Privacy and cookies
MPTS privacy notice
We aim to be open about how your personal data is used. This is an overview of how we use information but we also provide more detailed information if it is appropriate, for example when we collect data.
The MPTS is a statutory committee of the GMC. We're accountable to the Council of the GMC and the UK Parliament. We operate separately from the investigatory role of the GMC, but the GMC is still the data controller for personal data we process.
We take our responsibilities as a data controller very seriously and are committed to keeping information secure. We're accredited to international information security standards and protect our IT infrastructure in line with industry standards and good practice.
Tribunal hearings and sanctions information
Why we hold it
We‘re required under the Medical Act 1983, to be provided with information for the purpose of determining whether a doctor’s fitness to practise may be impaired or is impaired.
Find out more about the legislation that governs us.
We’re responsible for making sure decisions made by interim orders tribunals and the medical practitioners tribunals are reflected on the medical register.
What we hold
We hold information about decisions taken by medical practitioners tribunals and interim orders tribunals. We hold information about patients, including medical records, where it has been provided as part of the purpose of determination. We hold information about doctors’ health and criminal convictions where it is relevant to the concern we’re considering.
We have the power to require the disclosure of medical records if necessary.
How we share it
The Medical Act requires us to share information about decisions made by interim orders tribunals and medical practitioners tribunals with employers and the Department of Health.
We publish hearing outcomes on our website and in some cases on the medical register. You can find more information about how we publish information, including relevant time periods, in the GMC’s publication and disclosure policy.
We disclose tribunal hearing bundles to the Disclosure and Barring Service in line with our duties under the Safeguarding Children and Vulnerable Groups Act 2006.
We share recent decisions with bodies in the UK and abroad who have a legitimate or statutory interest in this information.
We have contracts with other organisations (or third parties) to carry out certain activities or services on our behalf. If we need to share information with them we make sure they:
- are only provided with the information they need to carry out the service
- agree not to use the information received from us for any other purpose than those specified by us
- have the proper systems in place to protect personal data.
Consultations
What we hold
We run consultations on a range of topics related to our regulatory functions. As part of the process we record the names and contact information of respondents, as well as their answers.
Why we hold it
We hold this information so we can carry out research and analysis of the responses, and keep in touch with respondents about the outcome of the consultation. We ask respondents for their email addresses so we can confirm registration on our consultation site, contact them if they forget their password and notify them of any upcoming consultations that are in line with their interests, where they have asked us to do so.
How we share it
At the end of the consultation process, we will publish reports explaining our findings and conclusions. We won’t include any personally identifiable information in these reports, but may include illustrative quotes from consultation responses. We may also provide responses to third parties for quality assurance or to approved research projects, which are anonymised before disclosure where possible.
Retention periods for personal data
Our records retention schedule explains how long we will keep personal data for.
MPTS jobs
You have the right under data protection legislation to access and control the information we hold about you, although there are also exemptions from those rights. Below is information on your rights and details of what to do if you have a question.
Accessing your data
You are entitled to request a copy of the personal data we hold about you. To do this, you can email the GMC’s information access team: FOI@gmc-uk.org.
We will usually respond within one month, but if the request is complex or involves large amounts of data we have up to three months to respond.
There is usually no charge for making a request, but we have the right to request a fee if the request is unfounded or excessive.
In some cases we don't have to provide a copy of the data because an exemption applies. This is likely to be because:
- the data is also the personal data of another person and it would not be reasonable to disclose it to you without their consent
- disclosing the data would prejudice our regulatory functions, for example by making it difficult for us to conduct a fair fitness to practise investigation
- disclosing your data would impair research being conducted by or on behalf of the GMC.
Controlling how we use your data
You have the right under the General Data Protection Regulation to control how we use your data, by asking us to delete it or limit how we use it. To do this you can email DPO@gmc-uk.org.
But there are some exemptions we want you to be aware of. If we're using your data to carry out our statutory functions, we don’t have to delete personal information. That’s because there are strong public interest and patient safety grounds for us to process personal data that we need to carry out our role.
We don't have to delete information or stop using it for research purposes if doing so would impair our research objectives.
Our contact details
The data controller for the processing described in this policy is the General Medical Council. The Data Protection Officer is Andrew Ledgard. You can contact our Data Protection Officer by emailing DPO@gmc-uk.org.
Our data protection policy is also available.
Complaints
If you're unhappy about how we use your personal data, you have the right to complain to the Information Commissioner’s Office. You can find out more about this at www.ico.org.uk
Social media
We use social media to raise awareness of our work. Please note that your use of these sites will be subject to each one’s terms and conditions. Please read their privacy and cookie notices carefully and check your personal settings where appropriate to make sure you're happy with how your information will be used by the social media site. We don’t actively collect data you submit to any third party websites, but may collect aggregated information (that doesn’t identify you) to help us monitor access to our content.
Our website analytics and data
Google Analytics and Webtrends
We use Google Analytics and Webtrends (for our older sites/microsites) to monitor site usage. For information on how to opt-out of tracking by Google products, please visit Google's safeguarding your data page.
As part of Google Analytics, we have enabled Google Advertising Features. These features allow us to view general aggregated demographic information about our users, such as age group, gender, interest categories, etc. To opt-out of this tracking across Google's Advertising Network, please visit Google's Ads Settings.
Hotjar
We use Hotjar to better understand our users’ needs and to optimise this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time people spend on which pages, which links they choose to click, what they do and don’t like, etc). This helps us build and maintain our service with user feedback.
Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices, in particular device's IP address (captured and stored only in anonymised form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website. Hotjar stores this information in a pseudonymised user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, see Hotjar’s privacy policy.
You can opt out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this Hotjar opt out link.
Third parties
We work with our digital agency partner, Mando, to continuously improve your digital experience with us. As a result, they have access to our Google Analytics and Hotjar accounts as a Data Processor, providing advice on how to improve our user experience.
Cookies
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example your computer or your mobile phone. These include small files known as cookies. Cookies can't be used to identify you personally. But in some cases, we may record your computer’s IP address in a cookie so we can remember your preferences when you visit our website.
These pieces of information are used to improve services for you through, for example:
- enabling a service to recognise your device so you don’t have to give the same information several times during one task
- recognising that you may already have given a username and password so you don’t need to give it for every page you visit
- measuring how many people are using our services, so we can make them easier to use and make sure there’s enough capacity run them
- analysing anonymised data to help us understand how people interact with our services so we can make them better.
We use two types of cookies: session cookies and persistent cookies.
Session cookies are stored only for the duration of your visit to the website. These are deleted from your device when your browsing session ends.
Persistent cookies are used where we need to know who you are for more than one usage session. For example, if you have asked us to remember preferences like your location or your username.
We are subject to the EC Privacy and Electronic Communications directive (otherwise known as the e-privacy directive). As part of our approach to being compliant with this directive, we're keen to provide information on the cookies currently in use on our websites below.
How to control and delete cookies
If you don’t want cookies to be stored on your devices, you can modify your browser’s settings so that it notifies you when cookies are sent to it and can decide whether to accept them, or so that it refuses them automatically. You can also delete cookies that have already been set.
The Help function within your browser should tell you how. Alternatively, you may wish to visit www.aboutcookies.org, which contains comprehensive information on how to do this on a wide variety of desktop browsers.
Please be aware that restricting cookies may affect the functionality of our websites.
The cookies used by this site
Strictly necessary
Cookie Name | Retention | Set by | Purpose |
---|---|---|---|
__cf_bm | 30 minutes | First party | This cookie is used to distinguish between humans and bots. This is beneficial for the website to make valid reports on the use of their website. |
__cfruid | Session | First party | This cookie is a part of the services provided by Cloudflare - Including load-balancing, deliverance of website content and serving DNS connection for website operators. |
__RequestVerificationToken | Session | First party | Helps prevent Cross-Site Request Forgery (CSRF) attacks. |
ASP.NET_SessionId | Session | First party | Used by ASP.NET to store a unique identifier for your session. The session cookie is not persisted on your hard disk. |
CookieConsent | 1 year | First party | We use this to record your preferences as to whether you want to accept cookies in our Performance or Marketing categories. After a year we will ask you if you are happy to continue with your preferences or change them. |
shell#lang | Session | First party | Stores the context language of the current site. Used by Sitecore. |
MPTSwebsite#lang | Session | First party | Used to support Welsh language on our site. |
cookies_policy | 1 year | First party | We use this to record your preferences as to whether you want to accept cookies in our Performance or Marketing categories. After a year we will ask you if you are happy to continue with your preferences or change them. |
Performance
Cookie Name | Retention | Set by | Purpose |
---|---|---|---|
_ga | 2 years | First party | Used by Google Analytics. Registers a unique ID that is used to generate statistical data on how the visitor uses the website. |
_ga_# | 2 years | First party | Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit. |
_gid | 1 day | First party | Google Analytics registers a unique ID that is used to generate statistical data on how the visitor uses the website. |
_gat | 1 day | First party | Used by Google Analytics to throttle request rate to manage server requests. |
td | Session | First party | Google tag manager. Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator. |
_hjSession_# | 1 day | First party | Hotjar collects statistics on the visitor's visits to the website, such as the number of visits, average time spent on the website and what pages have been read. |
_hjSessionUser_# | 1 year | First party | Hotjar collects statistics on the visitor's visits to the website, such as the number of visits, average time spent on the website and what pages have been read. |
_hjTLDTest | Session | First party | Hotjar registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator. |
hjActiveViewportIds | Persistent | First party | Hotjar cookie that contains an ID string on the current session. This contains non-personal information on what subpages the visitor enters – this information is used to optimise the visitor's experience. |
hjViewportId | Session | First party | Hotjar saves the user's screen size to adjust the size of images on the website. |
LAST_RESULT_ENTRY_KEY | Session | Third party | Used by YouTube to track user’s interaction with embedded content. |
remote_sid | Session | Third party | Necessary for the implementation and functionality of YouTube video-content on the website. |
TESTCOOKIESENABLED | 1 day | Third party | Used by YouTube to track user’s interaction with embedded content. |
VISITOR_PRIVACY_METADATA VISITOR_INFO1_LIVE |
180 days | Third party | Used by YouTube to Store the user's cookie consent state for the current domain. |
YtIdbMeta#databases | Persistent | Third party | Used by YouTube to track user’s interaction with embedded content. |
yt-remote-cast-available yt-remote-cast-installed yt-remote-fast-check-period yt-remote-session-app yt-remote-session-name |
Session | Third party | Stores the user's video player preferences using embedded YouTube video. |
yt-remote-connected-devices yt-remote-device-id |
Persistent | Third party | Stores the user's video player preferences using embedded YouTube video. |
Marketing
Cookie Name | Retention | Set by | Purpose |
---|---|---|---|
ads/ga-audiences | Session | Third party | Used by Google Ads for to store information for remarketing purposes. |