Accept Cookies

Cookies: How we use information on our website:

We use cookies on our website to make it clear, useful and reliable. In order to achieve this and to provide certain personalised features we store a small amount of data about you. Find our more here. By navigating from the front page to other sections of our website, you are consenting to information being stored.

Events Booking Platform Privacy Notice

1.  Introduction

The Northern Ireland Medical and Dental Training Agency (NIMDTA) was established to train postgraduate medical and dental professionals for Northern Ireland. More detailed information about different aspects of our work can be found on our website: http://www.nimdta.gov.uk. NIMDTA recognises the importance of protecting personal and confidential information in all that we do, all we direct or commission, and takes care to meet its legal duties. Key legislation includes:

  • the UK General Data Protection Regulation (UK GDPR),
  • the Data Protection Act 2018
  • the Freedom of Information Act 2000 (FOI),
  • the Environmental Information Regulations 2004 (EIR),
  • the Human Rights Act 1998 (HRA),
  • relevant health service legislation, and the
  • common law duty of confidentiality

2.  Your Information

NIMDTA uses personal information for a number of purposes. This Privacy Notice provides a summary of how we use your information, specifically in relation to its Events Booking Platform. To ensure that we process your personal data fairly and lawfully we are required to inform you of:

  • What personal information we collect
  • Why we need your data
  • How it will be used
  • Who it will be shared with
  • How long it will be kept for

2.1  What types of personal data do we handle?

Within the Events Booking Platform, NIMDTA processes personal information in relation to the functions it performs with regard to the management of postgraduate medical and dental education and training. The following information is mandatory for registration on the Events Booking Platform:

  • Name
  • E-mail address
  • Telephone Number
  • Professional Registration Details (type and number)
  • Discipline
  • Place of Work

2.2  Why we need your data

NIMDTA processes personal information provided by Resident Doctors and Dentists in Training, their Trainers, and other Educator staff in relation to the statutory functions it performs with regard to the management of postgraduate medical and dental education and training within Northern Ireland. NIMDTA also processes information in relation to Dentists, Dental Care Professionals and General Practitioners in relation to Continuing Professional Development courses. This information is stored within the Events Booking Platform, and is necessary in order for NIMDTA to carry out its statutory functions (which are noted above).  Information processed for the above purposes is therefore lawful under Article 6 of UK GDPR as follows:

  • 6(1)(a) – Consent of the data subject
  • 6(1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

2.3 How will we use information about you?

Through the logs maintained by the Events Booking Platform, a number of reports are generated that are accessible to the ‘administrators’ on each Course/Event. Reports enable course administrators to monitor activity in the course and to see what resources in the course are or are not being accessed i.e. engagement with teaching materials. These may be used by course teams e.g. course administrators / creators and teachers/trainers to support your training and learning.

Events Booking Platform records and uses your personal information to:

  • Provide you an account on, and identify you within, the Events Booking Platform
  • Provide you access to courses within the site
  • Provide you access to the information, resources and activities uploaded to the Events Booking Platform
  • Control access to different parts of the system. 
  • Help and support users
  • For system administration and bug tracking
  • Report on course, resource and activity access, activity completion, course completion and course data (such as submissions and content uploaded)
  • For producing usage statistics for management and planning purposes

2.4 Collection and use of data from website users

When you access the Events Booking Platform small amounts of information, including small files known as cookies, are sometimes placed on your device. These cookies are essential for the operation of the site:

  • LifterLMS – used for session creation and tracking user progress
  • WooCommerce – used for session management, storing basket items, and tracking previously viewed products
  • WP 2FA - used to create trusted devices for Two-Factor Authentication

In addition, the site also uses Google Analytics, which will place a number of cookies on your device.  These cookies track how a visitor reaches our website, how long a visitor spends on the site and which pages they visit. The cookies also store information regarding the web browser, operating system and screen resolution to ensure that the website functions correctly for visitors.

There may be embedded media, such as YouTube or Vimeo videos, on some areas of the site. The suppliers of these services may also set cookies on your device when you visit the courses where we have used this type of content. These are known as ‘third-party’ cookies. To opt-out of third-parties collecting any data regarding your interaction on our website, please refer to their websites for further information.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

2.5 Sharing your information

NIMDTA may share information on course completion and attendance where appropriate and necessary with third parties such as organisations that provide placements (HSC Trusts / GP Practices / Dental Practices / other bodies), Royal Colleges and Faculties, Medical Schools and regulatory / professional bodies such as the General Medical Council (GMC) and the General Dental Council (GDC).

The Events Booking Platform is hosted and supported by the HSC Business Services Organisation (BSO).  BSO will only access the system and data for the purposes of providing ongoing support, to resolve any issues with the system or for specific users, and for the maintenance of the platform. 

2.6 Retaining Information

NIMDTA will only retain information for as long as necessary, in line with the Department of Health (DoH) Good Management, Good Records (GMGR).

Information in relation to Resident Doctors and Dentists in Training is currently required to be retained until the data subject is age 100, or 6 years after their employment has ended (whichever is the later).

Information in relation to Continuing Professional Development courses are retained for a minimum of 6 years after a course has ended.

For further information, please refer to the following DoH link: https://www.health-ni.gov.uk/publications/good-management-good-records-disposal-schedule

 

3.  Individual Rights

Individuals have certain rights under UK GDPR, namely:

  • The right to obtain confirmation that their personal information is being processed, and access to personal information
  • The right to have personal information rectified if it is inaccurate or incomplete
  • The right to have personal information erased and to prevent processing, in specific circumstances
  • The right to ‘block’ or suppress processing of personal information, in specific circumstances
  • The right to portability, in specific circumstances
  • The right to object to the processing, in specific circumstances
  • The rights in relation to automated decision making and profiling

4.  Security of your Information

NIMDTA is committed to taking all reasonable measures to ensure the security of all personal information it holds. The following arrangements are in place:

  1. All NIMDTA staff have contractual obligations of confidentiality, enforceable through disciplinary procedures;
  2. Everyone working for the HSC is subject to the common law duty of confidentiality;
  3. Staff are granted access to personal data on a need-to-know basis only;
  4. NIMDTA has appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a Personal Data Guardian (PDG) who is responsible for the management of employee and any patient information/confidentiality. Local Information Asset officers (IAOs) have been appointed as part of its Information Governance arrangements. The Business Services Organisation (BSO), has appointed a Data Protection Officer (DPO) who also has responsibility for NIMDTA;
  5. All staff are required to undertake information governance training every 2 years. The training provided ensures that staff are aware of their information governance responsibilities and follow best practice guidelines to ensure the necessary safeguards and appropriate use of personal information;
  6. A range of policies and procedures are in place;
  7. There is a Service Level Agreement in place, supported by a “Data Controller and Data Processing Memorandum of Understanding”,  with the HSC Business Services Organisation in relation to the services they provide NIMDTA, including the hosting and support of the Event Booking Platform. Data is hosted within a UK datacentre.

5.  Receiving Information

5.1 How can you access your personal information?

DPA and UK GDPR give you the right to access information that NIMDTA holds about you. Subject Access Requests (SARs) may be made in writing or orally. You will need to provide:

  • adequate information (for example full name, address, date of birth) so that your identity can be verified and your information located
  • an indication of what information you are requesting to enable us to locate this in an efficient manner

NIMDTA aims to comply with requests for access to personal data as quickly as possible, and normally within a calendar month of receipt unless there is a reason for delay that is justifiable under UK GDPR. We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know.

5.2 Freedom of Information

The Freedom of Information Act 2000 provides any person with the right to obtain information held by NIMDTA, subject to a number of exemptions.

5.3 Complaints about how we process your personal information

If you are dissatisfied with how NIMDTA is, or has been, processing your personal information, you have the right to advise NIMDTA of this.

6.  Contact Details

Any request for information, or complaints, should be submitted in writing to informationrequest.nimdta@hscni.net via the following address:

Complaints Officer NIMDTA – Corporate Services, Beechill House, 42 Beechill Road, Belfast, BT8 7RL

Requests / complaints submitted orally should be via 028 9040 0000.

You may also contact the Data Protection Officer directly:

7.  Changes to our privacy notice

We keep our Privacy Notice under regular review and apply the appropriate updates.