Privacy policy

BPS Assessment, of 16 Angel Gate, City Road, London, EC1V 2PT is the data controller for the purpose of the Data Protection Act 1998. By proceeding to use the BPS Assessment website you consent that we may process the personal data (including sensitive personal data) that we collect from you in accordance with our Privacy Policy (https://www.bps.ac.uk/legal/security-privacy).

In particular, we may use information we hold about you for the purposes of administering and improving our services including audit and quality reviews of the Prescribing Skills Assessment, maintaining our records, providing you with the information, products and services that you request from us, allowing you to participate in interactive features of the Prescribing Skills Assessment and notifying you about changes to our services. Using anonymised data through which individual candidates cannot be personally identified we will review and undertake research of academic performance trends. We may also make this anonymised data available to select third parties for future educational research projects.

The data that we collect from you may be transferred to, and stored or processed at, a destination outside the European Economic Area ('EEA'). By submitting your personal data, you agree to this transfer, storing or processing.

Please address any questions, comments and requests regarding our data processing practices to bpsassessment@bps.ac.uk

GDPR – list of subprocessors

THIRD PARTY PRIVACY NOTICE

Last Updated: 20 January 2023

BPS Assessment (BPSA) uses certain subprocessors in the general running of its business and to assist it in providing its services to its customers. A subprocessor is a third party service provider or data processor engaged by BPSA, who has or potentially will have access to or process personal data. BPSA engages different types of subprocessors to perform various functions as explained in the table below.

Contractual safeguards

BPSA requires its subprocessors to enter into agreements that satisfy the requirements of Article 28 of the General Data Protection Regulation, including but not limited to obligations to:

Subprocessors

The following is an up-to-date list (as at the date at the top of this page) of the names of LCP’s key subprocessors and the purposes for which they process personal data, as well as which clients these are potentially applicable to.

Amazon Web Services Data hosts
NEC Software Solutions IT support, software development, exam technical cover
Security Brigade Penetration Testing
NCC Group Penetration Testing