This website is managed and maintained by NHS Education for Scotland (NES).
The NES data Protection Policy explains how we will manage the processing of your personal data to ensure compliance with Data Protection principles.
Under the Data Protection Act 1998, NES is registered as a data controller registered with the Information Commissioner. This registration describes the kind of information we may hold about you, how it may be processed and with whom it may be shared. Our registration is Z7921413 which can be viewed at:
NES holds personal information in electronic systems such as computer records and databases as well as on paper files. Personal data will be held for no longer than necessary in line with our records retention policy.
Sensitive data is defined as that which relates to racial or ethnic origins, political opinions, religious beliefs, union membership, physical or mental health (including disabilities), sexual life, the commission or alleged commission of offences and criminal proceedings.
NES will only process personal data where it is necessary to carry out our role in health workforce development; for example in mandatory monitoring of equality and diversity, to ensure that NES is a safe place to work, or to ensure compliance with other legal obligations, such as the sick pay policy or equal opportunities policy. Any other use of sensitive data, for example in research, will only be with the express consent of the individuals concerned.
NES is part of the SHOW network and use SHOW to host this website. Log files are maintained and analysed of all requests for files on the SHOW servers. Aggregated analyses of these log files are used to monitor website usage. These analyses are made available to NES to allow them to measure, for example, overall popularity of the site and typical user paths through the site.
In combination with other information which is not collected by SHOW but which may be collected by suppliers of network services, it may in certain situations be possible to identify an individual user's use of the NES website. SHOW does not collect the additional information required and will make no attempt to track or identify individual users, except where explicit consent for this is given or where there is a reasonable suspicion that unauthorised access to systems is being attempted. In the case of all users, SHOW reserves the right to attempt to identify and track any individual who is reasonably suspected of trying to gain unauthorised access to computer systems or resources operating as part of the SHOW service. As a condition of use of this site, all users must give permission for SHOW to use its access logs to attempt to track users who are reasonably suspected of gaining or attempting to gain unauthorised access.
All log file information collected by SHOW and passed onto NES is kept secure and no access to raw log files is given to any third party
NES does not store any information that would on its own allow us to identify individual users of this service without their permission. Any cookies that may be used by NES are used either solely on a per session basis or to maintain user preferences. Cookies are not shared with any third parties.
Depending on the purpose for which you provided your personal data in the first place, NES may be required to share some information with other organisations: for example the NHS Board that employs you, or relevant professional or regulatory bodies.
Together with other public sector bodies, NES provides payroll information for NES staff and some trainees to support the National Fraud Initiative. More information here.
NES will use personal information as described in our registration. Under no circumstances will NES supply your personal details to organisations other than those described in our registration (see below).
This authority is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing and administering public funds, in order to detect and prevent fraud.
On behalf of the Auditor General for Scotland, Audit Scotland appoints the auditor to audit the accounts of this authority. Audit Scotland also assists appointed auditors by conducting a National Fraud Initiative which is a data matching exercise.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it indicates that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
Audit Scotland currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to Audit Scotland for matching for each exercise, and these are set out in Audit Scotland's Instructions (or Handbook), which can be found at: http://www.audit-scotland.gov.uk/work/nfi.php
The use of data by Audit Scotland in a data matching exercise is carried out with statutory authority:
Audit Scotland does not require the consent of the individuals concerned under the Data Protection Act 1998. Data matching by audit Scotland is subject to a Code of Data Matching Practice. This may also be found at http://www.audit-scotland.gov.uk/work/nfi.php.
For further information on Audit Scotland's legal powers and the reasons why it matches particular information, see the full text fair processing notice at: http://www.audit-scotland.gov.uk/work/nfi.php or contact Janice MacPhail (0131 220 8669)
NES or our partners may use the personal details you provide to tell you about relevant training opportunities, educational events or related activities. We may also contact you to invite you to participate in the evaluation of education or related research. Your personal details will not be provided to commercial organisations for direct marketing purposes.
You have the right to:
For further information on data protection in NES, please contact:
Information Governance Manager
NHS Education for Scotland
2 Central Quay
89 Hydepark Street
0141 223 1564
Every NHS organisation has a Caldicott Guardian whose role is to agree and review protocols governing the protection and use of patient identifiable information. NES does not deal directly with patient care and therefore we do not hold or process medical records. NES does, however, have a Caldicott Guardian tasked with ensuring patient privacy is protected in our work. He can be contacted as follows:
Dr Stewart Irvine,
Director of Medicine
NES Central Offices
0131 656 3352
Information Commissioner website: http://www.ico.gov.uk/
NHS Information Governance - eLibrary portal: http://www.elib.scot.nhs.uk/portal//ig/Pages/index.aspx