Cookies and Privacy
The NRS website Data Controller
Scottish Health Innovations Ltd
Golden Jubilee National Hospital
0141 951 5506
We will process your data in accordance with the Data Protection regulations in force in the UK at the time. You are entitled to know whether we hold information about you and, if we do, to have access to that information and require it to be corrected if it is inaccurate. You also have the right to lodge a complaint with the Information Commissioner's Office. You can contact the ICO here.
How do we use your information?
We analyse information to see what is most effective about our website and associated services to help us identify ways to improve it and to make it more effective. We may also use information for other purposes, which we would describe to you at the point when we collect the information. This includes submission of ideas, product purchase, newsletter sign up or event registration.
What information do we collect?
When you use the Internet, you are assigned a unique address, known as an IP address. We use IP addresses to analyse trends, to administer the website, track users' movements through the website, and gather statistical information. IP addresses are not linked to personally identifiable information. We do not collect any personal data about you on this website, apart from information that you volunteer, either by emailing us or submitted through an online form e.g. idea submission, product purchase event registration or newsletter sign up. We make no attempt to identify individual users of this site, unless we suspect that unauthorised access to our systems is being attempted. Any information you provide is used by us solely for the purpose of processing your information request.
How do we look after your information?
Log files are kept for all user activity on our website. We store these both in a secure database and within Google Analytics. We use Google Analytics to analyse these files regularly to monitor website usage and evaluate the effectiveness of our website – this is commonplace across all internet services to investigate issues such as service availability and the identification of malicious use. All log file information collected by us is kept secure. We do occasionally allow trusted partners and suppliers access to our Google Analytics. This information is not personally identifiable.
We reserve the right to attempt to identify and track any individual who is reasonably suspected of trying to gain unauthorised access to computer systems or resources. As a condition of using this site, all users give permission for NHS Research Scotland to use its access logs to attempt to track users who are reasonably suspected of gaining, or attempting to gain, unauthorised access.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to user needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website
We utilise the following social media platforms to interact with our users:
If you choose to interact with us on social media, we may receive some personally identifiable data about you, which is supplied by the channel you are using. This may include:
- social media handles (e.g. Twitter account name)
- location history (where you are contacting us from)
- images (e.g. your profile picture)
We may use social media management tools (e.g. Hootsuite) to help deliver elements of our service to you. Any personally identifiable data processed using these tools is supplied by the platforms we use, in accordance with their terms and conditions.
Social networks use information about your online activity to build a profile of you. This data is then used (anonymously) to send you targeted adverts across various digital platforms. You should be aware that interacting with health-related accounts such as ours may help build the profile of you that social networks maintain, and could potentially result in you receiving adverts related to health issues. Please note, we do not have access to the profiling data stored by social networks about you. You should also be aware that social networks may control some of the data associated with interactions between you (the user) and us (NRS) on their platforms. For example, we will be able to delete our own records of a private message conversation if you request us to do so, but social networks may store a copy of this conversation that we are unable to access. We would recommend using the privacy tools built into the social networks in question to ensure you are able to exercise your rights appropriately.
Contact Us Forms / Email Contact
In the case of enquiries submitted via the Contact Forms or email submission, we will collect the following additional information for the purposes of providing the services requested.
- Identity Data includes information such as first name, last name, title
- Contact Data includes information such as email address,
We will hold the information for as long as we are providing you services. Our electronic email subscription is managed via Mailchimp. You have the ability to unsubscribe or modify your information at any time here. or via the unsubscribe/preference options at the footer of each email.
We will hold the information for as long as we are providing you services. When registering for an event we will only collect the minimum necessary information and will only communicate with you for the purposes of the event.
How can you access, amend or withdraw the personal data you have given us?
To get in touch about these rights, please contact us via the Data Controller details above. We will seek to deal with your request without undue delay, and in any event within 1 month (subject to any extensions to which we are lawfully entitled).
Right to withdraw consent
Where we have obtained your consent to process your personal data, or consent to send you information, you may withdraw your consent at any time and we will cease to carry out the particular activity that you previously consented to, unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose, in which case we will inform you of this condition.
Data access requests
You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this. If we refuse your request for any legitimate reason, we will always tell you the reasons for doing so.
Right to remove
In certain situations, you have the right to request us to "remove" your personal data. We will respond to your request within the agreed timeframe (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply.
Normally, the information must meet one of the following criteria:
- the data is no longer necessary for the purpose for which we originally collected and/or processed it
where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing
- the data has been processed unlawfully (i.e. in a manner that does not comply with existing Data Protection regulations)
- it is necessary for the data to be deleted for us to comply with our legal obligations as a data controller
We would only be entitled to refuse to comply with your request for one of the following reasons:
- to exercise the right of freedom of expression and information
- to comply with legal obligations or for the performance of a public interest task or exercise of official authority
- for public health reasons in the public interest
- for archival, research or statistical purposes
- to exercise or defend a legal claim
When complying with a valid request for the removal of data, we will take all reasonably practicable steps to delete the relevant data.
Right to restrict processing
You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either: (i) one of the circumstances listed below is resolved; (ii) you consent; or (iii) further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual, or reasons of important public interest. The circumstances in which you are entitled to request that we restrict the processing of your personal data are:
- where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified
- where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data
- where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it
- where we have no further need to process your personal data but you require the data to establish, exercise or defend legal claims.
Right to rectification
You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves a disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
Keeping information secure
We invest significant resources to protect your personal information, from loss, misuse, unauthorised access, modification or disclosure. However, no internet-based site can be 100% secure and so we cannot be held responsible for unauthorised or unintended access that is beyond our control