Privacy policy

This policy explains the types of personal information we collect, how we use it and how we keep it safe. It also tells you about your rights under data protection law. We review and update this policy from time to time to reflect changes to our processes.

We hope the sections below will answer any questions you have, but if not, get in touch with us.

Use the links below to navigate to the different sections in this policy.

About the GPhC

How we will use your personal data

Pharmacists, pharmacy technicians and provisionally registered pharmacists

Superintendent pharmacists

Pharmacy owners

Foundation trainees, OSPAP applicants, students of MPharm sandwich or five-year integrated courses

Students of MPharm, OSPAP, pharmacy technician and independent prescribing courses

Providers of approved courses of education and training

Pre-registration training tutors

Payment information 

Reporting concerns

Sharing personal information

Responding to consultations

Online public panel

GPhC Forums

Joining our mailing list

Contacting the GPhC

Cookies

Statistics and research

Diversity information 

Applying to work with the GPhC

Visitors to our office

CCTV

Information security

Your rights

Asking to see your personal data

Correcting your data

Asking us to stop using your data

Automated decisions and profiling

Data portability

More information and contact details

 


About the GPhC

The General Pharmaceutical Council (GPhC) is the independent regulator for pharmacists, pharmacy technicians and pharmacy premises in Great Britain. Our statutory aims, objectives, powers and responsibilities are set out under the Pharmacy Order 2010, the rules made under the Order, the Medicines Act 1968, the Poisons Act 1972 and other legislation.

If you give us your personal information through this website or myGPhC, or you contact us by other means, the GPhC is the data controller for information you share with us.  

How we will use your personal data

We use personal information to support our work to regulate pharmacists, pharmacy technicians and registered pharmacies in Great Britain. We explain how we use information of different groups of people in the sections below.  

Pharmacists, pharmacy technicians and provisionally registered pharmacists 

You will find more details of how we use the information you give us when you register, renew and revalidate in the privacy policy in myGPhC.

Information we collect

When you apply to join the register

We are required by the Pharmacy Order 2010 to make sure that applicants are suitably qualified and fit to practise before they join our registers. We use the information you give us when you apply to process and assess your application. The information we ask for includes:.

  • contact details
  • details of your qualifications, training and experience
  • tutor information
  • employer information
  • counter-signatory information
  • copies of documents to prove your identity
  • payment information (see payment section)
  • evidence of English language skills
  • information about issues that may affect your fitness to practise. This may include information about your health or criminal cautions or convictions. If you make a fitness to practise declaration, we may ask relevant other people or organisations for information to help us assess your application.

Pharmacist and provisionally registered pharmacist applicants - if you have just completed your pre-registration training we will ask your pre-registration tutor to certify that you have completed training necessary to register and this means we will pass relevant information to your tutor.

We also ask for diversity information, which we use to meet our duties under the Equality Act 2010, but you do not have to fill this in.

While you are registered

When you are on the register, we ask you to tell us each year about your professional development as part of revalidation. We also ask you to declare any fitness to practise issues, which may include information about your health or criminal cautions or convictions. 

If we receive a concern about your practice, we will collect relevant information from you and others to review and investigate where appropriate. Depending on the nature of the concern, we could contact your employer, relevant NHS organisations or other authorities, such as the police or other regulators and witnesses to any incident that is alleged to have taken place.

We may ask you to undergo medical testing or a health assessment if this is relevant to assessing your fitness to practise.

If you apply to add an annotation to your register entry, if you gain an independent prescribing qualification, we will record your application and certification.

We may collect information from you as part of a pharmacy inspection but unless you are the responsible pharmacist, owner or superintendent, you are not usually identified in reports.

How we will use your information

We are required by the Pharmacy Order 2010 to make sure that registered pharmacy professionals meet our standards and are fit to practise so that people using pharmacy services receive safe and effective care. We use personal information of pharmacy professionals to help us meet those objectives.

If you join the register of pharmacists or pharmacy technicians we process your personal information for reasons which include:

  • checking your identity, assessing your qualifications, experience and fitness to practise when you apply to join the register
  • updating the registers
  • administering and maintaining your registration, including taking payments
  • revalidating your registration and making sure that you have completed relevant professional development during the year. Find out more about revalidation.
  • making sure that pharmacies and pharmacy professionals practise safely
  • processing and investigating concerns about pharmacies or registered pharmacy professionals. Find out more about how we process and investigate concerns
  • conducting fitness to practise hearings
  • monitoring the ongoing fitness to practise of registered pharmacy professionals
  • sending you communications about your registration and fitness to practise matters, as necessary to support our statutory objectives and when required by law
  • compiling statistics and research
  • dealing with questions, concerns or complaints

There is more information about what we do if you make a fitness to practise declaration on our website.

If you give us diversity information, we use it to meet our duties under the Equality Act 2010.

How we will share your information

We publish and share information to meet our objectives in line with the Pharmacy Order 2010 and other legislation. We explain how we do this below and in the section on sharing personal information.

GPhC registers

We are required by law to publish registers of pharmacists and pharmacy technicians. The registers contain your name, registration number, registration status, date of renewal and the town of your address. If you have received a fitness to practise sanction, your register entry will contain a link to relevant documents, in line with our publication and disclosure policy [PDF 645 KB] - also available in Welsh: Polisi cyhoeddi a datgelu CFfC [PDF 1 MB].

For pharmacists, the register also says if you are an independent or supplementary prescriber and if you are a superintendent pharmacist, the name of the relevant pharmacy.

We make data from the public registers available via a licensed subscription service. This does not include a live link to fitness to practise documents. More details about the service and a copy of the licence are on our website.

In response to the COVID-19 pandemic, the GPhC has also introduced a pharmacy professionals temporary register as well as a provisional pharmacist register which has now closed.  

Fitness to practise

If you are involved in fitness to practise hearings, we publish:

Other disclosures

We use third party reviewers to assess revalidation information. They will access information through the secure myGPhC portal and will only see revalidation records they are allocated to review. They do not see the identity of the person who has submitted the record.

We use external lawyers to carry out work on some of our investigations and hearings. We use external recorders to record hearings of the Fitness to Practise Committee and Appeals Committee. 

We disclose information to other people or organisations to carry out our statutory functions and in the public interest. We give more information about this in our publication and disclosure policy [PDF 645 KB] - also available in Welsh: Polisi cyhoeddi a datgelu CFfC [PDF 1 MB] - and in the section below on sharing information.

If you wish to apply for registration to practise in another country, you may need to ask us for a certificate of current professional status and fitness to practise history to be sent to the relevant regulator. Find out more about registration to practise in another country..

How long we will keep your information

We keep your registration records while you are registered and for at least 10 years after you leave the register, depending on the reason you leave the register. Revalidation records are usually kept for two years after you submit them or successfully complete the process. If we investigate a concern about your practice, we keep the case file for as long as necessary for our regulatory purposes. We keep determinations of any fitness to practise hearings as part of your registration record.   

Superintendent pharmacists

The Pharmacy Order 2010 and other legislation sets our objectives to assure the standards for registered pharmacies. As the superintendent pharmacist of a pharmacy, we hold information you give us to contact you in relation to the position you hold on behalf of the pharmacy owner to maintain the pharmacy's registration. This will include contacting you about inspections and action we may take if your pharmacy does not meet our standards. Your register entry as a pharmacist will show the details of the relevant pharmacy for which you are the superintendent. Please also see how we use your information as a registered pharmacist.   

Pharmacy owners

The Pharmacy Order 2010 and other legislation sets our objectives to assure the standards of registered pharmacies. If you own a pharmacy, we hold information you give us in your application to contact you to process your application and maintain your pharmacy’s registration. This will include contacting you about inspections and action we may take if your pharmacy does not meet our standards. We publish owner names on the register of pharmacy premises. You can see more information about how long inspection reports and details of any enforcement actions appear on our register and forthcoming inspection website in our publication and disclosure policy [PDF 645 KB] - also available in Welsh: Polisi cyhoeddi a datgelu CFfC [PDF 1 MB]. You can see more information about our approach to enforcement in our registered pharmacies enforcement policy.    

Foundation trainees, OSPAP applicants, students of MPharm sandwich or five-year integrated courses

Information we collect

We are required by the Pharmacy Order 2010 to make sure that pharmacy professionals have appropriate qualifications, training and experience. If you apply to join the pharmacist foundation training scheme, overseas pharmacists' assessment programme (OSPAP) and MPharm courses where training is administered through the GPhC, we collect information including:

  • your contact details
  • your qualifications and relevant experience
  • evidence of English language skills
  • counter-signatory and reference information
  • copies of documents to prove your identity
  • payment information (see payment section)
  • details of your tutor, placement and progress in your placement
  • details of fitness to practise issues, which may include information about health or criminal convictions

We also ask for diversity information, but you do not have to fill this in. We use this data to meet our duties under the Equality Act 2010.

When you sit the registration assessment, we receive your answer sheets and marks. You may give information about health or other issues if you make a request for a reasonable adjustment.

How we will use your information

We will use your information in line with our statutory objective to make sure that people working and providing care in a pharmacy setting, and who may go on to become registered pharmacy professionals are properly qualified, trained and fit to practise:

  • assess your eligibility and fitness to join the schemes
  • administer and monitor training placements
  • in the case of OSPAP, send your approved application to your selected training providers
  • administer the pre-registration assessment
  • assess applications for reasonable adjustments
  • mark and quality assure the pre-registration assessment
  • process any concerns or fitness to practise issues
  • deal with questions or complaints
  • assess applications to join the register of pharmacists
  • compile statistics and research

If you give us information as part of a request for a reasonable adjustment that we consider likely to affect your fitness to practise, we will hold that information and use it when we assess your application to join the register. This is in line with our objective to protect the public.

How we will share your information

We will ask your supervisor to share with us records of your progress in your placement. We will also ask them to sign off your training when it is complete. If we receive a concern about your fitness to practise, we will share details with your supervisor, employer or university (for sandwich course students) where there is a public interest in doing so.

When you sit the registration assessment, we share a list of candidates and details required for identity verification and invigilation with people involved in administering the assessment at the relevant BTL assessment centre. During the COVID-19 pandemic, a remote online assessment option may also be used, and this will be facilitated, managed and hosted by BTL. The facilitator for remote sittings (BTL) will collect identity and IP address information necessary for the invigilation of the assessment online. We use third parties to mark answer sheets and analyse the results to quality assure the assessment. We also use a third party to analyse the assessment results by school of pharmacy, age and ethnicity of candidates. We share this data in pseudonymised form.  

If you make a request for a reasonable adjustment, the Adjustments Committee will assess your application for adjustment. 

If you give us diversity information, we use it to meet our duties under the Equality Act 2010.

We may disclose information to other organisations in the exercise of our statutory functions and in the public interest. Further information is given in our publication and disclosure policy [PDF 645 KB] - also available in Welsh: Polisi cyhoeddi a datgelu CFfC [PDF 1 MB] - and in the section below on sharing information.

How long we will keep your information

If you go on to join the register, we will keep your training record as part of your registration record.

If you make any declarations about your fitness to practise these will be held for two years after you join the register. If you apply for a reasonable adjustment to sit the registration assessment, this information will be held for two years after you join the register. If a concern about your practice is raised, we will keep the information while it is necessary for regulatory purposes.

If you do not go on to join the register, we will keep your information for up to two years after the time your eligibility to apply expires. If we refuse your application on fitness to practise grounds, we will keep it while it is necessary for regulatory purposes.   

Students of MPharm, OSPAP, pharmacy technician and independent prescribing courses

Information we collect and how we use it

We are required by the Pharmacy Order 2010 to make sure that pharmacy professionals have appropriate qualifications, training and experience. We use information on students as follows:

  •  If you apply to join the Overseas Pharmacist Assessment Programme (OSPAP), we ask you to complete the application form. We use this information to assess your application and will send your approved application to your selected training providers.
  • At the relevant stage of your MPharm degree or OSPAP your university will tell us and we will add your name, date of birth and qualification to our database. Your university will tell us your results at the end of your degree. This is so that we have a record of people eligible to join pre-registration training and can check you have the right qualification when you apply for pre-registration training.
  • If you are on a sandwich or integrated five-year MPharm, which has a practice training element, your university will tell us at the relevant stage. This allows us to record your training, which is necessary so that you are eligible for registration. For more information on how we use this information, see the pre-registration section.
  • When you pass your pharmacy technician qualification, your course provider will tell us so that we know you have the right qualification to register.
  • When you pass your pharmacist independent prescriber qualification, your course provider will tell us so that we know you have the right qualification to add an annotation to your registration.

Occasionally, a course provider may share information about an individual student’s fitness to practise. We will use this information to assess your fitness to join the register.

We collect other information from universities and course providers in anonymised form. This includes information about the performance of different student cohorts.  We also collect diversity information to monitor the diversity of student groups to support our duties under the Equality Act 2010.

How long we will keep your information

We keep records on individual students while it is necessary to assess applications to the register or for regulatory purposes. If you join the register or add an annotation to your registration, we will keep details of your qualification as part of your registration record.  

Providers of approved courses of education and training

We collect contact details of people involved in running courses of education and training so that we can keep in touch with you to run our quality assurance programme and monitor the quality of courses. If you are teaching on one of these courses, your employer may give us information about your qualifications and experience for quality assurance purposes. We hold this information for at least one cycle of reapproval and for each step of the accreditation process.   

Pre-registration training tutors

We hold your contact details for the purpose of administering the pre-registration training scheme. We also keep records when you sign off the competence of individual pre-registration trainees. These are held as part of the trainee’s records and used in assessing their application to register.  

Payment information

The GPhC is allowed to charge registration fees under the Pharmacy Order 2010 and relevant fees rules. We collect payment information to allow us to process these fees and charges we make for other services where applicable.

If you pay the GPhC by direct debit, we collect details of your bank account to allow us to set up the arrangement with your bank and collect payments. This information will be shared with our bank. We keep details of direct debit mandates until the end of the mandate and for a further six years.

If you pay by credit card through myGPhC or Pay by Link, payments are collected by Worldpay and we only receive a payment notification. We keep credit card payment notifications for six financial years. 

You can download a copy of your receipts from myGPhC back to 2015. Please contact us if you need earlier receipts.

We will not normally share payment information, except as necessary to take a payment, but in some cases may share information with enforcement authorities or banks, for example, if there is a suggestion of fraudulent payments.   

Concerns

Information we collect

If you raise a concern about a pharmacy or the fitness to practise of a pharmacy professional, we ask you to tell us:

  • your contact details
  • if you raise a concern for someone else, their contact details
  • details of the concern
  • details of witnesses and other people you may have consulted about your concern
  • details of your medication and health, if this is relevant to the concern. We may need to ask for relevant records from your pharmacy or medical practitioner, with your consent.

We may ask you for other information depending on the nature of the case.

If you agree to act as a witness, we ask you to tell us:

  • about the alleged incident(s)
  • other relevant information to help us assess or investigate concerns

How we will use your information

Our role is to protect the public by making sure that pharmacy professionals continue to meet our standards. Our objectives are set out in the Pharmacy Order 2010.

We will use information you give us to help us assess what action may be necessary. We may go on to investigate and some cases may progress to a hearing. We are likely to contact you if what you have told us is not clear, or if we need more information. If we investigate the concern, we will ask you for a statement and may ask you to attend a hearing. We will only use your personal information where it is necessary to the investigation or hearing.

How we will share your information

Our overarching objective under the Pharmacy Order 2010 is to protect public safety. We share information about concerns and our investigations where it is in the public interest or we are legally required to do so.

When you raise a concern, we will share information about what you have told us with the pharmacy professional or others, such as their employer, to help us investigate the issue. Depending on the nature of your concern, this could be a summary of the issue or specific information, for example, about your medicines. We will share your name and other identifying information if required to help the pharmacy staff identify the incident. When you fill out the 'report a concern' form you can tell us if you want to remain anonymous or if you have any worries about us sharing information about your concern.

In deciding whether to share information we weigh up and balance the wider public interest in disclosing information against individual rights to privacy. We look at this on a case by case basis. In doing so, we will take your views into account and we will treat any concerns you have seriously. However there may be occasions where our duty to protect the public overrides your views. We will always do our best to tell you before we do so.

There is more information in the concerns form and our publication and disclosure policy [PDF 645 KB] - also available in Welsh: Polisi cyhoeddi a datgelu CFfC [PDF 1 MB]

How long we will keep your information

If we investigate a concern about the practice of a pharmacy professional, we will keep the case file while it is necessary for regulatory purposes. The case file will include details of your concern and other relevant information about you that was relevant and necessary to our investigation.

If the case leads to a fitness to practise hearing, the committee will record a determination. If you give evidence at the hearing, the determination is likely to refer to your evidence. We publish determinations of public hearings in line with our publication and disclosure policy [PDF 645 KB]. We keep determinations as part of the pharmacy professional’s registration record and then for at least 10 years after they leave the register.  

Sharing personal information

We share information with other organisations in the public interest when we carry out our tasks under the Pharmacy Order 2010 and other legislation. We also disclose information when required by other laws, for example, laws that apply to the work of other public authorities.

The Pharmacy Order gives us a duty to cooperate, where appropriate and reasonably practical, with other organisations, such as other regulatory authorities, NHS trusts, employers of pharmacy professionals, the Department of Health and organisations that run GPhC accredited courses. You can find information about the formal arrangements we have with some of these organisations on our website.

We explain more about when we disclose information to other people or organisations in our publication and disclosure policy [PDF 645 KB] - also available in Welsh: Polisi cyhoeddi a datgelu CFfC [PDF 1 MB]. We will not share your personal data for marketing purposes with any third party.

How we consider the public interest

There is a public interest in the GPhC meeting its objectives. These include:

  • protecting the health, safety and well-being of the public
  • upholding public confidence in the pharmacy professions
  • making sure that pharmacy professionals and pharmacies meet our standards

Where we are considering disclosing personal information, we must comply with data protection legislation and human rights legislation.

When we decide whether or not to disclose information, we must first be satisfied that disclosure is lawful and meets one of the conditions for processing in data protection legislation. This will usually be when it is necessary to enable us to carry out our statutory and regulatory functions under the Pharmacy Order, Rules and/or other relevant legislation. Sometimes another condition will apply.

We then need to consider whether disclosure is justifiable. Is it in the public interest to disclose compared to and balanced with the person’s right to privacy? We consider a person’s rights under data protection legislation, human rights legislation and the common law duty of confidentiality. We review any legal power to make such a disclosure. We also review the nature, purpose, quality, appropriateness, and necessity for the disclosure. We also consider the impact of disclosure, including the potential for damage or distress to the person and weigh that alongside the potential harm that may be caused if we do not disclose information. We must make sure that we comply with the data protection principles, for example, that the information we disclose is limited to what is necessary to achieve the overriding lawful purpose.

We consider the public interest when employers of pharmacy professionals or other agencies involved in recruitment, ask us for personal information in relation to their employees. We also consider it when other public authorities ask us to disclose personal information. For example, NHS organisations may ask us for information to establish the professional standing of a registered pharmacy professional.

We do not usually publish or disclose information about investigations currently taking place, unless we consider it to be in the public interest and proportionate in the circumstances. We want to avoid publishing or disclosing information where there is a risk that it might prejudice or adversely impact an investigation by the GPhC or another organisation.

Freedom of information

Sometimes the GPhC may need to disclose information under the laws covering access to information (usually the Freedom of Information Act 2000). We disclose identifiable personal information only where it is lawful, fair and in the public interest to do so.   

Responding to consultations

We are required to consult before we set any standards or requirements under the Pharmacy Order 2010. We will also consult where necessary to make sure we exercise our statutory functions effectively and proportionately to meet our overarching objective of protecting the public.

If you respond to a GPhC consultation, we will use the information you give us to help us develop our work. Further information is given in each consultation document. We ask you to give us some background information about you and, if you respond on behalf of an organisation, your organisation. We use this to help us analyse the possible impact of our plans on different groups.

We are committed to promoting equality, valuing diversity and being inclusive in all our work as a health professions regulator, and to making sure we meet our equality duties. There is an equality monitoring form at the end of each consultation survey. You do not have to fill it in, but if you do, it will give us useful information to check that this happens.

How we share your information

We publish a report about all our consultations. We will not list your name in the report, but if you respond on behalf of an organisation, we will name your organisation. If you respond as a private individual, we will not publish your response.

Occasionally, the GPhC may need to disclose information under the laws covering access to information (usually the Freedom of Information Act 2000). We will usually anonymise responses or ask for your consent to disclose information, but please be aware that we cannot guarantee confidentiality.

We use SmartSurvey to collect responses to our consultations. You can read SmartSurvey’s privacy policy on their website. We take a copy of all responses to analyse at the GPhC and delete the information held in SmartSurvey when our work is complete.   

Online public panel

Information we collect

Our online public panel helps us to seek the views of patients and the public on our work. 

When a member of the public signs up to the online public panel we collect information including  contact details, special category data and equality and diversity information. We use this data to make sure our panel represents a wide range of people and so that we can target activities at specific groups, for example by age. 

How we will use your information

We will use your information to contact you about activities available to panel members and to send your shopping voucher codes as a thank you for participating. 

We will use the data you provide through the activities you complete to help us understand what members of the public think about pharmacy services and our policies, standards, guidance and processes.  

How we will share your information

All data will be anonymised when feedback is analysed. We will share the anonymous results of activities internally, with our Council and by publishing on our website. We will not share your contact data with third parties.

How we will store and process your data

The data you provide will be held in SmartSurvey when collected and then in a password protected GPhC database. Read SmartSurvey's privacy policy.

How long we will keep your information

We will keep your personal details for the whole of the time that you are a member of the panel.

If you choose to withdraw from the panel your personal data will be deleted from all the systems where it is held. To opt out of the online panel at any point contact communications@pharmacyregulation.org 

Membership of the panel will be reviewed on an annual basis. We may need to recruit more members to replace those who have left or do a systematic review where one third of members are replaced each year. The approach will depend on how much we have used the panel and how engaged members have been. 

GPhC Forums

Information we collect

Our forums help us to listen to members views and experiences, to inform our work and build our insights into key issues. If you join one of our forums we collect information including contact details and equality and diversity information. We use this data to make sure our forums represents a wide range of people.

How we will use your information

We will use your information to contact you about forum meetings and to send your shopping voucher codes as a thank you for participating. We will use the information you provide at forum meetings to inform our work and build our insights into key issues.

How we will share your information

We will anonymise your feedback. We will share the anonymous results of meetings internally, with our Council and by occasionally publishing on our website. We will not share your contact details with third parties.

How we will store and process your data

The data you provide will be held in SmartSurvey when collected and then in a password protected GPhC database. Read SmartSurvey's privacy policy.

How long we will keep your information

We will keep your personal details for the whole of the time that you are a member of the forum. Membership of the forum will be reviewed on an annual basis. If you choose to withdraw from the forum your personal data will be deleted from all the systems where it is held. To opt out of the forum at any point contact communications@pharmacyregulation.org.  

Joining our mailing list

If you attend one of our events, respond to a consultation or contact us, we may ask if you would like to hear more about our work. If you agree to join our mailing list, we will hold your contact details in our database.

We use MailChimp to create mailing lists using names and email addresses and to send emails about our work. You may unsubscribe using the link in the emails. We use Eventbrite to invite you to GPhC events. Mailchimp and Eventbrite are based in the USA and process data under the EU-US privacy shield framework. They do not sell mailing lists.

If you want us to stop contacting you, please email communications@pharmacyregulation.org.

If you are a registered pharmacy professional or pharmacy owner, we must send you some correspondence by law and you will not be able to unsubscribe. This correspondence will be about your registration, or if we need to review a concern about your fitness to practise or a concern relating to a registered pharmacy.    

Contacting the GPhC

If you contact the GPhC with a question or with feedback or a complaint, we will use the information you give us to try to resolve your issue and respond to you. If you contact us about a personal matter, we may ask you to confirm your identity. If you are contacting us on behalf of another person, we will ask you for their authority to act on their behalf. If you raise a concern about a pharmacy or pharmacy professional, please see the section on concerns.

If you contact us using a form on our website, the form will be stored by Binary Vision, who host our website for up to three months.

We do not make audio recordings of our telephone calls. If you call our contact centre, a supervisor may listen to calls for training and support purposes.   

Cookies

Our website uses cookies. Find out more about how cookies are used.   

Statistics and research

We use personal data to analyse and review different aspects of our work as a regulator and in the public interest. This includes using data we collect about registered pharmacy professionals, pharmacy owners, applications to register, pre-registration training, education, fitness to practise and revalidation. If you give us equality and diversity information, we use that data in research and analysis to support our work to meet our public sector equality duties. We publish research on our website, but do not identify individuals in reports, unless they have given specific consent.

From time to time we carry out research projects into specific areas of our work. We sometimes use third parties to help us with this and we share information with them to enable them to carry out surveys or for analysis where necessary. We anonymise data where it is not necessary to share identifiable information. We make sure that any such third parties sign an agreement which includes confidentiality and data protection clauses.

Sometimes we carry out surveys or use focus groups to help with our research. If you take part in these, we will tell you how we plan to use your information. We use SmartSurvey to collect responses to our surveys. You can read SmartSurvey’s privacy policy on their website. We take a copy of all responses to analyse at the GPhC and delete the information held in SmartSurvey when our work is complete.

We sometimes support research projects carried out by independent and academic researchers where the subject of the research contributes to our work or there is a strong public interest in the research. We only share necessary information and where possible we anonymise or pseudonymise data on individuals, who can include pharmacy professionals, foundation trainees and others connected with our work, depending on the subject of the research. See the third-party research policy [PDF 365 KB] for further information. An example of a research project that we have supported in this way is the United Kingdom Research study into Ethnicity And COVID-19 outcomes in Healthcare workers.  

Diversity information

The General Pharmaceutical Council is committed to delivering equality, improving diversity and fostering inclusion in all our work as a healthcare regulator and as an employer, and removing barriers in our practices.

One of the ways we do this is by asking people to provide information about their protected characteristics.

How we will use your information

We ask for this information so we can monitor the performance of our processes, consider the impact of our policies and practices on people who share characteristics, and understand where we need to improve. This information helps us achieve this and meet our obligations under the Equality Act 2010 and related legislation (for example, by making reasonable adjustments for people with disabilities).

We also use the information you give us to analyse and report on the diversity of the pharmacy workforce or trends in pharmacy practice in Great Britain. We may use the information as part of our research or analysis work. We gather this information as part of our registration and fitness to practise processes, However, the information is not used to determine individual fitness to practise outcomes or registration applications.

We also gather information as part of our recruitment and employment processes, where it is used to monitor the performance of those processes and to report on the diversity of candidates and staff. It is not used to assess applications.

How we will handle your information

Giving us this information is voluntary. If you choose to give it to us, we will keep it confidential and hold it securely in line with data protection law. The information may be used by different teams within the organisation. This will only be on an authorised and need-to-know basis. We restrict access to this information on our systems.

We will anonymise any data we publish so you cannot be identified. For example, this may include summary reports about our work as part of our statutory responsibilities, where data is aggregated.

We generally process diversity information to promote or maintain equality of opportunity or treatment to meet our Public Sector Equality Duty created under the Equality Act 2010. In some situations, we may have a different lawful basis for processing your data. In these situations, we will tell you at the time we collect the data our lawful basis for processing, and our purpose for processing it.

How we will share your information

We will share your information if required by law, where ordered by a Court, or where it is otherwise in the public interest and lawful to do so.

We sometimes share data with external organisations for the purposes of research or statistical analysis. We aggregate, anonymise or pseudonymise information so you cannot be identified by other parties. If we ask another organisation to collect data on our behalf, we will make this clear to you at the time. Read more about research here.   

Applying to work with the GPhC

Information we collect

If you apply for a job with the GPhC, or to be an associate, partner, Council or committee member we will ask you to give us your contact details and information about your relevant qualifications and experience. We may collect other information to assess your application. For example, we may:

  • invite you to an interview, by phone or in person, and we will take notes and score your responses to questions
  • ask you to take a test or carry out another assessment activity, which we will score
  • for some roles, ask you about any criminal convictions, cautions or other disciplinary action taken against you

We will also ask you:

  • whether you have a disability for which we need to make reasonable adjustments during the recruitment process, but providing this information is optional
  • for equality and diversity information, but providing this information is optional

If we offer you a role with us, we will ask for:

  • proof of identity and about your entitlement to work in the UK (this is required by law)
  • details of referees
  • your bank details, so we can pay you
  • emergency contact details, including those of a family member or friend, which we will only use if necessary
  • outcome of a background check, such as DBS, for some roles

How we will use your information

We will use your information to process your application, assess it and consider entering into a contract with you. We do not use automated decision-making to assess applications.

If as part of your application you provide details related to equality and diversity, we will use the information you give to assess whether we are attracting a diverse range of candidates in line with our duties under the Equalities Act 2010. We will not use that information to assess your application.

If we offer you a role with us, we will contact your referees to ask for a reference. We will carry out background checks appropriate to the role we offer you, which we will tell you about. If we confirm our offer, we will use your information to set up your contract of employment or service agreement. We will keep your application as part of your personal file when you join the GPhC. We have a separate privacy policy for employee information.

How we will share your information

Employees who administer the recruitment process will have access to your application.

If you apply for a job with the GPhC, via our online recruitment portal, your application:

  • will be shared with members of the assessing panel. This usually consists of GPhC employees, but for some senior employee roles, may include Council members or members from third party organisations
  • will be anonymised during the early stages of the selection process. It will be shared with members of the assessing panel, but they will not be told your identity unless you are selected for interview.

If you apply for an associate, partner, committee or Council member positions, your application:

  • will be shared with members of the assessing panel. This will usually consist of GPhC employees, but for some senior employee roles, may include Council members or members from third party organisations.
  • will be anonymised during the early stages of the selection process. It will be shared with members of the assessing panel, made up of Appointments Committee members, but they will not be told your identity unless you are selected for interview.

If you apply to become an associate or partner, we ask you to apply using a form hosted by Smartsurvey. Smartsurvey hold your data securely in the UK and will not use it for any other purposes.

We outsource the recruitment of Council members to a third party who abides to a strict Data Privacy Policy accordance with the General Data Protection Regulation (GDPR).

How long we will keep your information

If your application is unsuccessful, we will keep your information for one year from the end of the recruitment process and then delete it.

If you go on to work with us, we will usually keep your information for six years from the end of your contract of employment or term of office.  

Visitors to our office

Our office building is owned by Credit Suisse and if you visit us you will need to go through their security procedures. Citi and the GPhC will record your name, organisation and date and time of visit. We ask you to tell us if you need help in case the building needs to be evacuated. If you do, Credit Suisse and the GPhC hold a record of your needs for the time necessary to support you.    

CCTV

We use CCTV in our offices to support the safety and security of our staff and premises. CCTV is used to:

  • act as a deterrent to intruders and to the theft or misuse of property or information
  • act as a deterrent to improper or aggressive behaviour
  • as evidence to support the investigation of safety- and security-related incidents

We keep recordings for three months unless we need to keep them longer for use as evidence. If you want to see images of yourself from our CCTV, ask for your personal data. CCTV recordings may be accessed by staff of Citi, who own our office. Read the CCTV policy here.  

Information security

Information security is important to us, and we know it matters to you too.

Our information technology security uses ISO 27000 standards and we regularly review our security policies and processes. Data is encrypted and stored in secure environments in the UK and European Economic Area. We regularly update our systems and install security updates. We have firewalls, anti-virus software and other measures in place to prevent and detect intrusion and we carry out regular penetration testing of our systems. We have disaster recovery and back up measures in place. We limit access to personal data to people who need to know because of their role. 

We use external suppliers to provide IT support and other business services. Where they process personal data for us, we will have contracts with data protection provisions in place.

We use secure email or password protect files to send any sensitive personal information. Where we need to send sensitive information in letters, we use postal services with a track and trace facility  

Your rights

The sections below explain how to ask us about any of your rights under data protection law. You can find out more about your rights from the ICO website.  

Asking to see your personal data

You have the right of access to personal information that we hold about you, free of charge in most cases. Please send your request in writing, where possible, describing the information you want. We may ask you to supply proof of your identity. Under the law we have to respond within one month. We may extend this by two months if your request is complex and we will tell you if this is the case.  

Correcting your personal data

If you have a myGPhC account, you may update and correct some of your personal data yourself. If you want to make other updates or corrections, please contact us. In some circumstances, we may not be able to agree to requests to change data. If we do not, we will explain why. We will respond within one month.   

Asking us to stop using your data

You have the rights to:

  • Object to data processing and ask us to stop using your personal information
  • Ask us to erase your personal data
  • Ask us to restrict the processing of your personal data

If you want to ask about any of these rights, please contact us. We will respond to requests within one month.  We may not be able to agree to all requests, but if we do not, we will explain why. For example, we have to use certain types of information to carry out our functions under Pharmacy Order 2010, the rules made under the Order, and under other legislation.  

Automated decisions and profiling

We do not use automated decision making in any of our applications processes. You must, however, submit all the documents we need before we can assess your application. Please read the application forms carefully.

We sometimes use personal profiles in our research, in particular to help us assess the impact of our work on different groups of people. We do not use profiling to make decisions about individuals.  

Data portability  

Please contact us if you would like copies of your information electronically.  

More information and contact details

You may contact us if you have any questions or concerns about your data:

Email: dpo@pharmacyregulation.org

Tel: 020 3713 7827

 

Data Protection Officer

General Pharmaceutical Council
Level 14, One Cabot Square
London 
E14 4QJ 

Email: dpo@pharmacyregulation.org

Phone: 020 3713 8000

You can find out more about your rights under data protection legislation from the Information Commissioner’s Office. You also have the right to report a concern to the ICO if you are unhappy with the way we process your data or deal with your requests under data protection legislation.