Privacy Policy
Overview
Birmingham Quality is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified – either by using this website or by other means, we aim to respect any personal data, keep it safe and only use it in accordance with this privacy statement.
The provision of your personal data to us is voluntary. However, without providing us with your personal data, you will be unable to (as appropriate) register for participation in our External Quality Assessment (EQA) Programmes, become a donor or make a general enquiry we can respond to.
Birmingham Quality may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from Friday, May 25, 2018.
1. We collect information about you:
(1) When you give it to us DIRECTLY
You may give us your personal data in order to register for an EQA Programme, provide general participant feedback or register as a donor for one of our EQA programmes.
(2) When you give it to us INDIRECTLY
Your information may be shared with us by other UK NEQAS centres (when managing your unique UK NEQAS Laboratory Identifier Code) and may be provided to us when you follow us or otherwise interact with us on or via social media sites.
(3) When you give permission to OTHER ORGANISATIONS to share it or it is AVAILABLE PUBLICLY
We may combine information you provide to us with information available from external publicly available sources.
2. What information do we collect?
We may collect, store and use the following kinds of personal data:
(1) We will typically hold your name and contact details, including physical address, telephone number and email address. However we may request other information where it is appropriate and relevant, for example when relating to donors of material:
- Results of virology tests on donated blood
- Details about medical conditions
- Details about current medication used and allergy status
(2) Any other information shared with us as per clause 1
Do we process sensitive personal data?
Applicable law recognises certain categories of personal data as sensitive and therefore requiring more protection, including health information, ethnicity and political opinions. For some donors we collect sensitive personal data expressly for the purpose of gauging their eligibility to donate, and will do so only with their explicit consent.
3. How and why will we use your personal data?
Personal data, however provided to us, will be used for the purposes specified in this Policy, in relevant parts of the website and generally at the point of collection.
We may use your personal data to:
- Enable you to register as a participant in our EQA Programmes;
- Maintain participation details and various statistical processing configuration parameters [for said EQA Programmes];
- Send you EQA specimens;
- Enable us to contact you with respect to the publication of EQA Reports;
- Handle the coordination of donations
- Provide you with the services, products or information you have signed up to/requested;
- Deal with enquiries and complaints made by or about you relating to the website, the delivery of our service or us in general;
- Provide you with quotations for EQA Programme subscriptions;
- Audit and/or administer our accounts
4. Data Controller
Birmingham Quality is the Data Controller for data obtained via this website or by other means unless otherwise explicitly stated. We may be contacted via email at birminghamquality@uhb.nhs.uk. Further information on how to contact Birmingham Quality may be found on the contact us page of our website.
5. Lawful basis for processing
We are required to have one or more lawful grounds to process your personal information. Only 3 of these are relevant to us:
- Personal data is processed on the basis of one‘s consent
- Personal data is processed on the basis of a contractual relationship
- Personal data is processed on the basis of legitimate interests
(1) Consent
When we collect personal data from you for the purposes of donating EQA material, we will ask for your explicit consent to use your personal data to contact you to schedule said donations and to determine whether you are eligible to provide such donations.
There are a limited set of EQA Programmes where we require your consent to provide the service to you and at the point of registration will make it clear why we need that consent to provide said service.
(2) Contractual relationships
Where a [new or existing] EQA Programme participant requires a UK NEQAS Laboratory Identifier Code; as part of the process to allocate that code – we may store the participant’s personal data within a secure, proprietary computer system along with their newly allocated code so that the same code may be used when/if registering for EQA Programmes conducted by any of the centres that are affiliated with UK NEQAS.
Additionally, where appropriate – we are obliged to share information with National Quality Assurance Advisory Panels (NQAAP) and Quality Assurance Pathology Committee (QAPC) regarding consistently poor performing EQA Programme participant laboratories. Participants will be informed of any referral to NQAAP/QAPC if it relates directly to them. The content of such referral will be made available to relevant participants.
The lawful basis for processing your personal data under these circumstances would be that of a contractual relationship.
(3) Legitimate interests
Applicable law allows personal data to be collected and used if it is reasonably necessary for our legitimate activities (provided its use is fair, balanced and does not unduly impact individuals’ rights).
We will rely on this lawful basis to process your personal data when it is not practical or appropriate to ask for consent.
Achieving our purposes
These include (but are not limited to) our overall aim of delivering confidence in laboratory results through the expert delivery of proficiency testing services.
Governance
- Internal and external audit to maintain UKAS Accreditation to ISO/IEC 17043
- Where appropriate, report consistently poor performing EQA Programme participants to NQAAP/QAPC
Continuous Improvement
- Soliciting general participant feedback
- Liaising with equipment manufacturers to monitor performance
- Service delivery and strategic product development
- Automating processes to cut waste, reduce errors and drive improvements
Operational Management
- Employee training and development
- Health & Safety and Waste Management
- Physical security, IT and network security
Purely administrative purposes
- Responding to enquiries
- Communications designed to administer, coordinate and execute existing services
- Delivery of requested EQA Programme information
Financial Management and control
- Providing fast and accurate service subscription quotations
- Processing financial transactions and maintaining financial controls
- Prevention of fraud and misuse of services
When we use your personal data, we will consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal data in ways that are not unduly intrusive or unfair in other ways.
6. Children’s data
We do not knowingly process data of any person under the age of 16. Should we discover, or have reason to believe, that you are 15 and under and we are holding your personal data, we will delete that data within a reasonable period and withhold our services accordingly.
7. Security and access to your personal data
We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure of or access to your personal data.
Your information is accessible only by appropriately trained staff.
Please note that some countries outside of the EEA have a lower standard of protection for personal data, including lower security requirements and fewer rights for individuals. We do not transfer and/or store personal data collected from you to and/or at a destination outside the UK.
Otherwise than as set out in this Privacy Policy, we will only ever share your data with your informed consent.
8. Your rights
Where we rely on your consent to use your personal data, you have the right to withdraw that consent at any time. You also have the following rights:
(1) Right to be informed – you have the right to be told how your personal data will be used. This Policy and other policy statements used on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.
(2) Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we have 30 days to comply.
(3) Right of erasure – as from 25 May 2018, you can ask us for your personal information to be deleted from our records. In many cases we would propose to suppress further communications with you rather than delete it.
(4) Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated.
(5) Right to restrict processing – you have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.
(6) Right to data portability – to the extent required by the General Data Protection Regulations (GDPR) where we are processing your personal data (i) under your consent, (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract or (iii) by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.
To exercise these rights, please send a description of the personal data in question using the contact details in section 4 above. Where we consider that the information with which you have provided us does not enable us to identify the personal data in question, we reserve the right to ask for (i) personal identification and/or (ii) further information.
Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you consult Information Commissioner’s Office (ICO) guidance – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ – or please contact us using the details in section 4.
In addition, you are also entitled to make a complaint about us or the way we have processed your data to the ICO. For further information on how to exercise this right, please see the guidance at https://ico.org.uk/for-the-public/personal-information/. The contact details of the ICO can be found at https://ico.org.uk/global-contact-us/.
9. Data retention
Requests to remove data will be acted upon within the agreed timescale but deleted document archives will be retained for 5 years (subject to NHS records retention requirements).
10. Policy amendments
We keep this Privacy Policy under regular review and reserve the right to update it from time-to-time by publishing an updated version on our website, not least because of changes in applicable law. Our recommendation is that you occasionally refer to this Privacy Policy to maintain awareness and to ensure you’re satisfied with it. We may also notify you of changes to our privacy policy by email.
11. How we use cookies
Cookies are not used on this site.
12. Third party websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
13. Updating information
You can check the personal data we hold about you, and ask us to update it where necessary, by emailing us at birminghamquality@uhb.nhs.uk.