Accept Cookies

Cookies: How we use information on our website:

We use cookies on our website to make it clear, useful and reliable. In order to achieve this and to provide certain personalised features we store a small amount of data about you. Find our more here. By navigating from the front page to other sections of our website, you are consenting to information being stored.

Privacy Notice

1.  Introduction

The Northern Ireland Medical and Dental Training Agency (NIMDTA) was established to train postgraduate medical and dental professionals for Northern Ireland. More detailed information about different aspects of our work can be found on our website: NIMDTA recognises the importance of protecting personal and confidential information in all that we do, all we direct or commission, and takes care to meet its legal duties. Key legislation includes:

  • the General Data Protection Regulation 2016 (GDPR),
  • the Data Protection Act 2018
  • the Access to Health Records (Northern Ireland) Order 1993 (AHR)
  • the Freedom of Information Act 2000 (FOI),
  • the Environmental Information Regulations 2004 (EIR),
  • the Human Rights Act 1998 (HRA),
  • relevant health service legislation, and the
  • common law duty of confidentiality

2.  Your Information

NIMDTA uses personal information for a number of purposes. This Privacy Notice provides a summary of how we use your information. To ensure that we process your personal data fairly and lawfully we are required to inform you of:

  • What personal information we collect
  • Why we need your data
  • How it will be used
  • Who it will be shared with
  • How long it will be kept for

2.1  What types of personal data do we handle?

NIMDTA processes personal information in relation to the functions it performs with regard to the management of postgraduate medical and dental education and training. On a phased basis from August 2019, NIMDTA will also be assuming the role of Single Lead Employer for Doctors and Dentists in Training in Northern Ireland.  It will therefore be necessary to process personal information in relation to this function also. NIMDTA also processes information in relation to the management of the GP Appraisal process within Northern Ireland. In addition, NIMDTA also processes information in relation to its own staff. The information NIMDTA may hold includes:

  • names, addresses, telephone numbers, e-mail addresses
  • family details, for example next of kin details
  • employment details, training programme membership, placement history, HSC service information, sickness absence and other absence information
  • details held in personnel files
  • contact details for contractors / suppliers
  • financial information

NIMDTA may also process ’special categories’ of information:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • data concerning health (for example, occupational health reports)
  • data concerning a natural person’s sex life

2.2  Why we need your data

NIMDTA processes personal information provided by Doctors and Dentists in Training, their Trainers, and other Educator staff (including those who applied for these roles but who were not appointed) in relation to the statutory functions it performs with regard to the management of postgraduate medical and dental education and training within Northern Ireland. On a phased basis from August 2019, NIMDTA will also be assuming the role of Single Lead Employer for Doctors and Dentists in Training in Northern Ireland.  It will therefore be necessary to process personal information in relation to these individuals with regard to their contract of employment and pay and conditions. NIMDTA requires the personal information of General Practitioners so that it can manage the GP Appraisal process within Northern Ireland. This allows for appraisals to be arranged and carried out annually in order to meet the requirements of the Department of Health and the Health and Social Care Board. NIMDTA also processes information in relation to Dentists, Dental Care Professionals and General Practitioners in relation to Continuing Professional Development courses. In addition NIMDTA processes information in relation to its own staff and those who apply to work for the organisation. Information processed for the above purposes is therefore lawful under Article 6 of GDPR as follows:

  • 6(1)(a) – Consent of the data subject
  • 6(1)(b) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • 6(1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • 6(1)(f) – Processing is necessary for your legitimate interests

Where NIMDTA processes special categories of personal data, its additional legal bases for processing such data as listed in Article 9 of GDPR are as follows:

  • 9(2)(a) – Explicit consent of the data subject
  • 9(2)(b) – Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law
  • 9(2)(h) – Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee
  • 9(2)(j) – Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes

2.3 How will we use information about you?

In connection with training, NIMDTA collects and uses personal information for the following purposes:

  • To manage the recruitment process to Training Programmes within Northern Ireland
  • To manage your training and your training programme
  • To quality assure training programmes to ensure that standards are maintained
  • To identify workforce planning targets
  • To maintain patient safety through the management of performance concerns
  • To comply with legal and regulatory responsibilities including revalidation
  • To contact you about training opportunities, events, surveys and information that may be of value to you

We also collect personal information from General Practitioners so that we can arrange their annual appraisals and communicate with them in relation to the annual appraisal timetable and their own appraisal date. NIMDTA processes information in relation to Dentists, Dental Care Professionals and General Practitioners in relation to Continuing Professional Development courses they have booked and to keep them informed in relation to future events. Information is also processed for the management of our own staff (including those Doctors and Dentists in Training for whom NIMDTA is the Single Lead Employer), to coordinate recruitment exercises for its own staff, Educator roles and for any additional programmes it runs for Doctors and Dentists in Training, and to let us fulfil our statutory obligations. Data may be used for statistical analysis – any outputs will be anonymised and will not contain personal identifiable information and may be shared with stakeholders such as the Department of Health.

2.4 Collection and use of data from website users

When you access the NIMDTA website small amounts of information, including small files known as cookies, are sometimes placed on your device. Some of these cookies are essential for the operation of the website while others, such as those associated with Google Analytics, monitor how you use the website. Personal information, such as your name and address, is not collected. Details of the cookies currently in use appear below:

Essential Site Cookie

These cookies are essential for the website to operate.

Essential Site Cookie

Cookie used by the GDPR Cookie Consent plugin to indicate that you have been made aware of the sites use of cookies on the site and the choices you have made in relation to them.

Analytics Cookies  To help improve our website we use Google Analytics. This tool sets four cookies which track how a visitor reaches our website, how long a visitor spends on the site and which pages they visit. The cookies also store information regarding the web browser, operating system and screen resolution to ensure that the website functions correctly for visitors.


There may be embedded media, such as YouTube or Vimeo videos, on some webpages. The suppliers of these services may also set cookies on your device when you visit the pages where we have used this type of content. These are known as ‘third-party’ cookies. To opt-out of third-parties collecting any data regarding your interaction on our website, please refer to their websites for further information. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit

2.5 Sharing your information

NIMDTA will share personal information where appropriate and necessary with third parties such as organisations that provide placements (HSC Trusts / GP Practices / Dental Practices / other bodies), the Business Services Organisation, Health Education England, NHS Education for Scotland, Health Education and Improvement Wales, Royal Colleges and Faculties, Medical Schools and regulatory / professional bodies such as the General Medical Council (GMC) and the General Dental Council (GDC). NIMDTA may also be obliged to provide personal information to another statutory organisation (such as a Police Force, Health Regulator or Investigatory Body), or via a Court Order. Information processed for this purpose is therefore lawful under the articles set out within section 2.2.  

NIMDTA may engage the services of third parties for the provision of systems to enable it to deliver its functions.  Where this is necessary, NIMDTA will ensure that data is processed by these parties only for the purposes required for NIMDTA.  Where NIMDTA changes suppliers, personal data may be migrated/transferred from one supplier to the other to facilitate continuity of access to data and NIMDTA’s ability to deliver its functions.  Examples of third party systems in use within NIMDTA include, but are not necessarily restricted to, TIS (Trainee Information System), Accent Course Manager, NIMDTA LMS and MedAll.

2.6 Retaining Information

NIMDTA will only retain information for as long as necessary, in line with the Department of Health (DoH) Good Management, Good Records (GMGR). For further information, please refer to the following DoH link:

3.  Individual Rights

Individuals have certain rights under GDPR, namely:

  • The right to obtain confirmation that their personal information is being processed, and access to personal information
  • The right to have personal information rectified if it is inaccurate or incomplete
  • The right to have personal information erased and to prevent processing, in specific circumstances
  • The right to ‘block’ or suppress processing of personal information, in specific circumstances
  • The right to portability, in specific circumstances
  • The right to object to the processing, in specific circumstances
  • The rights in relation to automated decision making and profiling

4.  Security of your information

NIMDTA is committed to taking all reasonable measures to ensure the security of all personal information it holds. The following arrangements are in place:

a.  All NIMDTA staff have contractual obligations of confidentiality, enforceable through disciplinary procedures;

b.  Everyone working for the HSC is subject to the common law duty of confidentiality;

c.  Staff are granted access to personal data on a need-to-know basis only;

d.  NIMDTA has appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a Personal Data Guardian (PDG) who is responsible for the management of employee and any patient information/confidentiality. Local Information Asset officers (IAOs) have been appointed as part of its Information Governance arrangements. The Business Services Organisation (BSO), has appointed a Data Protection Officer (DPO) who also has responsibility for NIMDTA.

e.  All staff are required to undertake information governance training every 2 years. The training provided ensures that staff are aware of their information governance responsibilities and follow best practice guidelines to ensure the necessary safeguards and appropriate use of personal information;

f.  A range of policies and procedures are in place

5.  Receiving Information

5.1 How can you access your personal information?

DPA and GDPR give you the right to access information that NIMDTA holds about you. Subject Access Requests (SARs) must be made in writing. You will need to provide:

  • adequate information (for example full name, address, date of birth) so that your identity can be verified and your information located
  • an indication of what information you are requesting to enable us to locate this in an efficient manner

NIMDTA aims to comply with requests for access to personal data as quickly as possible, and normally within a calendar month of receipt unless there is a reason for delay that is justifiable under GDPR. We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know.

5.2 Freedom of Information

The Freedom of Information Act 2000 provides any person with the right to obtain information held by NIMDTA, subject to a number of exemptions.

5.3 Complaints about how we process your personal information

If you are dissatisfied with how NIMDTA is, or has been, processing your personal information, you have the right to advise NIMDTA of this in writing.

6.  Contact Details

Any request for information, or complaints, should be submitted in writing to You may also submit complaints to:

Complaints Officer NIMDTA – Corporate Services Beechill House 42 Beechill Road Belfast BT8 7RL

You may also contact the Data Protection Officer directly:

7.  Changes to our privacy notice

We keep our Privacy Notice under regular review and apply the appropriate updates.


Additional Privacy Notices:

Learning Management System Privacy Notice

Recording of Training Sessions / Events Privacy Notice

National Fraud Initiative Privacy Notice