Privacy Policy Privacy policy

This site is designed for modern web browsers and does not support your version of Internet Explorer.

Please use a different device e.g. smartphone or contact your IT department to upgrade your device to the latest versions of one of the browsers below:

Wales Deanery Privacy Notice

(for Trainees of the Education Contract Exceptions Reporting Tool)

Changes from previous version:

  • 3rd September 2018: Reflected name change from Educational Contract Attendance System (ECAS) to Education Contract Exceptions Reporting Tool (ECERT)

This privacy notice is intended to provide transparency regarding what personal data the Wales Deanery will collect about you, how it will be processed and stored, how long it will be retained and who will have access to your data.

The Wales Deanery is a data controller in respect to the personal data it holds concerning Trainees in Wales.

Personal data is information from which an individual can be identified either directly or indirectly when the information is read in conjunction with other data that a data controller holds.

From 25 May 2018 the Data Protection Act 1998 will be replaced by the General Data Protection Regulation and this will be the principal piece of UK legislation concerning personal data.  The Wales Deanery will be subject to the General Data Protection Regulation.  

Trainees should be aware that this privacy notice applies to all the processing of your personal data by the Wales Deanery in relation to or arising from your role. 

Why your personal data is collected

Your personal data is collected and held as part of your Education Contract agreement with the Wales Deanery. Those purposes include –

  1. To monitor real time whether your training sessions are available and whether you are able to attend them.
  2. To help the Wales Deanery ensure that you are provided with the required training opportunities.

The functions of the Wales Deanery are carried out in the public interest.   The processing of Trainees’ personal data is necessary for the purposes of those functions.

How your personal data is collected

  1. Trainees - Data for trainees is managed via the Intrepid System.

Information we collect for your use of ECERT system:

Personal data is collected when you submit your attendances / absences on the system.

How your personal data is kept secure

Access to your personal data is restricted to the authorised team within the Wales Deanery that manages secondary care training. This information will be anonymised and aggregated before distributing to Faculty Leads and Associate Medical Directors for Education in Health Boards. 

The data is collected, processed and stored securely from unauthorised access, alteration or disclosure. The following security measures are taken:

  • The system implements encrypted communication via SSL certificates
  • The data is accessed by authorised users through secure authentication and authorisation protocol
  • We review our data management strategy to evaluate information collection, storage and processing practices, to guard against unauthorized access to systems
  • With defined access control policies in place, only restricted access is provided to authorised members of staff at Wales Deanery

Your personal data will be retained for six years after you have left a Trainee role, at which point your personal data will be confidentially and securely destroyed.

How and why your personal data may be shared

The Secondary Care Training Section processes your personal data in order to manage your training . This information is kept in a database of Trainees in Wales.

Your personal data may be shared with –

  • The GMC for inclusion of your Trainee status on the LRMP
  • The GMC should there be concerns regarding an individual’s fitness to practise
  • Local Education Providers to support management of training programmes
  • Third parties for reporting or research purposes

The Wales Deanery will only transfer your personal data to third parties using secure channels and where it is needed to manage your Trainee role.

The Wales Deanery will not transfer your data unless it is satisfied of the following matters:

1. That there is a fair and lawful basis to share your personal data with the third party. 

2. The data will be handled by the third party in accordance with the law on data protection.

Where the data is used for analysis and publication by a recipient or third party, any publication will be on an anonymous and aggregated basis, and will not make it possible to identify any individual. This will mean that the data ceases to become personal data.

Third parties may include the following non-exhaustive list: the UK health departments, Colleges/Faculties, other deaneries, the GMC, NHS Trusts/Health Boards/ Trusts and approved academic researchers.

Your rights and responsibilities

It is important that you work with us to ensure that the information we hold about you is accurate and up to date, so please inform the Wales Deanery immediately if any of your personal data needs to be updated or corrected.

All communications from the Wales Deanery will normally be by email. It is therefore essential for you to maintain an effective and secure email address or you may not receive news and information about your Training.   

If at any point you wish to gain a copy of your personal data that is held by the Wales Deanery you may submit a subject access request in writing.

In certain limited circumstances, you have a right to object to processing that is likely to cause you damage or distress, or to any decisions made by automated means that significantly affect you.

You also have a right to have inaccurate personal data rectified, blocked, erased or destroyed.

If you wish to exercise any of these rights or have any concerns in relation to how your personal data is processed, please contact the Wales Deanery (walesdeanerysre@cardiff.ac.uk).

Should you wish to learn further information about data protection, please visit the Information Commissioner's Office (ICO) website. The ICO deals with complaints about how data controllers have dealt with information matters and provides useful guidance.