Sage&Thyme

NHS Manchester University

Privacy notice

YOUR RIGHT TO BE INFORMED

How we use your personal information

  • Why we collect information about you
  • How S&T information is used
  • Your rights
  • How to keep your personal information confidential
  • What to do if there is a problem with your data

About SAGE & THYME

Manchester University NHS Foundation Trust (MFT) provides the SAGE & THYME (S&T) training programme to other organisations (e.g. NHS organisations, universities, charities, hospices and others) on a commercial basis.

MFT is the Data Controller for the information it collects and records, uses and stores about S&T.

This is our Privacy Notice which informs you how and why we process your personal data.

Legal notification

We are registered with the Information Commissioner’s Office (ICO) and our registration shows a description of our processing and the types / classes of information being processed.

Our registration number is ZA282424

If you would like to look at our registration, please go to the Data Protection register on the ICO website or use the link: https://ico.org.uk/esdwebpages/search

Lawful Basis for Processing

We will only process information relating to you as long as there is a lawful basis and it is necessary to do so. We may use one of the following lawful bases:

  • Contract – in order to perform our contract with you
  • Legitimate interest – where we need to process your data for the day to day running of the S&T programme other than for the performance of a contract.

Where the above lawful basis is not appropriate, other lawful basis will be used such as consent and in that case, we will approach you for your consent.

What data we collect and record

We keep records about people (both on paper and electronically) who: are interested in S&T training; have attended SAGE & THYME training; or are involved in organising S&T training (who we refer to as ‘key contacts’ or ‘licence contacts’).  Details of the information we keep include, but are not limited to:

  • personal details such as name, job title, employing organisation, address, email and telephone number.
  • contact we have with you (e.g. information we have provided to you, emails, quotes we have sent you, courses you have attended/will attend, feedback on if you have passed/failed a course)
  • any licences you are listed under as an authorised S&T facilitator.

This information will be given to us directly by you or by one of your colleagues (for example, if they are booking you a place on a course), or may be generated by us. The staff who record your information are the S&T team (administrators, managers and trainers).

How is your information used?

Your information is used for providing information to you, and for education/teaching and administrative purposes, which may include (but is not limited to):

  • Recording who will be and has attended a training course, or who wishes to attend a particular course
  • Recording the outcome of a person attending a SATFAC course (e.g. whether they have passed or failed)
  • Recording under which licence a S&T foundation level facilitator and/or a S&T ACP facilitator operates
  • Recording when a S&T facilitator is removed from a licence
  • Recording who is interested in becoming a customer of MFT for S&T
  • Sending information about S&T to potential new customers (e.g. quote for external training)
  • Contacting S&T facilitators to send them updates on the S&T programme, including newsletters and changes to the training and/or materials, and/or other courses/events available to improve their skills

Sometimes, we may need to share information about you with other organisations in relation to the S&T training such as to:

  • On a register/sign-in sheet for a training day – seen by the trainers and other delegates
  • On a delegate list for a Study Day (to facilitate networking between organisations) – seen by the other attendees
  • With another member of staff from the person’s employing organisation and/or a member of staff from another organisation (if the person in question is listed on a licence held by that organisation)

The information we provide to them always meets Data Protection legislation and NHS Caldicott principles and we ensure that it is relevant and proportionate for the purpose for which it is being used.

Examples of organisations who we share information with include, but not limited to:

  • NHS organisations
  • Universities
  • Charities
  • Hospices
  • Councils

The above are only some examples.

We may also use your data to provide:

  • anonymised information - where your data is rendered in to a form which does not identify you. This data cannot be converted back into identifiable format;
  • pseudonymised information - where your identifying data is replaced with non-identifiable data so that your ‘real world’ identity is removed. This data can only be converted back into identifiable format by an authorised, restricted key-holder

This is done through a strict approval process to ensure it is safe and secure and only used for the purpose of evaluating training and/or assisting the management of the S&T programme.

INDIVIDUAL RIGHTS

Accessing your information (Right of Access)

You have the right of access to records we hold on you.  This is sometimes referred to as a Subject Access Request.  To help us process your request we will require you to provide proof of your identity and some clarity about the information you require. A form is available to help with the request.

The form can be accessed on our external website (www.mft.nhs.uk) or it can be provided by contacting one of the Subject Access Request team below:

by telephone: 0161 291 2445

by post:  Subject Access Request Team, MFT, Wythenshawe Hospital, International House, Ledson Road, Manchester M23 9NR

If you are a member of staff then the form will be available on the Intranet.

Other Rights:

In addition to the Right to be Informed (i.e. this privacy notice) and the Right of Access, which is documented above, you also have the:

  • Right to Rectification
  • Right to Erasure (Right to be forgotten)*
  • Right to Object
  • Right to Restrict Processing
  • Right to Data Portability*
  • Right not to be subject to automated decision making including profiling

*The right to erasure and right to data portability are not applicable when processing on the lawful basis of a public task.

If you would like to exercise any of these other rights, please contact:

The Data Protection Officer

Manchester University NHS Foundation Trust (MFT)

Group Informatics

3rd Floor, Cobbett House

Cobbett House

Oxford Road

Manchester

M13 9WL

Telephone 0161 701 0375

Email: information.governance@mft.nhs.uk

We will consider your request and respond to you within a calendar month.

In the event of a data breach, this will be logged on our Incident Reporting system and fully investigated, with remedial action taken where required.  We will report certain types of personal data breach to the Information Commissioner’s Office (ICO) and we are committed to the NHS Statutory Duty of Candour which means we will be open when errors are made and harmed caused.

Retention of data

We keep your data for as long as required.

The Information Commissioner’s Office

If you would like independent advice about data protection or if you are not satisfied with the handling of your rights under data protection, you can contact:

The Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel: 0303 123 1113

Email: casework@ico.org.uk

Website: www.ico.org.uk