KMMS Privacy Notice for Examiners

KMMS stands for Kent and Medway Medical School – we are a collaboration between Canterbury Christ Church University and the University of Kent.

The University of Kent and Canterbury Christ Church University are registered as joint ‘Data Controllers’ under registration number Z6847902.

Your personal data is obtained:

• directly from you, through online or paper forms, email or by telephone

Categories of information we collect

Personal data we collect about you in connection with Objective Structured Clinical Examinations or other student assessments:

• your name
• Place of work
• Clinical Speciality and job title
• Your professional registration status and registration number
• telephone number
• email address

Special category data we will collect about you in connection with taking part in KMMS student assessments:

• racial or ethnic origin
• gender and pronouns
• information about whether you require any reasonable adjustments or have any accessibility needs

We will use your information in the following ways:

• To allocate you as an examiner to one or several OSCEs
• To ensure that we are able to meet any accessibility requirements during the OSCE
• To ensure that there is broad representation and diversity within the group of examiners on any given day.
• To report general trends and aggregate statistics within our governance structure and to other stakeholders (such as the General Medical Council) as required

Our lawful basis for processing your data

We rely on the following lawful basis as allowed by the UK GDPR for processing your personal data as this is necessary for: the performance of a task carried out in the public interest or in the exercise of official authority –Article 6(1)(e)

• you have given your consent for one or more specific purposes- Article 6(1)(a)

As we also use your special category data, we must identify a further basis for processing that data. The processing is necessary for: 

• you to participate as an examiner at KMMS, for which you have given your explicit consent –Article 9(2)(a)

We use third party organisations (known as data processors) who carry out services on the University’s behalf under contract. We will ensure that only the minimum amount of relevant personal data necessary for the purpose is transferred. We will ensure that contractual agreements exist to ensure compliance with data protection regulations and that data is used solely under our instruction. In these circumstances personal data shall be deleted after the contract has terminated.

We share your personal data with following:

• Microsoft – Information is collected using MS forms, processed using MS Excel and retained in a secure MS Sharepoint
• RISR – Examiner information (name) is entered into the Risr assessment software.

Sometimes it is necessary for your personal information to be shared:

• with competent authorities (such as the police, NCA) or action fraud for law enforcement purposes (for on substantial public interest reasons – Article 9(2)(g) – for preventing or detecting unlawful acts, safeguarding or fraud purposes.
• with our professional advisors where it is necessary for the establishment, exercise or defence of legal claims – Article 9(2)(f).

Occasionally the University may, if appropriate, legitimate and necessary, rely on relevant exemptions to UK GDPR provisions as are allowed under the Data Protection Act 2018 (in relation to crime and taxation, management forecasts, negotiations, confidential references and exam scripts and exam marks).

We will retain your personal data for 6 years after you last participated in OSCEs/Assessments.

We will ensure that security measures are in place to prevent the accidental loss, unauthorised use or access to your data. Access is given to staff on a ‘need to know’ basis. Our staff are required to keep your data safe and complete data protection training.

We have procedures in place to deal with any data security incidents and will notify you and the ICO in the event of a data breach where we are required to do so.

KMMS is a partnership between two data controllers – Canterbury Christ Church University and the University of Kent.

Contact details of both controllers and DPOs:

Canterbury Christ Church University
Robert Melville
North Holmes Road
Canterbury
CT1 1QU

E-mail: dp.officer@canterbury.ac.uk
Telephone: 01227 767700

University of Kent
Laura Pullin
Registry
University of Kent
Canterbury
Kent CT2 7NZ

Email: datapro@kent.ac.uk

The University of Kent will act as the main point of contact for all queries or requests. For more information please visit the University of Kent Information Compliance Office.

Please be aware of the following rights which can be accessed free of charge by contacting dataprotection@kent.ac.uk:

• know how we are using your personal information and why (right to information)
• access the personal data held by us (subject access request)
• ask for correction of any mistakes (rectification)
• to object to direct marketing
• to complain to the ICO

In some circumstances you also have the right to:

• object to how we are using your information
• ask us to delete information about you (the right to be forgotten)
• have your information transferred electronically
• object to automated decisions which significantly affect you
• restrict us from using your information.

For further guidance regarding your rights please see the ICO website.

Your rights- if you have given consent or explicit consent for a specific use of your personal data

You can withdraw your consent at any time.

You can do this by contacting us at osce@kmms.ac.uk.

This does not affect the lawfulness of the processing based on consent before its withdrawal.

Your right to complain to the Information Commissioner

You have the right to lodge a complaint with the Information Commissioner’s Office.

Their helpline telephone number is: 0303 123 1113.