Privacy Policy

Introduction

NHS Wales is made up of several health organisations that include Health Education and Improvement Wales (HEIW) who have a leading role in the education, training, development, and shaping of the healthcare workforce in Wales, in order to ensure high-quality care for the people of Wales.

Established on the 1st October 2018, Health Education and Improvement Wales (HEIW) brings together three key organisations for health: the Wales Deanery; NHS Wales’s Workforce Education and Development Services (WEDS); and the Wales Centre for Pharmacy Professional Education (WCPPE).

HEIW key functions include:

  • Working closely with partners and key stakeholders, and planning ahead to ensure the health and care workforce meets the needs of the NHS and people of Wales, now and in the future;
  • Being a reputable source of information and intelligence on the Welsh health and care workforce;
  • Commissioning, designing, and delivering high quality, value for money education and training;
  • Using education, training, and development to encourage and facilitate career progression;
  • Supporting education, training, and service regulation by playing a key role in representing Wales, and working closely with regulators;
  • Developing the healthcare leaders of today and the future;
  • Providing opportunities for the health and care workforce to develop new skills;
  • Promoting health and care careers in Wales, and Wales as a place to live;
  • Supporting the professional workforce and organisation development profession with Wales; and
  • Continuously improving what we do and how we do it.

If you have any questions regarding how information may be used you must use the contact us tab shown on the website or the information contained at the bottom of this notice.

Visitors to our websites

When visiting this site we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in an anonymous way, which does not identify anyone individually. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be open about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Use of cookies

Cookies are small text files sent to your computer or mobile device by the websites that you visit. They help make websites work better and provide information to the owners of the site. For instance, we use language cookies to know what language you would like the web site displayed to you in, we also use YouTube cookies to embed videos in pages and Google Analytics cookies to track users’ behaviour whilst on the site. By understanding how people use our site, we can improve the navigation and content to better meet people’s needs. The information collected by the Welsh Government includes IP address, pages visited, browser and operating system. The data will not be used to identify any user personally.

People who contact us via social media

Links to HEIW Social Media accounts are provided on the contact us page https://heiw.nhs.wales/contact/ or via:

Twitter https://twitter.com/heiw_nhs?lang=en

Facebook https://www.facebook.com/HEIW.NHS/

Linkedin https://uk.linkedin.com/company/nhs-heiw

We will monitor our Social Media pages and will have access to any private or public messages that are sent to us. We may ask for additional information. However, we will only communicate with you using your preferred method of contact.

We will use this information to provide you with the most relevant information for your specific situation and in line with our confidentiality practices, we will not request or share sensitive identifiable information via a public comment or forum and only privately.

In some cases, the information may need to be shared with other government organisations including Welsh Government or another body in NHS Wales for example - a Health Board in Wales if you are interested in working for them / in a certain area. However, this will not be done without your consent.

If you send us a public message, we will use the information to respond to your query using a private message communicated between you and HEIW. If you send us an article, item of interest or a news item, we may share or retweet your message if appropriate.

People who email us

We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with the government. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Your rights

This Privacy Notice covers the rights of data use under legislation called the General Data Protection Regulation (GDPR). It emphasises HEIW’s need to make sure that we explain how we use information.

The information we give you about our use of information will be:

  • Brief, easy to read and easily accessible;
  • Written in clear, plain language; and
  • Free of charge.

What laws do we use?

The law determines how we can use information. In those areas where we use identifiable information, the laws we follow that allow this to happen are listed below:

  • General Data Protection Regulation
  • UK Data Protection Bill
  • Human Rights Act
  • Freedom of Information Act
  • Common Law Duty of Confidentiality
  • Computer Misuse Act
  • Audit Commission Act
  • Regulation of Investigatory Powers Act

What do we do?

As explained in detail in the Introduction, Health Education and Improvement Wales (HEIW) is an organisation that comprises of several departments that process data fairly and lawfully. These include:

  • Postgraduate Medical and Dental Education
  • Pharmacy Professional Education
  • NHS Workforce, Education and Development

HEIW supports the education and training of:

  • 3,000 training-grade staff and associate specialist doctors and dentists;
  • 2,500+ pharmacists, 1,600+ pharmacy technicians, 70+ pre-registration pharmacists and pharmacy technicians trainees;
  • 3,300 new non-medical health profession students;
  • 1,600 dentists and 3,400 dental care professionals;
  • 700+ optometrists; and
  • 9,500 (total number) students within the non-medical education system.

For all areas of work within HEIW, the organisation shall be the holder and user of this information.

What information do we collect?

We monitor user activity to enhance content provided on this site. This website uses Google Analytics, a web analytics service provided by Google Inc. ('Google'). Google Analytics uses 'cookies' and JavaScript code to help analyse user activity on websites. The information generated about your use of the website (including your anonymised IP address) will be transmitted to and stored on Google servers in the United States.     

Google will use this information to produce user activity reports for this website. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

Google will not associate your IP address with any other data previously held. You may refuse the use of cookies by selecting the appropriate settings on your browser. Please note that if cookies are disabled, you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Read Google's Privacy Policy and Google's Terms of Service for detailed information.

Legitimate interest

HEIW and all of its services have a “legitimate interest” in continuing to process personal data where:

i) there is a real business interest being pursued in continuing to process specific personal data;

ii) the processing is absolutely necessary in order for the business to pursue that interest (i.e. the interest cannot be pursued in another way which is proportionate); and

iii) the processing is balanced against the impact such processing will have on the fundamental rights and freedoms of data subjects.

It is important that you understand who is responsible for keeping your data safe. HEIW collects data and where applicable, your personal data with your consent.

Sharing your information

Where applicable, data may be shared with only those who are involved with the objectives referred to above. This may in certain circumstances, include external companies who may carry out work on our behalf, this will be communicated to all users of the specific service where it is possible to do so and where it includes the requirement to use personal data, this is Privacy Impact Assessed before use.

It is important to note that anyone receiving information about you are under a legal duty to keep it confidential. We only request, use and share the minimum information necessary for the purposes it was required. 

We will never sell your information and we will not share it without the appropriate legal authority.

Security of your Information

HEIW takes responsibility to look after all information very seriously. This is regardless of whether it is electronic or in paper form and whether it is identifiable or not.

HEIW also employs someone who is responsible for managing information and its confidentiality to ensure:

  • your information is protected; and
  • inform you how it will be used.

All staff are required to undertake training on a regular basis. Comprehensive training is required to help protect the information that has been given, used, processed by HEIW.

The training makes sure that all staff working in HEIW (including the wider NHS), are aware of their responsibilities about the handling of your information regardless of the department that they work in.

HEIW Information Governance pages can be found here https://heiw.nhs.wales/about-us1/information-governance/

What are you entitled to?

Where information collected on you is identifiable and relevant, HEIW will make sure that you are able to have access to this. This is so that you know what we hold.

You have the right:

  • to know about details of how your information is used; and
  • have copies of your information.

If you wish to know more, please contact the person listed below for further information about your rights of access.

HEIW tries to answer all requests for access to information as quickly as possible. The organisation is obliged to provide a response to your request within a month (30 calendar days) of receiving it, but this can be extending if the request is complex and extensive.

HEIW will look at your request to make sure that the information requested is personal information. Most of the time, it will be clear that the information is personal but HEIW will contact you if it is not clear within your request.

Do I have to pay a fee?

The information will be provided free.

However, we could ask for a small fee. This is where the request is large or repeated. This will be based on the cost of providing it.

If you wish to find out more about fees for information, then please contact the person listed at the bottom of this notice.

How will information be provided?

If your information is identifiable, it will be provided in a format that can be used on another system easily if it is electronic (i.e. Microsoft Word or Excel). Otherwise, it will be supplied on paper.

Permission (consent)

Where personal information may be collected and for the use of this to be lawful, HEIW may ask for permission from you. This is not necessary if the use is for a lawful basis under the current regulations but consideration at all times will be made where consent is anticipated to be collected and administrated correctly.

HEIW will ask service users for consent for where personal information is part of the processing. HEIW will ensure that any consent provided must be freely given, specific, informed and unambiguous. Each individual must provide “clear affirmative action” that they consent to the data being used for the specific work area and be notified of its use via a separate privacy notice explaining what data is being used and why.

At the time of obtaining consent, HEIW will explain to individuals that they are able to withdraw consent at any time but also that this would not render processing on the basis of consent prior to withdrawal to be unlawful and is determined on whether the data is also identifiable at the time of the request.

Individuals must also be able to easily and freely withdraw consent at any time and use their right to be forgotten. If consent is withdrawn, HEIW will be able to provide a legitimate interest statement for its own requirements for NHS Wales led projects.

However, if the data is unidentifiable and the data subject cannot be distinguished from the data collected, the right to be forgotten will not apply.

What about stopping use?

Stopping use would ordinarily apply to personal information and not unidentifiable data held by HEIW. However, this will be reviewed on a case-by-case basis dependant on the work being completed.

HEIW will not be responsible for content that has already been freely shared in the public domain, for example on social media networks, for purposes of journalism and other platforms outside HEIW’s control. If a Data Subject requires this information to be removed (and is easily identifiable to them), then they will need to apply to the organisation or company hosting the information and request its removal.

Automated decision taking

HEIW also provides safeguards against risks that involve processes that include automated decision-making.

This applies when:

  • it is an automatic process; and
  • there is a legal effect on a decision made with the information.

Some areas of work within HEIW take a small number of automated decisions but there is mostly human involvement in this. For example, human involvement in the production of statistical data for reporting purposes or online questionnaire results will require a degree of automation to effectively specify, collate and download specific datasets to create reports and outcomes.  

However, HEIW will take steps to identify how many automated decisions it makes and whether these are acceptable with each process.

In turn, HEIW will ensure that any automated profiling is fair and lawful. HEIW will use correct procedures, to include reducing errors and correcting where data is not accurate.

What about rights to correct or delete inaccurate information?

If any personal data has been provided by yourself and you feel that this is incorrect, you are entitled to request that HEIW correct any mistakes in this information, regardless of the context of the use.

HEIW must ensure that proven inaccurate or incomplete information is either erased or corrected.

Keeping your information

We will only store information for as long as necessary dependant on the type and use.

Records are stored in line with Records Management Code of Practice for Health & Social Care’s retention and disposal schedule. This determines the minimum length of time records should be kept.

HEIW will retain data in order to comply with legal requirements.

Making a complaint

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy policy was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of this site’s' collection and specific use of personal information by HEIW. Each department connected with the purpose of collecting personal identifiable information within HEIW are privacy impact assessed when and where the need arises.

We are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.

If you wish to make a complaint about any issues you have experienced regarding your information, then please contact:

Dafydd Bebb,
Ysgrifennydd y Bwrdd/Board Secretary,
Addysg a Gwella Iechyd Cymru/Health Education and Improvement Wales,
Tŷ Dysgu,
Cefn Coed,
Nantgarw,
CF15 7QQ

Tel: 03300 585 005
Email: dafydd.bebb@wales.nhs.uk

If you are still unsatisfied following your complaint and this remains unresolved, you have the right to make a complaint to the:

Information Commissioner’s Office,
2nd Floor, Churchill House,
17 Churchill Way,
Cardiff,
CF10 2HH

Email: wales@ico.gsi.gov.uk
Website: www.ico.org.uk

Links to other websites

This privacy policy does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Changes to this privacy Policy

If this privacy policy changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

This privacy policy was last updated on 1 August 2019.

Feedback

We welcome your feedback. If you contact us asking for information, we may need to contact other government departments to find that information. If your question is technical, we may need to pass it to our technology support (currently NHS Wales Informatics Service (NWIS)).

We do not pass on any of your personal information when dealing with your enquiry unless you have given us permission to do so. Once we have replied to you, we keep a record of your message for audit and evaluation purposes.

Share: