Privacy Policy

GIG Cymru: Addysg a Gwella Iechyd Cymru (AaGIC); NHS Wales: Health Education and Improvement Wales (HEIW)


Health Education and Improvement Wales (HEIW) Privacy Notice
Medical Appraisal Revalidation System (MARS)


NHS Wales is made up of several health organisations that include Health Education and Improvement Wales (HEIW) who have a leading role in the education, training, development, and shaping of the healthcare workforce in Wales, in order to ensure high-quality care for the people of Wales.

HEIW key functions include:

  • Working closely with partners and key stakeholders, and planning ahead to ensure the health and care workforce meets the needs of the NHS and people of Wales, now and in the future;
  • Being a reputable source of information and intelligence on the Welsh health and care workforce;
  • Commissioning, designing, and delivering high quality, value for money education and training, in line with standards;
  • Using education, training, and development to encourage and facilitate career progression;
  • Supporting education, training, and service regulation by playing a key role in representing Wales, and working closely with regulators;
  • Developing the healthcare leaders of today and the future;
  • Providing opportunities for the health and care workforce to develop new skills;
  • Promoting health and care careers in Wales, and Wales as a place to live;
  • Supporting the professional workforce and organisation development profession with Wales; and
  • Continuously improving what we do and how we do it.

If you have any questions regarding how your information is used you must contact the person shown at the bottom of this notice.

What is the Medical Appraisal Revalidation System (MARS)?

MARS is an appraisal system for all qualified doctors (non-GPs) that have completed postgraduate medical training e.g. post-Certificate of Completion of Training (CCT), and have a prescribed connection in Wales. The system has been designed to enable all doctors to undertake their annual appraisal electronically. All Doctors are required to undertake annual appraisal in order to maintain their License to Practice as stated by the General Medical Council (GMC). The system has been designed to enable doctors to use one system to host their appraisal information, undertake their annual appraisal and meet GMC revalidation requirements.

MARS has been developed by the Revalidation Support Unit (RSU) and HEIW Digital Team.

Your rights

This privacy notice is intended to provide transparency and accountability regarding what personal data, via MARS, Health Education and Improvement Wales (HEIW) will collect about you, how it will be processed and stored, how long it will be retained, who will have access to your data and your rights.

The information we give you about our use of your information will be:

  • Brief, easy to read and easily accessible;
  • Written in clear, plain language; and
  • Free of charge.

What personal data is collected?

Personal data is information from which an individual can be identified either directly or indirectly when the information is read in conjunction with other data that a data controller holds.

The only data items collected are as follows:

  • Email
  • First name
  • Surname
  • Gender
  • Date of birth
  • Address
  • Contact Telephone Number
  • Specialty
  • Status 
  • Relevant qualifications 
  • Role 
  • Employment details 
  • Health Board
  • GMC Number

What laws do we use?

The law determines how we can use information. The laws we follow that allow us to use identifiable information are listed below:

  • General Data Protection Regulation
  • UK Data Protection Bill
  • Human Rights Act
  • Freedom of Information Act
  • Common Law Duty of Confidence - Confidentiality
  • Computer Misuse Act
  • Audit Commission Act
  • Regulation of Investigatory Powers Act

Health Education and Improvement Wales (HEIW) is the organisation that administrates the processes that involves the collection of specific data through the work of many areas including MARS. HEIW is the holder and user of your information for these processes.

Why your personal data is collected

Your personal data is collected and held to facilitate the appraisal process and to support individual doctors and Responsible Officers through revalidation. Appraisal is a contractual requirement and a requirement of the GMC’s Revalidation process. Every licensed doctor who practises medicine in the UK must revalidate to demonstrate they are up to date and fit to practise. 

MARS became the single appraisal management system for all doctors with a prescribed connection in Wales from 2014. The purposes are outlined below:

  1. To comply with legal and regulatory responsibilities.
  2. To quality assure appraisal processes in Wales and ensure that standards are maintained.
  3. To contact you regarding your appraisal, such as automated emails from MARS to support management of the process.
  4. To contact you about development opportunities, events, surveys and information that may be of interest to you. If you would prefer not to receive these emails, you can update your settings on MARS or by emailing

HEIW’s legal basis for the processing of personal data for these purposes is our legitimate business interests, described in more detail above, although we will also rely on contract, legal obligation and consent for specific uses of data where applicable.

We will rely on legal obligation if we are required to hold information on you to fulfil our legal obligations.

We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required. 

How your personal data is collected

Personal data is collected from the point of registration on MARS.

Information we collect from you on the MARS system

We collect your feedback via a survey questionnaire following completion of your appraisal. This is anonymous data that informs your Appraiser on their performance, RSU on the performance of MARS and suggestions for improvements.

How your personal data is kept secure

Access to your personal data is restricted to the authorised team within HEIW that support and manage MARS. Access is also granted on a limited basis to users with specific authorised roles such as Appraisers, Appraisal Leads, and other Health Board staff e.g. Revalidation Managers and Responsible Officers; but only where necessary for a specified and legitimate purpose that has been assessed for fairness and legal processing.

Your personal data on MARS will be retained in accordance with the HEIW Information and Data Governance Policies including Confidentiality guidelines, Records Management and Data Quality.

How and why your personal data may be shared

Staff members employed by HEIW and Health Board staff members with specific authorised roles will have access to data entered into MARS as appropriate.

Your personal data may be shared with HEIW Staff (only those who support and manage  MARS) for legitimate purposes only.

In the unlikely event that your appraiser identifies a concern during the appraisal process about your performance or fitness to practice, they would have a duty to report this in line with GMC guidance.


Aggregated, anonymised reports may be produced within HEIW to provide a comparative analysis. At no point will any individuals be identified in these reports.

HEIW will not transfer your data to a third party unless it for the following:

  1. That there is a fair and lawful basis to share your personal data with the third party (this is accessed for fair and legal purposes at every eventuality). 
  2. The data will be handled by the third party in accordance with their own arrangements on Data Protection legislation and will only be shared if they demonstrate their own compliance with the law.

Where the data is used for analysis and publication by a recipient or third party, any publication will be on an anonymous and aggregated basis, and will not make it possible to identify any individual. This will mean that the data ceases to become personal data.

Third parties may include the following:

  • UK health departments,
  • Colleges/Faculties,
  • Welsh Government,
  • the GMC,
  • NHS Trusts/Health Boards/Health and Social Care Trusts/Designated Bodies
  • approved academic researchers.

Security of your Information

HEIW takes responsibility to look after your personal information very seriously. This is regardless of whether it is electronic or in paper form.

We also employ someone who is responsible for managing information and its confidentiality to ensure:

  • your information is protected; and
  • inform you how it will be used.

All staff are required to undertake training on a regular basis. Comprehensive training is required to help protect the information that has been given, used, processed by HEIW.

The training makes sure that all staff working in HEIW (including the wider NHS), are aware of their responsibilities about the handling of your information regardless of the department that they work in.

Your rights and responsibilities

It is important that you work with us to ensure that the information we hold about you is accurate and up to date.

All communications from MARS will normally be by email. It is therefore essential for you to maintain an effective and secure email address or you may not receive important notifications.

Where identifiable and relevant, HEIW will make sure that you are able to have access to your information. This is so that you know what we hold.

You have the right:

  • To know about details of how your information is used; and
  • Have copies of your information.

Legitimate interest

HEIW and all of its services have a “legitimate interest” in continuing to process personal data where:

  1. there is a real business interest being pursued in continuing to process the personal data;
  2. the processing is absolutely necessary in order for the business to pursue that interest (i.e. the interest cannot be pursued in another way which is proportionate); and
  3. the processing is balanced against the impact such processing will have on the fundamental rights and freedoms of data subjects.

It is important that you understand who is responsible for keeping your data safe. We collect your personal data with your express consent for purposes set out in this Privacy Notice.

The lawful basis for processing are set out in the GDPR Article 6.

For more information about Article 6, please refer to the following link:

If you have any concerns in relation to how your personal data is processed, please contact the MARS team, contact details in the further information section below.

Should you wish to learn further information about legislation relating to confidentiality, please visit the Information Commissioner's Office (ICO) website. The ICO deals with complaints about how data controllers have dealt with information matters and provides useful guidance.

Making a complaint

If you wish to make a complaint about any issues you have experienced regarding your information, then please contact:

Dafydd Bebb

Ysgrifennydd y Bwrdd/Board Secretary

Addysg a Gwella Iechyd Cymru/Health Education and Improvement Wales

Ffôn/Tel: 079 7130 0537


If you are still unsatisfied following your complaint and this remains unresolved, you have the right to make a complaint to the:

Information Commissioner’s Office,
2nd Floor,
Churchill House,
17 Churchill Way,
Cardiff, CF10 2HH



Further information

For more information relating to this privacy notice or questions on the content, please contact:

Addysg a Gwella Iechyd Cymru (AaGIC) / Health Education and Improvement Wales (HEIW)