Privacy and cookies
GMC privacy notice
The aim of this privacy notice is to help you to understand how we use personal data. This is an overview of how we use information but we also provide more detailed information if it is appropriate, for example when we collect data.
We take our responsibilities as a data controller very seriously and are committed to keeping information secure. We are accredited to international information security standards and protect our IT infrastructure in line with industry standards and good practice.
Registration information
Why we hold it
We are required under legislation, including the Medical Act 1983, to maintain registers of medical practitioners. We are responsible for making sure that doctors on the registers are suitably qualified.
We hold contact information so that we can contact doctors about their registration, annual retention fee payment and fitness to practise investigations. We also contact registered doctors with relevant news, such as new guidance.
What we hold
We hold information about doctors who are registered with us. We also hold information about doctors who apply for registration, and doctors who are no longer registered.
For registration purposes we hold information about a doctor’s nationality, qualifications, employment history, and other relevant evidence in support of their application for registration.
We hold data about doctors’ health and criminal convictions if they have told us this information as part of their application.
When a doctor applies for registration as an international medical graduate we verify their primary medical qualification and, if appropriate, their post graduate qualification. The verification process is carried out on our behalf by an external organisation and may require data to be transferred outside the European Economic Area. We are provided with confirmation of the verification, or with information about any concerns raised through the process.
If a doctor has undergone any Professional and Linguistic Assessments Board (PLAB) test, we will hold information about their assessment history and scores.
We hold contact information about doctors, and depending on how they pay their Annual Retention Fee we also hold bank account or credit card information.
We hold information about fitness to practise incidents which take place while a student is at a UK medical school. This information is provided by students and universities when the student is applying for provisional registration.
How we share it
We are required to make some of this information publicly available on the medical register. Organisations can subscribe to download the medical register; these details are the same as those on the online medical register and do not contain doctors' contact details.
We share non-public registration information with relevant third parties when it is necessary to assist them with their functions or legitimate interests. Third parties include UK health departments, employers, designated bodies, responsible officers, suitable persons and other bodies where appropriate. This information includes date of birth, photograph, passport details, registered email address, registered address and whether a doctor is being investigated under our fitness to practise procedures.
You can find more information about how we publish registration information, in our Registration and revalidation publication and disclosure policy.
Fitness to practise investigations and sanctions information
Why we hold it
We are required under the Medical Act 1983 to investigate fitness to practise concerns.
If you raise a concern about a doctor with us, we will use the information you provide to investigate those concerns. We detail how we use this information in How we use your information when considering concerns.
The Medical Act also requires us to share information about fitness to practise investigations with employers and the Department of Health.
What we hold
We hold information about fitness to practise concerns, investigations of concerns, records of hearings, and records of the outcome of our investigations, including sanctions and warnings.
We hold information about patients, including medical records, where it has been provided as part of a complaint or is necessary for our investigation.
We hold information about doctors’ health and criminal convictions where it is relevant to the concern that we’re considering.
We have the power to require the disclosure of medical records if necessary.
How we share it
We are required by law to share details of an investigation with the doctor concerned and their employer.
During an investigation we may disclose details of the investigation to other organisations or individuals where it is necessary for us to carry out our statutory functions.
All fitness to practise sanctions are published on a doctor’s record on the online medical register. Further information about hearings and sanctions issued by a tribunal is published on the MPTS website. You can find further information about warnings and undertakings issued by case examiners on our website. You can find more information about how we publish fitness to practise information, including relevant time periods, in our Fitness to practise publication and disclosure policy.
We disclose tribunal hearing bundles to the Disclosure and Barring Service in line with our duties under the Safeguarding Children and Vulnerable Groups Act 2006.
We share information about recent sanctions with bodies in the UK and abroad who have a legitimate or statutory interest in this information.
Research
Why we hold it
We conduct and commission research on a range of topics to support our regulatory functions related to registration, fitness to practise, and medical education and training. We generate statistical data based on the information we hold, for example GMC Data Explorer.
We use data profiling to help us understand more about the types of doctor more likely to have fitness to practise issues. This includes using the GMC’s own data about registered doctors and fitness to practise investigations, and may also include data obtained from third parties. Profiling is not used to make automated decisions about a doctor’s registration or fitness to practise.
What we hold
The personal data which we use to carry out our regulatory functions can also be used for research which supports those functions. This includes demographic information, employment and fitness to practise history, and details of complaints.
We obtain further data from third parties to enable research into medical education as part of the UKMED project. The data within UKMED are described in the UKMED data dictionary. The data providers include UCAS, Higher Education Statistical Authority, medical schools, Deaneries and the UK Foundation Programme Office. More information about the data we hold and how we use it us available on the UKMED website.
How we share it
We share personal data with researchers if it is necessary to do so. We only share what is necessary for the research, using secure methods.
Where possible we provide researchers with anonymised or pseudonymised data for research purposes. UKMED research data is always pseudonymised.
When we publish research or statistics we apply disclosure controls to make sure individuals can't be identified from the data.
National training surveys
Why we hold it
The Medical Act 1983 requires us to monitor and report on the standard of medical training in the UK. The survey helps us make sure that doctors in training receive high quality training in a safe and effective clinical environment and trainers are well supported in their role.
We also use the national training surveys to support research into medical training.
What we hold
On an annual basis we issue the national training surveys to doctors in training and their trainers. We hold the answers doctors give us about their experience of postgraduate training.
How we share it
We've published a confidentiality statement about national training surveys data that explains this in more detail.
GMC events
Why we hold it
We hold records of registration and attendance at GMC events. We hold information about registration and attendance so that we can contact attendees about their event. We also retain information so that we can verify past attendance and plan for future events. We also ask for dietary and access requirements where appropriate so that we can plan the event.
What we hold
We hold information about registrants and attendees at GMC events. This can include name, employment details, contact details, and any dietary and accessibility requirements.
Our delegate management system is operated by a third party acting under contract to the GMC, and they have access to this data where it is necessary for them to do so.
Consultations
We run consultations on a range of topics related to our regulatory functions. As part of the process we record the names and contact information of respondents, as well as their answers.
Why we hold it
We hold this information so that we can carry out research and analysis of the responses, and keep in touch with respondents about the outcome of the consultation. We ask respondents for their email addresses so that we can confirm registration on our consultation site, contact them if they forget their password and notify them of any upcoming consultations that are in line with their interests, where they have asked us to do so.
How we share it
At the end of the consultation process, we will publish reports explaining our findings and conclusions. We won’t include any personally identifiable information in these reports, but may include illustrative quotes from consultation responses. We may also provide responses to third parties for quality assurance or to approved research projects, which are anonymised before disclosure where possible.
Retention periods for personal data
Our records retention schedule explains how long we will keep personal data for.
GMC job site
Your rights
You have the right under data protection legislation to access and control the information we hold about you, although there are also exemptions from those rights. Below is information on your rights and details of what to do if you have a question.
Accessing your data
You're entitled to request a copy of the personal data we hold about you. To do this, you can email foi@gmc-uk.org. We will usually respond within one month, but if the request is complex or involves large amounts of data, this may take up to three months to respond.
There is usually no charge for making a request. But we have the right to request a fee if the request is unfounded or excessive.
In some cases we don't have to provide a copy of the data because an exemption applies. This is likely to be because:
- the data is also the personal data of another person and it would not be reasonable to disclose it to you without their consent
- disclosing the data would prejudice our regulatory functions, for example by making it difficult for us to conduct a fair fitness to practise investigation
- disclosing your data would impair research being conducted by or on behalf of the GMC.
Controlling how we use your data
You have the right under the General Data Protection Regulation to control how we use your data, by asking us to delete it or limit how we use it. To do this you can email dpo@gmc-uk.org.
But there are some exemptions we want you to be aware of. We don’t have to comply with a request to delete or stop using your personal data if, for example:
- we are legally required to use your personal data in a particular way.
- we are using your data to carry out our statutory functions, because there are strong public interest and patient safety grounds for us to process personal data which we need to carry out our role.
- we are processing your data for research purposes and deleting the data would impair our research objectives.
There are other exemptions which can apply in particular circumstances. If we don’t intend to comply with a request we will tell you why this is the case.
Our contact details
The data controller for the processing described in this policy is the General Medical Council. The Data Protection Officer is Andrew Ledgard. You can contact him by emailing dpo@gmc-uk.org.
Complaints
If you are unhappy about how we use your personal data, you have the right to complain to the Information Commissioner’s Office. You can find out more about this at www.ico.org.uk.
Cookies
You can change your cookie settings on our site at any time.
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example your computer or your mobile phone. These include small text files known as cookies. This helps us:
- make our website secure
- carry out our statutory functions efficiently
- make sure our website works well for you and make improvements
- remember your preferences where necessary
- gather anonymised information about the functioning of our website and campaigns. You can find out more about our use of analytics below
- personalise the website to display relevant content to you
- improve the guidance and materials available to you.
We are subject to the EC Privacy and Electronic Communications directive and UK GDPR which says we need to provide you with information on the cookies used on our website. If you like to find out more about how cookies work then please visit www.aboutcookies.org.
We’ve explained the cookies used by the GMC below.
Cookie types and duration
Strictly necessary: These cookies are essential for you to use our website by supporting technical features and anonymous statistics. They help you move around secure areas of the website, enable you to use our online forms and allow you to use things like web chat. These cookies never identify individual users and we do not allow them to be shared with anyone else.
Performance: These cookies are useful to see how you use our website and help us improve the performance of our website based on your needs. They help us remember the choices you make and make the website more relevant to you by giving you better functionality and personalised features. These cookies never identify individual users and we do not allow them to be shared with anyone else.
Marketing cookies: Most often used by third parties to target advertisements relevant to your preferences. You can opt out of the cookies we have control over by changing cookie settings on our site. We’ve explained how to opt out via the third parties where relevant in the table below.
First party cookies: These cookies are set by the website owner, here the GMC, and only we can read them.
Third-party cookies: These cookies are set by a third party and the GMC has limited control over them. We have turned these off where possible but we’ve explained in the table below how to opt out of these individually. If you click any links on our website connected to third party providers, YouTube and Soundcloud for example, you may have a cookie set by that third party. We cannot control this and by choosing to follow a third party link or service, you are accepting their terms and conditions. We have signposted this where possible.
Session cookies: These cookies last as long as your online session and will disappear after you’ve closed your browser (such as Safari, Firefox).
Persistent cookies: These cookies will remain on your device after you’ve closed your browser and last the length of time set by the cookie. We’ve explained the duration for each cookie in the table below. The GMC will use persistent cookies when we need to remember your preferences for your next visit.
Cookies set when visiting our website
Strictly necessary
| Name | What data is used and what does it do? | Who has access and how long does it last? |
|---|---|---|
| ASP.NET_SessionId | Used to store an anonymous unique identifier for your session. Essential for website functionality as allows information to be passed between our webpages. | Access: First party (GMC) Duration: Session |
| ASPsessionID | Unique identifier for your browser generated by the server to keep track of your current session state. | Access: First party (GMC) Duration: Session |
| __cfduid | Collects and anonymises your IP addresses. Helps Cloudflare to detect malicious visitors to our website and minimises blocking legitimate users. | Access: First party (GMC) Duration: 1 Month |
| _ga _ga_UA ¬gcl_au _gid |
Stores a Google Analytics anonymised unique randomly generated user ID to report statistics on all users’ interactions on our website. We use this information to compile reports which help us improve the website, create better resources and to help us measure the success of advertising and marketing campaigns. You can deactivate them by following Google’s advice or browser settings. | Access: First party (GMC) Duration: 15 months |
| LPSID-66387357 LPSessionID LPVID LPVisitorID lpUnifiedWindow- storage_expiration- 66387357_lzw2 |
Set by LivePerson to create a unique anonymous visitor ID anonymous. This adds the online chat functionality to our website so that we can communicate with you and respect our duties under the Equality Act 2010. | Access: First party (GMC) and third party (LivePerson) Duration: Some session and some 1 year |
| RequestVerificationToken __RequestVerificationToken_ L01lbnRhbF9DYXBhY2l0eV9mb G93Y2hhcnQ1 |
An anti-forgery cookie is set to make sure that a website request has come from your device and that you aren’t being impersonated. | Access: First party (GMC) Duration: Session |
Performance
| Name | What data is used and what does it do? | Who has access and how long does it last? |
|---|---|---|
| _hjid | Hotjar assigns you a unique ID to collect anonymous statistics about our users’ behaviour on our website and page usage. We use this information to compile reports which help us improve the website, create better resources and to help us measure the success of advertising and marketing campaigns. | Access: First party (GMC) Duration: Session |
| SC_ANALYTICS_GLOBAL_ COOKIE |
Sitecore stores a unique ID to identify returning users anonymously. This helps us personalise the website for your usage and recommend relevant content to help us fulfil our regulatory functions and improve your interaction with the GMC. | Access: First party (GMC) Duration: Session |
| sc_anonymous_id | Soundcloud sets this cookie when you press play to listen to one of our podcasts to allow audio files to play properly and report anonymous data to Soundcloud. We have no control over this cookie, please see the Soundcloud website for more details. | Access: Third Party (Soundcloud) Duration: 10 years |
Marketing and user experience cookies
| Name | What data is used and what does it do? | Who has access and how long does it last? |
|---|---|---|
| IDE test cookie |
Google use this cookie to display advertising to you across the web. We have no control over this cookie, please see Google's cookie website for more details. | Access: Third Party (Google) Duration: 2 years |
| YSC | Google sets this cookie to enable YouTube to track your views of YouTube videos. We have no control over this cookie, please see the Cookiepedia website for more details. | Access: Third Party (Google) Duration: Session |
| VISITOR_INFO1_LIVE | Google sets this cookie to enable YouTube to measure your bandwidth and determine if you are using a new or old interface. We have no control over this cookie, please see Cookiepedia website for more details. | Access: Third Party (Google) Duration: 6 months |
| GPS | Used by Google to enable YouTube to store location data. We have no control over this cookie, please see Cookiepedia website for more details. | Access: Third Party (Google) Duration: 30 minutes |
| AdNXS | Used by our marketing partner agency Creed to measure your interaction with some of our active campaigns. | Access: First Party (Creed on behalf of GMC) Duration: Active |
| NID | Used by Google when you interact with the ReCapcha tool to authenticate you as a human and avoid fraudulent use of our online forms. We have no control over this cookie, please see Google's website for more details. | Access: Third Party (Google) Duration: 6 weeks |
Cookies set when visiting GMC Connect and GMC Online
Strictly necessary
| Name | What data is used and what does it do? | Who has access and how long does it last? |
|---|---|---|
| ..AspNetCore.Cookies | Used to identify and maintain the B2C session. | Access: First party (GMC) Duration: Session |
| ef270529b84d369ff5b39af64d5d1df8 | Keeps track of when the session is due to end to issue a redirect on mobile device if user comes back in after cookie expiry. | Access: First party (GMC) Duration: 15 minutes |
|
GMCSignInUrlRedirect ResolveGMCSignInUrlRedirect |
Stores URL to redirect to after B2C sign in. Used to identify if we need to redirect the user after they’ve signed in, for example following a password reset. | Access: First party (GMC) Duration: 2 hours |
| JSESSIONID | Used for session management. | Access: First party (GMC) Duration: Session |
| OpenIdConnect.nonce. | Used to verify the B2C session and protect against replay attacks. | Access: First party (GMC) Duration: 15 minutes |
| _sn_ecustomer_enu | Used to identify and maintain the users Siebel GMC Online session | Access: First party (GMC) Duration: Session |
| _sn_gmcconnect_enu | Used to identify and maintain the users Siebel GMC Connect session | Access: First party (GMC) Duration: Session |
| x-ms-cpim-admin x-ms-cpim-cache:{id}_n x-ms-cpim-csrf x-ms-cpim-ctx x-ms-cpim-dc x-ms-cpim-rc x-ms-cpim-rp x-ms-cpim-slice x-ms-cpim-sso:{Id} x-ms-cpim-trans |
These cookies are set by Azure Active Directory B2C (Azure AD B2C). Azure AD B2C is an identity management service that enables our user sign up, sign in and profile management. We use this platform for our GMC Online and GMC Connect applications. More information about these Cookies can be found at Cookie definitions - Azure AD B2C . |
Access: First party (GMC) Duration: Session |
| ai_user ai_session |
Microsoft Application Insights assigns you a unique ID to collect statistical usage and telemetry information to help us improve performance and usability. | Access: First party (GMC) Duration: 1 day |
| _ga _gid _gat |
Stores a Google Analytics anonymised unique randomly generated user ID to report statistics on all users’ interactions on our website. We use this information to compile reports which help us improve the website, create better resources and to help us measure the success of advertising and marketing campaigns. You can deactivate them by following Google’s advice or browser settings. |
Access: First party (GMC) _ga duration: 2 years _gid duration: 24 hours _gat duration: 1 minute |
| _hjid | Hotjar assigns you a unique ID to collect anonymous statistics about our users’ behaviour. We use this information to compile reports which help us improve the service. | Access: first party (GMC) Duration: 365 days |
Cookies set when visiting Our recruitment website
| Name | Purpose | Cookie type |
|---|---|---|
| sessionid2965 | Allows user to select job alerts by email. | Session |
| lastaccesstime2965 | Captures date and time of visit. | Session |
| Ccp_user2965 | Captures candidate userid - only set if user registers to use the site and allows user to apply for jobs. | Session |
| Ccp_name2965 | Captures candidate name - only set if user registers to use the site and allows user to apply for jobs. | Session |
| Wedeputy_reg_username_3552 | Captures candidate username - only set if user registers to use the site and allows user to apply for jobs. | Session |
| Wedeputy_reg_email_3552 | Captures candidate email address - only set if user registers to use the site and allows user to apply for jobs. | Session |
| _utma, _utmb, utmc, _utmz | These are Google Analytics cookies used to collect information about which pages are popular and number of visitors to our site. The cookies collect information in an anonymous form. We use the information to compile reports and to help us improve the site. | Persistent |
| _hjClosedSurveyInvites, _hjDonePolls, _hjMinimizedPolls, _hjDoneTestersWidgets, _hjMinimizedTestersWidgets, _hjDoneSurveys, _hjIncludedInSample, _hjShownFeedbackMessage | These are Hotjar analytics cookies used to collect information on page usage. The cookies collect information in an anonymous form. We use the information to compile reports and to help us improve the site. | Persistent |
Alternatively, if you don’t want cookies to be stored on your devices, most browsers allow some control over cookies through your browser’s settings.
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer's website.
To opt out of being tracked by Google Analytics across all websites, visit Google Analytics opt-out
Please be aware that restricting cookies may affect the functionality of our websites.
Social media
We use several social media sites and applications to raise awareness of our work and promote good medical practice. Please note that your use of these sites will be subject to each one’s terms and conditions. Please read their privacy and cookie notices carefully and check your personal settings where appropriate to make sure you're happy with how your information will be used by the social media site. We don’t actively collect data you submit to any third party websites, but may collect aggregated information (that doesn’t identify you) to help us monitor access to our content.
Our website analytics and data
Google Analytics
We use Google Analytics to monitor site usage. For information on how to opt-out of tracking by Google products, please visit their safeguarding your data page.
As part of Google Analytics, we have enabled Google Advertising Features. These features allow us to view general aggregated demographic information about our users, such as age group, gender, interest categories, etc.
We also use cookies for remarketing, which means we may display content about our regulatory functions that we think might be of interest to you when you visit other websites. Third party vendors, including Google, may use cookies to serve advertisements based on your prior visits to our websites.
To opt-out of this tracking across Google's Advertising Network, please visit Google’s Ad settings page.
Hotjar
We use Hotjar to better understand our users’ needs and to optimise their service and experience. Hotjar is a technology service that helps us better understand our users experience (eg how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc). This helps us build and maintain our service with user feedback.
Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices, in particular device's IP address (captured and stored only in anonymised form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and preferred language used to display our website. Hotjar stores this information in a pseudonymised user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, see Hotjar’s privacy policy.
You can opt out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this Hotjar opt out link.
Third parties
We work with our digital agency partner, Creed Communications, to continuously improve your digital experience with us. As a result during active campaigns, they have access to our Google Analytics and Hotjar accounts as a Data Processor, providing advice on how to improve our user experience.
Session variables
Some of our microsites use session variables to record your responses. Session variables are different to cookies because they are stored on the server relative to the session, rather than your device. Session variables are semi-permanent data files that exist only while your session with an application is active. Session variables are specific to each visitor and are deleted when you close the browser.
Digital identity checks
Why do we do identity checks?
We check the identity of anyone who wants to join or be restored to our register to comply with our statutory obligations in the Medical Act 1983. We do this to protect doctors’ identities, to make sure no one can falsely use their information and to protect the public.
What is our identity check app?
Our app allows you to complete your identity check digitally using a mobile phone. The process is quick, safe and secure and takes less than five minutes to complete.
We’ve developed our app in partnership with our supplier, Paycasso.
- View the Paycasso privacy policy
If you prefer not to use our app, you can choose to have an in-person identity check at one of our offices. We’ll email you with more information about booking an appointment.
What information are we collecting during your identity check?
We’re committed to protecting the privacy and security of the personal information you provide during your digital identity check. We’ll process this along with your name, GMC reference number and email address that we have on our records.
Identity Information
On the app we’ll ask you to take a photograph of your identity document. We accept the following identity documents:
- passport
- EEA/Swiss National ID card, provided it clearly states your nationality
- UK driving licence
The app will copy your document and extract the data from the photograph and from the eChip, if your document has one. The information extracted from your document includes your:
- name and surname
- place of birth
- date of birth
- gender
- nationality
- document kind
- document type
- issuing authority
- document number
- date of issue
- date of expiry
- address
Technical Information
When you download the app, we and Paycasso collect the following information to help us manage your experience in the app and detect and fix any issues:
- Application Programming Interface version. This is a software interface which allows applications to talk to each other
- the type of device you’re using
- your device’s operating system
- time and date of application
We also collect a live photograph of your face, known as a 'liveness' check. We’re the ‘data controller’ of the information you provide to complete your identity check. This means we decide what your information is used for.
Paycasso acts as our ‘data processor’. This means that they’re responsible for processing your data on our behalf.
All your information will be processed and held in the UK.
How is your identity confirmed?
There are two stages to the process:
Automated checks through the app
The app uses automated technology to verify your data, to check that the eChip in your identity document matches your identity information and document image, and to check that your identity document is genuine.
It compares the live photograph you submit of your face with the photograph in your identity document and the eChip to make sure they also match. It digitally maps your facial features and compares them in each picture. This is classed as biometric data.
If your identity document doesn’t have an eChip, the app will just compare your live photograph with the photograph in your identity document.
Our manual check
After this automated check is complete, Paycasso sends us a digital report of the information you’ve submitted on the app.
Although the app automatically checks that your live photograph matches the photograph in your identity document, we won’t use the results of this facial matching information to confirm your identity. We’ll review each report manually to confirm this. We’ll also check that the information matches your registration application.
We’ll retain the biometric facial matching results on our records, but we’ll only use them to quality assure our processes.
If we can’t verify your documents or if the photographs aren’t clear, we might need you to complete another digital identity check. If we do, we’ll email you with further information. In some cases, for example if we haven’t been able to confirm your identity after a number of attempts, we may ask you to visit our office in person. If we ask you to visit our office, we’ll provide a clear explanation as to why this is required.
Who will have access to your identity information?
The information you submit on the app will be held on an online secure encrypted database. None of your information will be stored on the device you use to complete your identity check.
As we need to review and manually check your information, we’ll also hold it securely on our internal database. It will only be accessed by members of staff who require it for their role.
Your information won’t be shared with anyone else, with the exception of your live photograph, which we may disclose, on request, to employers as part of any pre-employment checks.
The information we collect during your identity check will also help us identify where we can improve the process for other registrants.
How long will we retain your identity information?
Your information will be securely deleted from Paycasso’s database seven days after your identity check. This allows enough time to make sure that we have received your identity check information on our systems.
We’ll retain your identity check report and the outcome of your identity check permanently in line with our retention and disposal policy.
What rights do you have with your data?
Find out more about your rights under UK General Data Protection Regulations.
Who should you contact if you have questions about digital identity checks?
You can email our Contact Centre or speak to one of our advisers.
