Privacy Notice

Section A:     CEC General Privacy Notice

1. Introduction

The Business Services Organisation (BSO) has been established to provide a broad range of regional business support functions and specialist professional services to the health and social care sector in Northern Ireland.  More detailed information about different aspects of our work can be found on the website: https://bso.hscni.net/

BSO recognise the importance of protecting personal and confidential information in all that we do, all we direct or commission, and takes care to meet its legal duties. Key legislation includes:

• the UK General Data Protection Regulation (UK GDPR)
• the Data Protection Act 2018
• the Freedom of Information Act (2000) (FOI),
• the Environmental Information Regulations (2004) (EIR),
• the Human Rights Act 1998 (HRA),
• relevant health service legislation, and the
• common law duty of confidentiality.

The HSC Clinical Education Centre (CEC) is regional service within the Business Services Organisation (BSO).  BSO’s full Privacy Notice can be found here: https://bso.hscni.net/wp-content/uploads/2023/10/20220816_Revised_Privacy_Notice.pdf

 

2. Your Information

The HSC Clinical Education Centre (CEC) uses personal information for a number of purposes. This Privacy Notice provides a summary of how we use your information. To ensure that we process your personal data fairly and lawfully we are required to inform you of:

• What personal information we collect
• Why we need your data
• How it will be used
• Who it will be shared with
• How long it will be kept for

2.1       What types of personal data do we handle?

2.1.1   Programme Application and Communication

When you access the Clinical Education Centre website, small amounts of information, including small files known as cookies, are sometimes placed on your device. A Cookies Policy is available on the CEC website and covers essential, analytic and registration cookies.

The Clinical Education Centre process personal information relating to programme participants, tutors and staff.  At the time of writing, the CEC use two IT systems to process participant and tutor information; LearnHSCNI, for eLearning content and CEC’s own Course Administration System for all other programmes.  Personal information captured on these systems includes:

• Names, address, telephone numbers and email address*
• Employment details
• Attendance information (e.g. programmes attended and results)
• Reasonable adjustments (if declared by the applicant – see 2.2 below)
• Dietary requirements (if declared – see 2.2 below)
• Course assessment results
• Tutor/staff member name

*participants are asked to use a work email address

There may be embedded media, such as YouTube or Vimeo videos, on some webpages and programme materials. We also use social media to promote our content.  The suppliers of these services may also set cookies on your device when you visit the pages where we have used this type of content. These are known as ‘third-party’ cookies. To opt-out of third-parties collecting any data regarding your interaction on our website, please refer to their websites for further information. Most web browsers allow some control over cookies, through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit https://allaboutcookies.org/

2.1.2   Programme Contributors

We obtain and store external tutor/programme contributor information to deliver and manage the education delivered.  See Section B for further details.

2.2       Why we need your data

Your details will be used to:

• Deliver education;
• Ensure any identified additional needs / adjustments are considered. Note: it is voluntary as to whether an applicant declares any additional needs.  Additional needs are only shared with the tutor and administration staff to ensure your needs are considered when organising and delivering a programme.
• Contact you with regard to any matter arising during an event/programme;
• Distribute an applicant list to teaching staff (this could be a member of CEC teaching staff or an external provider);
• To issue attendance reports to customers and follow up on non-attendance (for example, monthly attendance reports are issued to SLA clients who are the 5 HSC Trusts, Northern Ireland Hospice and Southern Area Hospice). These reports include your staff number, email address, manager details and course details.
• Provide employers, on request, details of course attendance by their staff. This may, for example, include a request from a line manager (or senior member of staff) to provide all training attended by a member of staff.
• Share information within HSC and those individuals / organisations who provide education on our behalf for the purpose of quality assurance
• Resolve any IT system issues and to ensure appropriate access has been given.
• If you are paying for your place we use your cost centre information to ensure your cost is charged to the appropriate team.

Information processed for the above purposes is therefore lawful under Article 6 of UK GDPR, which states:

• processing is necessary for the performance of a task carried out in the public interest.

The processing of any special category data is also lawful under Article 9 of UK GDPR, namely:

• processing is necessary for reasons of substantial public interest, on the basis of domestic law

2.3       How will we use information about you?

In addition to the points under section 2.2, we will also use your information to monitor/analyse trends and for the purpose of organisational learning and providing an efficient service.

CEC may contact you to discuss something raised in an evaluation.  This may be to seek clarity over something raised, to ensure learning and/or to improve the service we provide.

If a programme is subject to licence / accreditation processes (or being delivered by an external organisation) we may need to pass your details on to the relevant organisation.  This may be done in advance, or after you attend the programme.

Your information may need to be shared with third parties who are quality assuring/evaluating the provision of education delivered by CEC.

On occasions we may contact those who have previously applied for a CEC course.  If you do not want to receive these emails please inform the CEC at the following email address: enquiries@cec.hscni.net

2.4       Sharing your information

In addition to the above, BSO may also be obliged to provide personal information to another statutory organisation (such as a Police Force, Health Regulator or Investigatory Body), or via a Court Order.  Information processed for this purpose is therefore lawful under Articles 6 of GDPR:

• 6 (c) – Processing is necessary for compliance with a legal obligation
• 6 (e) – the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

In order to provide you with a good service, e.g. if you have special requirements, we may pass on your basic details to the course venue/course tutor but only to make your attendance as comfortable as possible.  BSO will not sell, assign, disclose or rent your personal data to any other external organisation or individual.

2.5       Retaining Information

CEC will only retain information for as long as necessary, in line with the Department of Health (DoH) Good Management, Good Records (GMGR).  For further information, please refer to the following DoH link:

https://www.health-ni.gov.uk/topics/good-management-good-records

CEC training records are held for 10 years. Training records include attendance sheets, evaluations/feedback, training materials and training plans.

2.6       Individual Rights

Please refer to Section 3 of BSO’s over-arching privacy notice, which is available via https://bso.hscni.net/wp-content/uploads/2023/10/20220816_Revised_Privacy_Notice.pdf

3. Security of your information

BSO’s commitment to secure processing of personal information is set out within its published policies, and its over-arching privacy notice.  These are available via:

• https://bso.hscni.net/about-bso/bso-corporate-information/bso-policies-and-procedures/
• https://bso.hscni.net/wp-content/uploads/2023/10/20220816_Revised_Privacy_Notice.pdf

4. Receiving Information

4.1       How can you access your personal information?

DPA and GDPR give you the right to access information that BSO holds about you.  You will need to provide:

• adequate information (for example full name, address, date of birth) so that your identity can be verified and your information located
• an indication of what information you are requesting to enable us to locate this in an efficient manner

BSO aims to comply with requests for access to personal data as quickly as possible, and normally within a calendar month of receipt unless there is a reason for delay that is justifiable under UK GDPR (i.e. where a request is deemed ‘complex’).

We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know.  If you have a profile on the CEC website you can update your personal details by clicking on this link: https://cec.hscni.net/programmes.

The Freedom of Information Act 2000 provides any person with the right to obtain information held by BSO, subject to a number of exemptions.

If you are dissatisfied with how BSO is, or has been, processing your personal information, you have the right to advise BSO of this in writing.

 

5. Contact Details

Subject Access Requests and complaints may be made in writing or verbally.  Freedom of information requests must be made in writing.  Contact details are as follows:

• Subject Access Requests: bso@hscni.net
• Freedom of Information Requests: bso@hscni.net
• Complaints: bso@hscni.net

You may also submit requests or complaints to:

Corporate Services,
6^th Floor
2 Franklin Street,
Belfast,
BT2 8DQ

You may also contact the Data Protection Officer for the BSO directly:

• Email: bso@hscni.net
• Tel: 02895 363666

6. Changes to our Privacy Notice

We keep our Privacy Notice under regular review and we will place any updates on this document.

 

Section B:    Supplementary information in relation to Programme Contribution

Please read this section in conjunction with CEC’s main Privacy Notice.

CEC may ask a participant, patient, tutor, 3^rd party organisation or their representatives, customer or member of the public to contribute to part or all of a programme. The table below outlines some examples of the data we may hold and how we may use it.

What type of data	Why do we need your data	Where will this information be stored	How will we use it or share it?
Video recording of participants during class	All contributions assist the HSC CEC undertake clinical education and training across health and social care in Northern Ireland.   Recordings facilitate attendees /others to re-watch some or all of a particular training session or event. This also facilitates those who have been unable to join a live event.   Information is processed under UK GDPR Article 6 and Article 9 (see section 2.2 for further details)	This is not stored but rather deleted at the end of the class by the teacher. Information regarding this is shared with participants in advance of the class.	This is only used to meet specific programme requirements and participants are informed in advance.
Video recording of webinar sessions		Only speakers are recorded. Participants are advised when recording begins (however all have cameras and microphones off).  Recordings are uploaded to a secure video storage area on the BSO network and deleted from any virtual platform.  Recordings are removed from view when they are no longer relevant/out of date and will be retained by CEC for historical record for 10 years.	The recording may be available following the event on the CEC website or LearnHSCNI.  The original recording will not be shared with any third parties.
Video recording of external tutors / programme information.		This information is held on the BSO network but also uploaded to other third-party systems such as Word Press and LearnHSCNI.	Recordings and programme information may be shared with participants as part of programme delivery.
Recording of simulation sessions undertaken in CEC’s high-fidelity simulation suite		Activities undertaken in CEC’s Simulation Suite (Clady Villa) are automatically recorded and stored on a BSO network for up to seven days.  These are automatically deleted after this time.	Recordings will be used as part of a simulation session/event and will not be shared with other parties.
Video contribution to eLearning (e.g. acting, patient experience, HSC staff member)		Stored on the BSO network and embedded within relevant courses materials and uploaded to cloud-based systems such as LearnHSCNI & Word Press. 3rd party software is used to produce videos and eLearning.  They may also store some of this content locally.  Details of third-party software is available upon request.	CEC include video recordings within eLearning and some programme materials.  This is only used within a CEC programme.
What type of data	Why do we need your data	Where will this information be stored	How will we use it or share it?
Name and contributor information for financial processing	To pay you for your contribution (if applicable).	Stored on BSO network.  Shared with BSO Finance and stored on financial systems.	Information will be shared with Finance (BSO Payments Shared Services).
Correspondence relating to programme contributor	In order to contact you and understand your contribution.	BSO network	Contributor requirements will be shared with relevant staff in order to accommodate any additional needs.
External contributor / provider information relating to the course being delivered (i.e. company name, programme materials and information)	To effectively deliver the programme and ensure contractual arrangements are met.	BSO network	Information will be shared on the CEC website and with course participants and BSO / CEC staff.

 

Updated June 2024