TRANSPARENCY NOTICE: HOW WE USE YOUR PERSONAL DATA
This page sets out how we use personal data, in line with the UK General Data Protection Regulation (UK GDPR). It includes a description of our processing activities, and your rights if information about you is included.
The data collected by GPintheCloud relates to users and usage. Although the service enables clinicians to use systems containing patient data, that patient data will remain at all times within the clinical systems and only displayed by GPintheCloud. Patient record retention in GP systems is not affected by this solution.
WHO WE ARE
GPintheCloud is our trading name. Our official names are Delt Shared Services Ltd. and Integy Limited. We are the joint Controllers for our processing of personal data for this service and are independently registered with the Information Commissioner’s Office (ICO).
THE TYPE OF PERSONAL INFORMATION WE COLLECT
We currently collect and process the following information relating to GPintheCloud:
- Personal identifiers, contacts and characteristics (for example, name and contact details)
- Information about your GPintheCloud activity (for example, times of access, services consumed and IP address)
HOW WE GET THE PERSONAL INFORMATION AND WHY WE HAVE IT
We receive your identifying information from the CCGs/ICSs or other commissioning body in order to provide you with access to the GPintheCloud service.
We collect personal information from you to:
- Manage the GPintheCloud service
- Support your use of the GPintheCloud service
We use the information that you have given us to:
- Perform user administration tasks
- Support your use of the GPintheCloud service, for example troubleshooting and incident management
- Monitor the use and performance of the service, and to ensure its security
- Manage licensing and billing for the service
We will share information about your use of GPintheCloud and what services you consumed with the CCG/ICG or other body who commissioned your access to the service.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are: We have a legitimate interest.
HOW WE STORE YOUR PERSONAL INFORMATION
Your information is securely stored.
We keep your user data (user name, access credentials, contact details) for the period of authorisation. The commissioning body (CCG/ICS) will be asked to validate this list at least once every 24 months.
If your account is deauthorised, we keep your basic user account information for 90 days after your account is deauthorised. It will then be automatically deleted.
We keep access data logs for 90 days, after which the data is automatically deleted.
Any information generated by you within the GPintheCloud remote access platform will be deleted when the virtual machine you are using is terminated or when it is refreshed, which occurs every 30 days.
Information may be included as part of records relating to support activities such as fault finding and resolution. In this case it will be kept for the lifecycle of the support products.
We want you to feel confident that we look after everyone’s personal data in line with the law. If you have any questions about your rights, you can get in touch with us at DataProtectionOfficer@deltservices.co.uk.
YOUR DATA PROTECTION RIGHTS
You can find out more about individual rights and when they apply from the Information Commissioner’s Office by clicking on the appropriate links below, and more advice about what data protection law means for you by visiting the Your data matters | ICO
Under data protection law, you have rights including:
Right of access – You have the right to ask us for copies of your personal information.
Right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Right to restrict processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Right to object – You have the the right to object to the processing of your personal information in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at DataProtectionOfficer@deltservices.co.uk if you wish to make a request.
If your request relates to access:
- We invite you to use Delt’s Subject Access Request Form. This will help you to provide the information we need to process your request as quickly as possible, including verification of identity.
- We may write back to ask for clarification or to request that you to narrow or modify your requirements if they are unclear. This will pause the one month timescale for the complete response.
- If your request is complex or we have received multiple requests from you we may extend the time for a further two months. We will tell you if this applies within the initial month and as soon as we identify it.
HOW TO COMPLAIN
If you have any concerns about our use of your personal information, you can make a complaint to us at DataProtectionOfficer@deltservices.co.uk.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk