Faculty of Physician Associates privacy notice and statement

Advice on how the FPA at the Royal College of Physicians (RCP) collects, uses and shares your information.

In this document, ‘we’, ‘us’ and ‘our’ refer to the FPA. We won’t disclose your information to anyone, other than as set out in this privacy statement and any applicable terms and conditions.

Necessary processing

The FPA will use the data collected on the membership application and registration for the FPA to:

  • process and manage your application
  • verify your PA qualification and PA national exam (PANE) results
  • provide member benefits and services
  • manage your membership
  • display eligible applicants on the PAMVR including any conduct disciplinary outcomes, which will be kept current and up to date.

It is necessary to use your email and postal address to send you a welcome email and welcome pack, including the annual renewal confirmation.

As part the registration process to become a member of the FPA and enrol on the PA Managed Voluntary Register (PAMVR), the data will be used to ensure that you receive and can access the member benefits.

It will be essential for the FPA to share your data with:

  • other RCP internal departments
  • trusted partner organisations (if applicable) to process your membership card, welcome pack, renewal/reminder notices and other member benefits (eg delivery of the magazine)
  • the General Medical Council (GMC), once regulation begins
  • other law enforcement organisations for any criminal investigations
  • other education institutions in the UK and internationally.

Your data will be retained within RCP/FPA systems in order to maintain a record of your membership and for continued cross-RCP departmental purposes, eg CPD, member benefit services.

For PAs who request deletion of their record, cancel their membership, are suspended or are no longer practising as a PA, the FPA will only keep core information relating to your PANE qualification and any conduct outcomes which will remain public on the PAMVR until the GMC becomes the regulator.

Optional processing

In addition to the above, the FPA would like to keep you informed about similar activities and services. You can keep up to date on news and events relevant to you by logging on to your MyRCP account and then accessing your self-service email preference centre (‘Update your email subscriptions’).

If you do not wish to be contacted about any of our optional communications, including the president’s bulletin, please log on to your MyRCP account, access your email preference centre, and then click ‘Unsubscribe’.

What do we do with your data?

We maintain information about you in order to provide you with member benefits and information on FPA activities, which involves sharing information across RCP departments:

  1. We will process your application, verify your qualifications and PA national exam results, manage your membership and provide member benefits under legitimate interest and, if you agree, contact you about other membership products and services that may be of interest to you. By processing your data under legitimate interest, we will use your data in a way that might reasonably be expected as part of running our organisation and which does not materially impact your rights, freedom or interests.
  2. We will carry out demographic profiling for analysis to provide improved communication, member benefits, and products and services.
  3. Physician associate members – we will publicly display your name and MVR number on our managed voluntary register (MVR) on the website.
  4. If requested, we will use your data to verify your membership, with your prior permission.
  5. We will use your data for relevant marketing purposes, eg the membership survey. You will be able to opt out of receiving specific marketing communications at any time using our self-managed email preference centre, located within your online MyRCP account.

The data we hold includes:

  • your contact details, in order to send our magazine, papers, renewals, reminders and voting papers as part of your member benefits or other relevant communications
  • your personal details for identification and/or profiling, eg date of birth, gender, email
  • your career details, including career stage, current appointment, MVR number and regulatory body number (eg GMC number), employer details
  • your qualification details
  • your payment details, to enable us to activate and maintain your membership, eg direct debit bank details
  • optional personal details, eg ethnicity

Why do we need to collect and use your data?

To enable you to become part of a membership community in the UK and internationally, and to support and represent you throughout your physician associate career.

Who will the information about you be shared with?

We will share your information with trusted third parties, to act on our behalf, in providing your products and services. The products and services include (if applicable):

  • delivery of your welcome pack and membership card by ‘Intercard Ltd’
  • delivery of renewals and reminders by the mailing house ‘Lavenhams Ltd’
  • production and delivery of voting papers by ‘The Electoral Reform Society’.

We will share your information with internal departments and trusted third parties to enable them to act on our behalf in providing relevant marketing opportunities. We will only release your information in accordance with your mailing preferences. You will be able to opt out of receiving this communication at any time using our email preference centre within your online MyRCP account.

These communications include:

  • information on RCP activities
  • the president’s bulletin
  • discounts on products and services offered by the RCP and its partners.

FPA MVR and professional conduct data

Registered members of the FPA will have their PAMVR number and their name displayed on the FPA website.

Any member under investigation by the FPA Professional Standards Committee will have their data regarding their personal information and case details shared with specific appointed conduct panel members, who will be qualified PA Committee members, RCP censors, FPA dean and the chair of the professional standards.

Outcomes of the investigation can and will be shared with the member’s employer to inform them of any decision the panel has agreed impacting on their fitness to practise.

Personal data will be shared with recognised regulatory bodies where there are legal and legitimate reasons relating to conduct and law enforcement agencies in the event of a criminal investigation.

GMC regulator data

Once regulation begins, members’ data will be shared with the GMC to allow PAs on the PAMVR to apply for GMC registration via a simplified application process.

In readiness for this, the FPA will verify and update member data to ensure data held is accurate and meets the GMC’s requirements.

How will we protect your data outside the territories covered by the GDPR?

All data managed by the FPA is held and used within the UK. There will be instances where the FPA will need to verify PA qualifications from territories not covered by the EU or UK GDPR. The FPA will share data only with the specific higher education institutions where the individual qualified for the verification process.

How long will we keep your personal data?

Whenever we collect or process your personal data, we will only keep it for as long as is necessary. At the end of our retention period, your data will be either deleted, destroyed, deactivated or anonymised.

  1. We will keep data relating to your basic core information (including name, date of birth, UK region, country, member type, qualifications, joining and leaving dates) permanently as a historical record when your membership expires.
  2. Personal and contact information will be held on our database for other cross-departmental purposes, such as sitting examinations, attending events or recording CPD.
  3. Direct debit bank details held on our database will be deleted once your direct debit is cancelled.
  4. Membership information held on our database will be deactivated once your membership has expired.
  5. We will keep your hard copy and online application forms upon joining, along with any CVs, until April of the following year, for auditing purposes. Your application form will then be destroyed or deleted.
  6. We will keep your hard copy direct debit mandate for 7 years, to enable us to comply with any legal or regulatory requirements and will then be destroyed.

What are your rights?

  • Access to your data (GDPR Article 15) – You have the right to access all information which identifies you as a living person, held on RCP systems by making a ‘subject access request’.
  • Standard format (GDPR Article 20) – You have the right to a copy of your data in a standard format, where technically possible.
  • Rectify errors (GDPR Article 16) – You have the right to rectify factual errors in current RCP systems and processes when incorrect, out of date, or incomplete.
  • Data deletion, restriction or stopping its use (GDPR Articles 17 and 21) – As a member, we will need to keep your data in order to provide your membership. As an ex-member, we will need to keep your basic core information (eg name, location, membership type, join and leave dates) for our historical records.

The above rights are general rights, which will apply across all work areas in the RCP. If you wish to exercise the above rights, please contact our data protection officer by emailing [email protected].

You have the right to stop us using your data for any marketing communications by using your online MyRCP account or by clicking the ‘unsubscribe’ link in any email communication that we send you or, alternatively, by contacting us by email/telephone or in writing.

Who do you contact at the RCP and how do you complain about the use of your data?

If you are not satisfied with how your data is handled by us, you have the right to complain by email to [email protected], or alternatively to the UK regulator the Information Commissioner’s Office (ICO). Please see the ICO website for further information on the General Data Protection Regulation (GDPR) and your rights.

If the use of your data changes, we will place an updated version on this page. Regularly reviewing this information ensures you are always aware of what data we collect, how we use it and under what circumstances, we will share it with other parties.

This statement was updated August 2023.

Read more about the RCP's privacy policy.