Privacy and cookies
GMC privacy notice
The aim of this privacy notice is to help you to understand how we use personal data. This is an overview of how we use information but we also provide more detailed information if it is appropriate, for example when we collect data.
We take our responsibilities as a data controller very seriously and are committed to keeping information secure. We are accredited to international information security standards and protect our IT infrastructure in line with industry standards and good practice.
Registration information
Why we hold it
We are required under legislation, including the Medical Act 1983, to maintain registers of medical practitioners. We are responsible for making sure that doctors on the registers are suitably qualified.
We hold contact information so that we can contact doctors about their registration, annual retention fee payment and fitness to practise investigations. We also contact registered doctors with relevant news, such as new guidance.
What we hold
We hold information about doctors who are registered with us. We also hold information about doctors who apply for registration, and doctors who are no longer registered.
For registration purposes we hold information about a doctor’s nationality, qualifications, employment history, and other relevant evidence in support of their application for registration.
We hold data about doctors’ health and criminal convictions if they have told us this information as part of their application.
When a doctor applies for registration as an international medical graduate we verify their primary medical qualification and, if appropriate, their post graduate qualification. The verification process is carried out on our behalf by an external organisation and may require data to be transferred outside the European Economic Area. We are provided with confirmation of the verification, or with information about any concerns raised through the process.
If a doctor has undergone any Professional and Linguistic Assessments Board (PLAB) test, we will hold information about their assessment history and scores.
We hold contact information about doctors, and depending on how they pay their Annual Retention Fee we also hold bank account or credit card information.
We hold information about fitness to practise incidents which take place while a student is at a UK medical school. This information is provided by students and universities when the student is applying for provisional registration.
How we share it
We are required to make some of this information publicly available on the medical register. Organisations can subscribe to download the medical register; these details are the same as those on the online medical register and do not contain doctors' contact details.
We share non-public registration information with relevant third parties when it is necessary to assist them with their functions or legitimate interests. Third parties include UK health departments, employers, designated bodies, responsible officers, suitable persons and other bodies where appropriate. This information includes date of birth, photograph, passport details, registered email address, registered address and whether a doctor is being investigated under our fitness to practise procedures.
You can find more information about how we publish registration information, in our Registration and revalidation publication and disclosure policy.
Fitness to practise investigations and sanctions information
Why we hold it
We are required under the Medical Act 1983 to investigate fitness to practise concerns.
If you raise a concern about a doctor with us, we will use the information you provide to investigate those concerns. We detail how we use this information in How we use your information when considering concerns.
The Medical Act also requires us to share information about fitness to practise investigations with employers and the Department of Health.
What we hold
We hold information about fitness to practise concerns, investigations of concerns, records of hearings, and records of the outcome of our investigations, including sanctions and warnings.
We hold information about patients, including medical records, where it has been provided as part of a complaint or is necessary for our investigation.
We hold information about doctors’ health and criminal convictions where it is relevant to the concern that we’re considering.
We have the power to require the disclosure of medical records if necessary.
How we share it
We are required by law to share details of an investigation with the doctor concerned and their employer.
During an investigation we may disclose details of the investigation to other organisations or individuals where it is necessary for us to carry out our statutory functions.
All fitness to practise sanctions are published on a doctor’s record on the online medical register. Further information about hearings and sanctions issued by a tribunal is published on the MPTS website. You can find further information about warnings and undertakings issued by case examiners on our website. You can find more information about how we publish fitness to practise information, including relevant time periods, in our Fitness to practise publication and disclosure policy.
We disclose tribunal hearing bundles to the Disclosure and Barring Service in line with our duties under the Safeguarding Children and Vulnerable Groups Act 2006.
We share information about recent sanctions with bodies in the UK and abroad who have a legitimate or statutory interest in this information.
Research
Why we hold it
We conduct and commission research on a range of topics to support our regulatory functions related to registration, fitness to practise, and medical education and training. We generate statistical data based on the information we hold, for example GMC Data Explorer.
We use data profiling to help us understand more about the types of doctor more likely to have fitness to practise issues. This includes using the GMC’s own data about registered doctors and fitness to practise investigations, and may also include data obtained from third parties. Profiling is not used to make automated decisions about a doctor’s registration or fitness to practise.
What we hold
The personal data which we use to carry out our regulatory functions can also be used for research which supports those functions. This includes demographic information, employment and fitness to practise history, and details of complaints.
We obtain further data from third parties to enable research into medical education as part of the UKMED project. The data within UKMED are described in the UKMED data dictionary. The data providers include UCAS, Higher Education Statistical Authority, medical schools, Deaneries and the UK Foundation Programme Office. More information about the data we hold and how we use it us available on the UKMED website.
How we share it
We share personal data with researchers if it is necessary to do so. We only share what is necessary for the research, using secure methods.
Where possible we provide researchers with anonymised or pseudonymised data for research purposes. UKMED research data is always pseudonymised.
When we publish research or statistics we apply disclosure controls to make sure individuals can't be identified from the data.
National training surveys
Why we hold it
The Medical Act 1983 requires us to monitor and report on the standard of medical training in the UK. The survey helps us make sure that doctors in training receive high quality training in a safe and effective clinical environment and trainers are well supported in their role.
We also use the national training surveys to support research into medical training.
What we hold
On an annual basis we issue the national training surveys to doctors in training and their trainers. We hold the answers doctors give us about their experience of postgraduate training.
How we share it
We've published a confidentiality statement about national training surveys data that explains this in more detail.
GMC events
Why we hold it
We hold records of registration and attendance at GMC events. We hold information about registration and attendance so that we can contact attendees about their event. We also retain information so that we can verify past attendance and plan for future events. We also ask for dietary and access requirements where appropriate so that we can plan the event.
What we hold
We hold information about registrants and attendees at GMC events. This can include name, employment details, contact details, and any dietary and accessibility requirements.
Our delegate management system is operated by a third party acting under contract to the GMC, and they have access to this data where it is necessary for them to do so.
Consultations
We run consultations on a range of topics related to our regulatory functions. As part of the process we record the names and contact information of respondents, as well as their answers.
Why we hold it
We hold this information so that we can carry out research and analysis of the responses, and keep in touch with respondents about the outcome of the consultation. We ask respondents for their email addresses so that we can confirm registration on our consultation site, contact them if they forget their password and notify them of any upcoming consultations that are in line with their interests, where they have asked us to do so.
How we share it
At the end of the consultation process, we will publish reports explaining our findings and conclusions. We won’t include any personally identifiable information in these reports, but may include illustrative quotes from consultation responses. We may also provide responses to third parties for quality assurance or to approved research projects, which are anonymised before disclosure where possible.
Retention periods for personal data
Our records retention schedule explains how long we will keep personal data for.
GMC job site
Your rights
You have the right under data protection legislation to access and control the information we hold about you, although there are also exemptions from those rights. Below is information on your rights and details of what to do if you have a question.
Accessing your data
You're entitled to request a copy of the personal data we hold about you. To do this, you can email foi@gmc-uk.org. We will usually respond within one month, but if the request is complex or involves large amounts of data, this may take up to three months to respond.
There is usually no charge for making a request. But we have the right to request a fee if the request is unfounded or excessive.
In some cases we don't have to provide a copy of the data because an exemption applies. This is likely to be because:
- the data is also the personal data of another person and it would not be reasonable to disclose it to you without their consent
- disclosing the data would prejudice our regulatory functions, for example by making it difficult for us to conduct a fair fitness to practise investigation
- disclosing your data would impair research being conducted by or on behalf of the GMC.
Controlling how we use your data
You have the right under the General Data Protection Regulation to control how we use your data, by asking us to delete it or limit how we use it. To do this you can email dpo@gmc-uk.org.
But there are some exemptions we want you to be aware of. We don’t have to comply with a request to delete or stop using your personal data if, for example:
- we are legally required to use your personal data in a particular way.
- we are using your data to carry out our statutory functions, because there are strong public interest and patient safety grounds for us to process personal data which we need to carry out our role.
- we are processing your data for research purposes and deleting the data would impair our research objectives.
There are other exemptions which can apply in particular circumstances. If we don’t intend to comply with a request we will tell you why this is the case.
Our contact details
The data controller for the processing described in this policy is the General Medical Council. The Data Protection Officer is Andrew Ledgard. You can contact him by emailing dpo@gmc-uk.org.
Complaints
If you are unhappy about how we use your personal data, you have the right to complain to the Information Commissioner’s Office. You can find out more about this at www.ico.org.uk.
Cookies
You can change your cookie settings on our site at any time.
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example your computer or your mobile phone. These include small text files known as cookies. This helps us:
- make our website secure
- carry out our statutory functions efficiently
- make sure our website works well for you and make improvements
- remember your preferences where necessary
- gather anonymised information about the functioning of our website and campaigns. You can find out more about our use of analytics below
- personalise the website to display relevant content to you
- improve the guidance and materials available to you.
We are subject to the EC Privacy and Electronic Communications directive and UK GDPR which says we need to provide you with information on the cookies used on our website. If you like to find out more about how cookies work then please visit www.aboutcookies.org.
We’ve explained the cookies used by the GMC below.
Cookie types and duration
Strictly necessary: These cookies are essential for you to use our website by supporting technical features and anonymous statistics. They help you move around secure areas of the website, enable you to use our online forms and allow you to use things like web chat. These cookies never identify individual users and we do not allow them to be shared with anyone else.
Performance: These cookies are useful to see how you use our website and help us improve the performance of our website based on your needs. They help us remember the choices you make and make the website more relevant to you by giving you better functionality and personalised features. These cookies never identify individual users and we do not allow them to be shared with anyone else.
Marketing cookies: Most often used by third parties to target advertisements relevant to your preferences. You can opt out of the cookies we have control over by changing cookie settings on our site. We’ve explained how to opt out via the third parties where relevant in the table below.
First party cookies: These cookies are set by the website owner, here the GMC, and only we can read them.
Third-party cookies: These cookies are set by a third party and the GMC has limited control over them. We have turned these off where possible but we’ve explained in the table below how to opt out of these individually. If you click any links on our website connected to third party providers, YouTube and Soundcloud for example, you may have a cookie set by that third party. We cannot control this and by choosing to follow a third party link or service, you are accepting their terms and conditions. We have signposted this where possible.
Session cookies: These cookies last as long as your online session and will disappear after you’ve closed your browser (such as Safari, Firefox).
Persistent cookies: These cookies will remain on your device after you’ve closed your browser and last the length of time set by the cookie. We’ve explained the duration for each cookie in the table below. The GMC will use persistent cookies when we need to remember your preferences for your next visit.
Cookies set when visiting our website
Strictly necessary
| Name | What data is used and what does it do? | Who has access and how long does it last? |
|---|---|---|
| ASP.NET_SessionId | Used to store an anonymous unique identifier for your session. Essential for website functionality as allows information to be passed between our webpages. | Access: First party (GMC) Duration: Session |
| ASPsessionID | Unique identifier for your browser generated by the server to keep track of your current session state. | Access: First party (GMC) Duration: Session |
| __cfduid | Collects and anonymises your IP addresses. Helps Cloudflare to detect malicious visitors to our website and minimises blocking legitimate users. | Access: First party (GMC) Duration: 1 Month |
| _ga _ga_UA ¬gcl_au _gid |
Stores a Google Analytics anonymised unique randomly generated user ID to report statistics on all users’ interactions on our website. We use this information to compile reports which help us improve the website, create better resources and to help us measure the success of advertising and marketing campaigns. You can deactivate them by following Google’s advice or browser settings. | Access: First party (GMC) Duration: 15 months |
| LPSID-66387357 LPSessionID LPVID LPVisitorID lpUnifiedWindow- storage_expiration- 66387357_lzw2 |
Set by LivePerson to create a unique anonymous visitor ID anonymous. This adds the online chat functionality to our website so that we can communicate with you and respect our duties under the Equality Act 2010. | Access: First party (GMC) and third party (LivePerson) Duration: Some session and some 1 year |
| RequestVerificationToken __RequestVerificationToken_ L01lbnRhbF9DYXBhY2l0eV9mb G93Y2hhcnQ1 |
An anti-forgery cookie is set to make sure that a website request has come from your device and that you aren’t being impersonated. | Access: First party (GMC) Duration: Session |
Performance
| Name | What data is used and what does it do? | Who has access and how long does it last? |
|---|---|---|
| _hjid | Hotjar assigns you a unique ID to collect anonymous statistics about our users’ behaviour on our website and page usage. We use this information to compile reports which help us improve the website, create better resources and to help us measure the success of advertising and marketing campaigns. | Access: First party (GMC) Duration: Session |
| SC_ANALYTICS_GLOBAL_ COOKIE |
Sitecore stores a unique ID to identify returning users anonymously. This helps us personalise the website for your usage and recommend relevant content to help us fulfil our regulatory functions and improve your interaction with the GMC. | Access: First party (GMC) Duration: Session |
| sc_anonymous_id | Soundcloud sets this cookie when you press play to listen to one of our podcasts to allow audio files to play properly and report anonymous data to Soundcloud. We have no control over this cookie, please see the Soundcloud website for more details. | Access: Third Party (Soundcloud) Duration: 10 years |
Marketing and user experience cookies
| Name | What data is used and what does it do? | Who has access and how long does it last? |
|---|---|---|
| IDE test cookie |
Google use this cookie to display advertising to you across the web. We have no control over this cookie, please see Google's cookie website for more details. | Access: Third Party (Google) Duration: 2 years |
| YSC | Google sets this cookie to enable YouTube to track your views of YouTube videos. We have no control over this cookie, please see the Cookiepedia website for more details. | Access: Third Party (Google) Duration: Session |
| VISITOR_INFO1_LIVE | Google sets this cookie to enable YouTube to measure your bandwidth and determine if you are using a new or old interface. We have no control over this cookie, please see Cookiepedia website for more details. | Access: Third Party (Google) Duration: 6 months |
| GPS | Used by Google to enable YouTube to store location data. We have no control over this cookie, please see Cookiepedia website for more details. | Access: Third Party (Google) Duration: 30 minutes |
| AdNXS | Used by our marketing partner agency Creed to measure your interaction with some of our active campaigns. | Access: First Party (Creed on behalf of GMC) Duration: Active |
| NID | Used by Google when you interact with the ReCapcha tool to authenticate you as a human and avoid fraudulent use of our online forms. We have no control over this cookie, please see Google's website for more details. | Access: Third Party (Google) Duration: 6 weeks |
Cookies set when visiting GMC Connect
Strictly necessary
| Name | What data is used and what does it do? | Who has access and how long does it last? |
|---|---|---|
| jsessionid | This cookie is necessary to upload a file to GMC Connect. | Access: First Party (GMC) Duration: Session |
Cookies set when visiting Our recruitment website
| Name | Purpose | Cookie type |
|---|---|---|
| sessionid2965 | Allows user to select job alerts by email. | Session |
| lastaccesstime2965 | Captures date and time of visit. | Session |
| Ccp_user2965 | Captures candidate userid - only set if user registers to use the site and allows user to apply for jobs. | Session |
| Ccp_name2965 | Captures candidate name - only set if user registers to use the site and allows user to apply for jobs. | Session |
| Wedeputy_reg_username_3552 | Captures candidate username - only set if user registers to use the site and allows user to apply for jobs. | Session |
| Wedeputy_reg_email_3552 | Captures candidate email address - only set if user registers to use the site and allows user to apply for jobs. | Session |
| _utma, _utmb, utmc, _utmz | These are Google Analytics cookies used to collect information about which pages are popular and number of visitors to our site. The cookies collect information in an anonymous form. We use the information to compile reports and to help us improve the site. | Persistent |
| _hjClosedSurveyInvites, _hjDonePolls, _hjMinimizedPolls, _hjDoneTestersWidgets, _hjMinimizedTestersWidgets, _hjDoneSurveys, _hjIncludedInSample, _hjShownFeedbackMessage | These are Hotjar analytics cookies used to collect information on page usage. The cookies collect information in an anonymous form. We use the information to compile reports and to help us improve the site. | Persistent |
Alternatively, if you don’t want cookies to be stored on your devices, most browsers allow some control over cookies through your browser’s settings.
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer's website.
To opt out of being tracked by Google Analytics across all websites, visit Google Analytics opt-out
Please be aware that restricting cookies may affect the functionality of our websites.
Social media
We use several social media sites and applications to raise awareness of our work and promote good medical practice. Please note that your use of these sites will be subject to each one’s terms and conditions. Please read their privacy and cookie notices carefully and check your personal settings where appropriate to make sure you're happy with how your information will be used by the social media site. We don’t actively collect data you submit to any third party websites, but may collect aggregated information (that doesn’t identify you) to help us monitor access to our content.
Our website analytics and data
Google Analytics
We use Google Analytics to monitor site usage. For information on how to opt-out of tracking by Google products, please visit their safeguarding your data page.
As part of Google Analytics, we have enabled Google Advertising Features. These features allow us to view general aggregated demographic information about our users, such as age group, gender, interest categories, etc.
We also use cookies for remarketing, which means we may display content about our regulatory functions that we think might be of interest to you when you visit other websites. Third party vendors, including Google, may use cookies to serve advertisements based on your prior visits to our websites.
To opt-out of this tracking across Google's Advertising Network, please visit Google’s Ad settings page.
Hotjar
We use Hotjar to better understand our users’ needs and to optimise their service and experience. Hotjar is a technology service that helps us better understand our users experience (eg how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc). This helps us build and maintain our service with user feedback.
Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices, in particular device's IP address (captured and stored only in anonymised form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and preferred language used to display our website. Hotjar stores this information in a pseudonymised user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, see Hotjar’s privacy policy.
You can opt out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this Hotjar opt out link.
Third parties
We work with our digital agency partner, Creed Communications, to continuously improve your digital experience with us. As a result during active campaigns, they have access to our Google Analytics and Hotjar accounts as a Data Processor, providing advice on how to improve our user experience.
Session variables
Some of our microsites use session variables to record your responses. Session variables are different to cookies because they are stored on the server relative to the session, rather than your device. Session variables are semi-permanent data files that exist only while your session with an application is active. Session variables are specific to each visitor and are deleted when you close the browser.
Digital identity checks
Why do we need to do an identity check?
We are required to check the identity of anyone who wants to join our register (S2(1) Medical Act 1983). This is because we’re responsible for making sure we register identity verified doctors to reduce the risk of identity theft and fraud. This maintains the integrity of our register and protects the public.
What is the purpose of the GMC identity check app?
We have developed a platform for you to complete your identity check virtually as part of your registration or restoration application. If you prefer not to have your identity checked digitally, you can choose to have an in-person identity check at our UK offices in London or Manchester. You can book an in-person identity check via your GMC Online account.
We have developed our digital identity app in partnership with our supplier Paycasso.
We have created an online digital identity process so that you can provide us with your identity documents securely from wherever you are located and assure us you are who you say you are. Once we’ve verified your identity via our app, you’ll be able to complete your registration application.
The information we collect during your identity check will also help us improve our manual and automated digital identity process by monitoring the successful, unsuccessful and error rates returned. This will help us enhance registrants identity verification experience.
Your identity information won’t be used for any other purpose.
The GMC remains the data controller of the information you provide us to during your digital identity check. Paycasso is acting as our data processor.
What information are we collecting during your identity check?
Identity information
To complete the identity check, we will process your name, GMC reference number and email address that we have in our records.
When you login to the application, we will ask you to share a copy of your identity document by taking a photograph of it.
Accepted identity documents include:
- passport
- EEA/Swiss National ID card
- UK driving licence.
The app will copy your document and extract the data from the photo and from the eChip, if your document has one.
The information extracted from your document includes your:
- name and surname
- place of birth
- date of birth
- gender
- nationality
- document kind
- document type
- issuing authority
- document number
- date of issue
- date of expiry
- address
This is to verify your data, ensuring the chip matches your identity and to verify your identity document is genuine.
You will then be asked to take a live photograph of your face (‘liveness check’). This is to make sure you are a live person and not attempting to defraud our system. Paycasso’s software then checks your photo in your identity document by comparing it to the liveness check of your face, to make sure you are who you say you are. They do this by digitally matching the photo on your identity document to the photo of your face by mapping your facial features and comparing them in each picture. This documents a unique faceprint of your features and is classed as biometric data.
Once Paycasso’s automated digital identity check is finished, they will send us a digital report which includes the photo on your identity document, your liveness check photo, the extracted information from your identity document and the outcome of your biometric checks (identity document to live image comparison).
The GMC registration consultant will review the report and compare your photo to the liveness check photo before determining if the identity check was successful.
If the identity check is unsuccessful, our registration consultant will explain why and ask you to re-take the digital identity check. You can do this on the app or by visiting either our London or Manchester office for an in-person identity check.
Technical information
By downloading the app, the GMC and Paycasso are collecting the following information to help us manage your experience in the app and detect and fix any issues with the app:
- API version
- device type
- device OD
- SDK version
- time and data of application
- audit data and event logs
- online identifiers, like your Internet Protocol (IP) addresses
Who will have access to my identity information?
Paycasso’s automated system will process your information during the identity check on their encrypted cloud database in the UK.
Our registration consultant, based in the UK, will review your identity information so they can decide on the identity check outcome. Your information is securely stored on our database and only accessible to members of staff who require it for the performance of their role.
Your information will not be shared with anyone else.
Who verifies my identity?
The system developed by Paycasso is fully automated.
The ultimate decision about your identity check is made by our registration consultants based in the UK. They will review the report prepared by Paycasso’s automated system which includes the biometric mapping results, extracted identity data and security test results before manually checking the liveness photograph, identity photograph and information on your identity document.
The registration consultant will compare your liveness photograph to the photograph on your identity document to determine if they represent the same people. They will then decide on the outcome of the identity check.
If the check is unsuccessful, we will ask you to either re-take a digital identity check or ask you to make an appointment to visit our London or Manchester office for an in-person identity check.
How long will you retain my identity information?
Your information will be securely deleted from Paycasso’s database seven days after your identity check. This is to make sure that we have received your identity check on our systems.
We will retain your identity check report and the registration consultant’s assessment permanently in line with our retention and disposal policy.
Who do I contact if I have questions about the digital identity check process?
You can email our Contact Centre or speak to one of our advisers.
What rights do I have with my data?
Find out more about your rights under UK General Data Protection Regulations.
