Privacy Policy

1. Introduction

This Privacy Policy covers the use of A Local Information System for Scotland (ALISS). ALISS is operated by The Health and Social Care Alliance Scotland (the ALLIANCE).

ALISS takes Data Protection seriously and is committed to ensuring that your privacy is protected.

Should we ask you to provide personal information when using our website then you can be assured that it will be used only in accordance with this privacy policy and in line with the principles of Data Protection legislation.

This privacy policy explains what to expect when ALISS collects personal information about you.

2. Who do we collect information about?

ALISS collects the following information:

  • Account holders – individuals who choose to register for an account, for the purposes of uploading services to the website, together with managing their own preferences e.g. whether to receive notification of updates.
  • Visitors to our website – individuals who use the website to search for a service.

3. Why do we collect information about you?

ALISS will collect personal information about you for the following purposes:

  • Administer your account.
  • Keep you informed about changes and improvements.
  • Improve the services we provide to you.
  • Provide you with a service search results relevant to your search query.
  • Manage our portfolio of work.
  • Help us better understand the health and social care needs in Scotland.
  • Help manage feedback.
  • To maintain the integrity and stability of the site.
  • To determine how users are accessing the site e.g. directly or via another website.
  • To track those who are new to ALISS and those who are return users.
  • To track searches to establish the usefulness of the resources.

4. What information do we collect about you?

When you sign up for an ALISS account you are consenting to us processing your personal information to administer your account. We will request a name, email address, postcode and phone number. You will also be required to provide a password, however, this will not be visible or accessible to ALISS and the ALLIANCE.

You may choose to provide additional information should you want to customise your account.

  • You can select preferences such as the postcode area you want to search and the types of activity you are interested in relevant to health and wellbeing services; e.g. advocacy, foodbanks, mental health support, homelessness support services.
  • You can opt-in to receive an email digest which provides you with notifications with changes within your postcode and area of need. E.g. a local service changes their phone number and/or a new service is added.
  • You can select ALISS to remember your postcode for future searches.
  • You can represent your organisation, and the services and locations linked to your organisation. This gives you editorial control of all the information linked to your organisation listing.

When account holders or visitors search the ALISS website we will collect your IP address, web browser, operating system, time of visit, pages visited, length of time on each page, referral site, flash version, network location, actual location (e.g. town), your referral route and search query. This information is collected using Google Analytics and Mixpanel (subsidiary of Salesforce).

If you are logged in to ALISS then we will also collect your e-mail address and password (although your password is not visible or accessible to the ALLIANCE).

ALISS has a feedback function that allows users to feedback comments, complaints, report bugs and ask questions of ALISS. All visitors to ALISS can you use this function and to do so you will have to provide us with your Feedback type, Feedback free text, name and email address.

5. Marketing and sharing

ALISS sometimes needs to share the personal information we process with the individuals themselves and with other organisations. Where this is necessary we comply with all aspects of the Data Protection legislation.

ALISS and its sub-contractors will not sell, distribute or lease personal information to third parties unless we have your written permission, or are required by law, to do so.

ALISS’ sub-contractors may have access to personal data while operating our IT systems (including website), conducting our business or providing you with a service. However, in doing so, they will be bound by data protection legislation and the ALISS and ALLIANCE privacy policies.

Users of our website are notified when their information is being collected by any outside parties. We do this so our users can make an informed choice as to whether or not they should proceed with services that require an outside party.

All personal data collected through the ALISS website will be treated as personal data under guidance from the Information Commissioners Office.

6. Transfer of data overseas

We use third party sites such as Heroku (Salesforce), Google and Mixpanel Inc to collect data. These sites are based in the USA, outside of the EEA, and are signed up to the EU-US Privacy Shield.

For the purpose as defined in ALISS Terms and Conditions, Section 1. ALISS Service Description, this information will be transferred overseas and accessible worldwide.

7. Retention

Personal information regarding the user account is kept for as long as the user account is active. If you have registered for an ALISS account and no longer want to use it, you can request that all account information is deleted. Please note that once the request for the deletion is received all account information is deleted at the next available working day and no back up copy is made.

If you close your account and you represented an Organisation then all of the information that this allowed you to manage will be made available to be represented again by another.

Information collected by Google Analytics, which tracks and measures website traffic, is retained for one year by Google and then automatically deleted.

Information collected by Mixpanel, which tracks and measures website traffic and how people use our website, is retained for 6 months by Mixpanel Inc and then deleted automatically.

8. Security of your Information

We are committed to ensuring that your information is secure.

To prevent unauthorised access or disclosure we have put into place electronic and managerial procedures to safeguard and secure information we collect from you.

8.1. Electronic Controls

All accounts are password protected accounts. ALISS uses industry standard password managers to manage passwords. Access to these are restricted.

No personal data is saved to the hard drives of desktop PCs.

ALISS staff, sub-contractors and volunteers can access accounts remotely therefore removing the need for information to be saved to removable media or local hard drives.

8.2. Managerial Controls

ALISS staff and volunteers are made aware of data protection legislation and policies and procedures of the ALLIANCE at induction. Contracts are in place with sub-contractors and consultants to control their use of and access to personal data.

9. Website

Connections to www.aliss.org website are encrypted (https instead of http).

ALISS uses a third-party service to maintain, host and secure the performance of our website. To deliver this service it processes the IP addresses of visitors to the website.

9.1. Cookies

When users enter the ALISS website their computers will automatically be issued with ‘cookies’. Cookies are text files which identify users’ computers to the ALISS server.

The ALISS website uses cookies to measure use of the website as detailed in Section 4. What information do we collect about you?

10. Other Websites

The ALISS website contain links to other websites. ALISS is not responsible for the privacy practices of other sites.

11. Notice of Breach of Security

If a security breach causes an unauthorised intrusion to our system that materially affects the information we hold about you, we will notify you as soon as possible and report what action we took in response.

12. Changes to our Privacy Policy

If we decide to change our privacy policy, we will post the updated privacy statement to www.aliss.org

We will notify any changes through the news section of website.

13. Your Rights

You have the right to:

  • access your information
  • withdraw consent to use your information
  • have inaccurate personal data corrected
  • request the restriction of processing
  • lodge a complaint with the Information Commissioner’s Office (ICO)

13.1. Access to your information (Subject Access Request)

Upon written request to the ALLIANCE, individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection legislation. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to;
  • for how long it will be retained and
  • let you have a copy of the information in an intelligible form and portable form
  • tell you if it has been transferred overseas and what safeguards were put it place
  • tell you the source of the information if it did not come directly from you
  • notify you of your right to have the information corrected, made complete or erased
  • advise you of your right to complain

The ALLIANCE will provide you with this information within one month. The ALLIANCE can refuse to provide you with this information if we cannot do so without disclosing personal information about another person or if your request is excessive.

To make a subject access request you should put your request in writing to:

dpo@alliance-scotland.org.uk

OR

Data Protection
The Health and Social Care Alliance Scotland
Venlaw Building
349 Bath Street
Glasgow
G2 4AA

The Data Protection Officer is Head of Finance.

13.2. Withdraw consent

You should be aware that you can withdraw your consent at any time. Should you choose to withdraw consent, ALISS will delete your personal information on the next available working day and no back up copy is made. Please note that you will not be able to use your account or any features that requires an account.

13.3. Correction of inaccurate personal data

You have the right to have any inaccurate personal data held by the ALLIANCE to be corrected and you have the right for incomplete personal data to be made complete. The ALLIANCE encourages individuals to provide us with updates to their personal information in accordance with the purpose for processing. The ALLIANCE will notify any third parties to whom it disclosed the information of the updates.

13.4. Right to be forgotten/data erasure

The right to be forgotten entitles you to have your personal data erased, further dissemination of the data stopped and, potentially, have third parties halt processing of the data. The conditions for erasure include the data no longer being relevant to the original purposes for processing, or when the data subjects withdraw consent. These rights exist if there are no overriding legitimate grounds for processing e.g. the performance of a contract.

ALISS will notify any third parties to whom it disclosed the information of the changes to processing.

13.5. Restriction of processing

You have the right to request the restriction of the processing of your information should you contest the accuracy of the personal data and/or the lawfulness of the processing.

14. Complaints

Should you wish to complain about how ALISS have handled any aspect of your personal data, you can contact the ALLIANCE using the details below and/or by contacting the Information Commissioner’s Officer (ICO) https://ico.org.uk/concerns/ or write to them at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

14.1. How to contact us

If you have any questions or suggestions regarding this Privacy Policy, please contact our Data Protection Officer at:

Telephone: 0303 123 1113

Email: dpo@alliance-scotland.org.uk

The Health and Social Care Alliance Scotland (the ALLIANCE)
Venlaw Building
349 Bath Street
Glasgow
G2 4AA

The ALLIANCE’s email system is not encrypted and anyone sending personally identifiable information via email should be aware of this.

Version 0.2

Last updated 13th February 2018