Privacy policy - Healthy Working Lives

Privacy policy

The Healthy Working Lives programme is delivered by NHS Health Scotland, a national NHS Board, in collaboration with Scotland’s 14 local NHS Boards.

We fully respect your right to privacy when using our services. Here you will find details of our privacy practices and what we do to maintain your right to privacy.

What information do we collect about you?

We collect information about you and your organisation when you access any of our services online, by phone or in writing. We only collect the information we ask from you, that you give us and consent, to being processed for the purpose of delivering the Healthy Working Lives programme.

When you are using self-assessments, forms and records on the website, if you are a registered user and sign in to your account, we will:

  • Store your form data for 7 days, if you choose to save your progress and come back to it later.
  • Record that you have used a self-assessment, form or record.

If you use self-assessments, we will record some of your answers to questions. We only do this where your answers suggest you would benefit from additional free support and you have agreed that we can contact you.

How will we use the information we collect?

We process your information for the purpose of providing you with services from Healthy Working Lives. This includes some or all of the following:

  • Managing your registrations, requests and enquiries you have submitted to us.
  • Allowing you to create a Healthy Working Lives website account and receive the benefits of being a registered Healthy Working Lives website user.
  • Allowing you to use other Healthy Working Lives Surveys online tools including Healthy Working Lives Surveys tool and Healthy Working Lives Award eportfolio.
  • Helping us to know what you need, and providing opportunities to give us feedback so that we can tailor and improve our products and services appropriately.
  • Providing you with information about products and services offered or promoted through Healthy Working Lives that you have opted in to receive.
  • Conducting data and statistical analysis to monitor performance of our services and make improvements.

If you are a Healthy Working Lives award holder, the name of your organisation will be published on the Holders of the award page.

NHS Health Scotland may share the information we collect with:

  • The 14 local NHS Boards with which we deliver the Healthy Working Lives programme.
  • Our affiliates and service providers in the UK/EU as necessary for the purpose of keeping you updated on our products and services.

We may also disclose the information to a third party where we have a legal obligation to do so. NHS Health Scotland will not share with or sell your personal information to any other organisation.

How do we look after your information?

The information we collect about you and your organisation is stored on an electronic database on a secure server hosted and maintained by a UK/EU third party.

If you create a website account, your account username (your email address) and password is stored on the website Content Management System (CMS).

We will only save form data on the website CMS for 7 days if you have

  • signed into your account
  • completed self-assessments, forms or records, and
  • saved progress.

The website and Healthy Working Lives Surveys tool are hosted on a secure server by a third party in the UK/EU, and are maintained by NHS Health Scotland staff.

The principles of the General Data Protection Regulation (GDPR) require us to make sure your data is accurate, kept up-to-date and that we keep it for no longer than is necessary.

To meet these requirements:

  • We will update your data or remove it from our database or website CMS at your request.
  • We will include details of how to unsubscribe from email updates on our products and services, if you have opted in to receive them.
  • We will remove you from our database if there has been no contact with you for 18 months.

Webchat

The Healthy Working Lives webchat service is provided by Click4Assistance (external website). For information on how Click4Assistance handles your data, you can read their privacy policy relating to webchat (external website).

Website log files

Using our website will generate log files of your activity. These files do not capture personal information but do capture the user's IP address. We store these log files on a secure server.

We use Google Analytics to analyse these files regularly to monitor website usage and evaluate the effectiveness of our website. We do occasionally allow trusted partners and suppliers access to our Google Analytics. This information is not personally identifiable. For more information go to our Cookies page.

We make no attempt to identify individual users of this website, unless we suspect that unauthorised access to our systems is being attempted. We reserve the right to attempt to identify and track any individual who is reasonably suspected of trying to gain unauthorised access to computer systems or resources operating as part of NHS Health Scotland web services. As a condition of using this site, all users give permission for NHS Health Scotland to use its access logs to attempt to track users who are reasonably suspected of gaining, or attempting to gain, unauthorised access.

Your rights

Under the General Data Protection Regulation (effective from 25 May 2018), there are a number of new rights relating to Data Protection:

You have the following rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

You can find more information about these rights on the Information Commissioner’s website (external website).

Access to your information, changes, and complaints

To request a copy of the information that we hold about you, correct any information that is inaccurate, unsubscribe from our services, or withdraw your consent, you can contact us or write to us at:

Healthy Working Lives
Health and Work Directorate
NHS Health Scotland
Meridian Court
5 Cadogan Street
Glasgow
G2 6QE

If you have created a website account, you can sign in and edit your profile to update some of your details.

For enquiries about NHS Health Scotland (the Data Controller) data protection practices, you can contact Duncan Robertson, NHS Health Scotland’s Senior Policy, Risk and Data Protection Officer by email at duncanrobertson@nhs.net or by phone on 0131 314 5436.

Should you wish to make a complaint about NHS Health Scotland’s collection or use of data, the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals is the Information Commissioner’s Office (external website).