ALISS takes Data Protection seriously and is committed to ensuring that your privacy is protected.
2. Who do we collect information about?
ALISS collects the following information:
- Account holders – individuals who choose to register for an account, for the purposes of uploading services to the website, together with managing their own preferences e.g. whether to receive notification of updates.
- Visitors to our website – individuals who use the website to search for a service.
3. Why do we collect information about you?
ALISS will collect personal information about you for the following purposes:
- Administer your account.
- Keep you informed about changes and improvements.
- Improve the services we provide to you.
- Provide you with a service search results relevant to your search query.
- Manage our portfolio of work.
- Help us better understand the health and social care needs in Scotland.
- Help manage feedback.
- To maintain the integrity and stability of the site.
- To determine how users are accessing the site e.g. directly or via another website.
- To track those who are new to ALISS and those who are return users.
- To track searches to establish the usefulness of the resources.
4. What information do we collect about you?
When you sign up for an ALISS account you are consenting to us processing your personal information to administer your account. We will request a name, email address, postcode and phone number. You will also be required to provide a password, however, this will not be visible or accessible to ALISS and the ALLIANCE.
You may choose to provide additional information should you want to customise your account.
- You can select preferences such as the postcode area you want to search and the types of activity you are interested in relevant to health and wellbeing services; e.g. advocacy, foodbanks, mental health support, homelessness support services.
- You can opt-in to receive an email digest which provides you with notifications with changes within your postcode and area of need. E.g. a local service changes their phone number and/or a new service is added.
- You can select ALISS to remember your postcode for future searches.
- You can represent your organisation, and the services and locations linked to your organisation. This gives you editorial control of all the information linked to your organisation listing.
When account holders or visitors search the ALISS website we will collect your IP address, web browser, operating system, time of visit, pages visited, length of time on each page, referral site, flash version, network location, actual location (e.g. town), your referral route and search query. This information is collected using Google Analytics and Mixpanel (subsidiary of Salesforce).
If you are logged in to ALISS then we will also collect your e-mail address and password (although your password is not visible or accessible to the ALLIANCE).
ALISS has a feedback function that allows users to feedback comments, complaints, report bugs and ask questions of ALISS. All visitors to ALISS can you use this function and to do so you will have to provide us with your Feedback type, Feedback free text, name and email address.
5. Marketing and sharing
ALISS sometimes needs to share the personal information we process with the individuals themselves and with other organisations. Where this is necessary we comply with all aspects of the Data Protection legislation.
ALISS and its sub-contractors will not sell, distribute or lease personal information to third parties unless we have your written permission, or are required by law, to do so.
ALISS’ sub-contractors may have access to personal data while operating our IT systems (including website), conducting our business or providing you with a service. However, in doing so, they will be bound by data protection legislation and the ALISS and ALLIANCE privacy policies.
Users of our website are notified when their information is being collected by any outside parties. We do this so our users can make an informed choice as to whether or not they should proceed with services that require an outside party.
All personal data collected through the ALISS website will be treated as personal data under guidance from the Information Commissioners Office.
6. Transfer of data overseas
We use third party sites such as Heroku (Salesforce), Google and Mixpanel Inc to collect data. These sites are based in the USA, outside of the EEA, and are signed up to the EU-US Privacy Shield.
For the purpose as defined in ALISS Terms and Conditions, Section 1. ALISS Service Description, this information will be transferred overseas and accessible worldwide.
Personal information regarding the user account is kept for as long as the user account is active. If you have registered for an ALISS account and no longer want to use it, you can request that all account information is deleted. Please note that once the request for the deletion is received all account information is deleted at the next available working day and no back up copy is made.
If you close your account and you represented an Organisation then all of the information that this allowed you to manage will be made available to be represented again by another.
Information collected by Google Analytics, which tracks and measures website traffic, is retained for one year by Google and then automatically deleted.
Information collected by Mixpanel, which tracks and measures website traffic and how people use our website, is retained for 6 months by Mixpanel Inc and then deleted automatically.
8. Security of your Information
We are committed to ensuring that your information is secure.
To prevent unauthorised access or disclosure we have put into place electronic and managerial procedures to safeguard and secure information we collect from you.
8.1. Electronic Controls
All accounts are password protected accounts. ALISS uses industry standard password managers to manage passwords. Access to these are restricted.
No personal data is saved to the hard drives of desktop PCs.
ALISS staff, sub-contractors and volunteers can access accounts remotely therefore removing the need for information to be saved to removable media or local hard drives.
8.2. Managerial Controls
ALISS staff and volunteers are made aware of data protection legislation and policies and procedures of the ALLIANCE at induction. Contracts are in place with sub-contractors and consultants to control their use of and access to personal data.
Connections to www.aliss.org website are encrypted (https instead of http).
ALISS uses a third-party service to maintain, host and secure the performance of our website. To deliver this service it processes the IP addresses of visitors to the website.
When users enter the ALISS website their computers will automatically be issued with ‘cookies’. Cookies are text files which identify users’ computers to the ALISS server.
10. Other Websites
The ALISS website contain links to other websites. ALISS is not responsible for the privacy practices of other sites.
11. Notice of Breach of Security
If a security breach causes an unauthorised intrusion to our system that materially affects the information we hold about you, we will notify you as soon as possible and report what action we took in response.
We will notify any changes through the news section of website.
13. Your Rights
You have the right to:
- access your information
- withdraw consent to use your information
- have inaccurate personal data corrected
- request the restriction of processing
- lodge a complaint with the Information Commissioner’s Office (ICO)
13.1. Access to your information (Subject Access Request)
Upon written request to the ALLIANCE, individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection legislation. If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to;
- for how long it will be retained and
- let you have a copy of the information in an intelligible form and portable form
- tell you if it has been transferred overseas and what safeguards were put it place
- tell you the source of the information if it did not come directly from you
- notify you of your right to have the information corrected, made complete or erased
- advise you of your right to complain
The ALLIANCE will provide you with this information within one month. The ALLIANCE can refuse to provide you with this information if we cannot do so without disclosing personal information about another person or if your request is excessive.
To make a subject access request you should put your request in writing to:
The Health and Social Care Alliance Scotland
349 Bath Street
The Data Protection Officer is Head of Finance.
13.2. Withdraw consent
You should be aware that you can withdraw your consent at any time. Should you choose to withdraw consent, ALISS will delete your personal information on the next available working day and no back up copy is made. Please note that you will not be able to use your account or any features that requires an account.
13.3. Correction of inaccurate personal data
You have the right to have any inaccurate personal data held by the ALLIANCE to be corrected and you have the right for incomplete personal data to be made complete. The ALLIANCE encourages individuals to provide us with updates to their personal information in accordance with the purpose for processing. The ALLIANCE will notify any third parties to whom it disclosed the information of the updates.
13.4. Right to be forgotten/data erasure
The right to be forgotten entitles you to have your personal data erased, further dissemination of the data stopped and, potentially, have third parties halt processing of the data. The conditions for erasure include the data no longer being relevant to the original purposes for processing, or when the data subjects withdraw consent. These rights exist if there are no overriding legitimate grounds for processing e.g. the performance of a contract.
ALISS will notify any third parties to whom it disclosed the information of the changes to processing.
13.5. Restriction of processing
You have the right to request the restriction of the processing of your information should you contest the accuracy of the personal data and/or the lawfulness of the processing.
Should you wish to complain about how ALISS have handled any aspect of your personal data, you can contact the ALLIANCE using the details below and/or by contacting the Information Commissioner’s Officer (ICO) https://ico.org.uk/concerns/ or write to them at:Information Commissioner's Office
Telephone: 0303 123 1113
14.1. How to contact us
Telephone: 0303 123 1113
Email: firstname.lastname@example.orgThe Health and Social Care Alliance Scotland (the ALLIANCE)
349 Bath Street
The ALLIANCE’s email system is not encrypted and anyone sending personally identifiable information via email should be aware of this.
Last updated 13th February 2018