This table lays out your rights and our obligations in relation to the data we hold
|
Data Type |
|||
|
Rights & Obligations |
Your personal login & web account data for paid services |
Your personal login & web account data for free services |
Anonymised data we process on your behalf |
|
GDPR Scope |
This data is within the scope of GDPR |
This data is within the scope of GDPR |
While it remains anonymised, this data is out of scope of GDPR |
|
Roles |
We are the Controller and Processor |
We are the Controller and Processor |
We are the Processor The supplier of the data is the Controller |
|
Lawful basis for processing |
Contract Our contract with you requires we process your data |
Consent We hold and process your data because you have used your data to register on our website and consented to receive communications from us |
Consent We require that you have the relevant lawful basis or consents of the Data Subjects to process their anonymised data through a 3rd party |
|
Dissemination |
We will not disseminate your data outside of the paid service |
We will not disseminate your data, you may publish material that is publicly associated with your data |
We will not disseminate this data outside of the paid service |
|
Purpose |
To meet our contractual obligations to you To manage and improve our service to you |
To deliver a secure web experience To authenticate you when you interact with the service |
To support public health commissioning of health services |
|
Processes We will process your data in the following ways: |
Supply you with the services you have purchased Provide you with billing information Pursue and undertake our contract with you Manage the security of our web services Share your details with other users of the service |
Manage the security of our web services Send you alerts and news you request Provide an authenticated comments feature Provide you with access to certain restricted areas of our website |
Data validation Tariff calculation KPI reporting Performance analysis |
|
Informed |
You have a right to be kept informed about how and why we use your data |
You have a right to be kept informed about how and why we use your data |
Data Subjects have a right to know their anonymised data is being processed by 3rd parties |
|
Access |
You have a right to access your data and be aware of how it is being processed |
You have a right to access your data and be aware of how it is being processed |
There is no right of access to anonymised data |
|
Rectification |
You have a right to request data related to you is correct and complete, this is usually done by self-managed forms you complete |
You have a right to request data related to you is correct and complete, this is usually done by self-managed forms you complete |
Data Controllers are responsible for ensuring the data they supply us is accurate and complete |
|
Erasure |
We need to maintain your data for our audit and compliance purposes |
You can request your data is erased, we will do so within 1 month |
There is no right of erasure of anonymised data. Where data subjects ask data controllers for their data to be erased, anonymised records will be maintained to enable commissioning |
|
Limit Processing |
We only process your data in support of the provision of the service you have requested Limiting the processing of your data will breach our contract and prevent us from delivering the service to you |
You can self-service the communications we send, and the data you share |
Data Controllers manage the extent of the data processing the service conducts on their data |
|
Portability |
We need to maintain your data for our audit and compliance purposes |
You can copy your data directly off the service |
Data Controllers can extract their data from the service |
|
Object |
You have the right to object if you believe your personal data is being processed for: direct marketing, profiling, scientific or historical research and statistics |
You have the right to object if you believe you data is being processed for: direct marketing, profiling, scientific or historical research and statistics |
Therefore there is no right of objection for anonymised data |
|
Automated Decision Making |
We do not make automated decisions that will significantly affect the Data Subject |
We do not make automated decisions that will significantly affect the Data Subject |
We do not make automated decisions that will significantly affect specific Data Subjects |