
- Where you participate in our training courses, you acknowledge that we may share information as to your progress on such course with your sponsoring institution.
- Fitness to practise investigations and sanctions information
- Why we hold it
- We may be required under relevant legislation to investigate fitness to practise concerns.
- If a patient raises a concern about a doctor with us, we may provide or usethe information provided to investigate those concerns.
- Legislation may also require us to share information about fitness to practise investigations with employers and governmental health departments.
- What we may hold
- We may hold information about fitness to practise concerns, investigations of concerns, records of hearings, and records of the outcome of our investigations, including sanctions and warnings.
- We will hold information relating to the progress on courses that we have provided.
- We may hold information about patients, including medical records, where it has been provided as part of a complaint or is necessary for our investigation.
- We may hold information about doctors' health and criminal convictions where it is relevant to the concern that we are considering.
- We have the power to require the disclosure of medical records if necessary.
- How we share it
- We may be required by law to share details of an investigation with the doctor concerned and their employer.
- During an investigation, we may disclose details of the investigation to other organisations or individuals where it is necessary for us to carry out our statutory functions.
- All fitness to practise sanctions are published on a doctor's record on the online medical register.
- We may (where we are required to) share information about recent sanctions with bodies in the UK and abroad who have a legitimate or statutory interest in this information.
- Why we hold it
12) How we use sensitive personal information
'Special categories' of particularly sensitive personal information, such as information about your health, racial or ethnic origin, sexual orientation or trade union membership, require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
- In limited circumstances, with your explicit written consent.
- Where we need to carry out our legal obligations or exercise rights in connection with employment.
- Where it is needed in the public interest, such as for equal opportunities monitoring.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.
We do not normally collect special category personal data.
13) Automated decision-making
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:
- Where we have notified you of the decision and given you 21 days to request a reconsideration.
- Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
- In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.
If we make an automated decision based on any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest, and we must put in place appropriate measures to safeguard your rights.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes
14) Security
ESCP takes steps to help protect your personal data from unauthorized access, use, or disclosure, including a variety of technical and organisational security measures, including encryption and authentication tools. That said, no method of transmission over the Internet, or method of electronic storage, is fully secure, and ESCP cannot guarantee the security of your personal data. In the event that we are required by law to inform you of any unauthorized access to your personal data, we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this privacy notice. However, no system and no data transmission over the internet can be guaranteed to be completely secure.
15) Where is your data stored?
Your data is held either in the UK or within the European Economic Area.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
16) How long do we keep hold of your information?
We will retain your data whilst we process your query, requested information, until after the services that you have required/chosen to receive from us; or after the event (debrief) or service has been finalised or expired; complying always with the financial requirements that are established by law. However, you have the right to withdraw consent at any time, to make the request of being forgotten or having your individual data deleted from our records.
17) Your rights
ESCP Secretariat is registered with the Information Commissioner's Office (ICO) since 2006. Under the Data Protection Act 1998, the UK Data Protection Act 2018 and the European Union General Data Protection Regulation (GDPR), you have more control over the use of your data and rights which you can exercise as individual regarding the information that we hold about you.
An overview of your different rights:
- You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases
- The correction of your personal data when incorrect, out of date or incomplete. For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end
- That we stop using your personal data for direct marketing (either through specific channels, or all channels)
- That we stop any consent-based processing of your personal data after you withdraw that consent
- Review by a member of staff of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).
- Your right to withdraw consent
- Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
- Where we rely on our legitimate interest
- In cases where we are processing your personal data based on our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
- Direct marketing
- You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Confirming your identity:
- To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice, or indeed to draw on your benefits of membership to ensure that we are talking to whom we should be talking to. If you have authorised a third party such as your practice manager to submit a request on your behalf, we will ask them to prove they have your permission to act.
18) Changes to our privacy notice
From time to time, we may change this privacy notice.
Our site may, from time to time, contain links to and from the websites of partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
19) Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office.
- You can contact them by calling 0303 123 1113.
- Or go online to www.ico.org.uk/concerns
- If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
20) Any questions?
This Privacy Notice has been written to set out the way we handle your personal data and your rights to control it.
If you have any questions you have not found the answer to above, please contact our Data Protection Officer who will be pleased to help you.
We are committed to working with you and answer any question or address any issue you may have about your privacy. At any time, you may ask us to correct or update any of your data.
If you need further information on how your individual data is used, or how we maintain the security of it, please contact us by email:
ESCP Secretariat - Data Protection Compliance
c/o Lindsays, Caledonian Exchange
19a Canning Street, Edinburgh EH3 8HE
United Kingdom
Last reviewed: June 2021