Privacy Notice

How SURREYTOOLKITS.UK (PREPARING TO PRESCRIBE) handles your personal data

The Preparing to Prescribe toolkit has been developed by the School of Health Sciences, University of Surrey. As such, the University is the “Data Controller” of your personal data. We are registered with the Information Commissioner’s Office (our notification number is Z6346945) and we are committed to ensuring that the personal data we process is handled in accordance with data protection legislation. We have a named Data Protection Officer, Suzie Mereweather, who can be contacted at: dataprotection@surrey.ac.uk. One of our responsibilities is to tell you about the different ways we collect and use your personal data. This statement provides details about these uses.

What information do we collect from you?

The School of Health Sciences holds the following personal data about you:

  • Your name (contact form only)
  • Email address
  • Profession

We receive this data from you when you register your email address on the Preparing to Prescribe webpage or when you contact us through the contact form.

Why do we collect this information?

The University collects only the data we need and we keep the data up to date and only for as long as it is needed. It is important for you to know why we collect your information and the lawful basis for us processing that information:
  • We process data in both of our legitimate interests in providing you with a facility that assists you in meeting the requirements of a non-medical prescribing programme.
These legitimate interests are determined through an assessment made by weighing our requirements against the impact of the processing on you. Our legitimate interests will never override your right to privacy and the freedoms that require the protection of your personal data. If you are interested in learning more about this legitimate interest assessment, please contact dataprotection@surrey.ac.uk.
  • We process data to ensure that we can carry out our public role as an educational and research establishment, meeting legal, moral and contractual obligations as laid out in the University’s Charter.
  • We also process data because you give us your consent, specifically to contact you where you have indicated that you are happy for us to do so.
We do not use the data we collect to make decisions about individuals or to analyse information on an individual level.

What do we do with your information?

The University processes personal data in accordance with data protection legislation and its own Data Protection Policy.

We use it to:

  • Provide you with guidance and sign post you to resources;
  • Notify you when there are updates to this toolkit, or when we launch new toolkits where you have agreed to receive these notifications;
  • Evaluate data to ascertain how the toolkit is being used and its impact on NMP practice toolkit;

We may also use it to inform research into the use and impact of the toolkit. If we do, then the data that we will use will be aggregated data and will not identify you in anyway.

How long do we keep your information?

We keep your personal data in accordance with the University’s retention schedules. Where we are processing your personal data for research purposes we will retain the data for 10 years. All relevant safeguards are met in relation to historical research data.

How do we protect your data?

We take the security of the personal data we hold seriously. Details on university wide measures surrounding IT security can be found in the principal IT Security Policy which sets out the definition of, commitment to and requirements of Information Technology and Security.

We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.
Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions contained within a contract, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

What rights do you have in relation to the way we process your data?

As an individual whose data we process (a data subject), you have certain rights in relation to the processing. You can find detailed information about your rights as a data subject on the University’s webpage. You have the right to:
  • withdraw your consent in circumstances where we are processing your personal data on that basis;
  • Ask us to confirm that your personal data is being processed and to access (i.e. have a copy) of that data as well as to be provided with supplemental information about the processing;
  • request that we rectify any inaccuracies where the data we hold on you is inaccurate or incomplete;
  • Have your data erased by us, although in certain circumstances we may not be able to do this, for example, where we must comply with a legal obligation or in managing your health and social care. The circumstances where this applies can be found in the data subject rights information on the University’s webpage;
  • Restrict the processing of your personal data in certain ways;
  • Obtain your personal data for reuse;
  • Object to certain processing of your personal data.
To exercise any of these rights, please contact dataprotection@surrey.ac.uk.

What rights do you have in relation to the way we process your data?

If you have any concerns about the way that we have handled your personal data please contact us as we would like to have the opportunity to resolve your concerns. If you’re still unhappy, you have the right to lodge a complaint with the Information Commissioner’s Office. Please see their website at: https://ico.org.uk/make-a-complaint/.