The privacy notice below details how we process and protect your personal data in line with UKGDPR.
To ensure simple data entry and provide the necessary data dashboards for more frequent reporting, we created our own audit platforms.
What data do we collect, and why?
All RCPCH clinical audit data collection is now hosted on our in-house audit platforms. When a user account is created for you, we will collect your name, email address, role, and organisation name. This information will come from your clinical lead/colleagues who either create your user account or contact the RCPCH audit team to request one.
UKGDPR requires a legal basis for any processing of personal data. Our legal bases for processing your data are:
Processing is permitted under GDPR on the following legal bases:
- “Public Task” - Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. This is justified through commissioning arrangements which link back to NHS England and the Welsh Government.
- “Legitimate Interest” - Where we have assessed that the benefits of us processing your data are legitimate and not outweighed by your interests or legal rights
We process your data for the following purposes:
- To enable access to the audit platform for data entry (Public Task)
- To troubleshoot any data entry/platform issues that may arise (Public Task)
- To email you with audit information such as audit deadlines and updates, conference dates, outlier identification and management process, PREMs information (NPDA only), notification of report publication (such as Health Board/Trust level reports, monthly dashboard updates, and annual reports) (Legitimate Interest)
Who might we share your information with?
Your personal data will be shared with the RCPCH Clinical Audit Team, and with our in-house platform developers, to administer your account and for troubleshooting purposes. When your account is created, your email address is added to our mailing list so we can contact you with regard to clinical audits. We will never send you general marketing emails or share your contact information outside the clinical audit team and audit platform development team.
How long do we keep your data for?
We keep your data until we are informed that you are no longer working on the audit. As soon as we receive confirmation that you no longer require access to the audit platform, we securely delete your data from all systems.
Understanding GDPR and your data rights
To help you understand more about the information in this and all our privacy notices, see our page, Understanding GDPR and your data rights. This explains common words and phrases used in our privacy notices, describes our use of artificial intelligence (AI) and details the rights you have in relation to the processing of your personal data under UK General Data Protection Regulation (UK GDPR).
The following rights are limited due to the necessity of processing your data to maintain your user account on the audit platform:
- Right of Erasure
- Right to Restriction
- Right of Objection
If you exercise these rights, we will have to remove your access to the audit platform.
Last updated 11/11/2025