Introduction
The Royal College of Surgeons of Edinburgh (RCSEd) is a Data Controller for much of the personal information we collect and use. RCSEd operates as a Group through our Faculties, subsidiary companies and related entities. This includes current, past and prospective membership, employees, committee, group and board members, suppliers, customers, and others with whom we have business, or with whom we communicate.
RCSEd is committed to protecting your privacy and maintaining the security of any personal information you provide to us.
We are committed to handling personal information lawfully and correctly, and recognise the safeguards enshrined in data protection law. The following privacy policy statement tells you what, how and when we collect, process, share and destroy (or erase) the personal data collected for our business.
Please see our latest Data Protection Policy for further details on our commitment to data protection, including definitions of key terms used here, and how we protect your personal data.
The Information Commissioner’s Office (ICO) is the UK's independent body set up to uphold information rights. Find out more about their organisation and structure on their website: https://ico.org.uk/about-the-ico/.
This policy and supporting notices will provide clear and concise information about how RCSEd collect, use, stores and protects personal information. The notices below outline how each area of RCSEd legally processes your personal data.
Click below to see our notices.
- Privacy Notice - FRRHH
- Privacy Notice - FPC
- Privacy Notice - FDT
- Privacy Notice - FDS
- Privacy Notice - FST
- Privacy Notice - Examination Candidate
- Privacy Notice - Funding, Professorship and Recognition Opportunities
- Privacy Notice - Education, Course Attendees
- Privacy Notice - SQ
- Privacy Notice - Finance
- Privacy Notice - Fundraising and Development
- Privacy Notice - Education Accreditation
- Privacy Notice - Museums
- Privacy Notice - HR
We process your personal data under one or more of the following legal bases:
- Consent: When you provide clear, informed permission (e.g. marketing emails)
- Contract: When processing is necessary to fulfil a service you requested
- Legal obligation: To meet our statutory and regulatory duties
- Legitimate interest: To manage operations and improve services (balanced with your rights).
- Public task: To collect or use the information to carry out a task laid down in law.
Special category data (e.g. health) is processed only with explicit consent under Article 9(2)(a) UK GDPR or where necessary for significant public interest under Article 9(2)(g).
RCSEd will occasionally transfer personal data outside the EEA and will do so in accordance with UK data protection legislation, and we take steps to ensure your data is secure with adequate safeguards in place. RCSEd will transfer information to its Malaysian subsidiary, RCSEd Malaysia Sdn. Bhd. for the purpose of carrying out RCSEd activities within the ASEAN region.
You have rights under data protection law, including to:
- The right to be informed - e.g. privacy notices
- The right of access - e.g. subject access requests (SARs)
- The right to rectification - e.g. have your data corrected
- The right to erasure - e.g. have your data deleted/removed
- The right to restrict processing - e.g. stop your data being used/processed
- The right to data portability - e.g. transfer your data easily
- The right to object to processing - e.g. challenge what we’re doing with your data
- The right to automated decision making and profiling - e.g. the right to object to data processing if it is solely automated (no human interaction).
To exercise these rights, contact: dataprotection@rcsed.ac.uk.
You have a right to raise concerns or make a formal complaint by contacting the ICO’s Office at https://ico.org.uk.
If you register for an account with RCSEd’s websites, the information you provide will be used to allow you to log into and use the advanced features of the website.
RCSEd uses cookies to collect user information from the website. This is information from you, such as but not limited to, your browser type and your Internet Protocol (IP) Address. For the avoidance of doubt, we treat this type of information as personal data. RCSEd uses this Information to track, evaluate, and improve the use of its website. Read more information about cookies here: Cookies.
RCSEd have developed retention schedules in line with best practice and legal requirements set out by the ICO and National Archives. We regularly review our data retention schedules and apply secure disposal methods when data is no longer needed. The retention schedules will be available soon.
Data Protection responsibilities are shared between the Governance, Risk and Compliance team (GRC) and the Information Governance Group (IGG).
For any questions or complaints email: dataprotection@rcsed.ac.uk. You also have a right to raise concerns or make a formal complaint by contacting the ICO’s Office at https://ico.org.uk.
This policy is reviewed regularly and may be updated. The latest version will always be available on our website.
Updated: November 2025