Data Protection & Privacy Policy

Primary Care International (PCI) is a social enterprise which was founded in 2014 by Red Whale|GP Update. We work to strengthen primary health care globally. We are registered in the UK but work with partners in a range of settings across Africa, Asia and the Middle East, from the largest cities to the smallest and most remote refugee contexts.

In the course of our work we gather items of personal information and data for various individuals, in line with our specific business needs. PCI takes the protection of your data seriously and operates a policy that is in full compliance with the General Data Protection Regulation.

The responsibility for data protection at PCI is held collectively by each employee, with the board of directors having overall accountability. We are not required to appoint a Data Protection Officer.

This policy explains how we gather, use and share information about you, and respect your privacy rights. It will be kept under review and always accessible on our website at

If you have any concerns about how PCI may be using this information, or want to find out what data we hold relating to you, please write to

What is our lawful basis for gathering & processing your data?

The lawful basis we have for gathering and processing your data will vary depending on the business need:

  • We have a legitimate interest in holding basic personal data in support of our Customer Relationship Management (CRM) process, and we also seek consent to promote the work that we do to interested individuals.
  • We have a legal and contractual obligation to process data relating to anyone who works for us in order to fulfil the terms of their contracts, as well as payroll and statutory HMRC requirements. We also have a legitimate interest in retaining information, for a period of time, for anyone who applies for a job with us to assess against future opportunities.
  • We have a contractual obligation to our partners to process some data in order to satisfy the requirements of our business arrangement with them.

What data do we hold & gather?

The data we hold relating to you may come from a number of sources. Some data you will have provided yourself, either by subscribing to our newsletter, enrolling for one of our training courses, or applying for a job with us. Other data may have come to us from one of our partners (who would likely be your employer or sponsor), or have been referred to us from a mutual business contact.

Our records may include:

  • Contact details – for example your name, address, email address and telephone number
  • Personal identifiers and biographical information of those that work for us – for example your date of birth, national insurance number, bank account details, photographs, passport details
  • Personal details – for example disability information, dietary preferences for event management purposes, next of kin information
  • Work experience, skills, and CVs

How do we use your data?

How we use your data depends on the lawful basis we have for holding it:

  • If we have a contractual obligation to hold your data then the use of that data will be either stipulated or implied as part of that contract.
  • If we have a legal obligation to process your data then the relevant legislation will inform the process.
  • If we have a legitimate interest in processing your data then this may be in support of business planning, promotional activities or organisational capability.
  • If you have consented to us communicating with you then this would depend on the nature of your consent. It may include:
    • Sending you our e-newsletters OR
    • Informing you of opportunities you may be interested in OR
    • Asking you to support or partner with PCI, either in a personal or professional capacity

How do we share your data?

The only information we share with a third party is relevant salary and payroll information for our employees, which is shared with our payroll service provider. We would also share this information with HMRC if required to do so.

We do not share any other information or data with anyone else. We do not, nor will we ever, sell your data to a third party.

How do we protect your data?

We use a number of web and cloud based systems for the storage of information and data. These are:

  • Dropbox for Business – for records retention
  • MailChimp – for newsletter distribution lists
  • Salesforce – for CRM purposes
  • PCI Academy, hosted by Talent LMS – for sharing of training materials which users access via secure login

With the exception of the PCI Academy, access to all systems above is restricted to staff only with secure login credentials. Furthermore, the systems indicated are all compliant with current data protection legislation.

Access to the PCI Academy is via individual login which subscribers are assigned, usually as a contractual requirement with one of our partners.  Access is controlled by a trained member of staff and subscribers can only access their own account and relevant training material for their organisation.


What are your rights & preferences?

You have the right to:

  • Ask to see, correct or sometimes delete the data we hold about you
  • Object to specific data uses, as described above
  • Object to receiving communications and direct marketing
  • Ask for the transfer of your data electronically to a third party
  • Lodge a complaint with the Information Commissioner’s Office

If you no longer wish to receive communications from us you can either ‘unsubscribe’ by clicking the relevant link on one of our newsletters, or by emailing If you wish to exert any of your rights indicated above then please contact If you ask us to delete your data we will do so provided there is no legal or contractual obligation for us to retain it.


What are cookies?

Cookies are small text files that are stored in your browser and are used by most websites, including this website, to help personalise your web experience. Some features on this website will not function if you do not allow cookies. You can learn more about cookies at:

What cookies do we use?

We use Google Analytics to analyse how visitors use our site in aggregate form. Google Analytics uses cookies to identify unique visitors and record how they use a website. It does not collect any personally identifiable information and does not track movements between different websites.

You can “opt out” of Google Analytics cookies by installing the Google Analytics Opt-out Browser Add-on to block Google Analytics on all websites, or you can configure your browser to block cookies.

We use Matomo Analytics to help us understand how many people use the site, and what parts of the site they use.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.