The Northern Ireland Medical and Dental Training Agency (NIMDTA) was established to train postgraduate medical and dental professionals for Northern Ireland. More detailed information about different aspects of our work can be found on our website: http://www.nimdta.gov.uk. NIMDTA recognises the importance of protecting personal and confidential information in all that we do, all we direct or commission, and takes care to meet its legal duties. Key legislation includes:
- the UK General Data Protection Regulation (UK GDPR),
- the Data Protection Act 2018
- the Freedom of Information Act 2000 (FOI),
- the Environmental Information Regulations 2004 (EIR),
- the Human Rights Act 1998 (HRA),
- relevant health service legislation, and the
- common law duty of confidentiality
2. Your Information
NIMDTA uses personal information for a number of purposes. This Privacy Notice provides a summary of how we use your information, specifically in relation to its Moodle Learning Management System (LMS). To ensure that we process your personal data fairly and lawfully we are required to inform you of:
- What personal information we collect
- Why we need your data
- How it will be used
- Who it will be shared with
- How long it will be kept for
2.1 What types of personal data do we handle?
Within the context of the recording of training sessions, the personal data processed will be your name and image. Any contributions you make to the session will also be recorded.
2.2 Why we need your data
NIMDTA processes this personal information for Doctors and Dentists in Training, their Trainers, and other Educator staff in relation to the statutory functions it performs with regard to the management of postgraduate medical and dental education and training within Northern Ireland. NIMDTA also processes the information in relation to Dentists, Dental Care Professionals and General Practitioners in relation to Continuing Professional Development courses. Information may also be processed for applicants to Medical and Dental Training Programmes within Northern Ireland and other individuals who are eligible to attend events delivered by NIMDTA.
Recordings will facilitate access for those delegates / attendees who would like to re-watch some or all of a particular training session / event. These recordings are also necessary to facilitate those who had not been able to access the session live, to avail of the training, as they would otherwise be unable to do so.
Information processed for the above purposes is therefore lawful under Article 6 of the UK GDPR as follows:
- 6(1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
2.3 How will we use information about you?
Recordings of training sessions will also be used in order to improve the experience of teaching sessions and other events which are delivered online by NIMDTA. Recordings of training events will be uploaded to a secure video storage site and embedded within the relevant course on LMS – access to these courses will be restricted to only to the relevant NIMDTA staff, the course tutor(s) and eligible attendees.
Attendees will be advised when recording is about to begin. We ask that attendees’ video is active for the duration of the event, but it may be turned off before recording starts if you don’t wish to appear.
In some instances, recordings of non-teaching sessions, such as Welcome events, may be recorded and made publically available via the NIMDTA website – where this is the intention this will be clearly indicated to attendees prior to the event and again prior to the commencement of recording. Attendees will have the option of amending their display name and/or disabling their video so that their name and image will not appear in the recording.
2.4 Sharing your information
As indicated above, recordings of teaching events will be made available to only authorised eligible users via LMS. They will be uploaded directly to the LMS or embedded from a video storage site (Vimeo) with steps taken to ensure that the videos will not be publically available and cannot be embedded or watched anywhere else other than LMS.
There may be some instances where recordings of non-teaching sessions are made available publically via the NIMDTA website – this will be clearly indicated to attendees in advance of the event and again prior to the commencement of recording of the event. Attendees will have the option of amending their display name and/or disabling their video so that their name and image will not appear in the recording.
2.5 Retaining Information
NIMDTA will only retain information for as long as necessary, in line with the Department of Health (DoH) Good Management, Good Records (GMGR). For further information, please refer to the following DoH link: https://www.health-ni.gov.uk/topics/good-management-good-records.
Recordings of training events will be accessible via the LMS until 3 months after the end of the relevant academic year, and will be deleted from the Video Storage site at the end of this period.
3. Individual Rights
Individuals have certain rights under UK GDPR, namely:
- The right to obtain confirmation that their personal information is being processed, and access to personal information
- The right to have personal information rectified if it is inaccurate or incomplete
- The right to have personal information erased and to prevent processing, in specific circumstances
- The right to ‘block’ or suppress processing of personal information, in specific circumstances
- The right to portability, in specific circumstances
- The right to object to the processing, in specific circumstances
- The rights in relation to automated decision making and profiling
4. Security of your information
NIMDTA is committed to taking all reasonable measures to ensure the security of all personal information it holds. The following arrangements are in place:
- All NIMDTA staff have contractual obligations of confidentiality, enforceable through disciplinary procedures;
- Everyone working for the HSC is subject to the common law duty of confidentiality;
- Staff are granted access to personal data on a need-to-know basis only;
- NIMDTA has appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a Personal Data Guardian (PDG) who is responsible for the management of employee and any patient information/confidentiality. Local Information Asset officers (IAOs) have been appointed as part of its Information Governance arrangements. The Business Services Organisation (BSO), has appointed a Data Protection Officer (DPO) who also has responsibility for NIMDTA;
- All staff are required to undertake information governance training every 2 years. The training provided ensures that staff are aware of their information governance responsibilities and follow best practice guidelines to ensure the necessary safeguards and appropriate use of personal information;
- A range of policies and procedures are in place;
- There are contractual clauses with the LMS provider, Hubken Group, which states that data is hosted within UK datacentres. The datacentres hold ISO 27001, ISO 9001 and ISO 14001 certifications with on-site security and access control processes.
- Recordings of training sessions will be securely stored with security settings allowing embedding only within the LMS where access will be restricted to only those eligible to attend the session and NIMDTA staff.
5. Receiving Information
5.1 How can you access your personal information?
DPA and UK GDPR give you the right to access information that NIMDTA holds about you. Subject Access Requests (SARs) may be made in writing or orally. You will need to provide:
- adequate information (for example full name, address, date of birth) so that your identity can be verified and your information located
- an indication of what information you are requesting to enable us to locate this in an efficient manner
NIMDTA aims to comply with requests for access to personal data as quickly as possible, and normally within a calendar month of receipt unless there is a reason for delay that is justifiable under UK GDPR. We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know.
5.2 Freedom of Information
The Freedom of Information Act 2000 provides any person with the right to obtain information held by NIMDTA, subject to a number of exemptions.
5.3 Complaints about how we process your personal information
If you are dissatisfied with how NIMDTA is, or has been, processing your personal information, you have the right to advise NIMDTA of this.
6. Contact Details
Any request for information, or complaints, should be submitted in writing to email@example.com via the following address:
Complaints Officer NIMDTA – Corporate Services, Beechill House, 42 Beechill Road, Belfast, BT8 7RL
Requests / complaints submitted orally should be via 028 9040 0000.
You may also contact the Data Protection Officer directly:
- Email: firstname.lastname@example.org
- Tel: 02895 363666
7. Changes to our privacy notice
We keep our Privacy Notice under regular review and apply the appropriate updates.