Privacy

Privacy

What information do we collect about you?

We only collect names, work addresses and email of individuals responsible for completing the digital maturity self-assessment.

How will we use information about you?

We only use your information for the lawful purposes of administering the digital maturity assessment.

Lawful Basis

Data Protection law says that we must have a ‘lawful basis’ to use your personal information. There are 5 lawful bases that we might rely on depending on why and how we are using your information, which are described below.

Legitimate Interests

When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate interests do not automatically override your interests – we will not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

If you have any concerns about the processing of your personal information based on our legitimate interests, you have the right to object. For more information on your rights, please See below.

Your Rights

You have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request that we update the personal information we hold about you.

Depending on why we have and use your personal information you may also have the following rights:

  • To be informed about what we are doing with your personal data.
  • To object to the processing of your personal data.
  • To ask that we delete your personal information. If you ask us to delete your personal information we will not be able to provide our services to you.
  • To ask us to stop processing your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
  • To limit our use of your personal information.
  • To request an electronic copy of your personal information in a commonly used form e.g. CSV file (Data Portability).
  • To understand and input into a decision made by solely automated means if it has a legal or similarly significant effect on you.
How to stop or change how we communicate with you

If at any time you wish to stop or change how we communicate with you, or update the information we hold, please do get in touch using the contact form on this page.

Indirectly

If we receive your information from another source and not directly from you (for example from other NHS bodies) we will ensure you are given all the important information about how we will use and look after your information as soon as possible and within one month of receiving your information (unless it is impossible to do so or would involve disproportionate effort).

When you visit our website

When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.

These pieces of information are used to improve services for you through, for example:

  • Enabling a service to recognise your device so you don’t have to give the same information several times during one task
  • Recognising that you may already have given a username and password so you don’t need to do it for every web page requested
  • Measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast.

You can manage these small files yourself through your browser setting.

Please note that the cookie providers listed below may distribute the gathered cookie information with other third-party websites for the purpose of activity tracking. You can find out more about the policy of each cookie provider on their respective privacy pages.

Current cookies

Please by aware that the providers listed below may change their cookie names without notice.

As an example, we use the following cookies on our website:

Cookie: Google Analytics

Example name: _utma, _utmb, _utmc, _utmz, GAPS, LSID, LSOSID, OTZ

Purpose: These cookies are used to collect information about how visitors use our site, which we use to help improve it. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Who we share your information with

We do not sell, rent or lease the personal information we collect to any third parties.

Depending on why you provided us with your personal information and how we are using it, we may need to share your information with other organisations or individuals, such as those that provide services on our behalf (e.g. printing and delivery of mailings, delivery of products, information on your support), or those for whom we are operating the digital maturity assessment.

We will only provide these organisations and individuals with the personal information necessary to fulfil the purpose for which it was provided. We have systems and processes in place to ensure your personal information is maintained confidentially and securely and that it is used only for purposes for which it was provided.

We may also need to disclose your personal information to another organisation if we are required to do so to meet a legal obligation.

How we keep your Personal information secure

All personal information we hold about you will be kept securely, using a variety of security technologies and organisational procedures to help protect your personal information from unauthorised access, use or disclosure.

How long we keep your personal information

We will only keep your personal information for as long as it is required for the purpose we collected it, including if it is needed for any legal, accounting or reporting purposes. We will let you know how long we keep your personal information.

Your rights and controlling your personal information

You have the right to:

  • Be informed about what we are doing with your personal information;
  • Object to the processing of your personal information;
  • Request access to your Personal information (commonly known as a “data subject access request”);
  • Request us to update the Personal information we hold about you or delete the information we hold about you (although we will not be able to provide our services to you if you make this request);
  • Ask us to stop processing personal information about you where we are relying on a legitimate interest;
  • Ask us to restrict how we use your personal information for a period of time;
  • Request us to send another organisation information that you have provided to us in a computer-readable format;
  • Understand and input into a decision made by solely automated means if it has a legal or similarly significant effect on you;
  • Withdraw consent if that is the basis that we are relying on. We will inform you how to do this.
For further information on your rights

If you are unhappy with how we handle your personal information, or how we handle any requests you make, please contact our Data Protection Officer

If our Data Protection Officer cannot address your concern, you can complain to the Information Commissioner’s Office: or call 0303 123 1113.

Changes to this Policy

We reserve the right to update this privacy policy at any time, and we will provide you with a new privacy policy when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your Personal information.

Contact our Data Protection Officer

Our Data Protection Officer is responsible for making sure that we comply with our Privacy Policy and with all data protection regulations and law.