Please note that the NHS Leadership Academy is part of Health Education England. As such, all requests for the NHS Leadership Academy will be sent via Health Education England.
This privacy statement covers this NHS Leadership Academy website. It does not cover all sites that can be linked to and from this site, so you should always be aware when you are moving to another site and read the privacy statement on that site.
What information do we collect?
From time to time, you will be asked to submit personal information about yourself (e.g.name and email address) in order to receive or use services on our website. Such services include bulletins, email updates, website feedback.
By entering your details in the fields requested you enable the NHS Leadership Academy and its service providers to provide you with the services you select. Any information you provide to the NHS Leadership Academy will only be used by us, our agents and service providers and will not be disclosed unless we are obliged to or permitted by law to do so.
If you post or send offensive, inappropriate or objectionable content anywhere on the NHS Leadership Academy website or otherwise engage in any disruptive behaviour on the NHS Leadership Academy website, we may use whatever information is available to us, about you, to stop such behaviour. We will hold your personal information on our systems for as long as you use the service you have requested, and remove it in the event that the purpose has been met or when you no longer wish to continue your subscription.
Data Protection Act
If you want to ask us for information which we may hold about you personally then this will be dealt with under the Subject Access Provisions of the Data Protection Act 1998 (DPA).
This would include information relating to employment and training records or anything which is limited to you as a person, employee or partner of any kind.
If you wish to make a Subject Access Request you should write to:
Mr Chris Brady
Health Education England
You can also email your request through to firstname.lastname@example.org.
Freedom of Information Act
We are fully committed to the principles of transparency and openness as well as the protection of personal information and we recognise the importance of both the FOI and the Environmental Information Regulations and the relevance of both for the way in which we manage and disseminate information.
Under the FOI Act there is a requirement for us to provide you with a substantive response to your request promptly and in any event within 20 working days. We also aim to acknowledge receipt of your request within two working days.
Unless stated otherwise, we will send you a reply via email. If you wish to receive a response via post, please read our fees and charges document before making your request. If you want to ask us for information which we may hold about you personally then this will be dealt with under the Subject Access Provisions of the Data Protection Act 1998 (DPA).
Please submit your query by emailing email@example.com.
Legal basis for processing
The GDPR requires that data controllers and organisations that process personal data demonstrate compliance with its provisions. This involves publishing our basis for lawful processing.
As personal data is processed for the purposes of statutory functions, legal bases for the processing of personal data as listed in Article 6 of the GDPR are as follows:
- 6(1)(a) – Consent of the data subject
- 6(1)(b) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
- 6(1)(c) – Processing is necessary for compliance with a legal obligation
- 6(1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Where the NHS Leadership Academy processes special categories of personal data, its additional legal bases for processing such data as listed in Article 9 of the GDPR are as follows:
- 9(2)(a) – Explicit consent of the data subject
- 9(2)(b) – Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law
- 9(2)(f) – Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
- 9(2)(g) – Processing is necessary for reasons of substantial public interest
- 9(2)(h) – Processing is necessary for the purposes of occupational medicine, for the assessment of the working capacity of the employee, or the management of health and social care systems and services
- 9(2)(j) – Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
Special categories of personal data include data relating to racial or ethnic origin, political opinions, religious beliefs, sexual orientation and data concerning health.
Please note that not all of the above legal bases will apply for each type of processing activity that the NHS Leadership Academy may undertake. However, when processing any personal data for any particular purpose, one or more of the above legal bases will apply.
We may seek your consent for some processing activities, for example for sending out invitations to you to training events and sending out material from other government agencies. If you do not give consent for us to use your data for these purposes, we will not use your data for these purposes, but your data may still be retained by us and used by us for other processing activities based on the above lawful conditions for processing.
Changes to our policy