This privacy notice applies to potential and actual members of MPS, applicants for grants and entrants to competitions, as well as to our website visitors and those whose information we may obtain during the course of protecting our members’ interests. For example, we may have information about you if you are involved in a claim or complaint against an MPS member or former member.
References to members or actual members includes former members who remain entitled (even after termination of their membership of MPS) to assistance in relation to events occurring during that membership.
In this privacy notice, references to "we" or "us" or “our” and “MPS” are to The Medical Protection Society Limited and its subsidiaries, the “MPS Group”.
Controller for All: The Medical Protection Society Limited (a company registered in England with company number 36142 at Level 19, The Shard, 32 London Bridge Street, London, SE1 9SG) makes decisions about how your personal information is handled in connection with the MPS websites, actual/potential members and individuals connected with complaints/cases. This means that it is a “controller” of your information in accordance with data protection laws.
If you are a member located in South Africa, Singapore, Hong Kong Australia, Trinidad and Tobago or Jamaica (or an individual connected with a complaint or case about a member located in those jurisdictions), the relevant local MPS entity also jointly decides how your personal information is handled.
- Joint Controller for South African Members: MPS South Africa Services (Pty) Ltd, a company registered in South Africa with company number 2017/417238/07 at Executive City, Cnr Cross Str and Chairmaine Ave, President Ridge Randburg, Gauteng 2194
- Joint Controller for Singaporean Members: MPS (Singapore Services) Pte Ltd, a company registered in Singapore with company number 201723019E at 10 Changi Business Park Central 2, #05-01 HansaPoint@CBP, Singapore 486030
- Joint Controller for Hong Kong Members: MPS (Hong Kong Services) Limited, a company registered in Hong Kong with company number 2615454 at Level 54, Hopewell Center, 183 Queen's Road East, Hong Kong
- Joint Controller for Australian Members: DPL Australia Pty Ltd, a company registered in Australia with company number 24 092 695 933 at 65 Park Rd, PO Box 1013, Milton, QLD 4064, Australia
- Joint Controller for Members in Trinidad & Tobago: Medical & Dental Defence Services Limited, a company registered in Trinidad & Tobago with company number C2020061704321 at 6A Palmiste Drive, Phillipine, La Romaine, 651222, Trinidad & Tobago
- Joint Controller Members in Jamaica: MPSJS Limited, a company registered in Jamaica with company number 106488 at 48 Duke Street, Kingston, Jamaica
Controllers may be subject to one or more data protection laws in relation to any specific use of personal information.
We may collect information from you when you interact with us, for example, when you use our websites, apply for membership or when you provide information in the course of using our services. We also collect information about you from certain third parties (e.g. other professional defence organisations, your employer, witnesses in a case, etc.).
Actual or potential members and website users may choose not to provide us with personal information. If they do so, we may not be able to accept them as a member (where relevant) or provide them with the full benefit of our services. Where this is the case, this will be made clear (e.g. because a form cannot be submitted, the website does not function or because we will tell them that this is the case).
How your information is collected:
- Through your use of our websites: you provide us with information such as your IP address and information that you enter into contact and other online forms.
- When you apply for membership: we ask you to provide us with information that we require to consider your application.
- When you apply for a grant from or enter a competition run by us.
- Through our provision of services to you: e.g. through any correspondence and transactions between us, as well as when you contact us to request assistance (please note that we may record or monitor our calls for compliance and quality control purposes), or use any of the services that we provide (actual or potential provision of membership, advice, assistance or indemnity).
- From third parties:
- where you apply for membership or are a member, or where you apply for or receive a grant from us, -we may receive information about you from other professional defence organisations, insurance companies, employers and other third parties who for example provide us with details of your professional practice and career history
- where we believe that you may be interested in becoming a member, we may receive your contact details and other relevant information
- where you are involved in a claim or complaint (whether as a member, claimant, complainant or co-defendant, for example), we may receive information about you from a member, complainant, claimant, witness, expert, court, regulator, law firms or professional regulatory bodies who are involved in the claim or complaint
- Through cookies: we use a variety of cookies to perform different functions, including to welcome you back when you return to the website, helping us to provide a better, faster, and safer browsing experience and tracking your usage of our websites. More information relating to cookies can be found here. You can read more about the different types of cookies that we use on the cookies page.
In the course of your use of our websites, your application for membership, our provision of services and/or your involvement in a complaint/claim, we will obtain information about you. The types of information we collect depends the circumstances.
Website Users: If you use our websites, we will normally only collect your IP address, information collected by our cookies and information that you otherwise provide to us in making use of website functionality (e.g. contact forms).
Potential or Actual Members, applicants for grants and entrants to competitions: If you (i) apply to us for membership, are a member or if you are not a member but we provide services to you, or (ii) apply to us for a grant or enter a competition run by us, we may collect the following information:
- your name, title, address, e-mail address, telephone and fax number(s)
- your age and date of birth
- information related to your occupation such as details of your specialty, professional practice, career history and/or research history
- information required to apply for a grant or enter into a competition
- details relating to any claims or complaints against you, including from claimants, complainants or co-defendants, witnesses, experts, lawyers or advisors
- Special Category Information, as set out below
- any other information you may provide to us during your relationship with us, for our operational or business purposes, or which we require to provide you with MPS’s services
Claimants, complainants, co-defendants, witnesses or other persons connected to a claim or complaint against our members: We will receive information about you that others choose to tell us in order for us to provide advice, assistance or indemnity to our members (e.g. name, age, address, phone number, fax number, email address, details of the relevant claim/complaint, your role and acts or omissions with respect to that claim/complaint) and Special Category Information as set out below.
Special Category Information: We may process information on criminal convictions and offences (including alleged offences), health (potentially including genetic and biometric data), race, ethnic origin, sex life, sexual orientation, political opinions, religious or philosophical beliefs and trade union membership (“Special Category Information”).
We may process Special Category Information about actual/potential members either (i) as part of an application and/or in connection with membership, or (ii) to provide members with advice, assistance and indemnity.
We also may process Special Category Information about claimants, complainants, co-defendants, witnesses and relevant third parties, where it is relevant to an actual or potential claim or complaint made against a member.
We use your personal information for the reasons set out in this privacy notice. Different legal bases for using your information apply depending on what category of personal information we process. We normally use personal information on the basis that it is necessary for the performance of a contract, is in our or a third party’s legitimate interests or it is required or permitted by applicable law. Further information about this and Special Category Information processing grounds is set out below.
We process personal information on the legal basis that it is:
- necessary for the performance of a contract: if you are a current or former member, we will process your personal information in order to fulfil that contract (i.e. to provide you with membership, advice, indemnity and assistance) If you are not a member and we provide you with services, we will process your personal information in order to fulfil the contract for those services.
- in our or a third party's legitimate interests: details of those legitimate interests are set out in more detail below.
- where we are required to do so or it is otherwise permitted by law
- with your consent (e.g. for marketing)
In addition, we process Special Category Information on the legal basis that it is:
- necessary for the establishment, exercise or defence of legal claims (e.g. court claims or medical or dental regulatory proceedings), including information about members, claimants, complainants, co-defendants, witnesses and relevant third parties
- with consent (e.g. where it is necessary for the administration of actual or potential membership). Consent may be withdrawn by contacting us, but if it is, we may not be able provide the full benefits of membership.
- necessary for archiving, research and statistical purposes in the public interest (e.g. for the identification of clinical trends and practices in historic court claims, medical or dental regulatory proceedings and similar matters, such that we can promote better clinical risk management).
The legitimate interests for which we process personal information (other than Special Category Information) are:
- where you use our websites, in order to respond to any requests that you make via our websites and to analyse use of our websites and improve the content and function of our websites
- if you make a membership application: to assess your application and any future applications that you may make, and to communicate with you about it and the benefits of membership
- if you apply for a grant or enter into a competition run by us: to assess your application and any future applications that you may make, or to judge your competition entry, and to communicate with you about them and our research business, the MPS Foundation.
- if you are a member:
- the administration and provision of membership services, the actual or potential provision of advice, assistance or indemnity, underwriting, risk assessment
- to administer our business and our third-party providers (e.g. to validate invoices from law firms we have instructed to assist us to advise you etc.)
- to investigate claims and complaints
- education, research and audit (e.g. to consider trends in complaints and claims to better understand the management of clinical risk)
- for the purposes of your membership renewal whilst your membership continues
- if you are a claimant, complainant or co-defendant, witness or other person connected to a claim or complaint against our members, to provide our services to members (including to assess and complete the actual or potential provision of advice, assistance or indemnity)
- generally:
- to provide you with marketing as permitted by law
- to protect our rights, privacy, safety or property, or those of other persons
- in order to comply with laws and regulations that apply to us and the third parties with whom we work, and to exercise our rights and defend ourselves from claims
- in order to participate in, or be the subject of, any sale, merger or acquisition or all or part of MPS’s business
We may use your personal information to contact you about our, or our partners', products and services where we believe they may be of interest to you. We may deliver marketing communications to you by post or email.
If you do not want us to send marketing information, you can contact us or follow the unsubscribe links in the emails we send.
We may use information obtained about you from “cookies” (text files which are sent to us by your computer, tablet, mobile phone, or other access device (referred to collectively as a "computer")) which we can access when you visit our websites in future. We do this to allow us to identify users and personalise the website wherever possible.
The cookies store information about our visitors. This means that on future visits to our websites, we can identify past visitors and welcome them back, helping us to provide a better, faster, and safer browsing experience.
We may access cookies stored on your computer when you visit our websites in future. We are able to do this by including web beacons (also known as clear GIFS or web bugs) in our emails. Our web beacons do not store additional information on your computer but, by communicating with our cookies on your computer, they can tell us when you have opened emails from us and what pages you look at.
For example, we use cookies to identify which country website you last visited, so that on subsequent visits, you are redirected back to that website to aid your navigation. In this case without cookies, you would be asked to select the country website you wish to visit upon each visit to one of our global landing pages.
You may opt-in, opt-out, or adjust your cookie preferences by selecting the appropriate settings on your browser. The cookies we use can be categorised as follows:
- Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personal data.
- Functional Cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
- Targeting Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal data, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
- Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
- Social Media Cookies
These cookies are set by a range of social media services that we have added to our site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.
Note that cookies stay on your device(s) for differing amounts of time, depending on whether it is a “persistent” or “session” cookie:
- Persistent cookies: These cookies are used to remember your preferences on the website, to analyze user behavior to establish patterns of usage and preferences, and to improve functionality of the website. They remain on your computer or device until they expire or they are deleted by you. They persist even after you close the browser and restart your computer.
- Session cookies: These cookies are used to remember your activity during the course of the current website visit. They are temporary and only stay on your computer or device only until you stop the current browsing session.
For further details on the specific cookies we use, including their categorisation, whether they are persistent or session cookies and the purposes for which we use them, please click here.
If you want to delete any cookies that are already on your computer, you can find out more at AboutCookies.org.
Alternatively, please refer to the instructions for your file management software to locate the file or directory that stores cookies. If you want to stop cookies being stored on your computer in future, please refer to your browser manufacturer’s instructions by clicking “Help” in your browser menu. Further information on deleting or controlling cookies is available at AboutCookies.org.
When you visit our websites, we may also log your IP address, a unique identifier for your computer or other access device.
MPS recognises the importance of protecting individuals’ personal data and the responsibility we all have in ensuring the security of the data we hold. MPS has robust technical and organisational information security measures in place with guiding principles and responsibilities to protect the confidentiality, integrity and availability of the data we hold.
Should you visit any of the MPS Group premises, you will be asked to provide identification and sign into the building as a visitor. We collect your name, company, who you are visiting, and a photograph for security and safety. This will let enable us to us evacuate the building premises quickly in the event of an emergency, and to respond to any security incidents.
The lawful basis we rely on to process this data is article 6(1)(f) of the UK GDPR, allowing us to process personal data for our legitimate interests.
If you were are a pre-booked as a visitor, we may have already hold your email address details on file in our records. We only use this your details to send your invite invitation. and it cannot be used for anything else.
We keep this data collected from all visitors for a period of 12 months, before it is removed from our system after which it will be erased.
If you want us to send you wish to exercise your data rights to obtain a copy, update or remove your data etc, you can please send an email detailing your full request to the group Data Protection Officer on [email protected].
We share your information within the MPS Group, with those we work with in the course of providing membership, advice, assistance or indemnity (e.g. an employer, trade union, other professional defence organisations) and with others who help us provide services (e.g. lawyers, advisers, expert witnesses), provide services to us (e.g. system and cloud hosting service providers) or from whom we need information to handle or verify entitlements or handle claims or complaints. We also share your information in accordance with the law.
We share your information for the purposes set out in this privacy notice, with the following categories of recipients:
- other members of the MPS Group, for example if a claim or complaint relates to a member’s practice or membership in Singapore, we will share the information with the local MPS company in Singapore
- our insurers
- (i) the Department of Health & Social Care, (ii) NHS Resolution, (iii) the Minister for Health & Social Services, Welsh Government and (iv) NHS Wales Shared Services Partnership – Legal & Risk Services ((i)-(iv) together, “Government”), where a legal claim falls within the scope of the existing liabilities schemes introduced on 1 April 2019 (“ELS”)
- third party suppliers who help us deliver services (e.g. expert witnesses, lawyers, advisors, translators) or who provide services to us (e.g. system and cloud hosting service providers) (together, "Suppliers”)
- suppliers who provide services to the Government in relation to the ELS
- third parties, including the police and other law enforcement agencies in the exercise of their functions, where we have a duty to or are required by law or a court order to disclose your personal information
- where applicable, potential buyers of all or part of the MPS Group’s business
Where we share your personal information, appropriate protections will be in place as required by data protection laws.
MPS is an international organisation providing services in locations around the world and dealing with international organisations (e.g. experts, law firms). It also uses systems which may be hosted outside of your home country. Some jurisdictions to which your personal information is transferred may not offer the same level of data protection as your home country.
MPS implements measures to ensure that when your personal information is transferred internationally, it is subject to appropriate safeguards in accordance with data protection laws, often in contractual form. More information about these safeguards (including copies, where relevant) can be obtained by contacting us.
MPS deals with international organisations and uses global information systems. As a result, MPS transfers your personal information to countries outside of your home country for the purposes set out in this privacy policy. Some jurisdictions to which your personal information is transferred may not offer the same level of data protection as your home country.
Countries to which personal information is transferred vary from time to time, but include the UK, Ireland, Australia, South Africa, Singapore, Hong Kong, New Zealand, Malaysia, the Caribbean and Bermuda.
The rules on data protection vary from country to country. We have set out below the names of the data protection laws in the primary jurisdictions in which we provide services, along with additional information about cross-border transfers that are relevant to members and individuals located in those countries.
- Australia: Privacy Act 1988 (Cth) (“APA”). For the purposes of Australia law and the APA, if you apply for membership of or a grant from MPS your consent to the use of your personal information is obtained as part of your application. This consent also governs the use of your personal information if membership is granted or your application is successful. The terms of your consent are confirmed, and may be varied, as part of the renewal process.
- Hong Kong: The Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (“Ordinance”). For the purposes of Hong Kong law and the Ordinance, if you apply for membership of or a grant from MPS your consent to the use of your personal information is obtained as part of your application. This consent also governs the use of your personal information if membership is granted or your application is successful. The terms of your consent are confirmed, and may be varied, as part of the renewal process.
- Ireland: The General Data Protection Regulation (EU) 2016/679. MPS may transfer your information outside of the European Economic Area (“EEA”) in accordance with applicable data protection laws. Not all countries outside of the EEA have data protection laws that are similar to those in the EEA and they may not be regarded by the European Commission as providing an adequate level of data protection. Where this is the case, MPS puts in place additional safeguards in accordance with applicable law.
- South Africa: The Protection of Personal Information Act 4 of 2013 (“POPIA”). For the purposes of South African law and POPIA, if you apply for membership of or a grant from MPS your consent to the use of your personal information is obtained as part of your application. This consent also governs the use of your personal information if membership is granted or your application is successful. The terms of your consent are confirmed, and may be varied, as part of the renewal process.
- Singapore: The Personal Data Protection Act 2012 (“SPDPA”). For the purposes of Singaporean law and the SPDPA:
- if you apply for membership of or a grant from MPS your consent to the use of your personal information is obtained as part of your application. This consent also governs the use of your personal information if membership is granted or your application is successful. The terms of your consent are confirmed, and may be varied, as part of the renewal process.
- the UK has a standard of protection of personal information comparable to the protection under the PDPA. A summary of the regulatory regime governing data protection in the UK may be found at ico.org.uk/for-the-public.
- New Zealand: The New Zealand Privacy Act 2020 (“NZPA”). For the purposes of New Zealand law and the NZPA, if you apply for membership of or a grant from MPS your consent to the use of your personal information is obtained as part of your application. This consent also governs the use of your personal information if membership is granted or your application is successful. The terms of your consent are confirmed, and may be varied, as part of the renewal process.
- Malaysia: The Personal Data Protection Act 2010 (“MPDPA”). For the purposes of Malaysia and the MPDPA, if you apply for membership of or a grant from MPS your consent to the use of your personal information is obtained as part of your application. This consent also governs the use of your personal information if membership is granted or your application is successful. The terms of your consent are confirmed, and may be varied, as part of the renewal process.
- UK: The UK Data Protection Act 2018 (and the UK GDPR (as defined in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018). MPS may transfer your information outside of the UK in accordance with UK data protection law. Not all countries outside of the UK have data protection laws that are similar to those in the UK and they may not be regarded by the Information Commissioner’s Office as providing an adequate level of data protection. Where this is the case, MPS puts in place additional safeguards in accordance with UK law.
We retain your information in accordance with time periods and criteria that reflect our reasonable needs to retain information.
We set out below the general retention periods that apply to the personal information we hold. These periods may sometimes be extended where recommended by a regulator, prescribed by law or required in order for us to exercise our rights or defend ourselves from claims.
For example, if you make a claim against us or we are subject to a litigation hold request, we will retain information until that claim has been fully settled or hold request been satisfied and any relevant limitation periods have expired.
- If you are a visitor to our websites: we retain this information whilst you are viewing our websites and for a reasonable period afterwards, taking into account the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal requirements.
- If you apply for membership of, or a grant from, MPS: we retain your information for a period of 7 years after an application for membership or for a grant (as applicable) is rejected by us or withdrawn by you.
- If you are a member: we retain your information during your membership and for a period of 25 years after your membership terminates. This is because, under the MPS Memorandum & Articles of Association, even after your membership ceases you may still retain the right to request assistance with matters that occurred during your membership.
- If you receive a grant from us: we retain your information during your research project and for a period of 10 years afterwards
- If you are involved in a claim or complaint against an MPS member or former member, as claimant, complainant or co-defendant, or as a witness, expert, lawyer or advisor:
- initially, we retain your personal information for duration of the claim or complaint and for a period of 3 years after a claim or complaint has been resolved such that we can manage the claim or complaint and any appeal or follow-up;
- subsequently, we retain your personal information for as long as it is necessary for archiving, research and statistical purposes
You have legal rights to access your information and ask us to rectify, erase and restrict use of your information. You also have rights to object to the use of your information (including for marketing purposes), to ask for the transfer of information you have made available to us, and to withdraw consent to the use of your information.
- The right to obtain a copy of any of your personal information which we hold
- The right to request that we correct any of your personal information
- The right to request that we delete your personal information
- The right to request a restriction is placed on the processing of your personal information
- The right to object to the processing of your personal information, including the right to object to marketing
- The right to ask for personal information you have made available to us to be transferred to you or a third party in machine-readable formats
- The right to withdraw any consent you have given us to the processing of your personal information
- The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly significantly affects you.
These rights are not absolute: they do not always apply and exemptions may be engaged. Please note that, before we are able to provide you with any information or correct any inaccuracies, we may ask you to verify your identity and to provide other details to help us identify you and respond to your request. If we do not comply with your request, we will explain why.
You may contact our Data Protection Officer with any comments, complaints or suggestions in relation to the way we handle personal information. You have the right to complain to your local regulator if you are not satisfied with how we handle your personal information.
If you have any questions about the way we use your information, if you wish to exercise any of your legal rights in respect of, or if you have complaints about, the use of your information please contact MPS’ Data Protection Officer at: [email protected]; or at Data Protection Officer, The Medical Protection Society Limited, Level 19, The Shard, 32 London Bridge Street, London SE1 9SG, UK.
You have the right to lodge a complaint with the Information Commissioner and (if applicable) with your local privacy regulator. You can contact the Information Commissioner at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Web: https://ico.org.uk/concerns
If you are in Australia, you can also contact the Office of the Australian Information Commissioner here.
If you are in Hong Kong, you can also contact the Office of the Privacy Commissioner for Personal Data, Hong Kong here.
If you are in Ireland, you can also contact the Data Protection Commission here.
If you are in South Africa, you can also contact the Information Regulator here.
If you are in Singapore, you can also contact the Personal Data Protection Commission here.
If you are in New Zealand, you can also contact the Privacy Commissioner here.
If you are in Malaysia, you can also contact the Personal Data Protection Department here.
Updating this privacy notice
As we strive for continuous improvement in our services and processes, we will update this privacy notice from time to time to reflect our business activities and will show the latest version of it on our website. We will provide you with notice of any significant updates in accordance with data protection laws.
Last updated: Aug 2024