Legal basis for processing data
In most cases, we process your personal data to directly carry out our functions. This means that because we were established from the recommendation of the National Assembly for Wales (Access to medical technologies in Wales, December 2014), we are required to carry out these functions. Under Data Protection law, we’re allowed to process your personal data because it’s ‘necessary for performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’.
In some cases, we’ll want to process your personal data for reasons beyond our statutory functions. When we want to do this, we will ask for your consent to process the personal data that we need (e.g. if we want to take and use your photograph in our marketing materials, or you wish to subscribe to a newsletter). In these cases when you give your consent, you’ll be told how your personal data will be processed. You will also be told how you can withdraw that consent and opt out of further processing.
General Data Protection Regulation (GDPR) came in to force on Friday 25 May 2018. This requires us to process data in a lawful, fair and transparent manner in relation to individuals.
The Data Protection Act 2018 also ensures we protect the privacy of personal information. We comply with the following six principles to ensure data we process is:
- Justified, lawful and transparent
- Processed for limited purposes
- Adequate, relevant and limited
- Accurate and up to date
- Not kept for longer than is necessary
The information we collect when you use this website can include:
- Job title
- Email address
- IP address
- Subscription preferences
We also collect Cookies. These are small text files sent to your computer, mobile device or tablet by the websites that you visit. This helps us to understand how you use our website, enabling us to improve the navigation and our content to better meet your needs. The data will not be used to identify any user personally.
This data can be viewed by authorised people in Health Technology Wales to:
- Improve the website by monitoring how you use it.
- Gather feedback to improve our work.
- Respond to queries or feedback that you send to us, if it requires a response.
- Send e-newsletters and bulletins to you, if you request them.
- Provide you with information about local services, if it has been requested.
Under associated Data Protection legislation, you have rights as an individual which you can exercise in relation to the information we hold about you. These are:
- Right of access to personal information
- Right to correct inaccurate personal information
- Right to have your personal information deleted (within certain limits)
- Right to restrict use of your personal information in certain circumstances
- Right to object to the use of personal information where it is based on specific legal bases
- Right to object to the use of automated decision making, including profiling.
You can read more about these rights here.
Controlling personal information
You can contact us to request details of the personal information we hold about you. There may be a reasonable fee payable to cover the administrative costs of complying with the request.
To exercise all relevant rights or should you have any objections or queries relating to how your personal data is being processed, please contact us as soon as possible:
Health Technology Wales (HTW)
The Life Science Hub
3 Assembly Square
+44 (0)29 2046 8947
We will promptly correct any information found to be incorrect or remove your details if you wish.
We use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in an anonymous way which does not identify anyone individually. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be open about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
We use a third party provider, Hootsuite to manage our social media interactions. If you send us a private or direct message via social media the message will be stored by Hootsuite for three months. It will not be shared with any other organisations.
If you subscribe to our e-newsletters, you may be contacted from time to time to ask for feedback on how to improve email services.
Click here to unsubscribe or update your preferences. You can change these settings at any time.
Forms and surveys
We have several forms hosted on our website, such as our Suggest a Topic form or Contact form. For our other surveys, we use a third-party provider, Online Surveys. All survey and respondent data on Online Surveys is stored in the EU. Please see Online Survey’s Terms and Conditions for more information.
If you complete a form or survey, you will be asked whether you are happy for us to contact you for future feedback. You may also be asked for permission to quote your feedback (or part of your feedback) in HTW materials, for example in our website or Annual report.
Contact us if you want to amend or remove your information.
Any data users send is at their own risk. Sending information over the internet is generally not completely secure and we can’t guarantee the security of your data while it’s in transit. We have procedures and security features in place to keep data secure once it’s received.
We may pass on personal information if there is a legal obligation to do so. This includes exchanging information with government departments for legal reasons.
We won’t share information with any other organisations for marketing, market research or commercial purposes, and we won’t pass on personal details to other websites.
Links to other websites
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you want to lodge a complaint, it will be acknowledged within five working days and they will receive a full response within 20 working days. If we can’t respond fully in this time, users will receive a letter to them know when to expect a full response.
You also have the right to contact the Data Protection Officer from Velindre University NHS Trust, who host Health Technology Wales, at the following address:
Velindre University NHS Trust
Unit 2 Charnwood Court
If you are still not happy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at the following address:
Information Commissioner’s Office