This policy aims to inform you about the data we collect when you use Iriss websites, including cookies and personal information, how we use this data and where it is stored. TEC Scotland (Technology Enabled Care Scotland) is a data controller and is registered with the Information Commissioner’s Office. You can contact us at NSS.TEC@NHS.SCOT
What data we collect
We collect certain information or data about you when you use:
This can include:
- your name, email address and other personal information when you submit enquiries, publication requests or feedback through one of our forms, leave a comment, complete a survey, sign up for email newsletters, events or workshops
- your IP address, the resource being requested, the date and time of the request, the address of the page from where the request originated (the referrer) and the software used to access the page (the agent)
Why we collect data
Data enables us to:
- improve the site by monitoring how you use it
- respond to any feedback you send us, if you’ve asked us to
- provide you with services that you have asked to receive
- evaluate and inform our work
We process information from your IP address and the technical information provided for
- security purposes – to maintain the integrity of our online services and protect them from malicious or accidental abuse
- to generate approximate geographical information to determine the reach of our services across Scotland and worldwide
- to identify technical problems
- to determine how our websites are being used by visitors
Where your data is stored
- Data from comments, requests, enquiries and feedback is stored on TEC servers hosted within the UK
We will only collect your personal data with your consent. By submitting your personal data to us in any of these forms, you are consenting to the storage and processing of your data for the reasons specified at the time of submission.
How long we keep your information:
We will keep your information only for as long as it is required to fulfil the purposes described in this policy. This is also the case for any third party services that process data on our behalf. When we no longer need to use your information and there is no need for us to keep it to comply with our legal or regulatory obligations, we either remove it from our systems or anonymise it so that we can’t identify you.
Keeping your data secure
Transmitting information over the internet is generally not completely secure, and we can’t guarantee the security of your data. Any data you transmit is at your own risk.
We have procedures and security features in place to try and keep your data secure once we receive it.
We won’t share your information with any other organisations for marketing, market research or commercial purposes, and we don’t pass on your details to other websites.
Eventbrite, SurveyMonkey, and MailChimp process data outside the European Economic Area (EEA). We take additional measures when information is transferred from the EEA, including having standard clauses approved by the European Commission in our contracts with parties that receive information outside the EEA.
You have the right to:
- access information we hold about you, upon request, and to have incorrect information corrected
- withdraw your consent for us to use your personal information at any time, and to request that information about you be removed from our systems
- instruct us to have the information you provided to us sent to another organisation, where we hold this information with your consent and where it’s technically feasible
- complain to the regulator, the Information Commissioner’s Office, if you think we haven’t complied with data protection laws (see ICO Report a concern)
To find out what information we hold about you, to correct information you believe to be incorrect, make a complaint to us directly, or to ask us not to use any of the information we collect please contact us.
Disclosing your information
We may pass on your personal information if we have a legal obligation to do so.