Data Protection Notice

Data Protection Notice

NHS Ayrshire & Arran are the Data Controller for any personal data you disclose when using the NHS HISA website.  

This data protection notice refers to the personal data you disclose to NHS Ayrshire & Arran when using the NHS HISA website.  

This data protection notice applies to all individuals that use the NHS HISA website.  

NHS Ayrshire & Arran recognises the need to treat personal information in a fair and lawful manner.

What types of personal information do we process?

In order to provide the NHS HISA website we process the following personal information:

  • username
  • contact information including email address
  • demographic information such as location
  • job discipline

Our purposes for processing your personal information

NHS Ayrshire and Arran process personal information for the following purposes:

  • internal record keeping
  • we may use the information to contact those that have completed a HISA for evaluation purposes or arrange follow up sessions

Our lawful basis for processing personal information

Current data protection legislation requires personal data to be processed in line with the following principles:

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified, explicit and legitimate purposes
  • Adequate relevant and limited to what is necessary
  • Accurate and where necessary kept up to date
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which those dates are processed
  • Processed in a manner that ensures appropriate security of the personal data

NHS Ayrshire and Arran will only process your personal information when the law allows us to. We will process your personal information in the following circumstances:  

  • 6(1)(a) – Consent of the data subject

Who provides the personal information?

Information will be provided to NHS Ayrshire and Arran directly from you when you use the NHS HISA website.  

Sharing of personal information with third party organisations  

NHS Ayrshire and Arran will share your personal information with R4creative who host the website on behalf of NHS Ayrshire and Arran.   

Security of your personal information

NHS Ayrshire & Arran take care to ensure your personal information is only accessible to authorised people. In general, access to your personal information is restricted to those who have a need to access it in order to carry out their legitimate duties. Access to the personal data you disclose to us when using the NHS HISA website is restricted to staff members within the Public Health Team of NHS Ayrshire and Arran and associated administrative staff and key staff members within the R4creative team.  We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive.  Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site.  Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.  You can choose to accept or decline cookies. Most web browsers automatically accept cookies but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.  

Retaining personal information

NHS Ayrshire and Arran will retain:

  • Personal data relating to you for 6 years

Your rights

You have a number of rights under Data Protection Legislation

For more information on your information rights please see:

www.ico.org.uk

Please also see NHS Ayrshire and Arran’s patient data protection notice at https://www.nhsaaa.net/data-protection-notice/

Please also see NHS Ayrshire and Arran’s staff data protection notice at https://www.nhsaaa.net/data-protection-notice/}

The right of access

You have the right to access your own personal information.  

If you would like to access your personal information contained within NHS HISA website you can do this by contacting:

NHS Ayrshire and Arran, Public Health, Afton House, Ailsa Hospital, Ayr KA6 6AB or info@nhshisa.net

Further details around this can be found within the:  

Access to Personal Information held about you policy http://athena/kmeh/kmeh/igs/Documents/AccesstoPIPol.pdf

Your duty to inform us of changes

It is very important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes by contacting NHS Ayrshire and Arran, Public Health, Afton House, Ailsa Hospital, Ayr KA6 6AB or info@nhshisa.net

Complaints about how we process your personal information

If you are unhappy about how NHS Ayrshire and Arran has processed your personal information, in the first instance you should discuss your concerns with NHS Ayrshire and Arran, Public Health, Afton House, Ailsa Hospital, Ayr KA6 6AB or info@nhshisa.net  

You can also contact the Data Protection Officer:

Jillian Neilson, Head of Information Governance & Data Protection Officer,
14 Lister Street, University Hospital Crosshouse, Kilmarnock, KA2 0BE
Tel: 01563 8(25831)
Email: informationgovernance@aapsct.scot.nhs.uk

You have the right to make a complaint to the Information Commissioner’s Office
Tel: 0303 123 1113 or www.ico.org.uk