TRUST STAFF MOBILE APP PRIVACY STATEMENT

 Version 0.4 August 2022

This policy relates to the My SWYFT mobile staff app. For the Trust please see the footer link

The privacy of all our users at *South West Yorkshire Partnership Foundation Trust* NHS Trust (the Trust) is very important to us. When you, as an App-user, use the Service the App Provider uses (Microsoft Azure) to deliver the App to you and therefore will need to process your Personal Data. This Privacy Statement describes how we safeguard and process your Personal Data. We recommend you read it carefully.

Who we are:

We, South West Yorkshire Partnership Foundation Trust (the Trust), are a data controller. Our address for communications is:

Our postal address is:

South West Yorkshire Partnership NHS Foundation Trust

Fieldhead

Ouchthorpe Lane

Wakefield

WF1 3SP

Our telephone number is 01924 316000

If you want to contact us about this application and how we use your information in the first instance please contact us at comms@swyt.nhs.uk 

You can also for governance issues contact our data protection officer *Data protection officer email*

Complaints and Your Rights to complain to the Regulator

If you feel that we have not adequately dealt with your complaint regarding how we process your information you can raise the issue with the Information Commissioner who is the supervisory authority for the United Kingdom (the Regulator) at the address below:

Information Commissioner’s Office:

By phone: 0303 123 1113

By letter

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Link to Contact Form: https://ico.org.uk/global/contact-us/

Website: ico.org.uk (opens in a new window)

Purpose of Processing

In order to provide you with the Staff App and associated services, we need to process some personal information, where possible the App collects unidentifiable information.

The Lawful bases for the Trust to process your information are your consent. By downloading and using the App, you signify your consent for us to process your information

  1. What is stated in this Privacy Statement?

Parties inform you in this Privacy Statement about:

  • The kinds of Personal Data processed;
  • Permissions;
  • The purposes for which Personal Data is processed;
  • Where the Personal Data are processed;
  • The security measures in place to protect Personal Data;
  • Limits of responsibility concerning third parties;
  • Viewing, changing and deleting your Personal Data;
  • Changes to this Privacy Statement;
  • What to do if you have any questions or remarks.
  1. The kinds of Personal Data processed
  2. Personal Data by using our Service

In order to deliver the Service, we only use the minimum personal information.

  1. Automatically generated information

Like most other websites and online services, the App gathers and processes automatically generated information about how you use the App.

The information gathered includes:

  • Your IP-address
  • Unique device ID.

The above information is used for push messaging; however the user has the option to turn off push notifications, but IP addresses and device IDs will still be collected. The option to opt-in or out is presented at the initial download set-up.

If you are specifically opt-in, the App may collect your geo-location information. In any event, you can block geo-location collection through the settings of your mobile device.

To provide the App-owner (the Trust) with information about the usage of the app we are also collecting the following (anonymous) information:

  • The moment you open the app;
  • The blocks (Sections of the App); you’ve opened inside the app and the amount of time you’ve spend in this block
  • Actions such as music playback, opening URLs (links) etc.
  • The moment you leave the app;
  1. Specific information

We may use push notifications (we send information to you) to ask you to engage in certain activities via the App, such as for example loyalty-card schemes, newsletters, and advertising, however, we will not ask for any personal information.

You can Turn off Push notifications under settings within the App.

  1. Permissions

In general, and for specific functionality built into the App, our service asks for Permissions. These Permissions are asked of the App user when the App is installed from your APP store and/or when specific functionality is used.

  • Files / Storage and Media
  • Location
  • Camera
  • Notifications
  • Open Supported Links
  • Application Data Usage
  1. The purposes for which Personal Data is processed

Purposes – to enable you to use the Service;

  • To keep you updated with relevant information about our Service;
  • To improve and/or customise the Service;
  • To identify your use /or customise the Service;

The Trust processes Personal Data for the following purposes:

  • To identify your Device and to prevent fraud;
  • To provide support;
  • To pass your Personal Data to third parties, if you requested us to do so or if we are legally obliged to do so.
  1. Transmission of Personal Data to third parties

The Trust and its App supplier do not sell, trade, or rent your Personal Data to third parties without your prior consent.

We may provide “aggregated anonymous data” about the usage of the Service to third parties for, as it deems to be appropriate for example to improve the APP and the services provided.

“Aggregated anonymous data” is data that cannot be traced back to you and which therefore does not count as Personal Data. For instance, we may use aggregated anonymous data to better understand how Users use the Service.

 

If the Trust App supplier (ARK Ltd) is transferred to a third party, the App supplier is merged with a third party, or undergoes a re-organisation, your Personal Data may also be disclosed and/or transferred to that third party. This third party will have the right to continue to use Personal Data and other information that you provided to us or the App Supplier.

The Trust and its App Supplier may disclose your Personal Data where it is believed, in good faith, that it is necessary to comply with a court order, ongoing judicial proceeding, criminal or civil subpoena, or other legal process or request by law enforcement authorities or to exercise its legal rights or defend themselves against legal claims.

  1. Where are the Personal Data processed?

The Service is provided by using hosting services of Microsoft Azure, in the US Area.

The Personal Data processed by the App-publisher may be transferred to, and stored on, servers maintained by Microsoft Azure located in or outside a country in the UK such as the United States of America.

Microsoft adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, although Microsoft does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data considering the judgment of the Court of Justice of the EU in Case C-311/18 (Facebook Ireland Vs Schrems)

You agree to this transfer and processing outside the UK. The App-publisher will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this privacy policy. For more information about Microsoft Azure and the EU-US Privacy Shield look at https://privacy.microsoft.com/en-GB/privacystatement.

  1. What security measures are in place to protect Personal Data?

The security of your data and that of other Users is very important to us.

The App Supplier has implemented technical and organisational measures to protect your Personal Data against loss or any form of unlawful processing. The App Supplier has implemented the following measures: protection of the servers by firewalls, SSL connections and encryption of sensitive data. This list is not exhaustive.

  1. Limits of responsibility concerning third parties

Our Service may contain services and products offered by third parties, and/or hyperlinks to the websites or services of partners, advertisers and other third parties.

We the Trust have no control or influence over the content, websites, or services of these third parties. Different privacy policies may apply to the use of third-party websites and services. This Privacy Statement only relates to Data which have been obtained by the Trust through your use of the ‘the App’ for its own purposes. We the Trust do not accept any responsibility or liability for the content, practices or operation of third-party websites and services.

  1. Viewing and deleting Personal Data

You may send a request to access or delete the personal information collected through your use of the App, by contacting us via email. You may be asked to provide additional information to verify your identity.

As we are not able to identify specific users, as we do not have access to the linkage between user and IP Address. It will not be possible to provide you with a the data we may hold about you, however, if we are required by law to provide the information held in the App system, it maybe possible by a third party, such as Law enforcement, to link IP address and Geo-location to a user.

Can be done by emailing  comms@swyt.nhs.uk

  1. Children’s privacy

Personal information about children is not knowingly or intentionally collected. Children must not use this service.

  1. Security

Measures are implemented to secure your personal information, to minimise the risks of damage, loss of information and unauthorised access or use of information. However, these measures are unable to provide absolute information security. Therefore, although efforts are made to secure your personal information, it is not guaranteed and you cannot reasonably expect that the App and its related databases will be immune from any wrongdoings, malfunctions, unauthorised interceptions or access, or other kinds of abuse and misuse.

 

  1. Changes to this Privacy Statement

This Statement may be updated at any time. The Trust and App Supplier will publish any updated version of the Privacy Statement via the Service. The Trust and App Supplier encourages you to check this page from time to time to be aware of any changes to this Privacy Statement and to stay informed about how parties protect your Personal Data. You acknowledge and agree that it is your responsibility to review this Privacy Statement periodically and familiarise yourself with any updates.

You agree to be bound by any of the changes made to this Statement. Your continued use of the App after the changed take effect will indicate your acceptance of the amended Statement. If you do not agree with the amended Statement, you must uninstall the App and avoid any further use of it.

Retention Period

Your information is retained while the app is live or the APP provider is in contract with the Trust. All that is identifiable about the user is the device used, IP address, device type, an android or apple device and Geo Location information if you choose to provide it

  1. What to do if you have any questions or remarks

If you have any questions or remarks about this Privacy Statement, please contact us by sending an email to comms@swyt.nhs.uk

 

Page last updated on: