Learning Health Solutions (LHS), partnering with the Endeavour Health Charitable Trust and the London Discovery Programme, design, develop, implement, host and support the NHS Discovery Data Service (DDS).
The DDS receives data from multiple source systems in multiple formats, and makes that data available in a common format, under strict governance rules, to multiple destination systems.
To demonstrate that interoperability, at a reasonable cost to the NHS, is available now.
We have proven this concept and worked closely with NHS colleagues to develop a Learning Health System, that will help the NHS improve clinical quality, reduce healthcare costs, and enable value propositions by providing a multi-source data platform.
The LHS team brings together some of the most skilled and experienced developers in healthcare systems.
Our open source code is available to all. We are transparent in our development decisions and engage with the development community to share lessons learned.
Developing in an agile environment to quickly deliver required solutions.
The primary focus for LHS is to provide solutions that will help improve health and social care for the nation.
Delivering next generation software to the NHS to maximise the benefits of a single source of data.
Adhering to strict governance rules and using the latest industry standard security with two-factor authentication.
LS21 1FR, Otley, West Yorkshire, England, United Kingdom
Learning Health Solutions Ltd (‘we’, ‘us’, ‘our’) is dedicated to protecting personal data and complies with the EU General Data Protection Regulation (GDPR).
This privacy notice describes why and how we collect and use your personal data and what your rights are.
What is personal data?
Personal data we commonly collect to conduct our business activities includes:
· Financial information of staff and suppliers such as bank details.
· Family and beneficiary details for insurance and pension planning services (names and dates of birth).
· Professional details (career history, education, professional memberships).
· Contact details (name, job title, contact number, email address, postal address).
We usually do not collect special categories of personal data about individuals. In the event that we do process special categories of personal data, it is with the explicit consent of the individual unless it is obtained indirectly for legitimate purposes.
Examples of special categories of personal data include:
· Information provided to us by clients in the course of a professional engagement.
· Dietary restrictions or access requirements when registering for in-person events that reveal religious beliefs and/or physical health information.
· Personal identification documents that may reveal race or ethnic origin.
Personal data relating to criminal convictions
We may obtain personal data about employees, contractors or any other individual providing services for us that reveals information about criminal convictions.
How do we collect personal data?
We obtain personal data directly from individuals from:
· Business cards
· Job applications
· Office visits
· Meeting attendances
We also obtain personal data directly when we are establishing a business relationship, or through performing professional services through a contract.
We obtain personal data indirectly from:
· Recruitment services (such as agencies and former employers)
· Bought-in marketing lists
· Public registers
· Framework agreements
· Internet searches
· News articles
What are the lawful bases we use for processing personal data?
In order to process personal data we must have a lawful basis for doing so. We depend on the following lawful bases when collecting and using personal data to perform our business activities and provide our services:
· Legal obligations and public interests: We may process personal data to meet certain regulatory and public interest obligations or mandates
· Legitimate interests: We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. Examples include:
• Direct marketing – to deliver insights and knowledge we believe is welcomed by our clients, subscribers and those who have interacted with us.
• Provision of employee benefits such as eye care vouchers – to raise staff morale and satisfaction.
· Consent – we rely on your freely given consent.
· Contract – we may process personal data in order to preform contractual obligations.
Why do we need personal data?
We will always explain our rationale for collecting personal data and maintain transparency throughout. Such reasons include:
· Providing professional advice and delivering reports related to our professional services.
· Promoting our professional services to existing and prospective business clients.
· Travel arrangement assistance.
· Seeking qualified candidates.
· Fulfilling employment or contractual obligations.
Personal data security
The measures we use to ensure personal data security include:
· Putting in place policies and procedures to protect personal data from loss, misuse, alteration or destruction.
· Making sure that access to personal data is limited only to those who need access to it and that confidentiality is maintained.
· Disposing personal data in a secure manner when we no longer require it.
How long do we retain personal data?
We retain personal data to:
· Provide our services.
· Stay in contact with you.
· Comply with applicable laws, regulations and professional obligations that we are subject to.
Unless a different time frame applies as a result of business need or specific legal, regulatory or contractual obligations, we will retain personal data for 12 months from the most recent engagement or processing.
Do we share personal data with third parties?
Sometimes we may share personal data with trusted third parties to help us to deliver effective and quality services. These recipients are either contractually bound to safeguard the data we entrust them or will sign an agreement to make sure that this is the case.
Recipients that we engage with include:
· Parties that support us as we provide services (IT system support, providers of telecommunication systems, document production services and cloud-based software services).
· Sub-contractors and partner organisations involved in delivering our professional services.
· Professional advisers such as lawyers and insurers.
· Recruitment service providers.
· Law enforcement and regulatory agencies.
Do we transfer personal data outside the European Economic Area (EEA)?
We are a UK based business and operate only in the UK. In the event that we store personal data outside the EEA, we will make sure that appropriate safeguards are in place to guarantee that your rights remain enforceable (such as the EU-US Privacy Shield).
Your data protection rights
You have the following legal rights regarding the manner in which personal data relating to you is used:
You can find more information about your rights on the Information Commissioner’s Office website https://ico.org.uk/for-the-public/
If you want to exercise any of these rights contact us.
Important: We may request specific information from you to help us confirm your identity and therefore ensure your rights. This will help us guarantee that personal data is not disclosed to any person who has no right to receive it.
Visitors to our website
When someone visits our website:
· We collect standard internet log information and details of visitor behaviour patterns.
· We do this to find out things such as the number of visitors to the various parts of the sites.
· We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website.
· We will not associate any data gathered from these sites with any personally identifying information from any source.
Links to other websites
Our website provides links to other websites known as external links. This privacy notice does not external links to other websites. We encourage you to read the privacy statements on the other websites that you visit. External links are selected and reviewed when the page is published. However, we are not responsible for the content of external websites we have no control over. The content on external websites can be changed without our knowledge or agreement. Some of our external links may be to websites that also offer commercial services, such as online purchases. The inclusion of a link to an external website from our website is not an endorsement of that website or the site’s owners, their products or services.
People who email us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security
and for monitoring compliance with office policy.
Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to
ensure that any email you send to us is within the bounds of the law.
Changes to our privacy notice
This privacy notice will be reviewed and updated, if needed, to reflect changes that we might make to our services or to reflect changes in the law or best practice.
Any changes we make to our privacy notice in the future will be posted on this page.
This version of the privacy notice is effective from 20.12.2019.
If you have any comments or concerns regarding our privacy notice, how LHS handle your personal data, or if you would like to exercise any of the rights outlined above, contact us:
● By post: Data Protection Officer, Learning Health Solutions Ltd, LS21 1FR, Otley, West Yorkshire, England, United Kingdom
● By email: email@example.com