This statement discloses the privacy practices for www.rdtc.nhs.uk, the website for the Regional Drug & Therapeutics Centre. It applies solely to this website; links within this site to other websites are not covered by this privacy statement.
1. About the Regional Drug & Therapeutics Centre (RDTC)
We are a non- commercial, not for profit NHS organisation hosted by the Newcastle Upon Tyne Hospitals NHS Trust.
The RDTC is responsible for a range of activities to optimise medicines use and drug safety. These include monitoring and advising on prescribing and medicines use in primary and secondary care across stakeholder organisations across the North of England including the Greater Manchester Medicines Management Group (GMMMG) and the Northern Treatment Advisory Group (NTAG).
2. About the personal information we use
We do not store or collect information about website visitors. We will record your name, email address and work address only if submitted to us by you.
We use web server log files to generate statistics on the use of our site. This allows us to monitor traffic, analyse trends and identify any problems.
Log files typically record the IP address or hostname of all users accessing the website. This allows us to distinguish between different users and therefore estimate the number of unique visitors to the website. IP addresses and host names are not linked to your personally identifiable information.
Please note that only employees of NHS organisations that currently commission our services will be able to register for access to the password protected section of our website.
The documents, reports and publications that are provided in the password protected section of our website may contain data that relate to the organisation you work for which we access from a range of partner institutions. Current arrangements are reflected within this notice.
3. Our purposes for using personal information
All personal data provided will only be used for the following purposes:
- To allow access to stakeholder prescribing reports and publications via the website
- To contact you regarding any feedback/enquiries
- To answer enquiries (from NHS only) on clinical questions relating to therapeutic, pharmaceutical and pharmacological issues
- To maintain email distribution lists (if you give your consent) for the purposes of sending out stakeholder prescribing reports, publications, and/or conducting the business of the prescribing committees we support.
- From time to time to conduct surveys to evaluate the impact and effectiveness of our services.
- HES data is included within our therapeutic reports to highlight whether patterns of prescribing practice influence episodes of hospital admissions.
Data is accessed and processed by the RDTC who are hosted by Newcastle upon Tyne NHS Foundation Trust. Email distribution lists and a database of approved accounts for access to secure areas of website are stored on NUTH servers in line with Trust policy. Information regarding individual website access accounts including email address and IP address but not email distribution lists is also stored on the servers of the external organisations who host the website to facilitate logging in and out of the secure area of the website. The details of the company hosting the website and the external web developer we use to develop the site are available on request.
4. Our legal basis for using personal information
The RDTC considers that the legal basis for using personal information is as follows:
- Consent is given by the individual to process their personal data for purposes of providing access to secure areas of the website, to answer enquiries, to conduct surveys to evaluate the impact and effectiveness of our services, and to maintain email distribution lists.
- As part of a Contract with stakeholders to answer their enquiries and for the purposes of sending out stakeholder prescribing reports, publications, and/or conducting the business of the prescribing committees we support.
Legal basis for processing HES data:
The RDTC obtains HES data from NHS Digital via the HDIS system. This data is only extracted as aggregated data at CCG level. The RDTC does not extract record level data.
The legal basis for processing (including specific General Data Protection Regulation articles):
Article 6(1)e: Public task: processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
Article 9(h): processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3
5. Sharing personal information with others
All personal information is gathered and held by us in accordance with General Data Protection Regulation (GDPR) (EU) 2016/679. This data is only accessible by us and the web developer/external company used to the host the website and will not be disclosed or sold to any third party companies nor will they be copied or duplicated in anyway, except for back-up purposes.
6. Transferring personal information abroad
No personal information is transferred abroad.
7. Retention periods of the information we hold
We review access to our websites and details of individuals held on our email distribution lists every six months deleting those who are no longer stakeholders or have not accessed the website in the last 12 months.
All data used to generate our prescribing reports for stakeholders (e.g. aggregated from pseudo-anonymised HES data from NHS Digital) is stored for a maximum of 2 years including the current and previous financial year.
8. How we protect personal information
We take care to ensure your personal information is only accessible to authorised people. Our staff, the external website developer, and those of the external company used to host the website have a legal and contractual duty to keep all personal information secure and confidential, and all staff undertake mandatory training in Data Protection and IT Security.
9. Your rights
The information you provide will be managed as required by Data Protection law.
You have the right to:
- receive a copy of the information we hold about you
- request your information be changed if you believe it is not correct
- request not to be included on our email distribution lists for purposing of receiving the purposes of receiving stakeholder prescribing reports, publications, or being contacted to participate in surveys to evaluate the impact and effectiveness of our services.
From 25 May 2018, you have the right to:
- request that your information be deleted if you believe we are keeping it for longer than necessary
- by email: firstname.lastname@example.org
- or write to use at: Regional Drug and Therapeutics Centre, 16/17 Framlington Place, Newcastle upon Tyne, NE2 4AB
- Our Data Protection Officer is Richard Oliver (email@example.com)
If you feel that the RDTC has not dealt correctly with your personal data you can complain to the Information Commissioner’s Office:
The Information Commissioner
Telephone: 0303 123 1113 or 01625 545745
10. Web based surveys
From time to time we conduct web based surveys to evaluate the impact and effectiveness or our service. We use the facilities of surveymonkey.com to construct our questionnaires and to collect results. Surveymonkey do not use our data for their own purposes. Our data is kept private and confidential. Please see SurveyMonkey's privacy statement. We do not use our surveys to collect patient identifiable information.
Privacy statement issued on 15th May 2018
Updated 23rd January 2020