MEDED - YOUR PRIVACY AND DATA PROTECTION

How NHS Lanarkshire Medical Education Department manages personal data

NHS Lanarkshire Medical Education Department (MEDED) holds and manages personal data for the administration and evaluation of training and education of health and social care professionals, and for related activities in support of our core purposes.

We process several categories of personal data:

  • Training management data: including contact details for senior medics, trainees, educational history, placements and records of progress.
  • Educational data: contact details, records of attainment, records of attendance.
  • Personal data will be held for no longer than necessary in line with our records retention policy.

We will only share personal data where appropriate and necessary within NHS Lanarkshire. We will also share personal data where required to do so by law.

MEDED may use your contact details to tell you about relevant training opportunities, educational events or related activities. We may also contact you to invite you to participate in the evaluation of education or related research.

Your rights regarding your personal data

You have the right to:

  • know what information MEDED holds about you and how it is processed
  • ask for inaccurate data to be corrected
  • receive a copy of information MEDED holds about you
  • raise concerns with the supervisory authority (the Information Commissioner)

If you would like to see information we hold about you, please complete and return 'MEDED Subject Access Request Form' (doc).

We will ask for proof of identity (such as a passport or photo ID driving licence). Once we have received your request, identification and fee, we must respond to you within 30 days.

You also have the right to raise concerns about the handling of your personal data with the Information Commissioner https://ico.org.uk/concerns/

Legal basis for processing personal data

MEDED processes personal data under the following conditions of the General Data Protection Regulation:

  • "6(1)(c) processing is necessary for compliance with a legal obligation";
  • "6(1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller."
  • "9(2)(b) – Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement" (for special categories of data)

Retention periods for the information we hold

We only keep your information for as long as it is necessary to fulfil the purposes for which the personal information is collected. This includes for the purposes of meeting any legal, accounting or other reporting requirements or obligations. The NHS Scotland retention policy sets out the minimum retention timescales.

MEDED Data Protection Contact Details

For further information on data protection in NHS Lanarkshire, please contact:

Data Protection Officer
Kirklands Hospital
Fallside Road
Bothwell, G71 8BB

Collection and use of technical information

Technical details in connection with visits to this website are logged, collected and used to generate general statistics.

We will make no attempt to identify individual users. However access to web pages will generally create log file entries in the systems of your Internet Service Provider (ISP) or network services provider.

Log files are maintained and analysed of all requests for files on MEDED servers. Aggregated analyses of these log files are used to monitor website usage. These analyses are used to allow us to monitor and evaluate the effectiveness of our websites. All log file information collected by NHS Lanarkshire MEDED is kept secure and is not provided to any third parties.

 

DATA PROTECTION - OTHER RIGHTS

THE RIGHT TO ERASURE

-----------------------------------------------------------

The right to erasure is also known as "the right to be forgotten" and in general refers to an individual's right to request the deletion or removal of personal information where there is no compelling reason for NHS Lanarkshire to continue using it.

As with other rights, there are particular conditions around this right and it does not provide individuals with an absolute right to be forgotten.

Individuals have the right to have their personal information deleted or removed in the following circumstances:

  • When it is no longer necessary for the purpose for which it was collected.
  • When NHS Lanarkshire no longer have a legal basis for using your personal information, for example if you gave us consent to use your personal information in a specific way, and you withdraw your consent, we would need to stop using your information and erase it unless we had an overriding reason to continue to use it.
  • When you object to NHS Lanarkshire using your personal information and there is no overriding legitimate interest for us to continue using it.
  • If we have used your personal information unlawfully.
  • If there is a legal obligation to erase your personal information for example by court order.

NHS Lanarkshire can refuse to deal with your request for erasure when we use your personal information for the following reasons:

  • to comply with a legal obligation for the performance of a public interest task or exercise of official authority.
  • for public health purposes in the public interest.
  • When you object to NHS Lanarkshire using your personal information and there is no overriding legitimate interest for us to continue using it.
  • archiving purposes in the public interest, scientific research historical research or statistical purpose.
  • the exercise or defence of legal claims.

When using personal information our legal basis is usually that its use is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us under the NHS Scotland Act as noted previously. This means that in most circumstances we can refuse requests for erasure. However we will advise you of this as soon as possible following receipt of your request.

THE RIGHT TO RESTRICT PROCESSING

-----------------------------------------------------------

You have the right to control how we use your personal information in some circumstances. This is known as the right to restriction. When processing is restricted, NHS Lanarkshire are permitted to store your personal information, but not further use it until an agreement is reached with you about further processing. We can retain enough information about you to ensure that your request for restriction is respected in the future.

Examples of ways you can restrict our processing would be:

  • If you challenge the accuracy of your personal information, stop using it until we check its accuracy.
  • If you object to processing which is necessary for the performance of our tasks in the public interest or for the purpose of legitimate interests, we will restrict our processing while we consider whether our legitimate grounds override your individual interests, rights and freedoms.
  • If our use of your personal information is found to be unlawful and you ask for restriction instead of full erasure we will restrict our processing.
  • If we no longer need your personal information but you need it to establish, exercise or defend a legal claim, we will restrict our processing.

If we have shared your personal information with any individuals or organisations, if we restrict our processing, we will tell those individuals or organisations about our restriction if it is possible and not an unreasonable amount of effort.

whenever we decide to lift a restriction on processing we will tell you.

THE RIGHT TO DATA PORTABILITY

-----------------------------------------------------------

The right to data portability allows individuals to obtain and re-use their personal information for their own purposes across different services. It allows them to move, copy or transfer personal information easily from one IT environment to another in a safe and secure way. For example: it enables consumers to take advantage or applications and services which can use their information.

The right to data portability only applies when the individual has submitted their personal information directly, through electronic means to NHS Lanarkshire. This means that in most circumstances the right to data portability does not apply within NHS Lanarkshire.

RIGHTS RELATED TO AUTOMATED DECISION MAKING AND PROFILING

-----------------------------------------------------------

You have the right to object to any instances where a decision is made about you solely by automated means without any human involvement, including profiling.

NHS Lanarkshire does not undertake any decision-making about you using wholly automated means.