The Stroke-Specific Education Framework (SSEF) Online Toolkit is hosted and maintained by the University of Central Lancashire. The University of Central Lancashire (UCLan) complies with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 whenever it processes personal data.
Data Protection Officer
The University’s Information Governance Manager & Data Protection Officer advises the SSEF how to comply with data protection legislation and manages and coordinates requests made under the GDPR and associated legislation.
You can contact the Information Governance Manager & Data Protection Officer at:
Information Governance Manager & Data Protection Officer
Legal and Governance
University of Central Lancashire
Telephone: +44 (0)1772 892561
The Information Commissioner’s Office (ICO) is the lead supervisory authority for GDPR purposes for UCLan and its subsidiaries. UCLan is registered with the ICO as a data controller and our registration number is Z5512420. You can see the general purposes for which we process personal data in our register entry which is publicly available on the ICO’s website.
- Data Protection Policy
- Data Protection: Processing Special Category Data and Criminal Convictions Data
- Information Management Policy
Privacy Notice: Stroke-Specific Education Framework
How we use your information as part of the Stroke-Specific Education Framework (SSEF)
This privacy notice tells you what to expect us to do with your personal information when you register to use the Stroke-Specific Education Framework (SSEF). Personal information (or personal data) is any information which relates to and identifies you. Data protection legislation (the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA)) set out how we should handle your personal information.
Our contact details
The UCLan Higher Education Corporation is the data controller for the personal information we process, unless otherwise stated. We are registered with the Information Commissioner’s Office and our registration number is Z5512420.
There are many ways you can contact us, including by phone, email, social media and post.
Our Data Protection Officer
What personal information will we use?
When registering to use the SSEF, individuals can register as a health professional or a course provider, depending on their circumstances.
If you are registering as a health professional, the SSEF uses information you provide during registration and self-assessment to inform the development of your personal role profile. Information captured during registration, including your role and employing organisation, may be used to inform research around the extent of engagement within NHS Trusts at local, regional and national levels; all information is anonymised and, in the event that this is shared with government bodies, no identifying data will be provided to third parties. Should you attend a SSEF registered education or training opportunity, and utilise the course review process, we will capture your views to provide feedback to course providers, which may or may not be published in the course review sections of the website. Contact information may be used to provide you with updates about the SSEF toolkit.
If you are a course provider, we will collect the names and contact details of your representatives in addition to the details of what the course covers and how this can be accessed. These details will be publicly available for those who are looking for further personal development opportunities. The types of courses available may be collated to demonstrate the variety of learning opportunities on offer. However, all personal information is anonymised and, in the event that this is shared with government bodies, no identifying data will be provided to third parties.
Why do we use your personal data?
If you are a health professional, once you register, we will use your personal data for the purposes outlined below.
- Personal SSEF account creation
- Personal role profile development
- Comparison of personal role profile with SSEF standardised role profiles
- Signposting relevant education and training opportunities
- Course review
- Communicating with you
- Research, reporting and statistics
If you are an individual course provider or an employee of a course provider, we will use your personal data for the purposes outlined below:
- Personal SSEF account creation
- Informing health professionals how to contact the course provider
- Informing health professionals how to access the course
- Communicating with you
What is the lawful basis for this processing?
The SSEF relies on the following lawful bases from the UK GDPR to process information about you for the purposes set out in this notice:
Article 6(1)(e), which allows us to process personal data where it is necessary to perform a task in the public interest. Research and teaching; some internal reporting and monitoring; and auditing is carried out as part of our public tasks. We may also rely on this lawful basis to process personal data where it is necessary for the public tasks of other organisations, such as when we disclose information to Health Education England (HEE) (see ‘Who will my personal information be shared with?’ for further information) or when we disclose information to third parties for surveys and research purposes which are not directly related to UCLan.
Article 6(1)(f), which allows us to process personal data where it is in our, or someone else’s, legitimate interests to do so and it does not unduly prejudice your rights and freedoms. We rely on this condition to, among other things:
- Communicate marketing messages to you (unless you opt out). It is in the SSEF’s legitimate interests to promote its services, courses and events to those who may be interested.
- Produce some internal reports, research and statistics. It is in our legitimate interests to use these to evaluate, plan and assess how the SSEF is operating and make any changes we think are appropriate and will benefit current and future users.
- Share information with third parties for your benefit, or where it is in their interests, for example where an NHS employer is commissioning education and training and enquires about the experience of SSEF users.
Who will my personal information be shared with?
We may share your information with a range of external organisations and bodies. We only share your personal data with another person or organisation where the law allows us to and we consider it to be appropriate under the circumstances. The external parties we may share information with include the following:
- We share some data with HEE to help HEE carry out its statutory functions in the public interest. Aggregated data will be provided in anonymised format, with no identifying details.
- NHS England. We share some data with organisations and Trusts within the NHS where there is a legitimate need e.g. understanding the extent of staff engagement with the SSEF. All information will be provided in anonymised format, with no identifying details.
- Third parties carrying out research or surveys where there is a lawful basis to share information and they are carrying out their statutory tasks in the public interest.
Sending your information outside the European Economic Area (EEA)
Occasionally we may need to send your personal information outside the UK and/or the European Economic Area (EEA) so that we can contribute to overseas research around stroke-specific education and training. All transfers are carried out with appropriate safeguards in place to protect your information and ensure it remains secure. Aggregated data will be provided in anonymised format, with no identifying details.
How long will we keep your personal information?
If you are a health professional, we will maintain your SSEF account, and any associated personal role profile information indefinitely until you delete your account. If you do wish to delete your account at any time, please contact SSEFenquiries@uclan.ac.uk.
If you are a Course Provider, we will maintain your SSEF account, and any associated education and training information as long it remains up to date. In the event that information relating to registered courses is out of date we will make every effort to contact you prior to deletion of information. Registered courses, and the associated accounts will be deleted one year after the last recorded update should we receive no response from you.
Your data protection rights
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. For further information or to make a request, please see our Data Protection web page.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing
You have the right to object to any processing we carry out, if we carry it out on the basis that it forms part of our public task or is in our legitimate interests. You also have the right to object to your personal information being used for direct marketing purposes.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information because we have your consent or because you have a contract with us and it is necessary for the performance of that contract, and the processing is automated.
Your right to complain
We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact the SSEF team SSEFEnquiries@uclan.ac.uk or the Information Governance Manager & Data Protection Officer DPFOIA@uclan.ac.uk, and we will respond.
If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Information Commissioner’s Office, which is the UK supervisory authority for data protection. Further information can be found on our Data Protection webpage.