Privacy notice for consultants and other external individual

We are committed to respecting and protecting your privacy whenever we use your personal information.

The following privacy notice sets out what information about you GenesisCare collects, how that information be used and your legal rights.

This Privacy Notice applies to the following groups of individuals:

  • Consultants who have applied for, currently hold or have held practising privileges with GenesisCare UK
  • External Individuals such as Oncologists, Surgeons, GP’s, Medical Secretaries and Community Nurse Specialists who do not hold Practising Privileges with GenesisCare but have expressed an interest in or refer into GenesisCare UK

What information does GenesisCare collect?

We will collect, use and store your personal data for a wide variety of reasons in connection with the professional relationship between us. Set out below are the main categories of personal data which we may collect:

  • Your name and contact details (postal and email addresses and phone numbers)
  •  Right to work documentation
  • Qualifications, experience, CV and scope of practice and suitability
  •  Details relating to your professional registration such as your GMC number and revalidation
  •  Details of any suspensions, disciplinary actions or criminal convictions
  •  Details of your insurer
  •  Appraisal documentation and Personal Development Plan
  •  Bank details
  •  ICO registration
  •  References
  •  Secretary and emergency next of kin
  •  Identification documents
  •  DBS certificate
  •  Certificates of Continued Professional Development
  •  Details of patient feedback, complaints, adverse events and near misses
  •  Information relating to your health that may affect your ability to practice or the health and safety of patients and staff

How do we obtain your information?

GenesisCare works closely with Consultants and External Individuals to support the delivery of our services. First and foremost, we will look to identify potential compatible business opportunities. We do this by collecting information;

  • Directly from you i.e. if you apply for practising privileges or would like to work with GenesisCare
  • Available in the public domain such as Consultant Finders and professional profiles
  • Through recommendations and third party service providers such as Wilmington Healthcare

How does GenesisCare use my information?

We use a third party service provider called Broadley Speaking to identify and progress potential business opportunities. Broadley Speaking may contact you on our behalf to talk about our services. We may also contact you directly.

Where you choose to apply for practising privileges, we will collect and retain information about you relevant to your application and if successful, information needed to manage your ongoing relationship with us. We will carry out checks such as obtaining references, DBS, confirming your previous employment, professional and regulatory registrations and right to work. This will entail collecting information directly from you, your previous employer/s and relevant regulatory and professional bodies.

Once your practising privileges have been granted, your name, role, department or section, work email address and telephone number will appear in the GenesisCare UK internal directory. This information may also appear on externally facing webpages and publications.

We will use your information to help fulfil other contractual obligations such as annual reviews, processing payments and ensuring you are up to date with your statutory and mandatory training.

We keep a log of and record incoming telephone calls to GenesisCare Centres to ensure individuals contacting GenesisCare receive an appropriate response and for quality monitoring, training and compliance purposes.

We may monitor use of GenesisCare IT equipment, systems, network and internet access through user names and log-ins to ensure adherence to the Acceptable Use Policy, statistical purposes or monitoring systems access to ensure access is appropriate and identifying/preventing security breaches.

As a company pursuing healthcare activities, we may sometimes need to process your data to pursue our legitimate business interests. This will be in ways that you would reasonably expect, the nature of which include:

  •  Administrative purposes during clinical trials
  • Using your personal data within our systems and communications so that GenesisCare employees (including employees within other GenesisCare groups), Health Care Professionals, suppliers, patients and any other party we share information with for our business purposes, know who you are and are able to contact you
  • Providing you with appropriate tools, systems and access to support so that you are able to carry out your tasks effectively
  • Support the reporting and investigation of any incidents, near misses, complaints or concerns

If you participate in the eMDT platform we will store your name, telephone number and email address so that we can invite you to provide your expertise, either individually or in collaboration with other consultants, in the treatment of patients.  The eMDT platform can also store your professional opinions on treatment.  The core record of the eMDT will not be erased. Base information will be transferred via secure API into the GC Data Warehouse for business reporting.  In the event of a complaint or claim, this base level of information allows:


  • The outcome of the MDT to be traced (the report will be stored within Mosaiq and held in line with GCUK’s retention schedule)
  • The time/date and members of the MDT involved in the decision-making process (the report will be stored within Mosaiq)
  • A reference to the images and tests used to make a decision (this will remain as part of the base information with the actual documents stored within Mosaiq or other GenesisCare record keeping system).

Data processed in the eMDT function is jointly controlled by GenesisCare and consultants and a legal arrangement is in place between the parties.  Data processed in the audit function is controlled by GenesisCare. Data processed in relation to patient outcomes is controlled jointly by the collaborating consultants.

Other purposes may also include;

  • Providing facilities such as building access and car parking provision;
  • Preventing and detecting crime and managing a safe working environment;
  • Managing engagement activities and events
  • Managing information technology and communications systems, such as the corporate email system and company directories;
  • Conducting ethics and investigations;
  • Management reporting analysis;
  • Complying with applicable legal obligations, including government reporting and specific local law requirements; and
  • Managing mergers, acquisitions and divestitures

Lawful Basis for Processing

Whenever we use your personal data, we will have a lawful bases for processing the data in accordance with data protection law. Our lawful basis for processing generally fall into the following categories:

Data type Lawful bias of processing Examples
Data type

Personal Data 

Lawful bias of processing

The processing is necessary for the purpose of legitimate interests

  • Marketing and engagement training
  • Training, monitoring and reporting
  • Administration, management of user accounts, communication and collaboration
  • Profile your GenesisCare related activity
Data type

Personal Data 

Lawful bias of processing

The processing is necessary for the performance of a contact

  • Determining whether yo should be offered practising privileges
  • Payments
  • Annual reviews
Data type

Personal Data 

Lawful bias of processing

The processing is necessary to comply with the law

  • Response to court orders or regulatory bodies
  • Data subject rights requests
  • Checking your legal entitlements to work in the UK
Data type

Sensitive Data 

Lawful bias of processing

Processing is necessary for the purpose of carrying out the obligation and exercising specific rights of the controller or of the data subject in the file of employment and social security and social protection law

  • Carrying out criminal background checks to meet safeguarding requirements and protect people from harm
Data type


Lawful bias of processing

Processing is necessary for the purpose of the provision of health or social care or treatment or the management of health or social care systems and services

  • Ascertaining your fitness to work

Who will my information be shared with?

Where you hold practising privileges with GenesisCare, you will have access to certain information about you via Workday. This platform provides self-service functionalities so you can complete, correct or remove the personal data you have added to your personal file in Workday. Please note if you remove certain types of information this may have an effect on your relationship with us.

Relevant information will be shared internally within GenesisCare with individuals who directly support the Practising Privileges process e.g. our Chief Medical Officer, Quality Team and the relevant Centre Leader.

We use a third party service provider to support our business development and marketing activities.

Your personal data will be accessed by other relevant GenesisCare UK departments such as finance e.g. payroll, but only to the extent necessary to fulfil their respective tasks. GenesisCare Australia also has access to this personal data to provide functional support to GenesisCare UK.

We may share information about you with our regulators, including the Care Quality Commission and supervisory authorities during the course of enquiries or necessary reporting.

We participate in programmes run by the Private Healthcare Information Network (PHIN) which enabling patients to compare privately-funded healthcare (both hospitals and consultants).

Sometimes, we are required to disclose information about you because we are legally required to do so. This may be because of a court order or because a
regulatory body has statutory powers to access Consultants’ records as part of their duties to investigate complaints, accidents or Consultants’ fitness to practice.

Information about you may also be shared with the police and other third parties where reasonably necessary for the prevention or detection of crime.

On occasion, we may need to share information about you without obtaining your explicit consent. This will only occur if the processing is necessary:

  • to protect your vital interests and you cannot give your consent or your consent cannot reasonably be obtained, for example, in a medical emergency
  • to protect another person’s vital interest and you have unreasonably withheld your consent
  • To comply with data subject rights requests in circumstances where it is reasonable in all the circumstances to disclose your information
  • to meet our statutory obligations or in response to a court order
  • for the purpose of prevention or detection of crime, the apprehension or prosecution of offenders

Where we share information with other third party suppliers working under contract on behalf of GenesisCare to provide specific services on our behalf, for example payment processing, IT support and our telephony system. Where this happens, suppliers are bound by strict contractual provisions and safeguards. These companies have no right to use your information except on our behalf for the specified purposes or when required to do so by law.

Sharing your information outside the European Economic Area (EEA)

GenesisCare is part of a global organisation. We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the UK.

Information may be transferred, processed and stored outside the country where your information is collected. Any transfer of your personal information will be compliant with applicable data protection law.

How we will secure your personal data

  • Establishing a network of individuals across the organisation who are accountable and responsible for information risk management
  • Existence of various organisational measures including policies and procedures, providing regular training in handling personal data lawfully and conducting regular compliance checks
  • Technical measures including lockable rooms, cabinets, individual log in credentials, encryption and secure disposal of confidential waste
  • Ensuring only appropriate individuals have access to relevant and proportionate information about you
  • Carrying out checks on third parties who process personal data on our behalf

How long do we keep your personal data?

We retain your records for certain periods (depending on the particular type of record) in accordance with our Records Retention Policy.

Direct Marketing

You have the right to “opt out” of receiving direct marketing. If you ask us not to call or contact you again in relation to marketing activities, we will add you to our “opt-out” list, ensuring we do not accidentally send you further information

Your rights and your data

If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data.

You are entitled to

  • a description of the personal information we hold about you
  • why this information is being collected and processed
  • know to whom your information may be disclosed
  • know where the information came from, if this is not clear
  • have a copy of the information on request – this is called a subject access request
  • ask for any errors or out-of-date information to be corrected

Unless an exemption applies, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which GenesisCare UK holds about you;
  • The right to request that GenesisCare UK corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for GenesisCare UK to retain such data;
  • Where your consent is relied upon as a processing condition, the right to withdraw your consent to the processing at any time. Any such withdrawal will not affect the lawfulness of the processing before your consent was withdrawn;
  • The right to request that GenesisCare provides you with your personal data and where possible, to transmit that data directly to another data controller, (the right to data portability), where applicable. (This right only applies where the processing is based on consent or is necessary for the performance of a contract with you and in either case the data is processed by automated means).
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, where applicable. (This right only applies to profiling or where processing is based on legitimate interests; the performance of a task in the public interest; direct marketing and processing for the purposes of scientific/historical research and statistics).

To exercise all relevant rights, queries or complaints, in the first instance please contact the Information Governance Manager on .

If you have any concerns as to how your data is processed you can contact:

The Data Protection Offer at

Data Protection Officer
C/O Legal Counsel
GenesisCare Windsor
69, Alma Road

Further Information

Independent advice about data protection is available from the UK Information Commissioner’s website at

You have the right to lodge a complaint with the Information Commissioners Office if you believe that we have not complied with the requirements of the data protection legislation.

You can contact the Information Commissioners Office on 0303 123 1113 or via email
or, at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.