This privacy notice is intended to provide transparency regarding what personal data, via MARS, Health Education & Improvement Wales (HEIW) will collect about you, how it will be processed and stored, how long it will be retained and who will have access to your data.
HEIW is a data controller in respect of the personal data held on MARS.
Personal data is information from which an individual can be identified either directly or indirectly when the information is read in conjunction with other data that a data controller holds.
From 25 May 2018 the Data Protection Act 1998 will be replaced by the General Data Protection Regulation and this will be the principal piece of UK legislation concerning personal data. HEIW will be subject to the General Data Protection Regulation (GDPR).
MARS Users should be aware that this privacy notice applies to all the processing of your personal data by HEIW in relation to your appraisal and revalidation.
Why your personal data is collected
Your personal data is collected and held to facilitate the appraisal process and to support individual doctors and Responsible Officers through revalidation. Appraisal is a contractual requirement and a requirement of the GMC’s Revalidation process. Every licensed doctor who practises medicine in the UK must revalidate to show they are up to date and fit to practise.
MARS became the single appraisal management system for all doctors with a prescribed connection in Wales from April 2014 (Wales Revalidation Delivery Board, Welsh Government). The purposes are outlined below:
1. To comply with legal and regulatory responsibilities.
2. To quality assure appraisal and revalidation processes in Wales and ensure that standards are maintained via local and national methods, such as sampling of anonymised appraisal summaries
3. To contact you regarding your appraisal, such as automated emails from MARS to support management of the process
4. To contact you about development opportunities, events, surveys and information that may be of interest to you. If you would prefer not to receive these emails, you can update your settings on MARS or by emailing Heiw.email@example.com
How your personal data is collected
Personal data is collected from the point of registration on MARS.
How your personal data is kept secure
Access to your personal data is restricted to the authorised team within HEIW that support and manage the MARS system. Access is also granted on a limited basis to users with specific authorised roles such as Appraisers and Designated Body staff (including Responsible Officers) but only where necessary for a specified and legitimate purpose.
Your personal data on MARS will be retained in accordance with the MARS Data Management Policy and GMC retention policy.
How and why your personal data may be shared
HEIW and Designated Body staff members have access to data entered into MARS as appropriate to enable effective management of the appraisal process. As detailed above, this includes a range of Quality Assurance activities which are carried out to assess whether the appraisal process is meeting specified standards and remains fit for purpose.
In the unlikely event that your appraiser identifies a concern during the appraisal process about your performance or fitness to practice, they would have a duty to report this in line with GMC guidance.
Additionally aggregated reports are produced detailing the learning needs and constraints identified by doctors. No individuals will be identified in these reports. In Wales, relevant staff within Designated Bodies and Welsh Government receive annual reports containing aggregated data for the purposes of planning educational provision.
HEIW will not transfer your data to a third party unless it is satisfied of the following matters:
1. That there is a fair and lawful basis to share your personal data with the third party.
2. The data will be handled by the third party in accordance with the law on data protection.
Where the data is used for analysis and publication by a recipient or third party, any publication will be on an anonymous and aggregated basis, and will not make it possible to identify any individual. This will mean that the data ceases to become personal data.
Third parties may include the following non-exhaustive list: the UK health departments, Colleges/Faculties, other deaneries, the GMC, NHS Trusts/Health Boards/Health and Social Care Trusts and approved academic researchers.
Your rights and responsibilities
It is important that you work with us to ensure that the information we hold about you is accurate and up to date. Please ensure that your personal and professional details are updated regularly (as required under the declarations section).
All communications from HEIW will normally be by email. It is therefore essential for you to maintain an effective and secure email address or you may not receive important notifications regarding your appraisal or other important news and information about your user role.
If at any point you wish to gain a copy of your personal data that is held by HEIW you may submit a subject access request in writing. You can download your appraisal information from MARS in PDF format.
The lawful basis for processing are set out in Article 6 of the GDPR. In this case, due to the legal obligation of undertaking your appraisal via MARS, the processing is necessary for you to comply with the law. As a result, you do not have the right to erasure.
If you have any concerns in relation to how your personal data is processed, please contact the MARS Service Desk.
Should you wish to learn further information about data protection, please visit the Information Commissioner's Office (ICO) website. The ICO deals with complaints about how data controllers have dealt with information matters and provides useful guidance.