You are here

Privacy policy

Data protection

The GPhC is registered as a data controller under the Data Protection Act 1998 (DPA). This means we are an organisation that controls how we collect, store, and use personal data. The register of data controllers is held by the Information Commissioner’s Office

Personal data is information about an identifiable living person. The person to whom the personal data refers is called a ‘data subject’.

The DPA sets out eight principles which state that any organisation collecting personal data must ensure that it is:

  • processed fairly and lawfully
  • processed for specific and lawful purposes
  • used in a way that is adequate, relevant and not excessive
  • accurate and, where necessary, kept up to date
  • not kept for longer than is necessary
  • processed in accordance with data subjects’ legal rights
  • kept secure
  • not transferred outside the UK without adequate protection.

Pharmacists, pharmacy technicians and pre-registration trainees

How we will use your personal data

The GPhC is a data controller registered with the Information Commissioner’s Office. The GPhC makes use of personal data to support its work as the regulatory body for pharmacists, pharmacy technicians and retail pharmacy premises in Great Britain. Data may be shared with third parties in pursuance of the GPhC's statutory aims, objectives, powers and responsibilities under the Pharmacy Order 2010, the rules made under the Order and other legislation. Personal data may be processed for purposes including (but not limited to):

  • updating the register
  • administering and maintaining registration
  • processing complaints
  • compiling statistics

Information may be passed to organisations with a legitimate interest including (but not limited to) other regulatory and enforcement authorities, NHS trusts, employers, Department of Health, universities and research institutions. Please note that the GPhC will not share your personal data on a commercial basis with any third party. 

Sharing personal data with other organisations

The GPhC shares information with other organisations in pursuance of its statutory aims, objectives, powers and responsibilities under the Pharmacy Order 2010, the rules made under the Order and other legislation.

Information sharing enables organisations to improve client services, protect the public and respond to statutory requirements. The GPhC will only share information with other organisations to further our statutory role and responsibilities, whilst respecting the confidentiality of our registrants.

We recognise the importance of having clear guidelines to follow and ensuring that this information is shared in a secure and confidential manner and in accordance with the law, including the common law duty of confidence, the Data Protection Act 1998, the Human Rights Act 1998 and other related legislation and guidance.

Copies of the data sharing agreements we have with other organisations for the regular sharing of personal information of registrants are displayed on this page. In these agreements we make sure that:

  • they are only provided with the minimum amount of information they need to carry out the activity or service.
  • they agree not to use the information received from us for any other purposes other than those agreed by us.
  • they have proper systems in place to protect personal data.
  • both parties to the agreement publish a copy of the agreement on their websites. This is to promote openness and transparency and ensure that the profession and the public are aware of what information is shared and the reasons for this.

Information sharing agreement NES 07032012 [PDF 624.75 KB]

Information sharing agreement CPPE 09122011 [PDF 651.43 KB]

Information Sharing Agreement WCPPE 01032012 [PDF 603.75 KB]

Information sharing agreement NWSSP [PDF 318.81 KB]

Requesting personal data about you

If you want to make a request to see personal data that we may hold about you, this is called a subject access request. Please send your request in writing to the information access team, describing the information you want. It would be helpful if you could mark your mail ‘Subject Access Request’.

Please note that we are allowed to charge a fee of up to £10 before providing the information to you. There are also a number of exemptions under the DPA which may mean we are unable to provide some of the information you want. You may also be asked to supply proof of your identity.

Governance Team
General Pharmaceutical Council
129 Lambeth Road
London
SE1 7BT
Tel: 020 3365 3507
Email: foi@pharmacyregulation.org

Further information

You can find out more about the Data Protection Act and its principles from the Information Commissioner's Office.

Privacy

When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device (such as your computer or mobile phone). These include small files known as cookies. They cannot be used to identify you personally.

These pieces of information are used to improve services for you through, for example:

  • enabling a service to recognise your device so you don't have to give the same information several times during one task
  • recognising that you may already have given a username and password so you don't need to do it for every web page requested
  • measuring how many people are using services, so they can be made easier to use and there's enough capacity to ensure they are fast

You can manage these small files yourself and learn more about them through Internet browser cookies - what they are and how to manage them.

Our use of cookies

This is a list of cookies that may be stored on your device when visiting this website:

Google Analytics

Google Analytics will set a cookie to help us accurately estimate the number of visitors to the website and volumes of usage.

Name: _utma
Typical content: randomly generated number
Expires: 2 years

Name: _utmb
Typical content: randomly generated number
Expires: 30 minutes

Name: _utmc
Typical content: randomly generated number
Expires: when user exits browser

Name: _utmz
Typical content: randomly generated number + info on how the site was reached (e.g. directly or via a link, organic search or paid search)
Expires: 6 months

For further details on the cookies set by Google Analytics, please refer to the Google Code website.

ClickTale

We use ClickTale to help us understand how visitors use our website.

Name: WRUID
Typical content: anonymously identify a visitor of the Website for the purpose of enabling the ClickTale software to track such visitor’s actions across the client’s website.
Expires: 1 year

Name: __CT_Data
Typical content: Count the number of pageviews or visits of the anonymous visitor for the purpose of enabling the ClickTale software to track the number of pageviews or visits a visitor made on the client’s website.
Expires: 1 year

For further details on the cookies set by ClickTale, please refer to the ClickTale website.

Survey monkey

We use the Survey Monkey tool for consultations. This will set a cookie to prevent the survey from displaying for users who have already completed it.

Name: s_sess
Typical content: encoded text string of current user survey status
Expires: when you close the browser

Name: s_pers
Typical content: encoded text string of current user survey status
Expires: 3 years

Name: P_nnnnnnnn (where n is a number)
Typical content: number
Expires: 8 months

Other Cookies

Name: gphc_active_menu
Typical content: Record a visitor's most recently visited 'quick link' menu, located at the footer of the website
Expires: 1 Month

Name: has_js
Typical content: Records whether a visitors browser has JavaScript enabled.
Expires: when you close the browser

Name: gphc_css_size
Typical content: Used to remember a visitor's chosen text size
Expires: 1 month