Privacy Notice

Introduction

LearnHSCNI Learning Management System (LMS) is used by all HSC employers:

• Belfast HSC Trust
• Business Services Organisation
• Children’s Court Guardian Agency NI
• Northern HSC Trust
• Northern Ireland Ambulance Service
• Northern Ireland Blood Transfusion Service
• Northern Ireland Practice Education Council
• Northern Ireland Social Care Council
• Northern Ireland Medical & Dental Agency
• Patient Client Council
• Public Health Agency
• Regional Quality Improvement Agency
• Southern HSC Trust
• South Eastern HSC Trust
• Strategic Planning and Performance Group
• Western HSC Trust

The above list will be collectively referred to as ‘the HSC’ in this document. LMS is provided by Civica and is a cloud hosted system. Amazon Web Services (AWS) are a key hosting partner for the Agylia LMS. There may be links within the LMS platform to other websites which are the responsibility of the relevant host organisation. You are therefore advised to read the privacy statements of each website you visit which collects personal information. This Privacy Notice provides a summary of how the information you submit on LMS is used. To ensure that we process your personal information fairly and lawfully we are required to inform you of:

• What personal information we collect
• Why we need personal information
• How it will be used
• Who it will be shared with
• How long it will be kept for

Legal Framework

The HSC recognises the importance of protecting personal and confidential information in all that we do, and takes care to meet its legal duties. Key legislation and guidance include, but are not necessarily limited to:

• the United Kingdom General Data Protection Regulation (UK GDPR)
• the Data Protection Act (2018)
• the Freedom of Information Act (2000) (FOI),
• the Human Rights Act 1998 (HRA),
• common law duty of confidentiality,
• the Northern Ireland Act 1998 (NIA)
• the Health and Safety at Work (Northern Ireland) Order 1978
• the Fire Safety Regulations (Northern Ireland) 2010
• Northern Ireland Department of Health (DoH) guidance and directions

What Personal Information is Collected on LMS?

As a platform to host and manage learning across the HSC, this platform supports LMS users to:

• search for learning and training available within their organisation associated with their job
• view information about courses and download documents or resources required for learning
• Enrol, cancel and register interest for learning on the system
• Complete mandatory eLearning required for their job
• View their learning achievements and certifications
• Receive automated email alerts and reminders from the system about learning they have enrolled on or which is due to expire/requires renewing

LMS will retain a record of all learning/training and therefore each user will need a LMS learner account. Each account within the LMS has an associated user profile. Your user profile contains a range of personal information, including your:

• Name
• Organisation/employer
• Work Location
• Work Email address
• HR Information (staff number, job title, profession, department, managers name, employment start date)
• Training attendance information (e.g. course/ programmes attended, date attended, outcome and refresher/renewal date)
• Personal email address for non HSC staff

We may also collect non-personally identifiable information about your visit to LMS through the use of cookies. This information helps us to better manage and develop the platform – please see the Cookies Statement for more information.

How Do We Collect Your Personal information?

Your LMS user account will be created by your employing HSC organisation using information held in your HR profile.

For those users that do not work for an HSC organisation, your account will be created by the Business Services Organisation’s (BSO’s) HSC Leadership Centre using information provided by your employer.

As well as facilitating the actual training enrolment and completion process, your training completion details will be used to generate reports on compliance with Statutory and Mandatory training requirements.

How Will We Use Information about You?

As well as facilitating the actual training enrolment and completion process, your training completion details will be used to generate reports on compliance with Statutory and Mandatory training requirements.

Sharing Your Information

BSO holds the contract for the regional LMS solution (on behalf of all HSC Bodies) and the HSC Leadership Centre (HSCLC) will oversee the contract management of the system and will provide global administration system support including:

• provision of second level support as required
• fault management
• user account management (regional)
• run reports as instructed by HSC bodies

When you enrol or complete training provided by the BSO HSC Leadership Centre, BSO Clinical Education Centre (CEC) or the Northern Ireland Medical and Dental Training Agency, (NIMDTA) these regional HSC training providers will have access to your user profile. This is closely managed with only those who are required to see your information in the context of their duties having such access. Typically, this will include, but is not limited to the training team tutors and administrators with responsibility for delivering and administering the training.

You should be aware that LMS is provided by a Third-Party Supplier who has access to your information for purposes of testing for system accuracy purposes and fault resolution. No personal data leaves the UK for this purpose but is accessed as part of the overall system maintenance arrangements. This access is controlled through Service Level Agreements & contract arrangements.

There may be other occasions where we may be obliged to provide personal information to another statutory organisation e.g. such as the PSNI, Health Regulator, Investigatory Body, or via a Court Order. Any disclosure will be carried out in a secure manner and in accordance with Data Protection legislation.

Retaining Information

Information processed for the above purposes is only retained for as long as necessary, in line with section L of the Department of Health (DoH) Good Management, Good Records (GMGR) as it relates to the area of recruitment.

For further information, please refer to the following DoH link:

https://www.health-ni.gov.uk/topics/good-management-good-records

Security of Information

The HSC is committed to taking all reasonable measures to ensure the security of all personal information it holds. The following arrangements are in place:

• All HSC staff have contractual obligations of confidentiality, enforceable through disciplinary procedures;
• Everyone working for the HSC is subject to the common law duty of confidentiality;
• Staff are granted access to personal information on a need-to-know basis only;
• Each HSC organisation has a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a Personal Data Guardian (PDG) who is responsible for the management of service user information/confidentiality.
• Each HSC organisation has also appointed a Data Protection Officer (DPO), who provides full authoritative advice and recommendations in the field of Data Protection and facilitates compliance with the Accountability requirement of UK GDPR;
• All HSC staff are required to undertake information governance training every 3 years. The training provided ensures that staff are aware of their information governance responsibilities and follow best practice guidelines to ensure the necessary safeguards and appropriate use of personal information;
• A range of policies and procedures are in place
• All reasonable measures to guarantee the security of the LMS platform are in place aimed at preventing unauthorised access, or data loss

Individual Rights

Individuals have certain rights under UK GDPR, namely:

• The right to obtain confirmation that their personal information is being processed, and access to personal information
• The right to have personal information rectified if it is inaccurate or incomplete
• The right to have personal information erased and to prevent processing, in specific circumstances
• The right to ‘block’ or suppress processing of personal information, in specific circumstances
• The right to portability, in specific circumstances
• The right to object to the processing, in specific circumstances
• The rights in relation to automated decision making and profiling

We want to make sure that your personal information is accurate and up to date. If you think, any information is inaccurate, incorrect or if you have any other general queries then please refer to the list of HR contacts in your own organisation at the end of this document.

Detailed guidance on your rights is available from the Information Commissioner’s Office:

https://ico.org.uk/for-the-public/

Access to Your Personal information

UK GDPR gives you the right to access information that the HSC holds about you by submitting a Subject Access Request (SAR). You will need to provide your employer with the following:

• adequate information (for example full name, employing organisation, staff number and work email address) so that your identity can be verified and your information located.
• an indication of what information you are requesting to allow this information to be located in an efficient manner.

The HSC aims to comply with requests for access to personal information as quickly as possible, and normally within a calendar month, however the UKGDPR allows up to 3 months for providing a response to complex requests.

Changes to our privacy notice

We keep our Privacy Notice under regular review and we will place any updates on this document.

Contact Information

If you have any general questions about this Privacy Notice or the LMS please contact the relevant representative in your employing organisation:

• Belfast HSC Trust – HRPOD@belfasttrust.hscni.net
• Business Services Organisation - BSOHRPTSadmin@hscni.net
• Children’s Court Guardian Agency NI - BSOHRPTSadmin@hscni.nett
• Northern HSC Trust - odtraining@northerntrust.hscni.net
• Northern Ireland Ambulance Service - NIASHR.Learning&Development@nias.hscni.net
• Northern Ireland Blood Transfusion Service - hr@nibts.hscni.net
• Northern Ireland Practice Education Council - BSOHRPTSadmin@hscni.net
• Northern Ireland Social Care Council - BSOHRPTSadmin@hscni.net
• Northern Ireland Medical & Dental Agency - SLE-OM@hscni.net
• Patient Client Council - BSOHRPTSadmin@hscni.net
• Public Health Agency - BSOHRPTSadmin@hscni.net
• Regional Quality Improvement Agency - BSOHRPTSadmin@hscni.net
• Southern HSC Trust - learnhscni.support@southerntrust.hscni.net
• South Eastern HSC Trust - HR.OrgDevelopment@setrust.hscni.net
• Strategic Planning and Performance Group - BSOHRPTSadmin@hscni.net
• Western HSC Trust - mandatory.training@weserntrust.hscni.net

If you have any concerns about how your personal data is processed as part of LMS, you can also ask to speak to your organisation’s Data Protection Officer (DPO). You also have the right to raise any concerns further with the ICO and further details are available at https://ico.org.uk/