Privacy Policy

Patients and the Public

The General Data Protection Regulation (GDPR) which came into force on 25th May 2018 applies to person-identifiable data (PID). The NHS Wales Informatics Service (NWIS), in its national role in providing statistical outputs on Welsh healthcare data is authorised to receive and hold PID from health care providers as part of its core business. It also processes non health datasets for research purposes under the provisions of the Digital Economy Act 2017. Acting as a trusted third party for data providers who split their datasets into two parts: PID and content, NWIS receives only the PID elements of the data and ADP receives only the de-identified content data. Through this separation principle, individual identity is protected from disclosure as only the original data provider sees the full identifiable dataset. For more details of this process, click here.

Once the data are loaded into ADP, they are linkable via a unique anonymised linking field to other ADP datasets. All such datasets are similarly de-identified. Only the ADP core team have access to the breadth of ADP datasets, and this is necessary for data preparation. Where it may be considered that the provisions of the GDPR apply to the Adolescent Mental Health Data Platform as a whole because of the breadth of data held, we rely on the provisions for research in the public interest (GDPR Article 6(1)(e) and 9(2)(j)) as our lawful basis for processing.

Data made available to researchers from within ADP is limited to partial views of datasets which are assessed to ensure that the risk of identity disclosure is minimised. Projects carry out their analysis within a strictly controlled environment which is subject to scrutiny and audit. Following data analysis, a researcher must submit their results to a ADP data guardian before they can be released for dissemination. These outputs are prohibited from including row-level data, but may consist of tables, charts, coefficients, etc. and are assessed to ensure risks of disclosure are mitigated. From this, providing appropriate control measures are applied at the project-level data made available to researchers are anonymous and outside the scope of the GDPR and other data protection legislation.

Because the Adolescent Mental Health Data Platform holds only de-identified data and is not able to identify individuals, we do not ourselves have the ability to process opt-out requests from members of the public, and we retain the data for long-term use. Anyone wishing to opt out of de-identified data related to them being sent to ADP or used for other secondary purposes, should make an enquiry to the relevant data provider(s) listed on our website about what options they may provide for allowing individuals to opt out. For primary care records, individuals can opt out by making a request to their GP.

Working with Us

This section relates to the collection, handling and storage of data we obtain from individuals who work with the Adolescent Mental Health Data Platform, either those directly employed by ADP or those who work with ADP data to undertake research projects. It does not relate to the de-identified data held within the Adolescent Mental Health Data Platform itself. For this, please see the section regarding patients and the public.

For the purposes of collecting, processing and storing data from individuals employed by or working with ADP, Swansea University is the Data Controller and is committed to protecting the rights of individuals in line with the Data Protection Act 1998 (DPA) and the new General Data Protection Regulation (GDPR).

What data do we collect, on what grounds do we hold it, and how will it be used?

i. ADP Staff

Individuals directly employed within the Data Science Building at Swansea University, whose role is entirely or partly to support the Adolescent Mental Health Data Platform core services and infrastructure are considered ADP staff. Various departments within Swansea University (e.g. Human Resources, Finance) hold personal data on employees. This is collected and held under the individual’s contract of employment, and is used for the purposes of managing the individual’s contract of employment.

ii. Project researchers’ contacts

These are individuals whose work is directly related to using the data held within the Adolescent Mental Health Data Platform, and who provide personal information to ADP as part of their applications to use ADP data. This data is initially held under specific, explicit and recorded consent, and later as part of the terms of the contract governing the research project being undertaken with ADP. The following personal information will be held:

• Name and job title
• Email address
• Curriculum vitae
• Evidence of Safe Researcher training or equivalent having been completed
• The name of your organisation, institution or place of work
• Interests and communication preferences

iii. Participants of surveys

These are individuals who have participated in our surveys, in order to express their views on a number of issues involving mental health. This data is held under specific, explicit and recorded consent. Our surveys are anonymous and the only demographic data held are email addresses.

We sometimes use the online software, Survey Monkey, to conduct our surveys.
For Survey Monkey’s complete privacy policy, please click here.

iv. Photographic/ video material

Photographs and video footage taken during ADP related events for official use, including during public engagement activities. Delegates will be informed when photographs and/or video footage are taken during events. Where an image clearly identifies an individual and constitutes personal data, informed consent will be obtained for its release.

All data held within the Adolescent Mental Health Data Platform has been provided by third party Data Owners, who impose a number of information governance conditions on use of their data, to ensure that it is appropriate and in the public interest. Part of these conditions are that individuals given access to the data are named, professional researchers with appropriate skills and training. The personal data we collect and hold from researchers is mainly to satisfy these information governance requirements and to demonstrate continued compliance them to any audit undertaken during or after the project lifecycle. We also use researchers contact details to contact them throughout the life of their project to inform them of their project’s status, report any downtime in access to data and other administrative functions required to allow us to set up and manage their project. Researchers should be aware that if consent to hold personal data is withdrawn, this will result in the individual being unable to continue to access ADP data, since we will no longer hold sufficient information to demonstrate their compliance with our information governance requirements.

How We Use Your Information

We may use your personal information to:

• Provide the Service to you, such as allow access to our services, process or fulfill an order or transaction, or administer surveys
• Respond to your requests, inquiries, comments or concerns
• Provide technical, product and other support
• Enhance, evaluate and improve the service, its advertisements and promotional campaigns
• Identify and analyze usage trends, including for the purposes of research, audits, reporting
• Notify you about changes or updates to the Service and our products and services
• Direct marketing: There is a legitimate interest for us to process data to provide you with direct marketing including information relating to opportunities for collaboration, up-to-date news and up and coming events of interest. A legitimate interests’ assessment has been carried out to ensure your personal data is used appropriately and in ways you would reasonably expect with minimal privacy impact. Where an image constitutes personal data/ special category data, we will always seek the data subject’s consent for its use.

Who do we share your information with?

ADP staff data is held under performance of employment contract and may be shared within Swansea University in line with Human Resources policies and procedures for the purposes of managing the individual’s contract of employment.

Data provided to ADP by project researchers / contacts as part of their application to use ADP data is not passed on to any third party. Your data will be used solely to comply with our information governance requirements and for the purpose of set up and management of your research project.

In some circumstances, images or video footage may be released on our operation website, Swansea University website, social media platforms and/or via press release. Where an image or footage constitutes personal data, you will be informed of this and your consent for media release will be obtained. The ADP uses third party processors such as Eventbrite for event organisation and material distribution, which may involve international data transfer. Eventbrite is GDPR compliant: see https://www.eventbrite.co.uk/security.

How long will it be held for?

ADP staff data will be held in line with Swansea University personnel policies and procedures. For more information click here.

Personal data provided by researchers working with ADP will be held for the period of their access to ADP data, then archived for a period of five years (to comply with audit requirements), after which we will delete our records of your data. If for any reason you wish us to retain your information for a different period than five years following conclusion of your project, this can be agreed as part of the project application process.

Where do we store your data?

We are committed to keeping your data secure. Any data you provide to us will be held only on secure servers owned and administered by Swansea University which are subject to suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect.

If you are not currently working with us, and have any questions about security please contact us.

If you are already in discussion with us about a project or have a live project using ADP data please contact our helpdesk quoting your ADP project reference number.

Accessing and updating your data

You can update your details, change your mind at any time about how we contact you, how we process your data, or ask us to stop contacting you altogether by contacting our helpdesk

As stated above please be aware that if you withdraw your consent for us to hold data which you have provided to us, or ask us to stop contacting you we will no longer be able to administer your project and so will withdraw your access to ADP data.

Our Website

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

Adolescentmentalhealth.uk does not actively track you as an individual.

By submitting an enquiry via our contact form you are consenting to your data being held by the Adolescent Mental Health Data Platform, Swansea University. Your data will be used for the purposes of dealing with your enquiry and sending you relevant information about the Adolescent Mental Health Data Platform. The Adolescent Mental Health Data Platform will not pass your details on to any third party. If you wish to remove yourself from the Adolescent Mental Health Data Platform’s database please email contact@adolescentmentalhealth.uk

We use Google Analytics to track the performance of our website and patterns in use. We do not link statistics collected by Google Analytics to personally identifiable information. Find out more on the Google Analytics privacy policy and how to opt out of tracking.

More details about cookies used by Google Analytics are published on the Google website. Cookies and Google Analytics

Google also publishes a browser add-on that will stop cookie information for Google Analytics being stored. Google Analytics opt-out browser add-on

NONE OF THE INFORMATION WE GATHER VIA COOKIES IDENTIFIES YOU AS AN INDIVIDUAL – IT IS ALL ENTIRELY ANONYMOUS.

Your Rights

The General Data Protection Regulation (GDPR) strengthens and adds to individuals’ rights that exist under the Data Protection Act and ADP is committed to supporting these rights.

You have a right to access your personal information, to object to the processing of your personal information, to rectify, to erase, to restrict and to port your personal information. Please visit the University Data Protection webpages for further information in relation to your rights.

Any requests or objections should be made in writing to the University Data Protection Officer:-

University Compliance Officer (FOI/DP)
Vice-Chancellor’s Office
Swansea University
Singleton Park
Swansea
SA2 8PP

Email: dataprotection@swansea.ac.uk

How you can withdraw consent for us to hold your data

You can change your mind at any time about how we contact you, how we process your information, or ask us to stop contacting you altogether by contacting our helpdesk.

We will be proactive in keeping our records up to date and will aim to action all changes to communication preferences within ten working days.

How to make a complaint

If you are unhappy with the way in which your personal data has been processed you may in the first instance contact the University Data Protection Officer using the contact details above.

If you remain dissatisfied then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:–

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

www.ico.org.uk

Changes to the Privacy Policy

Please note that the Adolescent Mental Health Data Platform may change this notice by updating this page.