How we use your personal information: ALISS
We, the Health and Social Care Alliance Scotland (the ALLIANCE), are the controller of the personal information that we hold about you as part of “A Local Information System for Scotland” (ALISS).
This means we are legally responsible for how we hold and use personal information about you. It also means we are required to comply with data protection laws when holding and using your personal information.
This includes providing you with the details contained within this notice of how we hold and use your personal information, who we may share it with and your rights in relation to your personal information.
We have appointed a Data Protection Officer (DPO), who ensures we comply with data protection law. If you have any questions about this notice or how we hold or use your personal information, please contact the DPO by e-mail at email@example.com or by writing to Data Protection, The Health and Social Care Alliance Scotland, Venlaw Building, 349 Bath Street, Glasgow, G2 4AA.
Your attention is particularly drawn to section 3 of this notice, which explains the position regarding any personal information and special category personal information being held and used by us as described in section 2 of this notice.
1. What personal information do we hold and use about you?
The personal information we hold and use about you depends on whether you are a basic user, a claimer, an editor or an organisation contact. We will handle and use your name and your contact information in all of these cases, and the following additional information in specific cases:
- Basic: any personal information that you provide when you register for an ALISS account, for example, your telephone number. Any personal information you may add about an organisation and service when adding an organisation and service to ALISS. This could include an e-mail address related to that organisation and service.
- Claimers: any personal information that is required, and/or, you choose to provide to allow us to verify your claim to an organisation and service. This could include an e-mail address related to that organisation and service.
- Editors: any personal information you provide when you register for an editor account, including any personal information you may add about an organisation and service to ALISS. This could include an e-mail address related to that organisation and service.
- Organisation contacts: any personal information included in your organisation’s ALISS entry. This may include personal information contained on your website about identifiable individuals within your organisation.
Any personal information included within your ALISS entry is publicly available.
2. Why do we hold and use personal information about you?
We use such personal information to:
- provide, manage and deliver ALISS;
- maintain the integrity and stability of ALISS;
- verify your status to allow you to claim an ALISS entry;
- grant you editor access to allow you to edit ALISS entries;
- allow you to exercise editorial control over your organisation’s ALISS entry and the services and locations linked to your organisation. We may do this in response to your request or by contacting you;
- help us to better understand health and social care needs in Scotland;
- administer your account;
- improve the services we provide to you and keep you informed of such improvements;
- manage feedback you may choose to share with us, including comments and complaints; and
- provide you with information about the work of the ALLIANCE, the benefits of membership and details of any events you may wish to attend or be involved in.
3. What is our legal basis for holding and using your personal information?
Data protection laws require us to have a legal reason for holding and using your personal information.
Our main legal reason is that we consider we have a legitimate interest in the operation and management of ALISS as an invaluable information and signposting platform in the health and social care context in Scotland. In determining our legitimate interests, we have considered your legitimate interests in the protection of your personal information, and have balanced these against our own legitimate interests in handling and using your personal information for the purposes described in section 2 of this notice.
In very exceptional circumstances, we may rely on the fact that your special category personal information has been ‘manifestly made public’ by you as the legal reason. In the case that you provide us with your personal information and special category personal information (including information about your physical and/or mental health), you should be aware that it will be used by us as described in section 2 of this notice.
You have the right to remove your personal information and special category personal information or request that we remove it by contacting us. Once you have done so, we will no longer use your personal information and special category personal information for the purpose(s) set out in section 2 of this notice, which you originally agreed to, unless we have another legal reason for doing so.
Suppose you include within an ALISS entry the personal information of a third party that is not publicly available, such as contact information that has been provided to you during your engagement with an organisation. In that case, you must obtain the consent of that third party to their personal information being published within the entry and provide them with, or direct them to, this notice. We may ask you to provide us with proof of third-party consent at any time.
4. Who do we share your personal information with?
We may share your personal information with other organisations for the purposes described in section 2 of this notice, including the following:
- our IT service providers, who help us maintain, manage and operate ALISS;
- organisations that make use of the ALISS public API. This includes NHS 24, which displays some or all of the information contained on ALISS, including personal information, within the NHS Inform directory; and
- any other organisation that you authorise us to disclose your personal information too from time to time.
5. Will my personal information be sent outside the United Kingdom?
Some of the organisations we share your personal information with (listed in section 4 of this notice) may be located or may make use of data storage facilities that are located outside the United Kingdom. Their handling and use of your personal information will involve us and/or them, transferring it outside the United Kingdom. When we, and/or, they do this, we will ensure similar protection is afforded to it by:
- only transferring it or permitting its transfer to countries that have been deemed to provide an adequate level of protection for personal information under data protection laws; or
- using specific contracts with such organisations, which are approved for use in the United Kingdom, and which give your personal information the same protection it has in the United Kingdom after it is transferred.
Please contact our DPO for further information on the specific mechanism used by us when transferring your personal information outside the United Kingdom.
6. How long do we keep your personal information?
Your ALISS account and any of your personal information contained in an ALISS entry will remain active until you request their deletion. You can request deletion at any time. Please note that once the request for deletion of your ALISS account and/or any of your personal information contained in an ALISS entry is received, all information is deleted at the next available working day, and no backup copy is made. If you wish your entry on ALISS to be deleted, please note that this does not prevent an entry for your organisation from being created again in the future.
7. What rights do you have in relation to your personal information that we hold and use?
It is important that the personal information that we hold about you is accurate and current. Please keep us informed of any changes. Under certain circumstances, the law gives you the right to request:
- A copy of your personal information and to check we are holding and using it in accordance with legal requirements.
- Correction of any incomplete or inaccurate personal information we hold about you.
- Deletion of your personal information where there is no good reason for us continuing to hold and use it. You also have the right to ask us to do this if you object to us holding and using your personal information (details below).
- Temporarily suspend the use of your personal information, for example, if you want us to check it is correct or the reason for processing it or to stop us from using your personal information altogether if we have breached data protection laws.
- The transfer of your personal information to another organisation.
- That you are not subject to a decision solely taken by a computer which produces legal consequences for or otherwise significantly affects you.
You can also object to us holding and using your personal information where our legal reason is a legitimate interest (either our legitimate interests or those of a third party).
Please contact our DPO if you wish to make any of the above requests. When you make a request, we may ask you for specific information to help us confirm your identity for security reasons. You will not need to pay a fee when you make any of the above requests, but we may charge a reasonable fee or refuse to comply if your request for access is clearly unfounded or excessive.
8. Feedback and complaints
We welcome your feedback on how we hold and use your personal information, and this can be sent to our DPO.
You have the right to make a complaint to the Information Commissioner, the UK regulator for data protection, about how we hold and use your personal information. The ICO’s contact details are as follows:
Telephone: 0303 123 1113 Website: https://ico.org.uk/concerns/
If you would like to receive this notice in an alternative format, for example, audio, large print or braille, please contact us.
9. Updates to this notice
We may update this notice at any time, and we will provide you with an updated version when required to do so by law.
Last reviewed: March 2023