Professionals Privacy Notice

This privacy notice should be read in conjunction with the Privacy Statement found at:


The purposes of the processing and recipients of personal data


We process the personal data of healthcare or related professionals that interact with us regarding the activities and interests of the Registry. This includes individuals who engage with the IBD Registry in either an individual capacity or on behalf of their organisation as:

• A supplier of goods or services to the IBD Registry;
• A client of the IBD Registry in relation to their organisation’s use of IBD Registry services;
• A current, historic or prospective contributor of data to the Registry;
• A researcher or other interested party that communicate with the IBD Registry regarding access to Registry data or services;
• A professional that engages with or otherwise supports the IBD Registry in a consultative or advisory capacity; or
• An attendee at an industry event or working group run or attended by the IBD Registry.

We process personal data and contact details for the purposes of supporting communications and interactions with individuals relating to our services and activities (such as our clinical and patient data collection and quality of care improvement and research). This includes the processing of personal data to support the provision and management of secure access to the IBD Registry’s data collection systems (e.g. through the issuing of user accounts and the operation of Multi Factor Authentication (MFA/2FA).

Categories of personal data

The data we process is personal data as defined by data protection law. This typically includes your name and organisation, together with contact details such as email address and phone numbers.


You provide your details to us directly, or we acquire them in the course of our legitimate activities such as your work contact details being submitted to us by your employer or the organisation you represent or collecting personal data from organisational websites.


We will not ordinarily or routinely share any of your data with any third-party data controllers.

The lawful basis for the processing

The lawful basis under the GDPR which allows us to process personal data is: GDPR Article 6(1)f – the processing is necessary for the purposes of our legitimate interests.

International Transfers

Data will only be stored within the UK and the European Economic Area (“the EEA”). (The EEA consists of all EU members states, plus Norway, Iceland, and Liechtenstein.


Personal data is retained in line with organisational retention periods unless a request is received to delete it or official notification is received that it is no long valid.

Automated decision-making or profiling

We do not undertake any automated decision-making or profiling in relation to your personal data processed for communications purposes.

Last updated: June 2023