HEIW Privacy Policy

Banner with HEIW and Gwella Logo

Gwella Leadership Portal Privacy Policy

Effective date: 9th August 2020
Updated: 6th January 2023


NHS Wales is made up of several health organisations that include Health Education and Improvement Wales (HEIW), the Wales lead for education, training and the healthcare workforce. Established October 2018, HEIW’s remit includes statutory responsibility for Leadership and succession planning. Our Workforce strategy for health and Care in Wales published 2020 articulates our leadership ambition that by 2030, leaders across the health and care system will demonstrate compassionate and collective leadership behaviours.

Our leadership strategy needs to be underpinned by collective and compassionate leadership principles, coupled with a consistent approach. To provide this consistency pan Wales, easy access to a range of evidence-based, credible leadership resources was required. Our solution was the creation of Gwella (Welsh for improve).

Gwella is a modern, national leadership portal, providing open access to compassionate leadership materials.

What is the Gwella system?

Gwella, hosted by CDSM on behalf of HEIW, is a learning and event management system with associated virtual learning environment. The system facilitates the delivery of a suite of compassionate leadership offerings across Wales, creation of compassionate networks, development of compassionate leadership resources, blended learning pathways to support talent needs, develop a pipeline of compassionate leaders and functionality to support large complex virtual leadership conferences and events. Limited and specific access is also available for Health Boards, Universities and Social Care in Wales. The system holds information relating to HEIW, Health Board, University and Social Care staff users and their associated learners and event delegates.

Your rights

This privacy notice is intended to provide transparency and accountability regarding what personal data via Gwella, on behalf of Health Education and Improvement Wales (HEIW) will be collected about you, how it will be processed and stored, how long it will be retained, who will have access to your data and your rights.

The information we give you about our use of your information will be:

Where information collected on you is identifiable and relevant, HEIW will make sure that you are able to have access to this. This is so that you know what we hold.

You have the right:

If you wish to know more, please contact the person listed below for further information about your rights of access.

HEIW will look at your request to make sure that the information requested is personal information. Most of the time, it will be clear that the information is personal but HEIW will contact you if it is not clear within your request.

What about rights to correct or delete inaccurate information?

If any personal data has been provided by yourself and you feel that this is incorrect, you are entitled to request that HEIW correct any mistakes in this information, regardless of the context of the use.

HEIW must ensure that proven inaccurate or incomplete information is either erased or corrected.

What laws do we use?

The law determines how we can use information. In those areas where we use identifiable information, the laws we follow that allow this to happen are listed below:

Health Education and Improvement Wales (HEIW) is the organisation that administrates the processes that involves the collection of specific data through the work of many areas including Gwella. For these purposes, HEIW is the data controller.

Why and how your personal data is collected via Gwella

Your personal data is collected to support HEIW’s management of the courses and events run via the system. Personal data is collected from the point of creating an account to access the system and during relevant course assessments.

What information do we collect?

We may also collect information on how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

Security of your Information

HEIW takes responsibility to look after all information very seriously. This is regardless of whether it is electronic or in paper form and whether it is identifiable or not.

All staff are required to undertake training on a regular basis. The training makes sure that all staff working in HEIW (including the wider NHS), are aware of their responsibilities about the handling of your information regardless of the department that they work in.

Read more on the HEIW Information Governance pages.

Keeping your information

We will only store information for as long as necessary dependant on the type and use.

Records are stored in line with Records Management Code of Practice for Health & Social Care’s retention and disposal schedule. This determines the minimum length of time records should be kept.

HEIW will retain data in order to comply with legal requirements.

If accounts are inactive for a period of eighteen months or more, then they will be deactivated.

Sharing your information

Staff members employed by HEIW and by Health Boards, Universities and Social Care with specific authorised roles will have access to data entered into Gwella as appropriate.

Your personal data may be shared with HEIW, Health Board staff and Professional bodies for lawful purposes only, in line with our public task.


Reports may be produced on the completion of learning materials and grades awarded which identify individuals.

Aggregated, anonymised reports may also be produced within HEIW to provide comparative analysis, at no point will any individuals be identified in these reports. Some reports to third parties (i.e. Health Boards, NWSSP or national bodies such as Welsh Government) do identify individuals but these are reported and sent in a secure way by only nominated, authorised staff in both HEIW and the receiving organisation. Health Boards in Wales will also produce reports identifying individuals for local reporting requirements. In this instance, it is the health board and not HEIW who is responsible for any data sharing with a third party.

Where the data is used for analysis and publication by a recipient or third party, any publication will be on an anonymous and aggregated basis and will not make it possible to identify any individual. This will mean that the data ceases to become personal data.

Third parties may include the following:

Site Communication

Please note, we may send emails about essential matters in relation to your Gwella account and the services you use. You can alter your communication preference within the platform.

Making a complaint

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.

If you wish to make a complaint about any issues you have experienced regarding your information, then please contact:

Data Protection Officer

Health Education and Improvement Wales,
Tŷ Dysgu,
Cefn Coed,
CF15 7QQ

Email: HEIW.InformationGovernance@wales.nhs.uk

If you are still unsatisfied following your complaint and this remains unresolved, you have the right to make a complaint to the:

Information Commissioner’s Office,
2nd Floor, Churchill House,
17 Churchill Way,
CF10 2HH

Email: wales@ico.gsi.gov.uk
Website: ico.org.uk

Further information

For more information relating to this privacy notice or questions on the content, please contact:

Health Education and Improvement Wales (HEIW)
Email: HEIW.InformationGovernance@wales.nhs.uk

return to previous page