Specialties

  1. Home  /  
    2. Specialties

Privacy Statement

This page explains our privacy policy and explains how we will use and protect any information about you that you give to us or that we collect when you visit this website to upload self-verification evidence. To manage and quality assure your training, Health Education England (HEE), Devolved nation deaneries (Northern Ireland, Scotland & Wales), and Cloudoko, an external IT support company, need to collect, store and process information about you. This is done in compliance with the Data Protection Act 2018 and UK General Data Protection Regulation (GDPR), and in accordance with the data protection principles set out within the regulation. Among other matters, these require that your data must be processed fairly and lawfully.

Topics:

  • Why we process your data
  • How we process your data
  • What data do we collect?
  • Data Controllers and Data Processors
  • Processing your data during the recruitment process
  • Processing of successful applicants’ data by HEE Local Offices, Deaneries and employing NHS Organisations
  • Processing of personal data
  • Legal Basis for Processing
  • Your rights under GDPR
  • What are cookies?
  • How do we use cookies?
  • What type of cookies do we use?
  • How to manage your cookies
  • Your responsibilities under GDPR

Why we process your data

We will process the data that you upload into the Self-Assessment Portal in accordance with the Data Protection Act (DPA) 2018, and will do so for the following purposes:

  • Processing of your data during the recruitment process
  • Use of recruitment data for evaluation, research and testing purposes
  • To manage your training and programme
  • To quality assure training programmes and ensure that standards are maintained
  • To identify workforce planning targets
  • To maintain patient safety through the management of performance concerns

How we process your data

Your personal data will be securely stored in password protected web-based management and administrative computer systems. If you agree, where appropriate, this information may be shared with those who have responsibility for the organisation, management and delivery of training to help them execute their function, the planning and delivery of specialist training. The evidence that you upload will be assessed by assessors. If our privacy policy changes in any way, we will update the changes in the privacy policy on the Self-Assessment Portal website. Regularly reviewing the Self-Assessment Portal privacy policy ensures you are always aware of what information we collect about you, how we use it and which other organisations we will share it with and why.

What data do we collect?

We only collect data that you share with us, i.e. the documents you upload.

Data Controllers and Data Processors

The following data controllers; Health Education England (HEE), Northern Ireland Medical & Dental Training Agency (NIMDTA), NHS Education for Scotland (NES) and Health Education Improvement Wales (HEIW) all have responsibilities to determine the purpose for which and the manner in which any personal data are, or to be, processed in their own right.

The Data Processor is Health Education England, working with Cloudoko, an external supplier and an IT specialist.

Data Recipients: your data are disclosed in accordance with the principles set out in this privacy policy. Your personal data will be shared with other organisations involved in the planning, management and delivery of training including the HEE local offices and Deaneries, employing NHS organisations, Department of Health and Social Care, Royal Colleges and Faculties, regulatory bodies, such as the GMC and GDC, Qpercom (our digital scoring system) as part of the determination of your application. Where your data is shared with another organisation or HEE systems, the principles set out in this privacy policy will be adhered to.

Data Subject: you, i.e. the person whose data is obtained as part of the recruitment process and processed in the way described in this privacy policy.

Processing your data during the recruitment process

Your data will be held securely and in confidence. Access will be restricted to designated persons who are authorised to view it as a necessary part of their work.

During the recruitment process, your personal data and special categories of personal data will be used by the HEE local offices, Deaneries (Northern Ireland, Scotland & Wales) and recruiting Royal Colleges for the purpose of determining your suitability for this position.

It will also be used for the purposes of enquiries in relation to the prevention and detection of fraud.

Once a decision has been reached about your application, information held about you will not be kept on the recruitment system for any longer than 13 months after the start date of the post to which you have applied.

Data is retained in line with the minimum retention periods as specified in the Records Management Code of Practice for Health and Social Care 2016.

Processing of successful applicants’ data by HEE, Deaneries and employing NHS Organisations

Records containing personal information are subject to the General Data Protection Regulation 2016 and the Data Protection Act 2018. The retention period for your data on the Self-Assessment Portal is up to 13 months.

Processing of personal data

The following principles will apply:

  • Information about your qualifications, assessments and appraisals and any other information pertinent to the effective management of your training and education will be stored on secured management and administrative systems. Access to this information is restricted to authorised personnel involved in the management of your training, such as training programme directors, educational supervisors and other personnel working for the Data Recipients and NHS employing organisations. Your data will be treated as confidential.
  • Sharing your personal data – your personal data may be shared with other organisations (referred to as Data Recipients in this policy), using secure channels to provide the best possible training and education and to ensure that we discharge responsibilities for employment and workforce planning for the NHS; this will be on a legitimate need to know basis only.

The Data Controller and the Data Recipients will process your data for the following purposes:

  • Managing the provision of training programmes
  • Quality assurance of training programmes
  • Workforce planning
  • Managing patient safety
  • Compliance with legal and regulatory responsibilities, including monitoring under the Equality Act 2010
  • Purposes of revalidation (where this applies)
  • Employment purposes

Your personal data will not be shared without your consent (save in the way described below). The Data Controller will not share your personal data unless satisfied of the following matters: The data sharing is for a legitimate purpose and is proportionate:

  • Where the data are used for analysis and publication by the recipient, any publication will be on an anonymous and aggregated basis and will not make it possible to identify any individual
  • The data will be handled by the Data Recipients in accordance with the General Data Protection Regulation
  • The Data Recipients will maintain appropriate technical and organisational controls to ensure the protection of your personal data
  • The data will not be transferred outside the EEA without adequate protection

Data Recipients are bodies from the following list: the UK Health Departments, Royal Colleges and Faculties, HEE local offices and devolved nation Deaneries (Scotland, Wales and NI), regulatory and licensing bodies (including the General Medical Council, General Dental Council, General Pharmaceutical Council and Health and Care Professions Council), NHS Trusts/Boards/Social Care Trusts, Medical Schools Council, UK Medical Schools (including overseas campuses), Higher Education Institutions, Royal Pharmaceutical Society, Academy of Healthcare Science, Work Psychology Group, Pearson Vue, approved academic researchers (i.e. individuals undertaking analysis for academic, non-commercial purposes on behalf of or in partnership with the Data Controller), Cloudoko, our IT supplier,  and future employers (including private providers of healthcare).

  • Use of recruitment data for evaluation, research, pilots and testing purposes – in addition to the data sharing referred to above, we may need to share your personal data and special category personal data with HEE local offices, the devolved nation Deaneries (Scotland, Wales & NI), the Department of Health and Social Care, the GMC, the GDC or any organisation designated by Health Education England.

The Department of Health and Social Care is a Data Recipient of all recruitment data. The data extracts sent across contain details of all applications (and therefore included your personal data and your GDC/GMC number). These extracts are held securely and confidentially with access restricted to analysts who are not directly involved in the recruitment process itself but need access to the data to perform certain tasks. The data from these data extracts are used for research and statistical purposes only.

For evaluation and research, your aggregated personal data will be shared with the GMC or GDC or Academy of Healthcare Science. These research data are not used to make decisions about individual data subjects and all reports produced as a result of the research will be anonymous such that it will not be possible to identify an individual in any such report. A key requirement of the research undertaken is to understand applicant behaviour over time, to inform workforce planning and develop and improve recruitment systems. As part of the development of recruitment systems “real” (as opposed to dummy) information must be used for testing purposes. The carrying out of research and the testing of systems will not have any impact on data subjects.

Legal Basis for Processing

The GDPR requires that data controllers and organisations that process personal data demonstrate compliance with its provisions. This involves publishing our basis for lawful processing.

As personal data is processed for the purposes of statutory functions, legal bases for the processing of personal data as listed in Article 6 of the GDPR is as follows: 6(1)(a) - Core purpose. Please note that that HEE’s main privacy notice can be accessed here: https://www.hee.nhs.uk/about/privacy-notice

We may seek your consent for some processing activities. If you do not give your consent for us to use your data for these purposes, we will not use your data for these purposes, but your data may still be retained by us and used by us for other processing activities based on the above lawful conditions for processing.

Your rights under GDPR

  • Right to rectification and erasure – the GDPR extends and strengthens your rights as a data subject. Under the GDPR you have the right to rectification of inaccurate personal data and the right to request the erasure of your personal data. However, the right to erasure is not an absolute right and it may be that it is necessary for the data controller to continue to process your personal data for several lawful and legitimate reasons.
  • Right to object – you have the right, in certain circumstances, to ask the data controller to stop processing your personal data in relation to the recruitment process. However, the right to object is not an absolute right and it may be that it is necessary in certain circumstances for the data controller to continue to process your personal data for several lawful and legitimate reasons.
    If you object to the way in which the data controller is processing your personal information or if you wish to ask the data controller to stop processing your personal data, please contact the appropriate recruitment office. However, if the data controller stops processing your personal data, this may prevent them from providing you with the best service.
  • Subject Access – you can access a copy of the information held about you by writing to HEE’s Public and Parliamentary Accountability Team (DPA@hee.nhs.uk). This information is generally available to you free of charge, subject to the receipt of appropriate identification.
  • Data Portability – the GDPR sets out the right of a data subject to have their personal data ported from one controller to another on request, in certain circumstances. You should discuss any request for this with the appropriate recruitment office.

If you want to complain about how your personal data has been used or to know more about how your information will be used please contact HEE’s Data Protection Officer at ig@hee.nhs.uk and emails should be marked “FAO the Data Protection Officer”.

Alternatively, you can also contact the Information Commissioner’s Office (ICO) if you have a complaint about the processing of your personal data:

The Office of the Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

What are cookies?

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

How do we use cookies?

When you access the Self-Assessment Portal, your computer's browser provides us with information such as your IP address, browser type, access time and referring URL which is collected and used to compile statistical data on the use of our system. This information may be used to help us to improve our system and the services we offer.

What type of cookies do we use?

We do not use cookies on our system other than in the online application section where session cookies are used. These are required to enable that section of the site to be used and navigated. A session cookie is stored temporarily by your computer.

How to manage your cookies

Session cookies can be disabled by changing the settings on your browser, but you will not be able to access the application form section of our system if you do so. In this case, please write to us for more information.

Your responsibilities under GDPR

It is important that you work with us to ensure that the information we hold about you is accurate and up to date. Please inform us if any of your personal data needs to be updated or corrected.

All communications about the Self-Assessment Portal will normally be by email. It is therefore essential for you to maintain an effective and secure email address or you may not receive information or other important news and information about your employment or training.

Health Education England’s privacy notice is available at: https://www.hee.nhs.uk/about/privacy-notice

Health Education and Improvement Wales privacy notice is available at: https://heiw.nhs.wales/use-of-site/privacy-policy/

NHS Education for Scotland privacy notice is available at: https://www.nes.scot.nhs.uk/privacy-and-data-protection.aspx

Northern Ireland Medical & Dental Training Agency privacy notice is available at: https://www.nimdta.gov.uk/privacy-notice/

Terms Of Use | Privacy Statement
© 2024 by HEE Digital | All Rights Reserved.