NHS R&D Forum Privacy Policy: FINAL v0.1 May 25 th 2018

Similar documents
EIT Health UK-Ireland Privacy Policy

Privacy Policy Inhouse Manager Ltd

Website Privacy Notice

Smile IT Ltd Privacy Policy. Hello, we re Smile IT Ltd. We offer computer and network support to businesses and home computer users.

Information you give us when you sign up to the World Merit Hub. In addition, when you sign up to the World Merit Hub, we will usually ask for:

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

Our Data Protection Officer is Andrew Garrett, Operations Manager

Last updated: 25 May 2018

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Privacy and Cookies Policy

PRIVACY POLICY. What personal data we collect and why we collect it IN ORDER TO: (Date of last update: 1 st January 2019)

World Wide Jobs Ltd t/a Findmyexpert.com Privacy Policy 12 th April 2018

DLB Privacy Policy. Why we require your information

Wesley House data protection statement and privacy notice (short-course delegates)

Pathways CIC Privacy Policy. Date Issued: May Date to be Reviewed: May Issued by Yvonne Clarke

DCCVITAL GDPR Privacy Statement. This privacy statement sets out

This Privacy Policy applies if you're a customer, employee or use any of our services, visit our website, , call or write to us.

The website. Use of cookies. Introduction

About Us. Privacy Policy v1.3 Released 11/08/2017

Project Better Energy Limited s registered office is Witan Gate House, Witan Gate West, Milton Keynes, Buckinghamshire, MK9 1SH

BELLISSIMA BEAUTY SALON PRIVACY NOTICE

CHASE GRAMMAR SCHOOL PRIVACY STATEMENT General Data Protection Regulations (GDPR)

CITY SECURITY MAGAZINE

Promise Dreams Privacy Policy

Blue Alligator Company Privacy Notice (Last updated 21 May 2018)

Harvard Technology Ltd - Privacy Statement (Customers)

At Electronics Watch, we re committed to protecting and respecting your privacy

Inspiring Insights Ltd Privacy Policy - May Important Information. 2. The data we collect and how we store it.

Privacy policy. Definitions and interpretation

Privacy Policy. Information about us. What personal data do we collect and how do we use it?

Privacy Notice. Lonsdale & Marsh Privacy Notice Version July

PRIVACY POLICY. 1. Introduction

Islam21c.com Data Protection and Privacy Policy

DATA PROTECTION AND PRIVACY POLICY

When do we collect information about you? What type of information is collected from you?

Friends of Seva Mandir 17 May 2018

About the information we collect We collect and process personal data including but not limited to:-

Data Protection policy

TIA. Privacy Policy and Cookie Policy 5/25/18

Privacy notice. Last updated: 25 May 2018

Element Finance Solutions Ltd Data Protection Policy

The types of personal information we collect and hold

2. The Information we collect and how we use it: Individuals and Organisations: We collect and process personal data from individuals and organisation

Hertfordshire Natural History Society

Data Protection Policy

Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice The Stonhard Group" Notice Whose Personal Data do we collect?

Data Protection Policy

Privacy and Cookies Policy EH Hotel 2018 Ltd

PS Mailing Services Ltd Data Protection Policy May 2018

Shaw Privacy Policy. 1- Our commitment to you

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

Privacy Notice For Our Customers And Contacts

PRIVACY POLICY. We will use the information that we collect about you in accordance with:

Cova Security Gates Ltd Privacy Notice. Unit C1, Sussex Manor Business Park, Crawley, West Sussex, RH10 9NH, United Kingdom

Privacy Policy. (GDPR compliance)

CURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk

INCLUDE-ED PRIVACY POLICY

WEBSITE PRIVACY POLICY

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018

Hallmark Solutions Limited PRIVACY NOTICE

DATA PROTECTION POLICY THE HOLST GROUP

Introduction. The website. E-newsletter. Use of cookies

Privacy Policy. Effective date: 21 May 2018

For our services, the data controller (the company that s responsible for your privacy), is Rent a Van 365 Limited. Registered address:

GDPR Compliant. Privacy Policy. Updated 24/05/2018

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

Privacy Policy (with effect from 25 th May 2018)

What kind of information do you collect, when and how?

Privacy Policy and GDPR Compliance

Creative Funding Solutions Limited Data Protection Policy

DATA PROTECTION PRIVACY NOTICE PROTECTING YOUR PERSONAL INFORMATION: YOUR RIGHTS, OUR RESPONSIBILITIES

Jefferies EMEA Privacy Notice

Wonde may collect personal information directly from You when You:

Privacy Policy. Full name and contact details (including your contact number, and postal address).

Data Protection Privacy Notice

We may change the privacy notice from time to time by amending this page.

Total Tax Group Privacy Notice

Privacy Policy May 2018

Part B of this Policy sets out the rights that all individuals have in relation to the collection and use of your personal information

Data protection is important to us

Chess Entries 4 All Website Privacy Policy

GRAHAM JONES - PRIVACY POLICY

Privacy and Data Protection Policy

Data Protection Policy

PRIVACY NOTICE: UK NARIC ANNUAL CONFERENCE

Grand Orange Lodge of Ireland Privacy Notice

About Mark Bullock & Company Chartered Surveyors

Care Recruitment Matters Limited Privacy Notice

Synchronoss Website Privacy Statement

SURGICAL REVIEW CORPORATION Privacy Policy

PRIVACY NOTICE Olenex Sarl

e180 Privacy Policy July 2018

PRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings:

Maitri Studio GDPR Compliance Policy

Aston Park Tennis Club. Privacy Policy for Members

In this policy, whenever you see the words we, us, our, it refers to Ashby Concert Band Registered Charity Number

ATHLETICS WORLD CUP PRIVACY NOTICE

NIPPON VALUE INVESTORS DATA PROTECTION POLICY

This article will explain how your club can lawfully process personal data and show steps you can take to ensure that your club is GDPR compliant.

PRIVACY NOTICE. 1. Definitions

Transcription:

NHS R&D Forum Privacy Policy: FINAL v0.1 May 25 th 2018 This privacy policy is published to provide transparent information about how we use, share and store any personal information that you may provide to us, and also what choices you have about that data, in compliance with the General Data Protection Regulation (GDPR) and UK legislation. This policy provides information: 1. About the NHS R&D Forum and the organisations that act on its behalf 2. About the personal information you may share with the NHS R&D Forum and how it is used. 3. About the lawful basis for processing data 4. About how we keep your data 5. About your rights 6. How to get in contact about your data NHS R&D Forum privacy policy: FINAL Version 1.0 May 25 th 2018 1

1. About the NHS R&D Forum The Forum is a professional network and community of practice largely supported by the work of its members. As such the Forum has very few staff or formal business operating systems of its own and instead subcontracts services to a number of organisations that act with and on behalf of the Forum administering company and members of the Forum community. Health Research & Development Ltd. A non- profit company called Health Research & Development Ltd administers the Forum as a legal body. The Directors of this company have conducted a data assessment and flow mapping exercise to identify all of the data that passes through the Forum, and they have authorized this privacy notice to explain how it is handled, the lawful basis for doing so and who is accountable for it. Accountability In some cases Health Research & Development Ltd will act as the data controller for the personal data that is shared via the NHS R&D Forum. In other cases organisations delivering contracted services, or individual member organisations will act as data controllers, doing so under the terms of their own privacy policies. Organisations supporting the work of the Forum are as follows. Members of these organisations may access some or all of the personal data identified in this policy for the purposes of delivering the Forum objectives. Blueberry Business Support Ltd http://www.blueberrybookkeeping.co.uk/# Delegant Ltd - http://www.delegant.co.uk Kate Greenwood Consulting. Forum community members, leadership team & partner organisations Training partner organisations that explicitly deliver some of our courses Accountancy services Printing services Information shared between Forum members & partners The Forum Community is made up of members and partner organisations that might share information with each other. In doing this and processing personal information each member does so in their own right and in accordance with their own Organisational data protection and privacy policies. Some members may not belong to any organisations but may be service users or members of the public. NHS R&D Forum privacy policy: FINAL Version 1.0 May 25 th 2018 2

2. About the personal information that you may share with the NHS R&D Forum and how it is used. Visitors to Forum websites: www.rdforum.org.uk www.annualrdforum.org.uk The Forum website is hosted by a third party service. Session cookies are used to enhance user experience, to collect anonymous information about users' activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. This service helps to maintain the security and performance of the Forum website. In some cases where you may wish to post a comment online, you will be asked to provide a name and email address. We do not use tracking cookies. Forum Directory of R&D Department Contacts The Forum R&D Contacts Directory holds the professional email addresses of NHS R&D departments and, in England, that of the associated Local CRN. The Organisational directory record also contains the professional contact address, phone number and name of the person who has been identified and submitted as the contact for that department. The information held within the directory is published on the Forum website so that researchers and Sponsors can contact R&D departments and so that R&D offices across the NHS may contact each other. The details are also provided to the Health Research Authority in a monthly excel spreadsheet to support their regulatory systems, the CRN, and the devolved administrations upon request in support of facilitating research set up, regulation and delivery across the UK. This system of sharing the database records with regulators also now extends to sharing directly with Sponsors such that they can contact R&D departments easily and directly for studies that do not require capacity and capability assessment. Electronic mailshots: (Forum news, mailshots, courses and conference bulletins) The Forum uses a third party service called Mailchimp to deliver monthly news and to communicate Forum business and opportunities to the community, which we believe are essential to our providing services as a Professional Network. When you sign up to receive Forum news or register for our conference, you may be added to distribution lists within Mail chimp to allow us to contact you. Through Mailchimp members of the Forum management team gathers and monitors statistics around email openings and clicks to help us understand and improve our e- communications. This information is identifiable to you and you can manage these settings in Mailchimp here. Mail chimp privacy notice is also available here https://mailchimp.com/legal/privacy/?_ga=2.196510060.1906243466.1527174301-808351267.1472549318 NHS R&D Forum privacy policy: FINAL Version 1.0 May 25 th 2018 3

Social Media Platforms We use twitter and LinkedIn to communicate with and between the Forum members and communities of interest. If you contact us via direct mail in Twitter or LinkedIn this will be stored on those systems. If we re- tweet, post, or connect with you via either of these social media platforms your comments, posts or profile will become visible to our social media followers as well as those who can follow our Twitter feed directly from the Forum website. Email communications All emails are stored on the Forum email server @rdforum.org. Some emails are also shared across our management team and held on their third party systems such as gmail, yahoo or livemail. Emails are archived and then deleted according to our data protection and retention times specified below. Forum surveys The Forum will distribute surveys to members from time to time. These surveys may use a third party system such as survey monkey, within which your personal data may be held should you choose to provide it. Our surveys are usually anonymous however where personal information is requested or provided by you voluntarily for survey purposes, you may be given the opportunity to opt in and agree to how your information is used. Working groups If you become part of a Forum working group, work stream or project group then your email address will be shared by us with other members of that group and circulated in emails to those who are taking part in email communications about a topic. The content of emails will usually be kept within that group distribution unless otherwise communicated and this practice is promoted to members by the chair of each group. Members of groups may be asked to share their photo for publishing on the Forum website. Expenses Service users who are involved in Forum work may claim expenses to cover their costs, in line with our expenses policy. In order to process these claims and to make payments the personal information contained within the claim form is held by our business support and book keeping teams on their electronic systems. NHS R&D Forum privacy policy: FINAL Version 1.0 May 25 th 2018 4

Accountancy & bookkeeping systems Xero is accountancy software and a compliant system used by Blueberry Business Support Ltd to manage the accounts, invoices and bookkeeping of Health Research & Development Ltd and the Forum. You can more about Xero here: https://www.xero.com/uk/ Training & events registration If you attend one of our training courses or professional events, you will be asked to register some personal information as part of the booking process to include your name, address and dietary requirements. If the event is fee- paying this will include some financial details. Your information will be held in a database by the event and book keeping teams at Blueberry Business and Delegant ltd and sometimes by an organisation that may be partnering with us to host the event. Names and email addresses and dietary requirements are sometimes held in excel distribution lists for the purposes of managing smaller workshops or group meetings by Forum members. The record of your attendance will be kept for a maximum period of 6 years for quality assurance purposes Delegate lists and evaluation forms may be shared with course leaders, trainers and other members of the Forum management team. For some of our events a full delegate listing will be published in the event materials along side slides and materials. Sometimes this information is held within a third party system called Drop box. You can read more about Drop box here: https://www.dropbox.com/en_gb/ If we have to create name badges, delegate guides etc then your details (usually name and company/organisation) will be provided in pdf format to a printer for printing Photographs We may tweet about or during our training events, meetings, conferences and workshops. In doing so we may also tweet photographs or post them onto one of our websites. We will try to make our intentions clear to all delegates at the time photographs are taken and we will also provide you with the means to contact us if you wish for your photograph not to be taken or posted online. At all times you can register your requests through info@rdforum.org.uk or contact a member of the team by telephone http://www.rdforum.nhs.uk/content/contact- us/ NHS R&D Forum privacy policy: FINAL Version 1.0 May 25 th 2018 5

The Resources Exchange The Forum resources exchange http://www.rdforum.nhs.uk/content/resource- exchange- home- page/ contains links to documents, resources and online tools submitted by the Forum community. They are then displayed on the Forum website and may contain personal information such as authors name and affiliated organisation, if they have been included within that resource. Documents that are submitted that are not already on a public facing website are displayed with the permission of the person making the submission and that person is asked to ensure they have the permission of the resource owner before uploading. Resources can be removed at anytime from the exchange. 3. About the lawful basis for processing your personal data To be compliant with GDPR we must hold, process and store any personal data that you send to us lawfully and transparently. We believe that you would expect us to use your personal data as specified above in order to undertake our role as facilitators of a Professional Network and our community of practice. We therefore are using legitimate interest as the lawful basis for processing most of the personal data you provide to us during your engagement with the Forum, and we have conducted a legitimate interests test to ensure we are doing so fairly and in a way that you would expect. Within our role as a network we believe you expect to receive up to date information from our partners and us and therefore we do not consider this to be marketing. However in most cases you will also opt- in, electing to receive this information, and you will always be able to opt- out. Where financial transaction takes place we will use contracts as a lawful basis as a contractual relationship is being fulfilled. On occasion we may conduct a survey that includes your identifiable data and when we may need to ask for your explicit consent. The R&D contacts directory hosted by the R&D Forum website is part of a UK- wide research management system that supports the regulatory landscape. We encourage all information in this database to be professional and include a generic office email address only, as we regularly share downloads of these addresses with research Sponsors and regulators in order for them to contact your office about research studies. As such we do not believe that true consent can be fairly obtained and that legitimate interest is the appropriate lawful basis for processing this information. NHS R&D Forum privacy policy: FINAL Version 1.0 May 25 th 2018 6

4. How we keep your data Retention & destruction: We will keep financial records and records of your course attendance for quality assurance and audit purposes for a 6 year retention period or there is an overriding legitimate interest for holding it further. We will keep all other records (emails and any other records of activity) for a maximum of 6 years, unless you tell us otherwise or there is an overriding legitimate interest for holding it further. Security Health Research & Development Ltd on behalf of the NHS R&D Forum takes the care of your personal data very seriously and together with our partners we use a combination of measures to protect it, including secure servers, passwords and virus and malware protection. We do not processes or store any special category data and all members who have access to your data will have received training to make sure they understand the importance of keeping it safe. We always encourage the sharing of professional personal data only wherever possible. Servers used to store your personal information are all located within the EU and we do not use your information for automated decision making Whilst we take all of the measures that we ve outlined above, unfortunately the transmission of information using the Internet is not completely secure. Although we will do our best to protect your personal data sent to us this way, we cannot guarantee the security of data transmitted to our site. In the extremely unlikely event that we experience a data breach, our data protection function will work immediately to close the breach, analyze the cause of the breach and put in place preventive measures to avoid a similar breach recurring. NHS R&D Forum privacy policy: FINAL Version 1.0 May 25 th 2018 7

5. About your rights Your right to rectification You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. Your right to erasure You have the right to ask us to erase your personal information in certain circumstances. This right is not absolute You can read more about this right on the Information Commissioners Office Website here: https://ico.org.uk/your- data- matters/your- right- to- get- your- data- deleted/ Your right to restriction of processing You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right on the Information Commissioners Office Website here https://ico.org.uk/your- data- matters/your- right- to- limit- how- organisations- use- your- data/ Your right to object to processing You have the right to object to processing if we are able to process your information because the process is in our legitimate interests. You can read more about this right on the Information Commissioners Office: here: https://ico.org.uk/your- data- matters/the- right- to- object- to- the- use- of- your- data/ The NHS R&D Forum, which includes all contracted organisations working as part of the management team, values your contribution to the Forum and will never sell or lease your personal information. We will only share your information: With third party service providers and agents to process information on our behalf to undertaken Forum business and to support the health and care research endeavour across the UK. To comply with the law: To comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process. To enforce our rights, prevent fraud and for safety purposes: To protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud. NHS R&D Forum privacy policy: FINAL Version 1.0 May 25 th 2018 8

You have full control of your personal mailing list account details and you can opt out of receiving Forum news at any time should you wish to do so. You can also request to be removed from the Forum Directory, to be replaced with a generic contact address or another member of your team, at anytime. If your details are contained within a resource on the resources exchange that you wish to be removed we can do this on your request. If you would prefer us to: Stop contacting you Amend your information Delete your information Change your preferences (for instance if you would prefer us to only contact you about certain things or restrict what information we have about you) Any other change Please tell us. You can do so by emailing anyone from NHS R&D Forum management team via info@rdforum.org.uk. We will make any changes requested within 1 month, or sooner where we can. If you wish to see the information that we hold about you, you can make a subject access request via info@rdforum.org.uk Right of portability You are able to request a copy of the information we hold about you or ask for us to send the information to another data controller with your permission if you provided this information to us. The right of data portability only applies if we are processing your information based on your consent or we are in talks about entering into a contract or the process is automated. We can send personal data in structured, commonly used and machine- readable formats, using secure methods. 6. How to get in contact about your data We value your contribution to the NHS R&D Forum and hope that you continue to support our good work. If you have any questions at all about the processing of your personal data please get in touch with a member of the team via the details below: Email: info@rdforum.org.uk Post: Health Research & Development Limited, Boston House, Grove Business Park, Wantage NHS R&D Forum privacy policy: FINAL Version 1.0 May 25 th 2018 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback