Your Personal information
We’re always careful to protect your data, and we believe you have every right to know how, and why, we need it. So we’re making some changes to ensure you’re always clear on how data is being used. This is in line with a new law which will bring improved transparency over the use of your personal data. This legislation is called the General Data Protection Regulation (GDPR), which came into effect on the 25 May 2018.
What we collect?
We only collect personal information that you provide us with at registration to one of our events, courses or to subscribe to our distribution list and newsletter. This normally includes, name, email, job title, discipline, sector, health board and invoice details for your organisation, including address and purchase order number. The Forensic Network will be what’s known as the ‘Controller’ of the personal data you provide to us, whether this is for a School of Forensic Mental Health or Forensic Network event or course.
If you tell us about any specific requirements or preferences you have e.g. types of food or for information to be provided in a large font size, then we will hold this information for that event only and will not reprocess this information for other events.
Why we need it?
We need to know your personal data in order to provide course invoices and book places for training events. We will not collect any personal data from you we do not need in order to provide and oversee our service to you.
What we do with it?
All the personal data we process is processed by our staff in the Forensic Network in Scotland. Data is held securely on an NHS server about which events you have signed up for and if relevant, training records, such as whether training courses were passed.
No third parties have access to your personal data and we do not share your details with any marketing agencies or companies. Sometimes we will share with you events from other organisers that we think might be of interest to you but we do not give them your details.
Sometimes the names of people attending events are shared with the venues hosting the events or meetings for the purpose of fire registers, safety and security.
With regards to academic courses that we co-facilitate with higher education providers (such as New College Lanarkshire or the University of the West of Scotland) we may need to share application information or records of course attainment, in line with training management.
We will sometimes provide data overviews to review what disciplines and backgrounds the people who attended our courses come from. This data is pseudo-anonymised and does not include names or specific personal information (such as job title), but does include the professional sector, discipline and health board delegates are from.
We have a Data Protection regime in place to oversee the effective and secure processing of your personal data. More information on our Information Governance policy can be found on our website.
How long we keep it
We are required to keep your personal data for courses to evidence records of attendance and attainment for 17 years after an event, at which point we will anonymise data about the event. If you consent to us contacting you about future training events when you register then these details will be kept with us until you notify us that you no longer wish to receive this information or the details are no longer active (such an inactive email addresses which we routinely remove from our distribution list).
What is our legal basis?
We use your information because you have agreed to us doing so when you completed or signed up to our events, newsletter or training alerts.
You can tell us you wish to be removed from our circulation lists by email or post. There is also an unsubscribe link at the bottom of all of our emails. You have a right at any time to stop us from contacting you and if you wish, to request your data is removed or deleted.
What are your rights?
You have the right to know we hold your information and to request a copy of the information that we hold. We want to make sure that your personal information is accurate and up to date. At any point you can request to see this information and have it corrected or deleted. We will do this within 30 days. You have the right to restrict or stop us from processing your personal data. You also have the right to raise a complaint about how we have handled your personal data if you believe we have not handled something correctly. Please see the section below on raising a complaint for more information.
Other Websites, Data Software and Social Media
Our website is hosted on servers within NHS National Services Scotland, Scottish Health on the Web (SHOW). Technical details in connection with visits to the Forensic Network website are logged, collected and used by our website host SHOW. We make no attempt to identify individual users and log files are maintained and analysed of all requests for files on SHOW servers. Aggregated analyses of these log files are used to monitor website usage. These analyses are used to allow us to monitor and evaluate the effectiveness of our website. All log file information collected by NHS Scotland is kept secure and is not provided to any third parties.
The Forensic Network Office does not store any personal data collected through such servers (such as data from cookies, see below for more information on cookies). The Forensic Network process information collected through Google Analytics for which Google, Inc. is the data controller and you should read their data privacy notice for more information about how Google collect and share your data. The data we use from Google Analytics is not owned by us and contains no personal information, but does include generic demographic information, which is not person identifiable.
Similarly, the Forensic Network do not collect any data on users who interact with us through our Twitter account, however we do utilise general demographic information through Twitter Analytics (no person identifiable information), for which Twitter is the data controller and you should read their privacy notice for how they will collect and share your personal data. You can read our Social Media Policy for more information about how we use social media in the Forensic Network.
When registering for a course or training event the Forensic Network use an events management system called ‘Eventsforce’. Eventsforce is the data processor for our events, it is a UK company and is also legally obliged to comply with GDPR. In the Eventsforce system each delegate will have access to their own password protected profile (independent from the Forensic Network) where they can modify or update personal details and register for events. The Forensic Network team cannot access this profile on behalf of delegates, delegate information is shared with the Forensic Network after a delegate registers for an event. The Forensic Network uses the Eventsforce application to build event microsites and manage events. Eventsforce does not control the content of event microsites or the types of information that the Forensic Network collect or manage using the Application. We use a secure Worldpay gateway for processing payments through Eventsforce, this is a Scottish Government approved payment portal. The financial information entered into this is not directly shared with the Forensic Network Office.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
You can set your browser not to accept cookies and you can remove cookies from your browser. However, in a few cases some website features may not function as a result.
How to contact us
Telephone: 01555 842018 or 01555 842212
Address: The Forensic Network, TSH, 110 Lampits Road, Carstairs, Lanarkshire, ML11 8RP
Submitting a complaint
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
Our Data Protection Officer is The State Hospital’s Information Governance and Data Security Officer. You can contact them at 01555 842113 or by using the address above and marking it for the attention of the Data Protection Officer.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can also complain to the Information Commissioner’s Office (ICO) on 0303 123 1113 or https://ico.org.uk/global/contact-us/.