Privacy and data protection
Privacy and data protection
The Scottish Dental Clinical Effectiveness Programme (SDCEP) operates within NHS Education for Scotland (NES). SDCEP provides user-friendly, evidence-based guidance on topics identified as priorities for oral health care.
Please see below for how NES manages personally identifiable information.
About NHS Education for Scotland
NHS Education for Scotland (NES) is a public-sector body created in Scotland under section 2 of the National Health Service (Scotland) Act 1978 (the 1978 Act). NES was set up by the NHS Education for Scotland statutory order, (2002, no. 103).
NES is an education and training body and a special health board within NHS Scotland, with responsibility of developing and delivering education and training for the healthcare workforce in Scotland.
What types of personal information are collected?
NES holds and manages personal data for the administration and evaluation of training and education of health and social care professionals, for the employment of staff, for research and for related activities in support of its core purposes.
NES processes several categories of personal data, including:
- Training management data: including contact details for trainees, educational history, placements and records of progress
- Educational data: contact details, records of attainment, records of attendance
- Employee data: contact details employment and educational history, leave records, management information, performance and appraisal information
- Contact details for: contractors and suppliers, stakeholders, volunteers, organisational leads or contacts for specific activities
- Equality and diversity data (where provided by individuals): race or ethnicity, religion, sexual orientation, disability
Special categories of personal data and why they may be processed
NES will only process sensitive personal data (for example on health, disability, ethnicity and sexual orientation) where is it necessary to carry out our role in health workforce development: for example, in mandatory monitoring of equality and diversity, to ensure that NES is a safe place to work, or to ensure compliance with other legal obligations such as the sick pay policy or equal opportunities.
What is the legal basis for using personal information?
NES as a data controller and a data processor, is required to have a legal basis when using personal information. NES considers that performance of its tasks and functions are in the public interest. When using personal information, NES’s legal basis is usually that its use is necessary for the performance of a task carried out in the public interest, or in the exercise of official authority vested in it.
Sharing the information
NES shares personal data where appropriate and necessary with third parties such as employing NHS Board and other employers, educational institutions and regulatory and professional bodies. NES will also share personal data where required to do so by law.
Retention periods of the information held
NES only keeps your information for as long as it is necessary to fulfil the purposes for which the personal information was collected. This includes for the purpose of meeting any legal, accounting or other reporting requirements or obligations. The NHS Scotland retention policy sets out the minimum retention timescales.
Security of your information
NES takes its duty to protect your personal information and confidentiality very seriously and is committed to taking reasonable measures to ensure the confidentiality and security of personal data for which it is responsible for.
All NES staff are required to undertake annual information governance training and to be familiar with information governance policies and procedures.
Your rights regarding your personal data
You have the following rights in regard to your personal data:
- The right to informed of why NES are collecting/holding data about you and how that data will be used;
- The right to access the data NES hold about you;
- The right to have the data NES hold about you rectified if it is inaccurate or incomplete;
- The right to have your personal data erased and to prevent processing in specific conditions;
- The right to restrict the processing of your data;
- The right to obtain and reuse your personal data for your own purpose across different services;
- The right to object to the processing of your data based on legitimate interests of NES, direct marketing or for the purposes of scientific/historical research and statistics;
- The right not to be subject to a decision based on automated processing.
How to access your personal data
You have the right to access the information which NES holds about you, and why, subject to any exemptions using a Subject Access Request. Requests must be made in writing and you will need to provide:
- Adequate information [for example full name, address, date of birth, staff number etc] so that your identity can be verified and your personal data located.
- An indication of what information you are requesting to enable us to locate this in an efficient manner.
You should send your request to the Information Governance Team. Contact details can be found below.
NES will aim to comply with requests for access to personal data as quickly as possible. NES will ensure that it deals with requests within 30 days of receipt unless there is a reason for delay that is justifiable.
Complaints about how NES processes your personal data
In the first instance, you should contact the Information Governance Team – contact details can be found below.
Data protection notification
NES is a ‘data controller’ under the Data Protection Act. NES has notified the Information Commissioner that it processes personal data and its registration number is: Z7921413
The details are publicly available from the:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow SK9 5AF
www.ico.org.uk
How to contact NES
Data Protection Officer
Westport 102
West Port
Edinburgh EH3 9DN
Email: foidp@nes.scot.nhs.uk
About cookies
The website monitors access to the site for the purpose of system administration of the web server and statistical monitoring of website usage. This includes the use of ‘cookies’. A cookie is a message given to a web browser by a web server. The message is then stored by the browser in a text file called cookie.txt. Every time the browser obtains a page from the server this cookie message is sent back to the server. This allows us to study how people use our website. You may set up your computer to reject cookies by following the relevant instructions which can be found at www.aboutcookies.org.
This following list shows all cookies used by this website and what each is used for:
- Name: _ga
Purpose: Google Analytics anonymous tracking of site usage
Expires: 2 years - Name: _gat
Purpose: Google Analytics anonymous tracking of site usage
Expires: 1 session - Name: cookie_notice_accepted
Purpose: Recording acceptance of cookies
Expires: 1 month - Name: wp-settings-3
Purpose: For the website editors logging in to WordPress to manage site content
Expires: 1 year - Name: wp-settings-time-3
Purpose: For the website editors logging in to WordPress to manage site content
Expires: 1 year
This privacy and data protection notice covers the SDCEP website. Any links from this site to other websites are not covered by this notice.