Privacy Policy
NHS Suffolk and North East Essex Integrated Care Board Privacy Policy
Who we are
NHS Suffolk and North East Essex Integrated Care Board
Endeavour House, Russell Road, Ipswich, IP1 2BX
The Privacy Policy
This privacy policy sets out how NHS Suffolk and North East Essex Integrated Care Board uses and protects any information that you give NHS Suffolk and North East Essex Integrated Care Board when you use this website.
NHS Suffolk and North East Essex Integrated Care Board is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
NHS Suffolk and North East Essex Integrated Care Board may change this policy from time to time by updating this page. When any changes are made to this policy we will notify you via email of these changes. This policy is effective from 01/05/2018.
“We” is defined as NHS Suffolk and North East Essex Integrated Care Board throughout this policy.
“Partners” are defined as all NHS Suffolk and North East Essex Integrated Care Board staff and our subsidiaries listed above in the “Who We Are” section.
- Data We Collect
Registration/Orders
On registration or order of a product or service we may collect your First name, Surname, Organisation Name, Address, telephone number, and email address. Following further communication we may subsequently, with your permission, ask for additional information such as billing information including bank account number, sort code and bank account name.
Service Use
We log usage data when you visit our website via Google Analytics. Google Analytics is an application that allows us to track how many times you visit the site, where you go when you are on our site and where you leave our site. It also tracks technical information like what Internet Browsers you use and what device you are using to visit our site.
Cookies
As further described in our Cookie Policy, we use cookies to recognise you and/or your device(s) on, off and across different Services and devices. We also allow some others to use cookies as described in our Cookie Policy. You can control cookies through your browser settings and other tools.
Device and Location
When you visit or leave our Services (including our plugins or cookies or similar technology on the sites of others), we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier.
- How We Use Your Data
Communications
We will contact you via email, telephone and post, we will send you messages about the availability of our Services, security, or other service-related issues. We also send messages about how to use the Services, network updates, reminders, and promotional messages from us and our partners. You may change your communication preferences at any time by contacting us or by visiting one of our emails and using the unsubscribe function at any time. Please be aware that you cannot opt-out of receiving service messages from us.
Advertising
We may contact you via email or telephone with information pertaining to services offered by ourselves or our Partners.
Support
We use the data (which can include your communications) to investigate, respond to and resolve complaints and Service issues (e.g., bugs).
Security
We use your data (including your communications) if we think it’s necessary for security purposes or to investigate possible fraud or other violations of our User Agreement or this Privacy Policy and/or attempts to harm our Members or Visitors.
Service Development
We use data collected from Google Analytics for the further development of our Services in order to provide you and others with a better, more intuitive and personalised experience, drive membership growth and engagement of our Services.
- How We Share Information
Third Parties
We do not disclose your data or information to any third parties, other than the suppliers who we work with to provide you the services you are requesting access to. They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.
Related Services
We will share your information with other employees within NHS Suffolk and North East Essex Integrated Care Board to process your payment information, develop the service and to provide the service on a day to day basis. We may also share it within NHS Suffolk and North East Essex Integrated Care Board’s subsidiary companies (as detailed at the top of this policy) for marketing purposes.
Legal Disclosures
It is possible that we will need to disclose information about you when required by law.
- Rights to Access and Control Your Data
Data Retention
We retain your personal data while your account is in existence or as needed to provide you Services. This includes data you or others provided to us and data generated or inferred from your use of our Services. We will continue to retain your data for future marketing purposes unless you tell us otherwise by unsubscribing from our mailing list or asking for your data to be removed. The retention period for your data, after cancellation of service or registration is for a period of 5 years, after which date, all data will be removed.
Rights to Access and Control Your Personal Data
For personal data that we have about you:
Delete Data: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide Services to you).
Change or Correct Data: You can ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).
Right to Access and/or Take Your Data: You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.
- How we keep your data safe
We implement security safeguards designed to protect your data, such as HTTPS on our websites, hardware and software firewalls, username and password based permission systems as well as a variety of physical security methods on buildings that host your data. We regularly monitor our systems for possible vulnerabilities and attacks. More information on specific measures enforced can be seen below.
Physical Security
All NHS Suffolk and North East Essex Integrated Care Board IT Services are provided in a locked, secured and alarmed building which is monitored by an external security company outside office hours. Servers hosted in the building are also stored in an airconditioned, locked room within the building to provide additional protection.
Server Locations
Wherever possible we will store your data in the UK, the European Economic Area (EEA) or a jurisdiction that complies with the GDPR. The data we collect from you may be transferred to, and stored at, a destination outside of these areas. When this is the case we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights are protected as outlined in this notice.
If you use our services while you are outside the EEA, your information may be transferred outside the EEA to provide these services.
Software Security
NHS Suffolk and North East Essex Integrated Care Board has a hardware firewall over its router to protect users within the building against online threats. All computers within the NHS Suffolk and North East Essex Integrated Care Board network are protected with business class Internet Security Software.
Any sensitive client data that NHS Suffolk and North East Essex Integrated Care Board stores i.e. login passwords to systems are stored in password and credential based systems which only the IT team has access to.
Wifi Security
NHS Suffolk and North East Essex Integrated Care Board enforces WPA2 password security methods to protect it’s wireless networks against threats.
Website Security
This website and all websites owned by NHS Suffolk and North East Essex Integrated Care Board are protected with a “SSL” encrypted certificate.
However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
- Who can you contact if you wish to make a complaint?
In the event that you wish to make a complaint about how your personal data is processed by NHS Suffolk and North East Essex Integrated Care Board (or the third parties we work with), or how your complaint has been handled, you have the right to lodge a complaint directly with Gateway Qualifications’ data protection representative.
NHS Suffolk and North East Essex Integrated Care Board
Endeavour House, Russell Road, Ipswich, IP1 2BX
The supervisory authority in the UK is the Information Commissioner’s Office (ICO) and guidance on how to contact them is available online at https://ico.org.uk/concerns/.
Alternatively, they can be contacted as follows:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510