NHS Wales is made up of several health organisations that include Health Education and Improvement Wales (HEIW) who have a leading role in the education, training, development, and shaping of the healthcare workforce in Wales, in order to ensure high-quality care for the people of Wales.
HEIW key functions include:
- Working closely with partners and key stakeholders, and planning ahead to ensure the health and care workforce meets the needs of the NHS and people of Wales, now and in the future;
- Being a reputable source of information and intelligence on the Welsh health and care workforce;
- Commissioning, designing, and delivering high quality, value for money education and training, in line with standards;
- Using education, training, and development to encourage and facilitate career progression;
- Supporting education, training, and service regulation by playing a key role in representing Wales, and working closely with regulators;
- Developing the healthcare leaders of today and the future;
- Providing opportunities for the health and care workforce to develop new skills;
- Promoting health and care careers in Wales, and Wales as a place to live;
- Supporting the professional workforce and organisation development profession with Wales; and
- Continuously improving what we do and how we do it.
If you have any questions regarding how your information is used you must contact the person shown at the bottom of this notice.
What is the RSU Resources website?
The RSU Resources website was developed to host a collection of small resources for the Revalidation Support Unit. These resources range from informational modules and help/guidance to interactive assessments that require a user account for access.
This privacy notice is intended to provide transparency and accountability regarding what personal data, via RSU Resources, Health Education and Improvement Wales (HEIW) will collect about you, how it will be processed and stored, how long it will be retained, who will have access to your data and your rights.
The information we give you about our use of your information will be:
- Brief, easy to read and easily accessible;
- Written in clear, plain language; and
- Free of charge.
What personal data is collected?
Personal data is information from which an individual can be identified either directly or indirectly when the information is read in conjunction with other data that a data controller holds.
The only data items collected are as follows:
- First name
What laws do we use?
The law determines how we can use information. The laws we follow that allow us to use identifiable information are listed below:
- General Data Protection Regulation
- UK Data Protection Bill
- Human Rights Act
- Freedom of Information Act
- Common Law Duty of Confidence - Confidentiality
- Computer Misuse Act
- Audit Commission Act
- Regulation of Investigatory Powers Act
Health Education and Improvement Wales (HEIW) is the organisation that administrates the processes that involves the collection of specific data through the work of many areas including RSU Resources. HEIW is the holder and user of your information for these processes.
Why your personal data is collected
The RSU Resources website provides online interactive assessments, taking part in these will result in a record of your personal achievement within that assessment. This record will be tied to the user account that you set up with us.
Our legal basis for the processing of personal data is our legitimate business interests, although we will also rely on contract, legal obligation and consent for specific uses of data where applicable.
We will rely on legal obligation if we are required to hold information relating to you to fulfil our legal obligations.
We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required.
How your personal data is collected
Personal data is collected from your point of registration or via self-update on RSU Resources.
How your personal data is kept secure
Access to your personal data is restricted to the authorised team within HEIW that support and manage the RSU Resources system. Access is also granted on a limited basis to users with specific authorised roles such as the Online Applications Developer (HEIW) or The RSU Resources Project Leads (HEIW) but only where necessary for a specified and legitimate purpose that has been assessed for fairness and lawful processing.
Your personal data on RSU Resources will be retained in accordance with the HEIW Information and Data Governance Policies including Confidentiality guidelines, Records Management and Data Quality.
How and why your personal data may be shared
Staff members employed by HEIW with specific authorised roles will have access to data entered into RSU Resources as appropriate.
Your personal data may be shared with HEIW Staff (only those who support and manage RSU Resources).
Aggregated, anonymised reports may be produced within HEIW to provide the comparative analysis. At no point will any individuals be identified in these reports.
HEIW will not transfer your data to a third party unless it is satisfied of the following matters:
- That there is a fair and lawful basis to share your personal data with the third party (this is accessed for fair and legal purposes at every eventuality).
- The data will be handled by the third party in accordance with their own arrangements on Data Protection legislation and will only be shared if they demonstrate their own compliance with the law.
Where the data is used for analysis and publication by a recipient or third party, any publication will be on an anonymous and aggregated basis, and will not make it possible to identify any individual. This will mean that the data ceases to become personal data.
Third parties may include the following:
- UK health departments,
- other deaneries,
- the GMC,
- NHS Trusts/Health Boards/Health and Social Care Trusts and
- approved academic researchers.
Security of your Information
HEIW takes responsibility to look after your personal information very seriously. This is regardless of whether it is electronic or in paper form.
We also employ someone who is responsible for managing information and its confidentiality to ensure:
- your information is protected; and
- Inform you how it will be used.
All staff are required to undertake training on a regular basis. Comprehensive training is required to help protect the information that has been given, used, processed by HEIW.
The training makes sure that all staff working in HEIW (including the wider NHS), are aware of their responsibilities about the handling of your information regardless of the department that they work in.
Your rights and responsibilities
It is important that you work with us to ensure that the information we hold about you is accurate and up to date.
All communications from HEIW will normally be by email. It is therefore essential for you to maintain an effective and secure email address or you may not receive important news and updates.
Where identifiable and relevant, HEIW will make sure that you are able to have access to your information. This is so that you know what we hold.
You have the right:
- To know about details of how your information is used; and
- Have copies of your information.
HEIW and all of its services have a “legitimate interest” in continuing to process personal data where:
- there is a real business interest being pursued in continuing to process the personal data;
- the processing is absolutely necessary in order for the business to pursue that interest (i.e. the interest cannot be pursued in another way which is proportionate); and
- the processing is balanced against the impact such processing will have on the fundamental rights and freedoms of data subjects.
It is important that you understand who is responsible for keeping your data safe. We collect your personal data with your express consent for purposes set out in this Privacy Notice.
The lawful basis for processing are set out in the GDPR Article 6.
For more information about Article 6, please refer to the following link:
If you have any concerns in relation to how your personal data is processed, please contact the RSU Resources team, contact details in the further information section below.
Should you wish to learn further information about legislation relating to confidentiality, please visit the Information Commissioner's Office (ICO) website. The ICO deals with complaints about how data controllers have dealt with information matters and provides useful guidance. https://ico.org.uk/
Making a complaint
If you wish to make a complaint about any issues you have experienced regarding your information, then please contact and reference the ‘RSU Resources website’:
Ysgrifennydd y Bwrdd/Board Secretary
Addysg a Gwella Iechyd Cymru/Health Education and Improvement Wales
Ffôn/Tel: 079 7130 0537
If you are still unsatisfied following your complaint and this remains unresolved, you have the right to make a complaint to the:
Information Commissioner’s Office,
17 Churchill Way,
Cardiff, CF10 2HH
For more information relating to this privacy notice or questions on the content, please contact:
Addysg a Gwella Iechyd Cymru (AaGIC) / Health Education and Improvement Wales (HEIW)