Privacy policy

This policy explains the types of personal information we collect, how we use it and how we keep it safe. It also tells you about your rights under data protection law. We review and update this policy from time to time to reflect changes to our processes.

Use the links below to navigate to the different sections in this policy. This policy was last revised in March 2024. You must check back regularly to see how we process your personal data as changes to this policy will not be notified to you.

About the GPhC

The General Pharmaceutical Council (GPhC) is the independent regulator for pharmacists, pharmacy technicians and pharmacy premises in Great Britain. Our statutory aims, objectives, powers and responsibilities are set out under the Pharmacy Order 2010, the rules made under the Order, the Medicines Act 1968, the Poisons Act 1972 and other legislation.

If you give us your personal information through one of our websites, or you provide us with information by other means, the GPhC is the data controller for information you share with us. This means that we decide how to use it and are responsible for protecting it in accordance with the UK General Data Protection Regulation and associated applicable data protection laws.

This privacy policy applies to this website, as well as the following websites:

Pharmacy inspections
MyGPhC
MyGPhCpharmacy

The GPhC is registered with the Information Commissioner’s Office (ICO) to process your personal data (registration number Z236733X).

How we will use your personal data

We use personal information to support our work to regulate pharmacists, pharmacy technicians and registered pharmacies in Great Britain. We explain how we use information of different groups of people in the sections below.

Pharmacists and pharmacy technicians

You will find more details of how we use the information you give us when you register, renew and revalidate in the privacy policy in myGPhC.

Information we collect

When you apply to join the register

We are required by the Pharmacy Order 2010 to make sure that applicants are suitably qualified and fit to practise before they join our registers. We use the information you give us when you apply to process and assess your application to perform our regulatory role in accordance with our statutory functions. The information we ask for includes:

contact details
details of your qualifications, training and experience
tutor or designated supervisor information
employer information
counter-signatory information
copies of documents to prove your identity
payment information
evidence of English language skills
information about issues that may affect your fitness to practise. This may include information about your health or criminal cautions or convictions. If you make a fitness to practise declaration, we may ask relevant other people or organisations for information to help us assess your application.

Pharmacist applicants - if you have just completed your foundation training, we will ask your designated supervisor to certify that you have completed the training necessary to register. This process happens through myGPhC and your supervisor will view and certify the information you have provided in your application.

We also ask for diversity information, which we use to meet our duties to promote and maintain equality of opportunity or treatment under the Equality Act 2010, but you do not have to provide this information.

While you are registered

When you are on the register, we ask you to tell us each year about your professional development as part of revalidation. We also ask you to declare any fitness to practise issues, which may include information about your health or criminal cautions or convictions.

If we receive a concern about your practice, we will collect relevant information from you and others to review and investigate where appropriate. Depending on the nature of the concern, we could contact your employer, relevant NHS organisations or other authorities, such as the police or other regulators and witnesses to any incident that is alleged to have taken place.

We may ask you to undergo medical testing or a health assessment if this is relevant to assessing your fitness to practise.

If you apply to add an annotation to your register entry, (for example if you gain an independent prescribing qualification), we will record your application and certification.

We may collect information from you as part of a pharmacy inspection but unless you are the responsible pharmacist, owner or superintendent, you are not usually identified in reports.

How we will use your information

We are required by the Pharmacy Order 2010 to make sure that registered pharmacy professionals are appropriately qualified, meet our standards and are fit to practise so that people using pharmacy services receive safe and effective care. We use personal information of the pharmacy professionals to help us meet those objectives and to help us meet our legal obligations and to discharge our statutory functions.

If you join the register of pharmacists or pharmacy technicians we process your personal information for reasons which include:

checking your identity, assessing your qualifications, experience and fitness to practise when you apply to join the register
updating the registers
administering and maintaining your registration, including taking payments
revalidating your registration and making sure that you have completed relevant professional development during the year
making sure that pharmacies and pharmacy professionals practise safely
processing and investigating concerns about pharmacies or registered pharmacy professionals
conducting fitness to practise hearings
monitoring the ongoing fitness to practise of registered pharmacy professionals
sending you communications about your registration and fitness to practise matters, as necessary to support our statutory objectives and when required by law
compiling statistics and research
dealing with questions, concerns or complaints

There is more information about what we do if you make a fitness to practise declaration on our website.

How we will share your information

We publish and share information to meet our objectives in line with the Pharmacy Order 2010 and other legislation. We explain how we do this below and in the section on sharing personal information.

GPhC registers

We are required by law to publish registers of pharmacists and pharmacy technicians. The registers contain your name, registration number, registration status, date of renewal and the town of your address. If you have received a fitness to practise sanction, your register entry will contain a link to relevant documents, in line with our publication and disclosure policy. Also available in Welsh.

For pharmacists, the register also says if you are an independent or supplementary prescriber and if you are a superintendent pharmacist, the name of the relevant pharmacy.

We make data from the public registers available via a licensed subscription service. This does not include a live link to fitness to practise documents.

In response to the COVID-19 pandemic, we introduced a pharmacy professionals temporary register and a provisional pharmacist register which have now closed and are no longer published, although we have kept records of members of those registers.

Fitness to practise

If you are involved in fitness to practise hearings, we publish:

schedules of forthcoming fitness to practise hearings
determinations of public fitness to practise hearings in a list for 12 months
fitness to practise information in your register entry, in line with our publication and disclosure policy. Also available in Welsh.

Other disclosures

We use third party reviewers to assess revalidation information. They will access information through the secure myGPhC portal and will only see revalidation records they are allocated to review. They do not see the identity of the person who has submitted the record.

We use external lawyers to carry out work on some of our investigations and hearings. We use external recorders to record hearings of the Fitness to Practise Committee and Appeals Committee.

We disclose information to other people or organisations to carry out our statutory functions and in the public interest. This includes notifying the Disclosure and Barring Service (DBS) or Disclosure Scotland about any relevant information. We give more information about this in our publication and disclosure policy (also available in Welsh) - and in the section below on sharing information.

If you wish to apply for registration to practise in another country, you may need to ask us for a certificate of current professional status and fitness to practise history to be sent to the relevant regulator. Find out more about registration to practise in another country.

How long we will keep your information

We keep your registration records while you are registered and for at least 10 years after you leave the register, depending on the reason you leave the register. Revalidation records are usually kept for two years in myGPhC after you submit them or successfully complete the process. If we investigate a concern about your practice, we keep the case file for as long as necessary for our regulatory purposes. We keep determinations of any fitness to practise hearings as part of your registration record.

Superintendent pharmacists

The Pharmacy Order 2010 and other legislation sets our objectives to assure the standards for registered pharmacies. We hold information about you in your role as superintendent pharmacist of a pharmacy, so that we can contact you as the representative of the pharmacy owner. This will include maintaining the pharmacy's registration, contacting you about inspections, concerns and action we may take if your pharmacy does not meet our standards. Your register entry as a pharmacist will show the details of the relevant pharmacy for which you are the superintendent.

Your register entry as a pharmacist will show the details of the relevant pharmacy for which you are the superintendent. Please also see how we use your information as a registered pharmacist.

Pharmacy owners

The Pharmacy Order 2010 and other legislation sets our objectives to assure the standards of registered pharmacies. If you own a pharmacy, you will have provided us with information about the pharmacy in your application to register the pharmacy premises with us. We will hold this information to contact you, to process your registration application and maintain your pharmacy’s registration. This will include contacting you about inspections and action we may take if your pharmacy does not meet our standards. We publish owner names on the register of pharmacy premises. You can see more information about how long inspection reports and details of any enforcement actions appear on our register and forthcoming inspection website in our publication and disclosure policy. Also available in Welsh.

Foundation trainees, OSPAP applicants, students of MPharm sandwich or 5 year integrated courses

Information we collect

We are required by the Pharmacy Order 2010 to make sure that pharmacy professionals have appropriate qualifications, training and experience. If you apply to join the pharmacist foundation training scheme, overseas pharmacists' assessment programme (OSPAP) and MPharm courses where training is administered through the GPhC, we collect information including:

your contact details
your qualifications and relevant experience
evidence of English language skills
counter-signatory and reference information
copies of documents to prove your identity
payment information
details of your tutor or designated supervisor, placement and progress in your placement
details of fitness to practise issues, which may include information about health or criminal convictions

We also ask for diversity information, but you do not have to fill this in. We use this data to meet our duties under the Equality Act 2010.

When you sit the registration assessment, we receive your answer sheets and marks. You may give information about health or other issues if you make a request for a reasonable adjustment.

How we will use your information

We will use your information in line with our statutory functions to make sure that people working and providing care in a pharmacy setting, and who may go on to become registered pharmacy professionals are properly qualified, trained and fit to practise. This includes:

assessing your eligibility and fitness to join the schemes
administering and monitoring training placements
in the case of OSPAP, sending your approved application to your selected training providers
administering the pre-registration assessment
assessing applications for reasonable adjustments
marking and quality assuring the registration assessment
processing any concerns or fitness to practise issues
dealing with questions or complaints
assessing applications to join the register of pharmacists
compiling statistics and research

If you give us information as part of a request for a reasonable adjustment that we consider likely to affect your fitness to practise, we will hold that information and use it when we assess your application to join the register. This is in line with our objective to protect the public.

How we will share your information

We will ask your supervisor to share with us records of your progress in your placement. We will also ask them to sign off your training when it is complete. If we receive a concern about your fitness to practise, we will share details with your supervisor, employer or university (for sandwich course students) or the relevant Statutory Education Body with responsibility for funding foundation training placements in the case of a concern relating to a foundation trainee pharmacist. Depending on the nature of the concern, we may also share information with law enforcement agencies, or other competent bodies or authorities, such as the Disclosure and Barring Service (DBS) and Disclosure Scotland (DS), where we have to comply with a legal obligation, as well as in cases where we consider there is a public interest in doing so.

When you sit the registration assessment, we share a list of candidates and details required for identity verification and invigilation with people involved in administering the assessment at the relevant assessment centre. We use third parties to mark answer sheets and analyse the results to quality assure the assessment. We also use a third party to analyse the assessment results by school of pharmacy, age and ethnicity of candidates. We share this data in pseudonymised form.

If you make a request for a reasonable adjustment, the Adjustments Committee will assess your application for adjustment.

If you give us diversity information, we use it to meet our duties under the Equality Act 2010.

We may disclose information to other organisations in the exercise of our statutory functions and in the public interest. Further information is given in our publication and disclosure policy (also available in Welsh) - and in the section below on sharing information.

How long we will keep your information

If you join the register, we will keep your training record as part of your registration record.

If you make any declarations about your fitness to practise these will be held for two years after you join the register. If you apply for a reasonable adjustment to sit the registration assessment, this information will be held for two years after you join the register. If a concern about your practice is raised, we will keep the information while it is necessary for regulatory purposes.

If you do not join the register, we will keep your information for up to two years after the time your eligibility to apply expires. If we refuse your application on fitness to practise grounds, we will keep it while it is necessary for regulatory purposes.

Students of MPharm, OSPAP, pharmacy technician and independent prescribing courses

Information we collect and how we use it

We are required by the Pharmacy Order 2010 to make sure that pharmacy professionals have appropriate qualifications, training and experience. We use information on students as follows:

If you apply to join the Overseas Pharmacist Assessment Programme (OSPAP), we ask you to complete the application form. We use this information to assess your application and will send your approved application to your selected training providers.
At the relevant stage of your MPharm degree or OSPAP your university will tell us and we will add your name, date of birth and qualification to our database. Your university will tell us your results at the end of your degree. This is so that we have a record of people eligible to join foundation training and can check you have the right qualification when you apply for foundation training.
If you are on a sandwich or integrated 5-year MPharm, which has a practice training element, your university will tell us at the relevant stage. This allows us to record your training, which is necessary so that you are eligible for registration. For more information on how we use this information, see the foundation training section.
When you pass your pharmacy technician qualification, your course provider will tell us so that we know you have the right qualification to register.
When you pass your pharmacist independent prescriber qualification, your course provider will tell us so that we know you have the right qualification to add an annotation to your registration.

Occasionally, a course provider may share information about an individual student’s fitness to practise. We will use this information to assess your fitness to join the register.

We collect other information from universities and course providers related to admissions in anonymised form. This includes high level grouped information relating to ethnicity, disability, age, nationality and course numbers about the performance of different student cohorts. We also collect diversity information to monitor the diversity of student groups to support our duties under the Equality Act 2010. All information is in aggregate form and individuals cannot be identified from it.

How long we will keep your information

We keep records on individual students while it is necessary to assess applications to the register or for regulatory purposes. If you join the register or add an annotation to your registration, we will keep details of your qualification as part of your registration record.

Providers of approved courses of education and training

We collect contact details of people involved in running courses of education and training so that we can keep in touch with you to run our quality assurance programme and monitor the quality of courses. If you are teaching on one of these courses, your employer may give us information about your qualifications and experience for quality assurance purposes. We hold this information for at least one cycle of re-approval and for each step of the accreditation process.

Foundation training tutors

Payment information

The GPhC is allowed to charge registration fees under the Pharmacy Order 2010 and relevant fees rules. We collect BACS payment information to allow us to process these fees and charges we make for other services where applicable.

If you pay the GPhC by Direct Debit, we collect details of your bank account to allow us to set up the arrangement with your bank and collect payments. This information will be shared with our bank. We keep details of direct debit mandates until the end of the mandate and for a further six years.

If you pay by credit card through myGPhC or Pay by Link, payments are collected by our nominated payment services provider and personal data is retained by that provider in accordance with their legal obligations under relevant legislation. We only receive a payment notification, and will retain credit card payment notifications for six financial years.

We will not normally share payment information, except as necessary to take a payment, but in some cases may share information with enforcement authorities or banks, for example, if there is a suggestion of fraudulent payments.

Concerns

Information we collect

If you raise a concern about a pharmacy or the fitness to practise of a pharmacy professional, we ask you to tell us:

your contact details
if you raise a concern for someone else, their contact details
details of the concern
details of witnesses and other people you may have consulted about your concern
details of your medication and health, if this is relevant to the concern. We may need to ask for relevant records from your pharmacy or medical practitioner, with your consent.

We may ask you for other information depending on the nature of the case.

If you agree to act as a witness, we ask you to tell us:

about the alleged incident(s)
other relevant information to help us assess or investigate concerns.

How we will use your information

Our role is to protect the public by making sure that pharmacy professionals continue to meet our standards. Our objectives are set out in the Pharmacy Order 2010.

We will use information you give us to help us assess what action may be necessary. We may go on to investigate and some cases may progress to a hearing. We may contact you if what you have told us is not clear, or if we need more information. If we investigate the concern, we will ask you for a statement and may ask you to attend a hearing. We will only use your personal information where it is necessary to the investigation or hearing.

If you attend a virtual meeting or virtual hearing

We use video conferencing to run virtual meetings and hearings. Our supplier will process basic personal data (name, surname, email address and password) to enable you to join a virtual meeting or hearing.

We sometimes make recordings of virtual meetings and will ordinarily do so for hearings. If we record a meeting or hearing that you attend, we will tell you that it’s being recorded and the reason why we are recording it. All recordings are stored locally on GPhC servers.

We use third party suppliers to transcribe virtual and in-person hearings, and we share recorded information with them under contract to enable them to perform these services on our behalf.

We process your personal information to enable us to perform our statutory functions as a regulator.

How we will share your information

Our overarching objective under the Pharmacy Order 2010 is to protect public safety. We share information about concerns and our investigations where we consider it to be in the public interest or we are legally required to do so.

When you raise a concern, we will share information about what you have told us with the pharmacy professional or others, such as their employer, to help us investigate the issue. Depending on the nature of your concern, this could be a summary of the issue or specific information, for example, about your medicines. We will share your name and other identifying information if required to help the pharmacy staff identify the incident.

When you fill out the 'report a concern' form you can tell us if you want to remain anonymous or if you have any worries about us sharing information about your concern.

In deciding whether to share information we weigh up and balance the wider public interest in disclosing information against individual rights to privacy. We look at this on a case by case basis. In doing so, we will take your views into account and we will treat any concerns you have seriously.

However, there may be occasions where our duty to protect the public overrides your views. If this is the case, we will always do our best to tell you before we share your information.

There is more information about our approach to disclosure in the concerns form and our publication and disclosure policy.

Publication and disclosure policy

Polisi cyhoeddi a datgelu CFfC

How long we will keep your information

If we investigate a concern about the practice of a pharmacy professional, we will keep the case file while it is necessary for regulatory purposes. The case file will include details of your concern and other relevant information about you that was relevant and necessary to our investigation.

If the case leads to a fitness to practise hearing, the committee will record a determination. If you give evidence at the hearing, the determination is likely to refer to your evidence. We publish determinations of public hearings in line with our publication and disclosure policy. We keep determinations as part of the pharmacy professional’s registration record and then for at least 10 years after they leave the register.

Sharing personal information

We share information with other organisations in the public interest when we carry out our tasks under the Pharmacy Order 2010 and other legislation. We also disclose information when required by other laws, for example, laws that apply to the work of other public authorities.

The Pharmacy Order gives us a duty to cooperate, where appropriate and reasonably practical, with other organisations, such as other regulatory authorities, NHS trusts, employers of pharmacy professionals, the Department of Health and organisations that run GPhC accredited courses. You can find information about the formal arrangements we have with some of these organisations on our website.

We explain more about when we disclose information to other people or organisations in our publication and disclosure policy (also available in Welsh). We will not share your personal data for marketing purposes with any third party.

How we consider the public interest

The Pharmacy Order 2010 enables us to share relevant information, when this is necessary for us to carry out our statutory functions, including when we consider that there is a public interest in sharing information to meet our statutory objectives. These include:

protecting the health, safety and well-being of the public
upholding public confidence in the pharmacy professions
making sure that pharmacy professionals and pharmacies meet our standards

We will consider whether disclosure is justifiable. Is it in the public interest to disclose compared to and balanced with the person’s right to privacy? We consider a person’s rights under data protection legislation, human rights legislation and the common law duty of confidentiality. We review any legal power to make such a disclosure. We also review the nature, purpose, quality, appropriateness, and necessity for the disclosure. We also consider the impact of disclosure, including the potential for damage or distress to the person and weigh that alongside the potential harm that may be caused if we do not disclose information. We must make sure that we comply with the data protection principles, for example, that the information we disclose is limited to what is necessary to achieve the overriding lawful purpose.

We consider the public interest when employers of pharmacy professionals or other agencies involved in recruitment, ask us for personal information in relation to their employees. We also consider it when other public authorities ask us to disclose personal information. For example, NHS organisations may ask us for information to establish the professional standing of a registered pharmacy professional.

We do not usually publish or disclose information about investigations currently taking place, unless we consider it to be in the public interest and proportionate in the circumstances. We want to avoid publishing or disclosing information where there is a risk that it might prejudice or adversely impact an investigation by the GPhC or another organisation.

Freedom of information

Sometimes the GPhC may need to disclose information under the laws covering access to information (usually the Freedom of Information Act 2000). We disclose identifiable personal information only where it is lawful, fair and in the public interest to do so.

Responding to consultations

We are required to consult before we set any standards or requirements under the Pharmacy Order 2010. We will also consult where necessary to make sure we exercise our statutory functions effectively and proportionately to meet our overarching objective of protecting the public.

If you respond to a GPhC consultation, we will use the information you give us to help us develop our work. Further information is given in each consultation document. We ask you to give us some background information about you and, if you respond on behalf of an organisation, your organisation. We use this to help us analyse the possible impact of our plans on different groups.

We are committed to promoting equality, valuing diversity and being inclusive in all our work as a health professions regulator, and to making sure we meet our equality duties. There is an equality monitoring form at the end of each consultation survey. You do not have to fill it in, but if you do, it will give us useful information to check that this happens.

How we share your information

We publish a report about all our consultations. We will not list your name in the report, but if you respond on behalf of an organisation, we will name your organisation. If you respond as a private individual, we will not publish your response.

Occasionally, the GPhC may need to disclose information under the laws covering access to information (usually the Freedom of Information Act 2000). We will usually anonymise responses or ask for your consent to disclose information, but please be aware that we cannot guarantee confidentiality.

Feedback panels

Through our panels and forums, people can contribute to our work and help us achieve our vision for safe and effective pharmacy care. Find out more in the links below.

Online public panel

Information we collect

Our online public panel helps us to seek the views of patients and the public on our work.

When a member of the public signs up to the online public panel we collect information including contact details, special category data and equality and diversity information. We use this data to make sure our panel represents a wide range of people and so that we can target activities at specific groups, for example by age.

How we will use your information

We will use your information to contact you about activities available to panel members and to send your shopping voucher codes as a thank you for participating.

We will use the data you provide through the activities you complete to help us understand what members of the public think about pharmacy services and our policies, standards, guidance and processes.

How we will share your information

All data will be anonymised when feedback is analysed. We will share the anonymous results of activities internally, with our Council and by publishing on our website. We will not share your contact data with third parties.

How we will store and process your data

We ask you to provide us with your personal data via our online form which, when collected is stored in a password protected GPhC database.

How long we will keep your information

We will keep your personal details for the whole of the time that you are a member of the panel.

If you choose to withdraw from the panel your personal data will be deleted from all the systems where it is held. To opt out of the online panel at any point, please email us.

Membership of the panel will be reviewed on an annual basis. We may need to recruit more members to replace those who have left or do a systematic review where one third of members are replaced each year. The approach will depend on how much we have used the panel and how engaged members have been.

GPhC Forums

Information we collect

Our forums help us to listen to members views and experiences, to inform our work and build our insights into key issues. If you join one of our forums we collect information including contact details and equality and diversity information. We use this data to make sure our forums represent a wide range of people.

How we will use your information

We will use your information to contact you about forum meetings and to send your shopping voucher codes as a thank you for participating. We will use the information you provide at forum meetings to inform our work and build our insights into key issues.

How we will share your information

We will anonymise your feedback. We will share the anonymous results of meetings internally, with our Council and by occasionally publishing on our website. We will not share your contact details with third parties.

How we will store and process your data

We ask you to provide us with your personal data via our online form which, when collected is stored in a password protected GPhC database.

How long we will keep your information

We will keep your personal details for the whole of the time that you are a member of the forum. Membership of the forum will be reviewed on an annual basis. If you choose to withdraw from the forum your personal data will be deleted from all the systems where it is held. To opt out of the forum at any point, please email us.

Mailing lists

If you attend one of our events, respond to a consultation or contact us, we may ask if you would like to hear more about our work. If you agree to join our mailing list, we will hold your contact details in our database for up to one year, unless you ask us to delete this information earlier.

If you want us to stop contacting you, please email us.

If you are a registered pharmacy professional or pharmacy owner, we must send you some correspondence by law and you will not be able to unsubscribe. This correspondence will be about your registration, or if we need to review a concern about your fitness to practise or a concern relating to a registered pharmacy.

Contacting the GPhC

If you contact the GPhC with a question or with feedback or a complaint, we will use the information you give us to try to resolve your issue and respond to you. If you contact us about a personal matter, we may ask you to confirm your identity. If you are contacting us on behalf of another person, we will ask you for their authority to act on their behalf. If you raise a concern about a pharmacy or pharmacy professional, please see the section on concerns.

If you contact us using a form on our website, the form will be stored for up to one month.

We do not make audio recordings of our telephone calls. If you call our contact centre, a supervisor may listen to calls for training and support purposes.

Statistics and research

We use personal data to analyse and review different aspects of our work as a regulator and in the public interest. This includes using data we collect about registered pharmacy professionals, pharmacy owners, applications to register, foundation training, education, fitness to practise and revalidation. If you give us equality and diversity information, we use that data in research and analysis to support our work to meet our public sector equality duties. We publish research on our website, but do not identify individuals in reports, unless they have given specific consent.

From time to time we carry out research projects into specific areas of our work. We sometimes use third parties to help us with this and we share information with them to enable them to carry out surveys or for analysis where necessary. We anonymise data where it is not necessary to share identifiable information. We make sure that any such third parties sign an agreement which includes confidentiality and data protection clauses.

Sometimes we carry out surveys or use focus groups to help with our research. If you take part in these, we will tell you how we plan to use your information.

We sometimes support research projects carried out by independent and academic researchers where the subject of the research contributes to our work or there is a strong public interest in the research. We only share necessary information and where possible we anonymise or pseudonymise data on individuals, who can include pharmacy professionals, foundation trainees and others connected with our work, depending on the subject of the research. See the third-party research policy for further information.

Equality and diversity information

The General Pharmaceutical Council is committed to delivering equality, improving diversity and fostering inclusion in all our work as a healthcare regulator and as an employer, and removing barriers in our practices.

One of the ways we do this is by asking people to provide information about their protected characteristics. We collect this information as part of our registration and fitness to practise processes. However, the information is not used to determine individual fitness to practise outcomes or registration applications.

We also ask for this information as part of our recruitment and employment processes, where it is used to monitor the performance of those processes and to report on the diversity of candidates and staff in accordance with our duty to promote and maintain equality of opportunity or treatment. It is not used to assess applications.

How we will use your information

We ask for this information so we can monitor the performance of our processes, consider the impact of our policies and practices on people who share characteristics, and understand where we need to improve. This information helps us achieve this and meet our obligations under the Equality Act 2010 and related legislation (for example, by making reasonable adjustments for people with disabilities).

We also use the information you give us to analyse and report on the diversity of the pharmacy workforce or trends in pharmacy practice in Great Britain. We may use the information as part of our research or analysis work. We gather this information as part of our registration and fitness to practise processes, However, the information is not used to determine individual fitness to practise outcomes or registration applications.

We also gather information as part of our recruitment and employment processes, where it is used to monitor the performance of those processes and to report on the diversity of candidates and staff. It is not used to assess applications.

How we will handle your information

Giving us this information is voluntary. If you choose to give it to us, we will keep it confidential and hold it securely in line with data protection law. The information may be used by different teams within the organisation. This will only be on an authorised and need-to-know basis. We restrict access to this information on our systems.

We will anonymise any data we publish so you cannot be identified. For example, this may include summary reports about our work as part of our statutory responsibilities, where data is aggregated.

How we will share your information

We will share your information if required by law, where ordered by a Court, or where it is otherwise in the public interest and lawful to do so.
We sometimes share data with external organisations for the purposes of research or statistical analysis. We aggregate, anonymise or pseudonymise information so you cannot be identified by other parties. If we ask another organisation to collect data on our behalf, we will make this clear to you at the time.

Applying to work with the GPhC

Information we collect

If you apply for a job with the GPhC, or to be an associate, partner, Council or committee member we will ask you to give us your contact details and information about your relevant qualifications and experience. We may collect other information to assess your application. For example, we may:

invite you to an interview, by phone or in person, and we will take notes and score your responses to questions
ask you to take a test or carry out another assessment activity, which we will score
for some roles, ask you about any criminal convictions, cautions or other disciplinary action taken against you

We will also ask you:

whether you have a disability for which we need to make reasonable adjustments during the recruitment process, but providing this information is optional
for equality and diversity information, but providing this information is optional

If we offer you a role with us, we will ask for:

proof of identity and about your entitlement to work in the UK (this is required by law)
details of referees
your bank details, so we can pay you
emergency contact details, including those of a family member or friend, which we will only use if necessary
outcome of a background check, such as DBS

How we will use your information

We will use your information to process your application, assess it and consider entering into a contract with you. We do not use automated decision-making to assess applications.

If as part of your application you provide details related to equality and diversity, we will use the information you give to assess whether we are attracting a diverse range of candidates in line with our duties under the Equalities Act 2010. We will not use that information to assess your application.

If we offer you a role with us, we will contact your referees to ask for a reference. We will carry out background checks appropriate to the role we offer you, which we will tell you about. If we confirm our offer, we will use your information to set up your contract of employment or service agreement. We will keep your application as part of your personal file when you join the GPhC. We have a separate privacy policy for employee information.

How we will share your information

Employees who administer the recruitment process will have access to your application.

If you apply for a job with the GPhC, via our online recruitment portal, your application:

will be shared with members of the assessing panel. This usually consists of GPhC employees, but for some senior employee roles, may include Council members or members from third party organisations
will be anonymised during the early stages of the selection process. It will be shared with members of the assessing panel, but they will not be told your identity unless you are selected for interview.

If you apply for an associate, partner, committee or Council member position, your application will be:

shared with members of the assessing panel
anonymised during the early stages of the selection processThe panel will not be told your identity unless you are selected for interview.

For Council member roles, the assessing panel will usually consist of GPhC staff, Council members and members of third-party organisations and/or an independent assessor.

For Statutory Committee member roles, the assessing panel will be made up of Assurance and Appointments Committee members. For roles on the Board of Assessors the panel will consist of GPhC staff and Council members. For other associate and partner roles, the panel will consist of GPhC staff.

If you apply to become an associate or partner, we ask you to complete an online form. Your data will be held securely on UK servers and will not be used for any other purposes.

We outsource the recruitment of Council members to a third party under contract who comply with similar undertakings of privacy and confidentiality as the GPhC in accordance with data protection legislation.

How long we will keep your information

If your application is unsuccessful, we will keep your information for one year from the end of the recruitment process and then delete it.

If you go on to work with us, we will usually keep your information for six years from the end of your contract of employment or term of office.

Security

Find out more in the sections below about how we manage security

Closed Circuit Television (CCTV)

Closed Circuit Television (CCTV) is in operation at our offices. Our offices are based in a building which is shared with other organisations, and there is additional CCTV which is controlled by UBS Group AG.

We record images of people entering and leaving our offices, as well as in other strategic locations. This is to protect our staff and our property, as well as for the security of those who visit us. The images may be shared with law enforcement and the courts if required.

We consider that we have a legitimate interest in using CCTV images to keep our premises safe and secure. We retain CCTV for a period of 1 month before it is deleted.

For more information about how we use CCTV, you can ask to see the CCTV policy.

Information security

Information security is important to us, and we know it matters to you too.

Our information technology security is certified to Cyber Essentials Plus. We regularly review our security policies and processes, which are aligned to ISO 27000 standards. Data is encrypted and stored in secure environments in the UK and European Economic Area. We regularly update our systems and install security updates. We have firewalls, anti-virus software and other measures in place to prevent and detect intrusion and we carry out regular penetration testing of our systems. We have disaster recovery and back up measures in place. We limit access to personal data to people who need to know because of their role.

We use external suppliers to provide IT support and other business services. Where they process personal data for us, we will have contracts with data protection provisions in place.

We use secure email or password protect files to send any sensitive personal information. Where we need to send sensitive information in letters, we use postal services with a track and trace facility

Data processors

We sometimes use third party suppliers to provide services on our behalf. In certain circumstances, we may need to share personal data with them, to enable them to fulfil their contractual obligations to us. This means that they are Data Processors, who are acting on our instructions.

Before engaging with any third party suppliers, we will assess whether they have appropriate policies, procedures and technical measures in place to protect your data, and once we have assurance, will enter into a contract with them which sets out their legal obligations in relation to the handling your personal data.

Visitors to our office

We lease our office space from UBS Group AG and if you visit us you will need to go through their security procedures.

UBS Group AG and the GPhC will record your name, organisation and date and time of visit. We ask you to tell us if you need help in case the building needs to be evacuated. If you do, UBS Group AG and the GPhC hold a record of your needs for the time necessary to support you.

Your rights

The sections below explain how to ask us about any of your rights under data protection law. You can find out more about your rights from the ICO website.

Asking to see your personal data

You have the right of access to personal information that we hold about you, free of charge in most cases. Please send your request in writing, where possible, describing the information you want. We may ask you to supply proof of your identity. Under the law we have to respond within one month. We may extend this by two months if your request is complex and we will tell you if this is the case.

Correcting your personal data

Asking us to stop using your data

You have the right to:

Object to data processing and ask us to stop using your personal information
Ask us to erase your personal data
Ask us to restrict the processing of your personal data

If you want to ask about any of these rights, please contact us. We will respond to requests within one month. We may not be able to agree to all requests, but if we do not, we will explain why. For example, we have to use certain types of information to carry out our functions under Pharmacy Order 2010, the rules made under the Order, and under other legislation.

Automated decisions and profiling

We do not use automated decision making in any of our applications processes. You must, however, submit all the documents we need before we can assess your application. Please read the application forms carefully.

We sometimes use personal profiles in our research, in particular to help us assess the impact of our work on different groups of people. We do not use profiling to make decisions about individuals.

Data portability

More information and contact details

You may contact us if you have any questions or concerns about your data:

Data Protection Officer

General Pharmaceutical Council

1 Cabot Square

London

E14 4QJ

Email: dpo@pharmacyregulation.org

Phone: 020 3713 8000

You can find out more about your rights under data protection legislation from the Information Commissioner’s Office (ICO). You also have the right to report a concern to the ICO if you are unhappy with the way we process your data or deal with your requests under data protection legislation.

About the GPhC

How we will use your personal data

Pharmacists and pharmacy technicians

Superintendent pharmacists

Pharmacy owners

Foundation trainees, OSPAP applicants, students of MPharm sandwich or 5 year integrated courses

Students of MPharm, OSPAP, pharmacy technician and independent prescribing courses

Providers of approved courses of education and training

Foundation training tutors

Payment information

Concerns

Information we collect

How we will use your information

If you attend a virtual meeting or virtual hearing

How we will share your information

How long we will keep your information

Sharing personal information

Responding to consultations

How we share your information

Feedback panels

Online public panel

GPhC Forums

Mailing lists

Contacting the GPhC

Statistics and research

Equality and diversity information

How we will use your information

How we will handle your information

How we will share your information

Applying to work with the GPhC

Information we collect

How we will use your information

How we will share your information

How long we will keep your information

Security

Closed Circuit Television (CCTV)

Information security

Data processors

Visitors to our office

Your rights

Asking to see your personal data

Correcting your personal data

Asking us to stop using your data

Automated decisions and profiling

Data portability

More information and contact details

Related content