Gwella Leadership Portal Privacy Policy

Effective date: 17th March 2020

Updated 17th March 2020

Health Education and Improvement wales ("us", "we", or "our")operates the https://nhswalesleadershipportal.heiw.wales (the "Service").

This page informs you of our policies regarding the collection, use, anddisclosure of personal data when you use our Service and the choices you haveassociated with that data.

We use your data to provide and improve the Service. By using the Service, youagree to the collection and use of information in accordance with this policy.

Definitions

Service

Service is the https://leadershipportal.heiw.wales website operated by Health Education andImprovement Wales

Personal Data

Personal Data means data about a living individual who can be identifiedfrom those data (or from those and other information either in ourpossession or likely to come into our possession).

Usage Data

Usage Data is data collected automatically either generated by the use ofthe Service or from the Service infrastructure itself (for example, theduration of a page visit).

Cookies

Cookies are small pieces of data stored on your device (computer or mobiledevice).

Data Controller

Data Controller means the natural or legal person who (either alone orjointly or in common with other persons) determines the purposes for whichand the manner in which any personal information are, or are to be,processed.

For the purpose of this Privacy Policy, we are a Data Controller of yourPersonal Data.

Data Processors (or Service Providers)

Data Processor (or Service Provider) means any natural or legal person whoprocesses the data on behalf of the Data Controller.We may use the services of various Service Providers in order to processyour data more effectively.

Data Subject (or User)

Data Subject is any living individual who is using our Service and is thesubject of Personal Data.

Information Collection And Use

We collect several different types of information for various purposes toprovide and improve our Service to you.

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personallyidentifiable information that can be used to contact or identify you("Personal Data"). Personally identifiable information may include, but is notlimited to:

• Email address
• First name and last name
• Phone number
• Address, Postal code, City
• Cookies and Usage Data

We may use your Personal Data to contact you with newsletters, marketing orpromotional materials and other information that may be of interest to you.You may opt out of receiving any, or all, of these communications from us byfollowing the unsubscribe link or instructions provided in any email we sendor by contacting us.

Usage Data

We may also collect information how the Service is accessed and used ("UsageData"). This Usage Data may include information such as your computer'sInternet Protocol address (e.g. IP address), browser type, browser version,the pages of our Service that you visit, the time and date of your visit, thetime spent on those pages, unique device identifiers and other diagnosticdata.

Location Data

We may use and store information about your location if you give us permissionto do so. We use this data to provide features of ourService, to improve and customize our Service.

You can enable or disable location services when you use our Service at anytime, through your device settings.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on ourService and hold certain information.

Cookies are files with small amount of data which may include an anonymousunique identifier. Cookies are sent to your browser from a website and storedon your device. Tracking technologies also used are beacons, tags, and scriptsto collect and track information and to improve and analyze our Service.You can instruct your browser to refuse all cookies or to indicate when acookie is being sent. However, if you do not accept cookies, you may not beable to use some portions of our Service.

Examples of Cookies we use:

• Session Cookies: We use Session Cookies to operate our Service.
• Preference Cookies: We use Preference Cookies to remember your preferencesand various settings.
• Security Cookies: We use Security Cookies for security purposes.

Use of DataHealth Education and Improvement Wales uses the collected data forvarious purposes:

• To provide and maintain our Service
• To notify you about changes to our Service
• To allow you to participate in interactive features of our Service when you choose to do so
• To provide customer support
• To gather analysis or valuable information so that we can improve our Service
• To monitor the usage of our Service
• To detect, prevent and address technical issues
• To provide you with news, special offers and general information about other goods, services andevents which we offer that are similar to those that you have already purchased or enquired aboutunless you have opted not to receive such information

##Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)##

If you are from the UK, Health Education and Improvement Wales legal basis for collecting and usingthe personal information described in this Privacy Policy depends on the Personal Data we collectand the specific context in which we collect it.Health Education and Improvement Wales may process your PersonalData because:

• We need to perform a contract with you
• You have given us permission to do so
• The processing is in our legitimate interests and it's not overridden byyour rights
• For payment processing purposes
• To comply with the law

Retention of Data

Health Education and Improvement Wales retain your PersonalData only for as long as is necessary for the purposes set out in this PrivacyPolicy. We will retain and use your Personal Data to the extent necessary tocomply with our legal obligations (for example, if we are required to retainyour data to comply with applicable laws), resolve disputes, and enforce ourlegal agreements and policies.

Health Education and Improvement Wales also retain Usage Datafor internal analysis purposes. Usage Data is generally retained for a shorterperiod of time, except when this data is used to strengthen the security or toimprove the functionality of our Service, or we are legally obligated toretain this data for longer time periods.

Transfer Of Data

Your information, including Personal Data, may be transferred to — andmaintained on — computers located outside of your state, province, country orother governmental jurisdiction where the data protection laws may differ thanthose from your jurisdiction.

If you are located outside United Kingdom and choose to provide information tous, please note that we transfer the data, including Personal Data, to UnitedKingdom and process it there.

Your consent to this Privacy Policy followed by your submission of suchinformation represents your agreement to that transfer.Health Education and Improvement Wales will take all stepsreasonably necessary to ensure that your data is treated securely and inaccordance with this Privacy Policy and no transfer of your Personal Data willtake place to an organization or a country unless there are adequate controlsin place including the security of your data and other personal information.

Disclosure Of Data

Business Transaction

If Health Education and Improvement Wales is involved in a merger,acquisition or asset sale, your Personal Data may be transferred. We willprovide notice before your Personal Data is transferred and becomes subject toa different Privacy Policy.

Disclosure for Law Enforcement

Under certain circumstances, Health Education and Improvement Walesmay be required to disclose your Personal Data if required to do so by law orin response to valid requests by public authorities (e.g. a court or agovernment agency).

Legal Requirements

Health Education and Improvement Wales may disclose your PersonalData in the good faith belief that such action is necessary to:

• To comply with a legal obligation
• To protect and defend the rights or property of Health Education and Improvement Wales
• To prevent or investigate possible wrongdoing in connection with theService
• To protect the personal safety of users of the Service or the public
• To protect against legal liability

Security Of Data

The security of your data is important to us, but remember that no method oftransmission over the Internet, or method of electronic storage is 100%secure. While we strive to use commercially acceptable means to protect yourPersonal Data, we cannot guarantee its absolute security.

##Your Data Protection Rights Under General Data Protection Regulation (GDPR)##

If you are a resident of the UK, you have certain data protection rights. Health Education andImprovement Wales aimsto take reasonable steps to allow you to correct, amend, delete, or limit the use of your PersonalData.

If you wish to be informed what Personal Data we hold about you and if youwant it to be removed from our systems, please contact us.In certain circumstances, you have the following data protection rights:

• The right to access, update or to delete the information we have on you. Whenever madepossible, you can access, update or request deletion of your Personal Data directly within youraccount settings section. If you areunable to perform these actions yourself, please contact us toassist you.
• The right of rectification. You have the right to have your information rectified if thatinformation is inaccurate or incomplete.
• The right to object. You have the right to object to our processing of your Personal Data.
• The right of restriction. You have the right to request that we restrict the processing of yourpersonal information.
• The right to data portability. You have the right to be provided with a copy of the informationwe have on you in a structured, machine-readable and commonly used format.
• The right to withdraw consent. You also have the right to withdraw your consent at any timewhere Health Education and Improvement relied on your consent to process your personalinformation.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of yourPersonal Data. For more information, please contact your local data protection authority.

Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"),to provide the Service on our behalf, to perform Service-related services or to assist us in analyzinghow our Service is used.These third parties have access to your Personal Data only to perform these tasks on our behalf andare obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service.

Payments

We may provide paid products and/or services within the Service. In that case,we use third-party services for payment processing (e.g. payment processors).We will not store or collect your payment card details. That information isprovided directly to our third-party payment processors whose use of yourpersonal information is governed by their Privacy Policy. These paymentprocessors adhere to the standards set by PCI-DSS as managed by the PCISecurity Standards Council, which is a joint effort of brands like Visa,Mastercard, American Express and Discover. PCI-DSS requirements help ensurethe secure handling of payment information.

The payment processors we work with are:

• Secure Trading

Their Privacy Policy can be viewed at https://www.securetrading.com/privacy/

Links To Other Sites

Our Service may contain links to other sites that are not operated by us. Ifyou click on a third party link, you will be directed to that third party'ssite. We strongly advise you to review the Privacy Policy of every site youvisit.We have no control over and assume no responsibility for the content, privacypolicies or practices of any third party sites or services.

Children's Privacy

Our Service does not address anyone under the age of 18 ("Children").We do not knowingly collect personally identifiable information from anyoneunder the age of 18. If you are a parent or guardian and you are aware thatyour Children has provided us with Personal Data, please contact us. If webecome aware that we have collected Personal Data from children withoutverification of parental consent, we take steps to remove that informationfrom our servers.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of anychanges by posting the new Privacy Policy on the platform.

We will let you know via email and/or a prominent notice on our Service, priorto the change becoming effective and update the "effective date" at the top ofthis Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes.Changes to this Privacy Policy are effective when they are posted on thispage.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

By email: HEIW.Leadership.Programme@wales.nhs.uk

By mail: Health Education and Improvement Wales, Ty· Dysgu, Cefn Coed, Nantgarw, CF15 7QQ