Eastern AHSN takes the privacy of your personal data and the responsibilities under the UK GDPR and Data Protection Act 2018 seriously. If you send us any of your personal data, we are committed to collecting, maintaining, and securing it in accordance with our internal data protection policies and in-line with data protection legislation.
There are 15 Health Innovation Networks across regions of England, established by NHS England in 2013 to spread innovation at pace and scale – improving health and generating economic growth. AHSNs bring together the NHS, industry, academic, third sector and local organisations. The resulting collaboration ensures innovations, improvements and best practices benefit more patients faster. Health Innovation East is one of the 15 regional networks, our purpose is to turn great ideas into positive health impact. Our focus is the East of England, and being part of the AHSN national network enables us to deliver at scale.
Citizens, academia, health services and industry will achieve more working together than they will in isolation. Our job is to make this happen. We do this by helping innovators to navigate complex systems, generate value propositions and connect stakeholders to overcome challenges together. Sometime this involves sharing information with the Health Innovation Network or other AHSN’s around the country. Therefore, our communications to you are an essential part of achieving our objectives.
Personal data from the Eastern AHSN website
When using the Health Innovation East website, from time to time you will be asked to submit personal information about yourself in order to receive or use services. Such services include but are not limited to newsletters, events, toolkits, training, videosupdates, downloadable content and other email updates. Eastern AHSN collects information when you voluntarily complete forms or surveys via our website, make an enquiry, or provide feedback. Personal data Eastern AHSN may collect include:
When you visit this site, Eastern AHSN automatically collects information using cookies, such as your browser type and operating system, websites you visited before and after visiting our website, standard server log information, and internet protocol (IP) addresses. We pool this information and may combine it with other information to produce anonymous, aggregated statistical information which is helpful to us in improving our products and/or services by offering a better customer experience or tailoring how we communicate with you. This information includes:
For further information on the cookies this site collects please refer to the Eastern AHSN cookies policy.
Personal data through our business operations
As well as information collected from you through our website, we may obtain personal data in other ways, such as by phone, email or in paper form during the course of our business operations. In most instances, Eastern AHSN is the data controller for such activities. In addition to the personal data we receive directly from you, we may also receive personal information from our business contacts or from others (about themselves or about other individuals) during our business operations.
Personal data through collected for the purpose of our business operations will be used for the purposes of:
as well as the use(s) set out in the other sections of this privacy notice.
In entering into a contract or business relationship with us, if you fail to provide certain information when requested, we may not be able to perform the contract we have entered with you, or we may be prevented from complying with our legal obligations. We will notify you if this is the case at the time.
Through the course of our business operations, we may also be required to use your personal data to comply with certain laws, or other specific uses for which you have given your consent. In any case where you have given your consent, you will be provided specific information about the nature of the processing at the time of the collection.
Personal data collected through social media pages
Eastern AHSN uses social media data to help you:
As such, you may receive a communication from Health Innovation East (Eastern AHSN) via LinkedIn, Twitter, Facebook, Instagram or other such platforms. By participating in social sharing on our social media pages, you may disclose personal information about yourself. Any information you post or disclose in this way will become public information and may be available to visitors to these pages and to the general public. You should be careful when deciding to disclose your or any third party’s personal information, or any other information, on social medial pages or in any communications with us. You may also disclose personal information if you include third parties in your electronic communications with us.
Information collected through employment applications
In processing applications for employment Eastern AHSN collects resumes, references, certificates of qualification and other personal information about candidates. A member of our Human Resources team will review your application. Alternatively, we may provide your application to a recruitment agency or contractor who assists in reviewing applications that we receive.
Resumes sent as part of an application for an advertised position or sent generally to ascertain whether any positions are available, will be used to match applicants with available opportunities. If we consider that your application may be suited to our requirements, we, or a party acting on our behalf, will contact you to request that you attend an interview. We may also ask you to provide us with contact information for individuals who will act as referees. We may contact these individuals and ask them questions we feel are relevant to your possible employment with us. We may contact you again to request that you attend further interviews or to inform you of whether we are able to offer you a position with us.
If your application is not suitable to our current requirements, but we feel that there may be a position in the future for you with us, we will a keep a record of your application and may contact you again if a suitable position becomes available.
Newsletters: Eastern AHSN uses your contact details to send newsletter subscribers only the following kinds of information
Sharing this knowledge across the region and beyond is a key part of our mission and helps you understand the opportunities available to participate in.
Understanding the organisation you represent, and the role you have in that organisation also means we can support you by serving you communications that are specific to your work.
Events: The data Eastern AHSN collect when users register for the company’s events (online or by any other means) will be utilised for the smooth running of the event. This includes the provision of:
There may be photographers or film crews at Health Innovation East events. If there are, it is our policy to request your consent for photos or videography during event registration or on the day of the event. If you do not consent the photographer / videographer will avoid capturing you and we will obscure your identity post-event as necessary.
Podcasts: If you contribute to a podcast that Eastern AHSN records and / or publishes, it is our policy to request your consent to record you (and capture personal information required to support promotion) before recording begins.
Corporate meetings: If you are involved in any of our corporate meetings e.g. Advisory Panels, or our Innovation Review Panel we will hold your contact details to inform you of upcoming meetings and any updates you may need to know about. We will need to maintain our records in line with our retention policy.
Surveys: The data Eastern AHSN collect when participants complete surveys developed and captured by the organisation (online or by any other means) will be utilised to help analyse survey results and inform recommendations. Where at all possible surveys will be anonymous and will not collect personal data. However, from time-to-time Eastern AHSN (occasionally alongside trusted partners) will collect personal data via surveys. Where this is the case, all appropriate cautions are taken to secure and protect participant information. Survey data is collected to:
Customer Relationship Management (Zoho One / CRM): We capture information on event attendees, social media users, newsletter subscribers and other marketing campaign or business-related communications in Eastern AHSN’s customer relationship management system. The data are used internally to help the organisation understand how we can serve stakeholders better. Capturing data in such a way enables us to have more informed and considerate relationships with our stakeholders. CRM data on Eastern AHSN stakeholders is held in line with Eastern AHSN’s data retention policy.
Project management platform (Verto): Your personal information may also be recorded (in a limited way) by Eastern AHSN’s project management office via the software we use to support PMO. In this instance the data captured will be limited to your name and primary email contact. The data are used internally to help the organisation understand how we can serve stakeholders and helps to run our projects and programmes more efficiently.
Personal data collected from other sources
We may collect personal data from other third parties who act as data controllers. Where we are a data processor of that personal data, we will only use the personal data in accordance with the instructions of the data controller. Our contracts with such third parties require that they are legally able to provide the personal data to us. Such parties include:
Eastern AHSN may collect or share your personal data with the other members of the Academic Health Science Network (see above) for the purposes of improving patient and population health outcomes by translating research into practice, developing and implementing integrated health care services, supporting knowledge exchange networks, sharing best practice and providing for rapid evaluation and early adoption of new innovations.
The legal basis for using this data
At Eastern AHSN we have extensively reviewed how we collect, store and process data for compliance with the applicable data protection legislations (including the Data Protection Act 2018 & UK GDPR).
Where Eastern AHSN are acting as a data controller for the personal data it processes, we rely upon the following lawful bases to process personal data under the UK GDPR:
Non-special category data:
Article 6(1)(a) – Consent
Article 6(1)(b) – Performance of a Contract
Article 6(1)(c) – Legal obligation
Article 6(1)(e) – Performance of a task carried out in the public interest
Article 6(1)(f) – Legitimate Interests
Special category data:
Article 9(2)(b) – Employment, social security and social protection
Article 9(2)(j) – Scientific or historical research purposes
Eastern AHSN is jointly commissioned by the NHS and Office for Life Sciences. Where Eastern AHSN carries out tasks on their behalf, such as facilitating research, development and innovation of healthcare in the region, we will often do so as a Data Processor. In such circumstances, we will not directly will not rely upon a lawful basis for the processing, as the organisation who is commissioning Eastern AHSN for the processing will rely upon the lawful basis as the Data Controller.
Eastern AHSN does not and never will sell your personal data to third parties unless we are required or permitted to do so by law. In those cases, we will have to share your personal data with law enforcement agencies, regulators, courts or other public authorities.
We mainly use the personal data internally to be able to effectively respond to your requests. However, in order for us to provide our services, there are some organisations we are required to or may share personal data with. This is primarily to either store the data with other companies, offer trouble shooting or consultancy services for external platforms, or to work with other AHSN bodies in England.
|Third Party Name||Location of Third Party Data Storage||Function of Third Party|
|Microsoft Limited||United Kingdom||Cloud storage, email service provider|
|The the Health Innovation Network||United Kingdom||National network commissioned by the NHS to support the adoption and spread of innovation across the NHS. Your data would only very rarely be shared with the Health Innovation Network.|
|Zoho Corporation Pvt. Ltd.||European Union||Provides Eastern AHSN’s ‘business operating system, Zoho One – which includes Zoho CRM and a range of applications that Eastern AHSN uses. The instance in which persona data might be shared is during support and troubleshooting for applications within the suite of applications.|
|Verto||European Union||Provides Eastern AHSN project management platform, The instance in which personal data is captured is in a record of project stakeholders held for each project or programme recorded.|
|Clareti Ltd||United Kingdom||External expert consultants for Zoho One and its constituent applications. The instance in which personal data may be available as follows: consultant has login access to system to be able to offer support and trouble shooting services.|
|Stripe||United States||To collect online payment for services such as Eastern AHSN events, training or event consultancy services (among others) Eastern AHSN does not hold any of this information in its systems. Stripe processes:
– Participant name
– Billing address and post code
– Type of credit card used e.g. Visa
– Care expiry date
– Last four (4) digits of payment card number
– Eastern AHSN are also able to see if a payment is accepted or not.
Using Stripe means customers agree to the privacy terms and conditions for the platform, which are also available here.
|Data Connectivity||United Kingdom||Provides Eastern AHSN’s IT infrastructures and operating system – including support and troubleshooting|
Eastern AHSN stores your data from our main website on secure servers.
Some of the personal data collected using this site and third-party sources may be stored or processed by our associates and carefully selected third parties using computers and servers located in other countries, including by means of cloud computing. Such computers and servers may be located both inside and outside of Europe, where data protection laws may differ from the country you live in. We are only permitted to transfer personal data outside of the European Economic Area where there is a legal basis for the transfer under Article 46 of the UK GDPR – for example, the country of the recipient(s) ensures an adequate level of protection or there are suitable contractual protections are in place (including approved Standard Contractual Clauses).
Where possible, Eastern AHSN ensures that all security measures and appropriate safeguards are put in place to protect your information and ensures that all data transfers of personal data comply with the data protection legislation. The companies we work with have been selected carefully and checked that they fulfil the necessary requirements.
Your personal data will be kept in line with our internal retention policy and schedules and any legal obligation placed on the Eastern AHSN. We will not keep your personal data for longer than is necessary. In some instances, we might be required to keep the personal data to fulfil our legal obligations. Otherwise, we delete or anonymise (where we have the appropriate lawful basis to anonymise) your information once this is no longer needed.
We ensure that anywhere your personal data is stored or processed has adequate organisational and technical controls to ensure that the integrity and confidentiality of your data is upheld. Eastern AHSN has put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Unfortunately, the transmission of information via the Internet is not completely secure. Although Eastern AHSN will use reasonable commercial efforts to protect your personal data, we cannot guarantee the security of your data transmitted using the Internet. Anything you send by email or using the internet is at your own risk. Once Eastern AHSN has received your personal data, we will secure your information in accordance with our security procedures and controls to try to prevent unauthorised access, alteration or loss.
As a data subject, where we have processed your data, you have various rights under the UK GDPR about how your personal data is used, which are as follows:
The right of access: Anyone has the right to access and request a copy of the information held about them as individuals. Any requests for information must be sent to email@example.com. The information will be provided to the data subject without undue delay and within one month of receipt in an accessible, concise and intelligible format and will be disclosed in a secure way. Exceptions to this are possible in circumstances where Eastern AHSN is allowed to extend the time limit by law.
The right to rectification: As a data subject, you have the right to rectify inaccurate personal data which we hold on you. If any data held is incorrect, it is our objective that we will correct this within 2-working days of being notified. Rectification requests must be sent to firstname.lastname@example.org.
The right to erasure: In certain cases, you have the right to obtain from us the erasure of your personal data. Any requests for erasure to be sent to email@example.com.. As a data subject, you can only request the personal data is erased where it is no longer necessary for the purposes Eastern AHSN collected it, if you provided the information by consent and you withdraw your consent, the Eastern AHSN has processed the information unlawfully, the erasure is in line with a legal obligation. Within 10 working days Eastern AHSN will notify the requestor of what will happen; either explaining that erasure is not possible/appropriate (given the legal basis for processing) or confirm the action that will be taken to ensure they can be forgotten. If the decision is not to erase, the requestor should also be notified of their ‘Right to Object’ to this decision.
The right to restrict processing: You have the right to obtain from Eastern AHSN restriction of processing, applicable for a certain period and/or for certain situations. Any requests for restricted processing to be sent to firstname.lastname@example.org.. A restriction is only possible where the accuracy of personal data is contested and is being verified, the data has been unlawfully processed, the personal data is no longer needed by the Eastern AHSN but you need the Eastern AHSN to keep it in order to establish, exercise or defend a claim.
The right to data portability: The right to data portability allows individuals to obtain and reuse their personal data for their own purposes; “to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.” The right to portability only applies where the Eastern AHSN has collected this information via consent or for the performance of a contract and where the processing of data happens by automated means. Any requests for data portability to be sent to email@example.com..
The right to object: In certain cases, you have the right to object to processing of your personal data, including with regards to profiling. You have the right to object at further processing of your personal data in so far as such data have been collected for direct marketing purposes. You also have the right to object to the processing of your data where a data controller processes personal data for purpose of a public task or under legitimate interests. Any objection to use, or decisions taken to be sent to firstname.lastname@example.org..
Rights in relation to automated decision making and profiling: We do not undertake any automated decision-making based on your data.
Right to withdraw consent: Where the data processing is based on your consent, you have the right to withdraw the consent at any given time, which will result in Eastern AHSN stopping the processing based on consent if no other lawful basis is present. To withdraw consent, you can email us at email@example.com., outlining from what you wish your consent to be withdrawn.
Right to filing complaints: You have the right to file complaints with the applicable data protection authority about Eastern AHSN’s processing of your personal data (see section 8 below) below)
For further information see https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
You can unsubscribe or update your preferences from our mailing lists at any time by clicking the links at the bottom of the newsletters, campaigns or events correspondence you receive or by emailing us at firstname.lastname@example.org. Please note that the data we process for events is essential to their running. If you need to object after registering for an event, this may result in you being unable to attend the event.
If you wish to lodge a complaint, you may contact Eastern AHSN at email@example.com.. If you are not satisfied with the organisations response or believe it is not processing your personal data in accordance with the law, you can also complain directly to the ICO at https://ico.org.uk/. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Eastern AHSN has a DPO. You can contact them directly by emailing: firstname.lastname@example.org.
Health Innovation East is a business name of Eastern which is registered in England as a company limited by guarantee with company number 08530726. Registered office is at Unit C, Magog Court, Shelford Bottom, Cambridge, CB22 3AD, England.