Privacy Policy

Health Education & Improvement Wales (HEIW) are committed to protecting and respecting your privacy.

This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC) The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.

Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR will be applicable in the UK from 25th May 2018. The Government intends for the GDPR to continue in UK law post Brexit and has also introduced a Data Protection Bill to replace the current Data Protection Act in due course.

Your new rights under the GDPR are set out in this notice but will only apply once the GDPR becomes law on 25th May 2018.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purposes of data protection legislation in force from time to time the data controller is HEIW.

Who we are and what we do

The RSU Resources website was set up to improve the CPD experience for doctors. The websites individual courses can contain:

  • Learning materials, activities and information
  • Forums
  • Messaging system
  • Scores/Grades
  • Certificates
  • We collect information about you to carry out our core business and ancillary activities.

Information you give to us or we collect about you

This is information about you that you give us by filling in forms on our site (our site) or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you engage with us.

The information we collect may include your name, email address(es), training level, default hospital and grade for activities completed within the website.

In general, we will not ask you about sensitive personal data but there may be times that it is necessary for information to be disclosed to us and for us to share that with potential employers. We will only share the information where you have provided your explicit consent.

Information we collect about you when you visit our website. With regard to each of your visits to our site we will automatically collect the following information:

Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information if applicable, the dates, times and frequencies with which you access the website and the way you browse its contents.

This data is collected automatically via cookies, in line with the cookie settings in your browser. For further information please see our cookie policy.

We use information held about you in the following ways:

  • RSU Resources is a learning environment that provides CPD material to doctors in Wales.
  • Our legal basis for the processing of personal data is our legitimate business interests, although we will also rely on contract, legal obligation and consent for specific uses of data.
  • We will rely on legal obligation, if we are legally required to hold information on to you to fulfil our legal obligations.
  • We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required. 


Should we want or need to rely on consent to lawfully process your data we will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system.  Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time.

Other uses we will make of your data:

  • Use of our website;
  • To notify you about changes to our service;
  • ​​To ensure that content from our site is presented in the most effective manner for you and for your computer.

We will use this information:

  • To administer our site and for internal operations, including statistical and survey purposes;
  • To improve our site to ensure that content is presented in the most effective manner for you and for your computer;
  • To allow you to participate in interactive features of our service, when you choose to do so;
  • As part of our efforts to keep our site safe and secure;
  • To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
  • To make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.

We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by our consultants. A consultant will always be involved in the decision making process.


Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie notice below.

Cookie notice 

What are cookies and how do we use them?

A "cookie" is a bite-sized piece of data stored on your computer. We use them to track your activity to help ensure you get the smoothest possible experience when visiting our website. We can use the information from cookies to ensure we present you with options tailored to your preferences on your next visit. We can also use cookies to analyse traffic and for advertising purposes.  

If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings.

How to reject cookies

You may choose to opt-out by changing your browser settings, if you don’t want to receive cookies that are not strictly necessary to perform basic features of our site.

Most web browsers will accept cookies but if you would rather we didn’t collect data in this way you can choose to accept all or some, or reject cookies in your browser's privacy settings. However, rejecting all cookies means that you may not be able to take advantage of all our website's features.

Disclosure of your information inside and outside of the EEA

We will only share your personal information with:

  • HEIW staff;
  • Analytics and search engine providers that assist us in the improvement and optimisation of our site.

Where we store and process your personal data  

Access to your personal data is restricted to the authorised team within HEIW. The data is collected, processed and stored securely from unauthorised access, alteration or disclosure. The following security measures are taken:

  • The system implements encrypted communication via SSL certificates
  • The data is accessed by authorised users through secure authentication and authorisation protocol
  • We review our data management strategy to evaluate information collection, storage and processing practices, to guard against unauthorised access to systems
  • With defined access control policies in place, only restricted access is provided to authorised members of staff at HEIW
  • Data is stored within the United Kingdom

Your personal data will be retained for six years after you decide to remove your account from the website, at which point your personal data will be confidentially and securely destroyed.

Your rights  

For the purpose of providing you our full services we may occasionally send email communication or relevant news updates. You can manage your email communication preferences by contacting HEIW, completing relevant boxes on our registration form, or updating your preferences on our website.

Our site may, from time to time, contain links to and from the websites of our partner suppliers. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

The GDPR provides you with the following rights. To:

  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party in certain formats, if practicable.
  • Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link:

For any clarification on the above rights, please contact HEIW by emailing

Access to information  

The Data Protection Act 1998 and the GDPR give you the right to access information held about you.  We also encourage you to contact us to ensure your data is accurate and complete.

Your right of access can be exercised in accordance with the GDPR.

A subject access request should be submitted to 

Changes to our privacy notice  

Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.


Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to:

The Data Protection Team who can be contacted at

Last modified: Monday, 13 May 2019, 2:42 PM