Introduction

TEC Cymru is strongly committed to protecting personal data. This Privacy Notice explains the following:

  • Who we are
  • What information we collect
  • How we collect your information, why we need it and how we use it
  • What legal basis we have for processing your personal data
  • When do we share personal data
  • Where do we store and process personal data
  • How we secure personal data
  • How long we keep personal data for
  • Your rights in relation to personal data including your rights to withdraw consent
  • The use of automated decision making and profiling 
  • How to contact us including how to make a complaint with a supervisory authority
  • The use of cookies and other technology
  • Links to other websites and third-party contact
  • How and when we review our privacy notice

We recommend you read this privacy notice thoroughly. Please contact us with any questions or concerns regarding our privacy practices. Our contact details are on our website and also contained within this Privacy Notice.

Who we are

TEC Cymru is a Welsh Government funded programme which is hosted by Aneurin Bevan University Health Board (ABUHB).

TEC Cymru and Aneurin Bevan University Health Board will act as Data Controller and Data Processor in the following circumstances:

  • Data Controller - data collected to enable us to conduct normal business as TEC Cymru
  • Data Processor - data collected as part of the TEC Cymru

The Data Protection Officer for ABUHB is Mr Richard Howells who may be contacted either by email or in writing.

First Floor - A Block, Mamhilad House, Mamhilad Park Est. Pontypool, NP4 0YP

DPO.ABB@wales.nhs.uk

What information do we collect?

When we talk about personal information, we are only referring to information from which an individual person can be identified. 

Our engagement activities across Wales, the UK and internationally, are fundamental to our success. We collect and process information with key strategic partners across the health and care sector, industry, academia, professional services and other funded initiatives and projects. This includes the following categories of information:

  • Identify data which includes your name, role, organisation and contact details (email address, telephone number)

To put this in to context, it includes personal information collected as a result of:

  • Data held for delivery of the TEC Cymru Programme
  • If you contact us
  • If you attend an event organised by us either externally or at our venue
  • If you are a stakeholder or a member of a special interest group
  • If you supply goods or services to us
  • If you book an event or meeting
  • All forms of communication with us, including e-mail, verbal and telephone communication

How we collect your information, why we need it and how we use it

When you contact us regarding the work we do, we will handle your data with the utmost care and are sensitive to the need to handle all data lawfully, fairly and transparently.

The methodology of collection varies but includes and is not exclusive to:

  • Information gathered from e-mail or written contact
  • Information gathered from telephone contact
  • Information gathered verbally or in writing at or in relation to events held by TEC Cymru or others; and
  • Information gathered via social media e.g. twitter and Linkedin

You should also be aware of our responsibilities under Freedom of Information legislation, our remit to provide information to meet internal and external audit requirements and our legal obligations (e.g. fraud prevention).  

Use of cookies and other technologies

This Notice lays out how and why we use cookies on the TEC Cymru site and offers resources that will allow you to make an informed decision regarding the acceptance, rejection or deletion of any cookies that we use.

By using our website, you consent to our use of cookies, so we recommend that you read through the information below. This cookies policy may change at any time, so please check it regularly.

A cookie is a small file of letters and numbers which often includes an anonymised, unique identifier. This means that it can be used to identify you without revealing your personal information. When you visit a website, it asks permission to store a cookie in the cookies section of your hard drive. Cookies are widely used on the internet to make websites work, to make them work more efficiently, or to provide information about your usage of the site to the site owner or other third parties. For example, if you add items to a shopping basket, a cookie allows the website to remember what items you’re buying, or if you log in to a website, a cookie may recognise you later on so that you do not have to put in your password again.

How do we use cookies?

We use cookies to improve the way our website works. We also use third-party cookies set by Google Analytics to review our site functionality, and by Google AdWords to improve our online marketing efforts.

Third-party cookies

A third-party cookie is one that is associated with a different domain or website than the one that you visit. For example, on this site, we use third-party cookies built by Google to enable website analytics, but as our site is not on the Google domain, this makes their cookies “third-party” cookies. The Google Analytics cookie will recognise and count the number of people who visit our site, as well as providing other information such as how long visitors stay, where they move to on our site, and what pages receive the most visits. We cannot directly control how Google cookies behave.

What legal basis we have for processing your personal data

As part of our normal business we collect specific data to provide you with the appropriate support. 

We will use the personal information we collect for the following purposes:

  • To reply to any general enquiry you make and to provide you with information regarding the services we provide
  • To deliver on any of our programmes and other services we offer.
  • To manage our relationship with you.
  • To comply with our legal and regulatory obligations.
  • To deal with any feedback or complaint you may make.
  • To administer, develop and improve our business.
  • To make suggestions and recommendation to you about the services we undertake and which may be of interest to you.
  • To invite you to any hospitality or networking events we may hold or of which we may be a party and which may be of interest to you.
  • To facilitate an introduction of a partner to a business connection where the partner requires the services of the relevant business connection.

We must have a lawful reason for processing your personal information. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to deliver the programme
  • Where we need to comply with a legal or regulatory obligation
  • Where you have given your consent to process your personal information

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to obtain an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

When do we share personal data

Disclosure of information for legal or regulatory purposes

We may need to disclose your information to a third party as part of ongoing programme management requirements. 

Additionally, as part of our remit to conduct due diligence we may also need to release information to progress governance checks for specific requirements, programmes, other parties (or projects). We will carry out this process lawfully, proportionately and securely. 

Third parties include:

  • External advisors and consultants directly engaged with programme/project delivery (please note that all advisors/consultants are bound by confidentiality requirements in their contracts);
  • Organisations who provide funding and/or support for innovation
  • Third party service providers who provide administrative and support services to us

Where do we store and process personal data?

TEC Cymru data is stored within the NHS Wales data storage facilities. NHS Wales data storage complies with the appropriate UK security standards and legislation.

TEC Cymru uses Survey Monkey for the collection of survey information and feedback. This information will be anonymous. For further details please refer to Survey Monkey’s Privacy Policy.

How do we secure personal data?

We have in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised manner or otherwise used or disclosed. 

To achieve this, we use encrypted secure technology to protect all personal information stored by us. We operate up to date and regularly review policies for Data Protection, Password Policy, Information Security and Business Continuity (including Risk Assessment) to support our business processes and to ensure that all personnel are aware of the importance of data security.

Access to information is permitted on a need to know basis.  

How long do we keep your personal data for?

We only keep and process data for as long as there is a contractual business requirement to do so or we are otherwise obliged to keep the same under any regulatory or legal requirement. Once the requirement has expired, the information is deleted from our systems. 

Information which is deleted is done so in accordance with current security regulations. 

Keeping us up to date

As part of our responsibility to ensure that information we hold about you is up to date, we rely on you to keep us updated. We request that where any of your details change, that you inform us so that we may update our records accordingly.

Your rights in relation to personal data including your rights to withdraw consent

As a data subject, you have rights in relation to your Personal data. You have a right to access your personal information, to object to the processing of your personal information, to rectify, to erase, to restrict and to transport your personal information. 

You also have the right to make a Subject Access Request. As part of this process you will be able to ascertain

  • Whether or not your data is processed, and if so why.
  • The categories of personal data concerned.
  • The source of the data if you have not provided the original data.
  • To whom your data may be disclosed, including outside the UK and the safeguards that apply to such transfers.

We reserve the right to validate your identity prior to release of information.

We will not make any charges for such requests, unless the requests made repeatedly and are considered excessive.  We will respond to you request within 28 days. 

If you have provided consent to process any of your data, then you also have a right to withdraw that consent unless we are contractually or legally obligated to retain data.

How to contact us, including how to make a complaint with a supervisory authority

You can contact the TEC Cymru via a number of different routes. We will deal with your enquiry in the same way regardless of how you choose to contact us. For further information on how TEC Cymru process your data, please contact us in writing at:

Technology Enabled Care Cymru
First Floor - ICT Services - A Block
Mamhilad House, Mamhilad Park Est.
Pontypool, Torfaen.
NP4 0YP

Tel: 01495 765072

or via e-mail to TECCymru@wales.nhs.uk

If you are unhappy with the way in which your personal data has been processed and wish to raise a complaint, please refer to https://abuhb.nhs.wales/about-us/complaints-concerns/

If you are dissatisfied, you have the right to communicate directly to the Information Commissioner (ICO). The Information Commissioner can be contacted at:

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

www.ico.org.uk

We would appreciate if you would let us try and resolve the matter first before referring it to the ICO.

Review of the Privacy Notice

We regularly review all of our policies and procedures, we will post updates on our documentation and webpage, this Privacy Notice was last reviewed and amended on 4th February 2020.