This privacy notice explains how the JAG Endoscopy Training System (JETS), JAG Endoscopy Training System Workforce (JETS Workforce) and the National Endoscopy Database (NED) at the Royal College of Physicians (RCP) collects, stores, manages and protects your personal data. It outlines the types of data that we hold and how we use them. The RCP takes its responsibilities around the correct collection, use and destruction of the personal data of its various audiences and stakeholders very seriously and is committed to openness and fairness in the handling of personal data.
If you are an individual and want to participate in any of these projects, then the RCP will collect and process the data as outlined below.
If you are a professional that is, or wants to be, part of our assessment team then we will collect and process the following data:
We use the information you give us to:
We do not require access to any patient identifiable data or any identifiable data which relates to employees of your service. As your service is recognised as the data controller for any patient and employee data you hold under GDPR legislation, it is your responsibility to ensure you process the data accordingly.
JETS and NED records patient age and gender from procedures performed by endoscopists.
The majority of our information is obtained directly from you online. Procedure information is collected by NED directly from endoscopy reporting systems. Agreement is obtained at service level for this data to be shared.
If you are an assessor that has expressed an interest in being part of our assessment team we may also capture your data via email.
Cookies are small information files placed on your device and are used to improve services for you by:
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your computer, mobile phone or whatever device you are using to access the internet. This information is held in cookies. You can learn more about cookies from the article 'Internet Browser cookies - what they are and how to manage them'.
Cookies cannot be used to identify you personally.
For more information about how to remove cookies from your device, or how to block individual cookies from being received, please see the instructions and guidance at www.aboutcookies.org.
See below for further details about cookies you may encounter while visiting our websites. These details include what information is being held, how long you can expect it to be stored, and how your experience of our website will change if you block individual cookies from being sent to your device.
Cookie: Google Analytics
Names: _gat, _ga, _gid, __utma, __utmb, __utmc, __utmt, __utmz
Lifespan: Up to 2 years
Purpose: Usage monitoring, these cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site.
The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from, the pages they visited and the technology they were using (browser, device information).
Further information on the cookies used by Google Analytics can be found here
Purpose: Strictly Necessary, used to maintain an anonymised user session by the server.
Purpose: Strictly Necessary, you must accept this cookie to be able to login to the website and use the elements within the site. Without this cookie the website will not function as intended.
Purpose: Tracks confirmation of cookie acceptance for the site on this deviceName: langLifespan: SessionPurpose: Functionality, used to store language preferences
Purpose: Strictly Necessary, used to protect against Cross-site request forgery (also known as XSRF or CSRF).
We share your data with:
Weblogik Ltd, all RCP assessors and other contractors are bound by the required legal and regulatory contractual clauses regarding confidentiality and data protection.
The following individuals can also access your data through the JETS website:
The following individuals can also access your data through the NED website:
We do not share your personal data with any other organisations but we do share your accreditation status data with the following organisations:
JAG uses anonymous data for research provided the application for data is deemed appropriate by the JAG research committee. This may include the use of evidence provided for the purpose of service accreditation. All research outputs are published so that learning can be taken forward by endoscopy services. Individual services are not identifiable in any research outputs.
Training programme directors for each region can access data regarding trainees (if on specialist register, ST3, ST2, ST1, LAT or LAS) attached to their deanery. This includes summary data and also access to the portfolios of each trainee.
The JAG programmes keep data relating to your account indefinitely. This is because the data is used for audit and research purposes to continually improve quality of training provision.
Any user log-ins can be deleted upon request from the individual or appropriate service lead.
If you are an assessor and your contract has ended, financial and contractual records will be retained in line with financial law and regulation for at least seven years after the end date. We will maintain some data such as your name and tenure on our assessor database for reference. Some personal data, such as your name and title, will continue to be available in historic assessment reports and historic comments on the website.
If you are working with us an assessor, or are part of our JETS training programme then you have the following rights:
You have the right to access information which identifies you as a living person, held on RCP systems (Article 15). You also have the right to a copy of your data in a standard format, where technically possible (Article 20). For more information please contact the data protection officer.
The RCP hosts your data upon servers located within the EU, in accordance with current recommended data governance practices in the UK.
We ensure that there are appropriate and operational measures in place to protect your personal data, in alignment with the requirements of Cyber Essentials and the Data Security Protection Toolkit.
We have appropriate technical controls in place to protect your personal data including:
We have appropriate operational measures in place to protect your personal data.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and contractors. Unstructured data is monitored via a third party solution designed for this express purpose and any changes to file permissions generates an alert.
We have a robust audit framework in place to ensure internal and external measures and obligations are in place and being maintained.
We have appropriate contractual measures in place to protect your personal data:
If you have any concerns about how your personal data is being collected and processed, or wish to exercise any of your rights detailed in this Privacy Notice please contact:
The RCP Data Protection Officer
Tel: +44 (0)20 3075 1505
If you are not satisfied with how your information is managed by the RCP, you have the right to complain to the Information Commissioner Office.
The ICO can be contacted at https://ico.org.uk/global/contact-us/
Concerns can also be logged via the ICO website https://ico.org.uk/concerns
If our information practices change we will update this statement to reflect that. Regularly reviewing this information ensures you remain aware of what data we hold and use.
This Privacy Notice was last updated on the 10 June 2020.