NHS Wales is made up of several health organisations that include Health Education and Improvement Wales (HEIW) who have a leading role in the education, training, development, and shaping of the healthcare workforce in Wales, in order to ensure high-quality care for the people of Wales.
Established on the 1st October 2018, Health Education and Improvement Wales (HEIW) brings together three key organisations for health: the Wales Deanery; NHS Wales’s Workforce Education and Development Services (WEDS); and the Wales Centre for Pharmacy Professional Education (WCPPE).
HEIW key functions include:
If you have any questions regarding how information may be used you must use the contact us tab shown on the website or the information contained at the bottom of this notice.
When visiting this site we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in an anonymous way, which does not identify anyone individually. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be open about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Cookies are small text files sent to your computer or mobile device by the websites that you visit. They help make websites work better and provide information to the owners of the site. For instance, we use language cookies to know what language you would like the web site displayed to you in, we also use YouTube cookies to embed videos in pages and Google Analytics cookies to track users’ behaviour whilst on the site. By understanding how people use our site, we can improve the navigation and content to better meet people’s needs. The information collected by the Welsh Government includes IP address, pages visited, browser and operating system. The data will not be used to identify any user personally.
Links to HEIW Social Media accounts are provided on the contact us page or via:
We will monitor our Social Media pages and will have access to any private or public messages that are sent to us. We may ask for additional information. However, we will only communicate with you using your preferred method of contact.
We will use this information to provide you with the most relevant information for your specific situation and in line with our confidentiality practices, we will not request or share sensitive identifiable information via a public comment or forum and only privately.
In some cases, the information may need to be shared with other government organisations including Welsh Government or another body in NHS Wales for example - a Health Board in Wales if you are interested in working for them / in a certain area. However, this will not be done without your consent.
If you send us a public message, we will use the information to respond to your query using a private message communicated between you and HEIW. If you send us an article, item of interest or a news item, we may share or retweet your message if appropriate.
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with the government. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
This Privacy Notice covers the rights of data use under legislation called the General Data Protection Regulation (GDPR). It emphasises HEIW’s need to make sure that we explain how we use information.
The information we give you about our use of information will be:
The law determines how we can use information. In those areas where we use identifiable information, the laws we follow that allow this to happen are listed below:
As explained in detail in the Introduction, Health Education and Improvement Wales (HEIW) is an organisation that comprises of several departments that process data fairly and lawfully. These include:
HEIW supports the education and training of:
For all areas of work within HEIW, the organisation shall be the holder and user of this information.
In order to perform our functions, we may process information about you, including;
Google will use this information to produce user activity reports for this website. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
In order to carry out the functions above, we work with universities, regulators, health boards and our equivalent organisations in England, Scotland and Northern Ireland. This may involve the sharing of personal information from time to time. Where this is the case, Data Protection Impact Assessments are carried out and Information Sharing Agreements are used as appropriate.
It is important to note that anyone receiving information about you are under a legal duty to keep it confidential. We only request, use and share the minimum information necessary for the purposes it was required.
We will never sell your information and we will not share it without the appropriate legal authority.
HEIW takes responsibility to look after all information very seriously. This is regardless of whether it is electronic or in paper form and whether it is identifiable or not.
HEIW also employs someone who is responsible for managing information and its confidentiality to ensure:
All staff are required to undertake training on a regular basis. Comprehensive training is required to help protect the information that has been given, used, processed by HEIW.
The training makes sure that all staff working in HEIW (including the wider NHS), are aware of their responsibilities about the handling of your information regardless of the department that they work in.
Check the HEIW Information Governance page for more information.
Where information collected on you is identifiable and relevant, HEIW will make sure that you are able to have access to this. This is so that you know what we hold.
You have the right:
If you wish to know more, please contact the person listed below for further information about your rights of access.
HEIW tries to answer all requests for access to information as quickly as possible. The organisation is obliged to provide a response to your request within a month (30 calendar days) of receiving it, but this can be extending if the request is complex and extensive.
HEIW will look at your request to make sure that the information requested is personal information. Most of the time, it will be clear that the information is personal but HEIW will contact you if it is not clear within your request.
The information will be provided free.
However, we could ask for a small fee. This is where the request is large or repeated. This will be based on the cost of providing it.
If you wish to find out more about fees for information, then please contact the person listed at the bottom of this notice.
If your information is identifiable, it will be provided in a format that can be used on another system easily if it is electronic (i.e. Microsoft Word or Excel). Otherwise, it will be supplied on paper.
Where personal information may be collected and for the use of this to be lawful, HEIW may ask for permission from you. This is not necessary if the use is for a lawful basis under the current regulations but consideration at all times will be made where consent is anticipated to be collected and administrated correctly.
HEIW will ask service users for consent for where personal information is part of the processing. HEIW will ensure that any consent provided must be freely given, specific, informed and unambiguous. Each individual must provide “clear affirmative action” that they consent to the data being used for the specific work area and be notified of its use via a separate privacy notice explaining what data is being used and why.
At the time of obtaining consent, HEIW will explain to individuals that they are able to withdraw consent at any time but also that this would not render processing on the basis of consent prior to withdrawal to be unlawful and is determined on whether the data is also identifiable at the time of the request.
Individuals must also be able to easily and freely withdraw consent at any time and use their right to be forgotten. If consent is withdrawn, HEIW will be able to provide a legitimate interest statement for its own requirements for NHS Wales led projects.
However, if the data is unidentifiable and the data subject cannot be distinguished from the data collected, the right to be forgotten will not apply.
Stopping use would ordinarily apply to personal information and not unidentifiable data held by HEIW. However, this will be reviewed on a case-by-case basis dependant on the work being completed.
HEIW will not be responsible for content that has already been freely shared in the public domain, for example on social media networks, for purposes of journalism and other platforms outside HEIW’s control. If a Data Subject requires this information to be removed (and is easily identifiable to them), then they will need to apply to the organisation or company hosting the information and request its removal.
HEIW also provides safeguards against risks that involve processes that include automated decision-making.
This applies when:
Some areas of work within HEIW take a small number of automated decisions but there is mostly human involvement in this. For example, human involvement in the production of statistical data for reporting purposes or online questionnaire results will require a degree of automation to effectively specify, collate and download specific datasets to create reports and outcomes.
However, HEIW will take steps to identify how many automated decisions it makes and whether these are acceptable with each process.
In turn, HEIW will ensure that any automated profiling is fair and lawful. HEIW will use correct procedures, to include reducing errors and correcting where data is not accurate.
If any personal data has been provided by yourself and you feel that this is incorrect, you are entitled to request that HEIW correct any mistakes in this information, regardless of the context of the use.
HEIW must ensure that proven inaccurate or incomplete information is either erased or corrected.
We will only store information for as long as necessary dependant on the type and use.
Records are stored in line with Records Management Code of Practice for Health & Social Care’s retention and disposal schedule. This determines the minimum length of time records should be kept.
HEIW will retain data in order to comply with legal requirements.
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
We are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
If you wish to make a complaint about any issues you have experienced regarding your information, then please contact:
Data Protection Officer/ Swyddog Diogelu Gwybodaeth
Addysg a Gwella Iechyd Cymru/Health Education and Improvement Wales,
Tel: 03300 585 005
If you are still unsatisfied following your complaint and this remains unresolved, you have the right to make a complaint to the:
Information Commissioner’s Office,
2nd Floor, Churchill House,
17 Churchill Way,
We welcome your feedback. If you contact us asking for information, we may need to contact other government departments to find that information. If your question is technical, we may need to pass it to our technology support (currently Digital Health and Care Wales (DHCW)).
We do not pass on any of your personal information when dealing with your enquiry unless you have given us permission to do so. Once we have replied to you, we keep a record of your message for audit and evaluation purposes.