This policy explains the types of personal information we collect, how we use it and how we keep it safe. It also tells you about your rights under data protection law. We review and update this policy from time to time to reflect changes to our processes.
Use the links below to navigate to the different sections in this policy. This policy was last revised in March 2024. You must check back regularly to see how we process your personal data as changes to this policy will not be notified to you.
The General Pharmaceutical Council (GPhC) is the independent regulator for pharmacists, pharmacy technicians and pharmacy premises in Great Britain. Our statutory aims, objectives, powers and responsibilities are set out under the Pharmacy Order 2010, the rules made under the Order, the Medicines Act 1968, the Poisons Act 1972 and other legislation.
If you give us your personal information through one of our websites, or you provide us with information by other means, the GPhC is the data controller for information you share with us. This means that we decide how to use it and are responsible for protecting it in accordance with the UK General Data Protection Regulation and associated applicable data protection laws.
This privacy policy applies to this website, as well as the following websites:
Pharmacy inspections
MyGPhC
MyGPhCpharmacy
The GPhC is registered with the Information Commissioner’s Office (ICO) to process your personal data (registration number Z236733X).
We use personal information to support our work to regulate pharmacists, pharmacy technicians and registered pharmacies in Great Britain. We explain how we use information of different groups of people in the sections below.
Information we collect
If you raise a concern about a pharmacy or the fitness to practise of a pharmacy professional, we ask you to tell us:
- your contact details
- if you raise a concern for someone else, their contact details
- details of the concern
- details of witnesses and other people you may have consulted about your concern
- details of your medication and health, if this is relevant to the concern. We may need to ask for relevant records from your pharmacy or medical practitioner, with your consent.
We may ask you for other information depending on the nature of the case.
If you agree to act as a witness, we ask you to tell us:
- about the alleged incident(s)
- other relevant information to help us assess or investigate concerns.
How we will use your information
Our role is to protect the public by making sure that pharmacy professionals continue to meet our standards. Our objectives are set out in the Pharmacy Order 2010.
We will use information you give us to help us assess what action may be necessary. We may go on to investigate and some cases may progress to a hearing. We may contact you if what you have told us is not clear, or if we need more information. If we investigate the concern, we will ask you for a statement and may ask you to attend a hearing. We will only use your personal information where it is necessary to the investigation or hearing.
If you attend a virtual meeting or virtual hearing
We use video conferencing to run virtual meetings and hearings. Our supplier will process basic personal data (name, surname, email address and password) to enable you to join a virtual meeting or hearing.
We sometimes make recordings of virtual meetings and will ordinarily do so for hearings. If we record a meeting or hearing that you attend, we will tell you that it’s being recorded and the reason why we are recording it. All recordings are stored locally on GPhC servers.
We use third party suppliers to transcribe virtual and in-person hearings, and we share recorded information with them under contract to enable them to perform these services on our behalf.
We process your personal information to enable us to perform our statutory functions as a regulator.
How we will share your information
Our overarching objective under the Pharmacy Order 2010 is to protect public safety. We share information about concerns and our investigations where we consider it to be in the public interest or we are legally required to do so.
When you raise a concern, we will share information about what you have told us with the pharmacy professional or others, such as their employer, to help us investigate the issue. Depending on the nature of your concern, this could be a summary of the issue or specific information, for example, about your medicines. We will share your name and other identifying information if required to help the pharmacy staff identify the incident.
When you fill out the 'report a concern' form you can tell us if you want to remain anonymous or if you have any worries about us sharing information about your concern.
In deciding whether to share information we weigh up and balance the wider public interest in disclosing information against individual rights to privacy. We look at this on a case by case basis. In doing so, we will take your views into account and we will treat any concerns you have seriously.
However, there may be occasions where our duty to protect the public overrides your views. If this is the case, we will always do our best to tell you before we share your information.
There is more information about our approach to disclosure in the concerns form and our publication and disclosure policy.
Publication and disclosure policy
Polisi cyhoeddi a datgelu CFfC
How long we will keep your information
If we investigate a concern about the practice of a pharmacy professional, we will keep the case file while it is necessary for regulatory purposes. The case file will include details of your concern and other relevant information about you that was relevant and necessary to our investigation.
If the case leads to a fitness to practise hearing, the committee will record a determination. If you give evidence at the hearing, the determination is likely to refer to your evidence. We publish determinations of public hearings in line with our publication and disclosure policy. We keep determinations as part of the pharmacy professional’s registration record and then for at least 10 years after they leave the register.
We are required to consult before we set any standards or requirements under the Pharmacy Order 2010. We will also consult where necessary to make sure we exercise our statutory functions effectively and proportionately to meet our overarching objective of protecting the public.
If you respond to a GPhC consultation, we will use the information you give us to help us develop our work. Further information is given in each consultation document. We ask you to give us some background information about you and, if you respond on behalf of an organisation, your organisation. We use this to help us analyse the possible impact of our plans on different groups.
We are committed to promoting equality, valuing diversity and being inclusive in all our work as a health professions regulator, and to making sure we meet our equality duties. There is an equality monitoring form at the end of each consultation survey. You do not have to fill it in, but if you do, it will give us useful information to check that this happens.
How we share your information
We publish a report about all our consultations. We will not list your name in the report, but if you respond on behalf of an organisation, we will name your organisation. If you respond as a private individual, we will not publish your response.
Occasionally, the GPhC may need to disclose information under the laws covering access to information (usually the Freedom of Information Act 2000). We will usually anonymise responses or ask for your consent to disclose information, but please be aware that we cannot guarantee confidentiality.
Through our panels and forums, people can contribute to our work and help us achieve our vision for safe and effective pharmacy care. Find out more in the links below.
If you attend one of our events, respond to a consultation or contact us, we may ask if you would like to hear more about our work. If you agree to join our mailing list, we will hold your contact details in our database for up to one year, unless you ask us to delete this information earlier.
If you want us to stop contacting you, please email us.
If you are a registered pharmacy professional or pharmacy owner, we must send you some correspondence by law and you will not be able to unsubscribe. This correspondence will be about your registration, or if we need to review a concern about your fitness to practise or a concern relating to a registered pharmacy.
If you contact the GPhC with a question or with feedback or a complaint, we will use the information you give us to try to resolve your issue and respond to you. If you contact us about a personal matter, we may ask you to confirm your identity. If you are contacting us on behalf of another person, we will ask you for their authority to act on their behalf. If you raise a concern about a pharmacy or pharmacy professional, please see the section on concerns.
If you contact us using a form on our website, the form will be stored for up to one month.
We do not make audio recordings of our telephone calls. If you call our contact centre, a supervisor may listen to calls for training and support purposes.
We use personal data to analyse and review different aspects of our work as a regulator and in the public interest. This includes using data we collect about registered pharmacy professionals, pharmacy owners, applications to register, foundation training, education, fitness to practise and revalidation. If you give us equality and diversity information, we use that data in research and analysis to support our work to meet our public sector equality duties. We publish research on our website, but do not identify individuals in reports, unless they have given specific consent.
From time to time we carry out research projects into specific areas of our work. We sometimes use third parties to help us with this and we share information with them to enable them to carry out surveys or for analysis where necessary. We anonymise data where it is not necessary to share identifiable information. We make sure that any such third parties sign an agreement which includes confidentiality and data protection clauses.
Sometimes we carry out surveys or use focus groups to help with our research. If you take part in these, we will tell you how we plan to use your information.
We sometimes support research projects carried out by independent and academic researchers where the subject of the research contributes to our work or there is a strong public interest in the research. We only share necessary information and where possible we anonymise or pseudonymise data on individuals, who can include pharmacy professionals, foundation trainees and others connected with our work, depending on the subject of the research. See the third-party research policy for further information.
The General Pharmaceutical Council is committed to delivering equality, improving diversity and fostering inclusion in all our work as a healthcare regulator and as an employer, and removing barriers in our practices.
One of the ways we do this is by asking people to provide information about their protected characteristics. We collect this information as part of our registration and fitness to practise processes. However, the information is not used to determine individual fitness to practise outcomes or registration applications.
We also ask for this information as part of our recruitment and employment processes, where it is used to monitor the performance of those processes and to report on the diversity of candidates and staff in accordance with our duty to promote and maintain equality of opportunity or treatment. It is not used to assess applications.
How we will use your information
We ask for this information so we can monitor the performance of our processes, consider the impact of our policies and practices on people who share characteristics, and understand where we need to improve. This information helps us achieve this and meet our obligations under the Equality Act 2010 and related legislation (for example, by making reasonable adjustments for people with disabilities).
We also use the information you give us to analyse and report on the diversity of the pharmacy workforce or trends in pharmacy practice in Great Britain. We may use the information as part of our research or analysis work. We gather this information as part of our registration and fitness to practise processes, However, the information is not used to determine individual fitness to practise outcomes or registration applications.
We also gather information as part of our recruitment and employment processes, where it is used to monitor the performance of those processes and to report on the diversity of candidates and staff. It is not used to assess applications.
How we will handle your information
Giving us this information is voluntary. If you choose to give it to us, we will keep it confidential and hold it securely in line with data protection law. The information may be used by different teams within the organisation. This will only be on an authorised and need-to-know basis. We restrict access to this information on our systems.
We will anonymise any data we publish so you cannot be identified. For example, this may include summary reports about our work as part of our statutory responsibilities, where data is aggregated.
How we will share your information
We will share your information if required by law, where ordered by a Court, or where it is otherwise in the public interest and lawful to do so.
We sometimes share data with external organisations for the purposes of research or statistical analysis. We aggregate, anonymise or pseudonymise information so you cannot be identified by other parties. If we ask another organisation to collect data on our behalf, we will make this clear to you at the time.
Information we collect
If you apply for a job with the GPhC, or to be an associate, partner, Council or committee member we will ask you to give us your contact details and information about your relevant qualifications and experience. We may collect other information to assess your application. For example, we may:
- invite you to an interview, by phone or in person, and we will take notes and score your responses to questions
- ask you to take a test or carry out another assessment activity, which we will score
- for some roles, ask you about any criminal convictions, cautions or other disciplinary action taken against you
We will also ask you:
- whether you have a disability for which we need to make reasonable adjustments during the recruitment process, but providing this information is optional
- for equality and diversity information, but providing this information is optional
If we offer you a role with us, we will ask for:
- proof of identity and about your entitlement to work in the UK (this is required by law)
- details of referees
- your bank details, so we can pay you
- emergency contact details, including those of a family member or friend, which we will only use if necessary
- outcome of a background check, such as DBS
How we will use your information
We will use your information to process your application, assess it and consider entering into a contract with you. We do not use automated decision-making to assess applications.
If as part of your application you provide details related to equality and diversity, we will use the information you give to assess whether we are attracting a diverse range of candidates in line with our duties under the Equalities Act 2010. We will not use that information to assess your application.
If we offer you a role with us, we will contact your referees to ask for a reference. We will carry out background checks appropriate to the role we offer you, which we will tell you about. If we confirm our offer, we will use your information to set up your contract of employment or service agreement. We will keep your application as part of your personal file when you join the GPhC. We have a separate privacy policy for employee information.
How we will share your information
Employees who administer the recruitment process will have access to your application.
If you apply for a job with the GPhC, via our online recruitment portal, your application:
- will be shared with members of the assessing panel. This usually consists of GPhC employees, but for some senior employee roles, may include Council members or members from third party organisations
- will be anonymised during the early stages of the selection process. It will be shared with members of the assessing panel, but they will not be told your identity unless you are selected for interview.
If you apply for an associate, partner, committee or Council member position, your application will be:
- shared with members of the assessing panel
- anonymised during the early stages of the selection processThe panel will not be told your identity unless you are selected for interview.
For Council member roles, the assessing panel will usually consist of GPhC staff, Council members and members of third-party organisations and/or an independent assessor.
For Statutory Committee member roles, the assessing panel will be made up of Assurance and Appointments Committee members. For roles on the Board of Assessors the panel will consist of GPhC staff and Council members. For other associate and partner roles, the panel will consist of GPhC staff.
If you apply to become an associate or partner, we ask you to complete an online form. Your data will be held securely on UK servers and will not be used for any other purposes.
We outsource the recruitment of Council members to a third party under contract who comply with similar undertakings of privacy and confidentiality as the GPhC in accordance with data protection legislation.
How long we will keep your information
If your application is unsuccessful, we will keep your information for one year from the end of the recruitment process and then delete it.
If you go on to work with us, we will usually keep your information for six years from the end of your contract of employment or term of office.
Find out more in the sections below about how we manage security
The sections below explain how to ask us about any of your rights under data protection law. You can find out more about your rights from the ICO website.