Privacy Policy

Privacy Policy:

Primary Care Careers is part of the GP Retention Programme which is a Buckinghamshire, Oxfordshire and Berkshire West (BOB ICS) wide programme funded by NHS England & NHS Improvement.

The BOB ICS take the privacy of all users (including website users) very seriously and are committed to protecting the privacy and security of your personal information.

This privacy policy notice describes how we collect, store, process, protect and share personal data about you whilst browsing or using this website in accordance with Data Protection Legislation, including the Data Protection Act 2018 and the General Data Protection Regulations (GDPR) as applicable.

The lead organisation is Oxfordshire Training Hub (OTH).  Training Hubs are funded by Health Education England (HEE). The Oxfordshire Training Hub (OTH) is hosted by Oxford Health NHS Foundation Trust who is registered with the Information Commissioner’s Office (ICO) as a Data Controller. Oxford Health NHS Foundation Trust are responsible for deciding how your personal information is processed and stored. If you have any queries or wish to make a request in relation to your information, please contact:

Oxford Health NHS Foundation Trust | Trust Headquarters | Littlemore Mental Health Centre | Sandford Road | Oxford | OX4 4XN Office Address: Northway Community Centre (2nd Floor) | Dora Carr Close | Oxford | OX3 9RFOr email:

Oxford Health NHS Foundation Trust are required under data protection legislation to notify you of the information contained in this privacy notice. Oxford Health NHS Foundation Trust may be found under the reference Z1411013 on the Information Commissioner’s Office (ICO) website at

Personal and Special Category Data

‘Personal data’ or ‘personal information’ means any data relating to you from which you can be identified. This does not include information where your identity has been removed and cannot be retrieved (anonymised data).

There are ‘special categories’ of more sensitive personal data which may be obtained and will be subject to a higher level of protection. This includes information in relation to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation biometric data.

Data Protection Principles

We will comply with Data Protection Legislation which states that personal and special category data we hold about you must be:

  1. Used lawfully, fairy and in a transparent way;
  2. collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  3. relevant to the purposes we have told you about and limited only to those purposes;
  4. accurate and kept up to date;
  5. kept only as long as necessary for the purposes we have told you about;
  6. kept securely.

Our lawful grounds for processing

Data Protection Legislation requires us to rely on one or more lawful ground to process your personal information. We will only use your personal and special category data when the law allows us to. Most commonly we will process your information in the following circumstances:

‘Explicit Consent’

Consent means offering you real choice and control. In certain situations, we may be required to process and share certain information, for example, with our internal team members and/or to book you onto a training programme, event or meeting by sharing your information with organisations. If this is necessary, we will directly request from you, the personal information required to provide you with our services. This request may be through various communication methods, for example via email communication. Your consent to processing and sharing of information may be withdrawn at any time however upon withdrawal, we may not be able to provide you with our services.

In the event the lawful basis relied upon to process your personal information changes, we will notify you about the change via our privacy notice and any new lawful basis to be used as required.

What data will we process?

Upon being provided personal information by you, we may collect, store and process the following categories:

  • Your name, address, job title and contact details including telephone numbers and personal email addresses, date of birth and gender;
  • IP address, subscription time and date and areas of interest in the event our website is accessed.

We may also collect, store and process the following ‘special categories’ of sensitive personal data:

  • Information about your race or ethnicity, religious beliefs, political opinions and sexual orientation for the purpose of equal opportunities monitoring and as voluntarily provided by you;
  • information about your health, including any medical conditions, disabilities and dietary and access requirements. This is to ensure that your needs are taken into account so that suitable measures can be put in place to ensure the training; event or meeting meet your requirements.

We may collect this data in a variety of ways. For example, data may be collected through email communication, application forms, your passport or other identify documents such as your driving licence, forms completed by you upon request, correspondence with you, through our website, meetings, events and/or other assessments.

In some cases, we may collect personal data about you from third parties where applicable, such as references supplied by employers regarding suitability to undertake training and/or partake in the event and information from record checks where permitted by law. We will notify you if this is required.

Situation in which we will process your personal data

The situations in which we may process your personal data includes but shall not be limited to the following:

  • to run training events and meetings;
  • maintain accurate and up to date records and contact details for participants, past, present and future;
  • absent management records;
  • respond to and defend against any claims, legal or otherwise;
  • equal opportunities monitoring;
  • health and safety requirements;
  • succession planning and workforce management purposes; and
  • photographic/ video imagery of you at events and meetings and other photographs for the purpose of the OTH newsletters, briefings, internal notice board etc.

Who has access to this data?

Your data will be shared internally with the team. This includes but will not be limited to members of the OTH and Oxford Health NHS Foundation Trust team, managers and IT staff if access to the data is necessary for the purpose of the training, meeting and/or event.

Your limited and necessary data may also be passed to external training and event providers where required to fulfil the training and event and health and safety requirements. In the event your data is required by external organisations, your consent will be obtained prior to the sharing of any information and the external party will thereafter be responsible for how they process your information.

We may also share your information with our third party data processors who process information on our behalf. These organisations may instruct their sub-processors to carry out certain functions.

Personal data may be shared with law enforcement or other authorities if required by applicable laws.

We will not transfer your data to countries outside the European Economic Area (EEA) unless a third party provider who provides services to Oxford Health NHS Foundation Trust also has its operations in a country outside the EEA. We will ensure adequate measures are in place to ensure your data remains secure and adheres to UK laws as applicable.

How we protect your data

We take the security of your information seriously. Internal policies and controls are in place to ensure that your information is not lost, accidentally destroyed, misused, disclosed and/or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties on a business need to know basis. They will only process your personal data on our instructions.

Where we engage third parties to process personal data on our behalf, this will be carried out on the basis of written instructions, under a duty of confidentiality and an obligation to implement appropriate technical and organisational measures to ensure the security of your data.

How long we retain your data

Except as otherwise permitted or required by applicable law or regulatory requirements, we will retain your personal information only for as long as we believe it is necessary to fulfil the purposes for which the personal information was collected. This includes for the purpose of meeting any legal, accounting or other reporting requirements or obligations.

The periods for which your information is held after the end of the engagement is as follows:

  • 12 months after the training/event/meeting series completes.

You may request that we delete information that we hold about you. There are instances where applicable law or regulatory requirements allow or require us to refuse to delete this personal information. In the event that we cannot delete your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

What if you do not provide personal data?

If you fail to provide certain information when requested, we will not be able to fulfil training, events and meeting requirements or we could be prevented from complying with our legal/ contractual obligations. Failing to provide certain information may mean that you are unable to exercise your statutory rights and may hinder our ability to administer the rights and obligations arising as a result of the relationship efficiently.

Your individual rights

Under the General Data Protection Regulations (GDPR), you have a number of rights. You can read more about your rights in details here. Rights include:

  • Fair processing of information and transparency over how we use your personal information;
  • Access to/ obtain a copy of your personal information on request in a structured, machine-readable format and have the right to transmit the information to a third party in certain situations;
  • require us to change incorrect or incomplete information;
  • require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
  • withdraw your consent/ object/ erasure of specific processing in certain circumstances.

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) [], the UK supervisory authority for any data protection related issues.

Internet cookies

Cookies help us remember you and show you more things that we think you would like to view. We use cookies to ensure that we give you the best experience on our website. Cookies are small text files which are transferred to your computer or mobile device when you visit a website or app.

First Party cookies

We use cookies to:

  • remember information about you, so you do not have to give it to us again;
  • keep you signed in, even on different devices;
  • help us understand how people are using our services so we can improve them;
  • help us personalise the website to you by remembering your preferences and settings and your progress.

If you continue usage of the website without changing your settings, we will assume that you are happy to receive all cookies on the website. However, if you would like to change your cookie settings, this can be facilitated any time by changing your browser to block cookies.

Third-party cookies

These cookies are set by someone other than the owner of the website you are visiting. Some pages on our website may also contain content from other sites which may set their own cookies. Also if you share a link to our page, the service you share it on may set a cookie on your browser.  You can turn them off, but not through us. We have no control over third-party cookies.

Advertising cookies

Some websites use advertising networks to show you specially targeted adverts when you visit. These networks may also be able to track your browsing access different sites. We do not set advertising cookies and will not track your browsing outside our website.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time and we will provide you with a new privacy policy notice when we make any substantial updates. We will also notify you in other ways from time to time about the processing of your personal information. Please regularly review this policy to be informed of how we are protecting your personal data.

Privacy Notice Policy Base: v.1.0 May 2020. Revised April 2021.