top of page

Privacy Policy

How Swansea Bay University Health Board uses your personal information

A ‘privacy notice’ is a statement issued by an organisation which explains how personal information is collected, used and shared. This may also be called a privacy statement, fair processing statement or privacy policy.

This privacy notice is issued by SBU Local Health Board in relation to the information we collect about event attendees.

There is a separate privacy notice available for information we collect as a healthcare provider about patients and other individuals that may use our services.

There is also a separate privacy notice for SBUHB employed staff.

Why have we issued this privacy notice?

 

By issuing this privacy notice, we demonstrate our commitment to openness and transparency about how we use your information. We recognise the importance of protecting personal and confidential information in all that we do, and take care to meet our legal and other duties, including compliance with the following:

  • UK General Data Protection Regulation (UK-GDPR)

  • Data Protection Act 2018 (DPA)

  • Human Rights Act 1998

  • Freedom of Information Act 2000

 

How do we collect your information?

 

Your information could be collected in a number of different ways.

 

This could be directly from you - in person, over the telephone or from a document or form you have completed, such as an event registration form online.

 

What information do we collect?

 

The information that we collect about you may include details such as:

 

  • Name

  • Email Address

  • GP Surgery / Practice Name of employment

  • Occupation (GP / Allied Health Professional; Nursing; Administration)

  • Recording of attendance at event

 

How do we keep your information safe and maintain confidentiality?

 

Under UK-GDPR strict principles govern our use of information and our duty to ensure it is kept safe and secure. Your information may be stored within electronic or paper records, or a combination of both. In some cases information will be stored securely by third parties who will act as data processors on our behalf. Appropriate security measures are used to safeguard against inappropriate access to records and policies are in place to enforce access to records on a strict need to know basis. Planned or ad-hoc auditing may also be used to monitor and review accesses made to records.

 

Every NHS organisation has a senior person that is responsible for the overall protection, security and confidentiality of information. This person is known as the Senior Information Risk Owner (SIRO). Within SBU this role is undertaken by the Director of Digital Services.

 

Why do we collect your information and how is this used?

 

We will only process your personal data where the processing can be legally justified under UK law or where we have asked for your consent.

 

This includes, but is not limited to:

  • Education, training and development

  • Information and database administration

  • Business management and planning

  • Accounting and auditing

  • Performance and quality monitoring

 

The lawful base within the UK-GDPR which we utilise to legally process your information in relation to this privacy notice is listed below.

 

Public task: the processing is necessary for SBU to perform a task in the public interest or as part of its official functions, and there is a clear lawful basis.

Do we share your information with anyone else?

 

We will not disclose any information to third parties which can be used to identify you unless there is a valid reason permitted by law, or there are exceptional circumstances, such as a likely risk to you or others. Where regular sharing of information with third parties is required, a sharing agreement will ensure that only relevant information is shared, and that this is done in a secure way which complies with the law.

 

We use a limited number of administration and IT support services provided by external organisations, including payroll and recruitment. These organisations / companies are based within the European Economic Area and all services are provided under specific contractual terms, which are compliant with UK data protection legislation.

 

Sometimes we are required by law to disclose or report certain information, which may include details which identify you. For example, releasing information to the police, counter fraud or regulatory bodies. Where mandatory disclosure is necessary, only the minimum amount of information is released. There may also be occasions when SBU is reviewed by an independent auditor, which could involve reviewing randomly selected staff information to ensure we are legally compliant.

 

WE WILL NOT SELL YOUR INFORMATION FOR ANY PURPOSE, AND WILL NOT PROVIDE THIRD PARTIES WITH YOUR INFORMATION FOR THE PURPOSE OF MARKETING OR SALES.

 

How long will we keep your personal information for?

 

Your information will be stored inline with SBUHB retention applicable guidelines.

What are your rights in relation to your data?

 

UK-GDPR outlines a number of rights available to you in relation to your personal information processed by SBU. Which rights you can enforce, and when, will be dependent on the purpose and lawful basis being relied upon to process your information. A list of your rights are outlined below and additional information can be found on the Information Commissioner’s website at https://ico.org.uk/your-data-matters/.

  • Your right to be informed;

  • Your right of access;

  • Your right to rectification;

  • Your right to erasure;

  • Your right to restriction of processing;

  • Your right to object to processing;

  • Your right to information portability.

 

You are not required to pay any charge for exercising your rights. We usually have one month in which to respond to you.

 

What if I have queries or concerns?

 

Initially you may find it helpful to discuss any queries about how your information is used with your line manager. Alternatively if you have any queries or concerns regarding this privacy notice or about the way your information is held or processed by SBU, you can contact the Data Protection Officer as follows:

 

Email:        sbu.dataprotectionofficer@wales.nhs.uk

Post:         Data Protection Officer

                  SBU Headquarters

                  1 Talbot Gateway

                  Port Talbot                     

                  SA12 7BR

Phone:      01639 683336

 

 

If you remain dissatisfied, you have a right to lodge a complaint with the Information Commissioners Office (ICO), as the data protection supervisory authority within the UK, using the following contact details:

 

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Online, live-chat: https://ico.org.uk/make-a-complaint/your-personal-information-concerns/personal-information-concerns/

Helpline: 0303 123 1113

 

Questions and contact information

If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at events@production78.co.uk or write to Production 78 Limited, Unit D12-D13 East Point Trading Estate, Cardiff, CF3 2GA.

bottom of page