Privacy and data protection
How NHS Education for Scotland manages personal data
NES holds and manages personal data for the administration and evaluation of training and education of health and social care professionals, for the employment of staff, for research and for related activities in support of our core purposes.
NES is registered as a data controller with the Information Commissioner (registration number Z7921413). This describes the kind of information we may hold about you, how it may be processed and with whom it may be shared.
We process several categories of personal data:
- Training management data: including contact details for trainees, educational history, placements and records of progress.
- Educational data: contact details, records of attainment, records of attendance.
- Employee data: contact details, employment and educational history, leave records, management information.
- Contact details for: contractors and suppliers, stakeholders, volunteers, organisational leads or contacts for specific activities.
- Equality and diversity data (where provided by individuals): race or ethnicity, religion, sexual orientation, disability.
Personal data will be held for no longer than necessary in line with our records retention policy.
We will share personal data where appropriate and necessary with third parties such as employing NHS Boards and other employers, educational institutions and regulatory and professional bodies. We will also share personal data where required to do so by law.
NES or our partners may use your contact details to tell you about relevant training opportunities, educational events or related activities. We may also contact you to invite you to participate in the evaluation of education or related research.
Special categories of personal data and why they may be processed
NES will only process sensitive personal data (for example on health, disability, ethnicity or sexual orientation) where it is necessary to carry out our role in health workforce development; for example in mandatory monitoring of equality and diversity, to ensure that NES is a safe place to work, or to ensure compliance with other legal obligations, such as the sick pay policy or equal opportunities policy.
Your rights regarding your personal data
You have the right to:
- know what information NES holds about you and how it is processed
- ask for inaccurate data to be corrected
- receive a copy of information NES holds about you
- raise concerns with the supervisory authority (the Information Commissioner)
If you would like to see information we hold about you, please complete and return 'NES Subject Access Request Form' (doc).
We will ask for proof of identity (such as a passport or photo ID driving licence) and a fee of £10. Once we have received your request, identification and fee, we must respond to you within 40 days.
You also have the right to raise concerns about the handling of your personal data with the Information Commissioner https://ico.org.uk/concerns/
Legal basis for processing personal data
NES processes personal data under the following conditions of the General Data Protection Regulation:
“6(1)(c) processing is necessary for compliance with a legal obligation”;
“6(1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.”
"9(2)(b) – Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement" (for special categories of data)
NES Data Protection Contact Details
For further information on data protection in NES, please contact:
Mr Nick Cowan, Information Governance Officer
NHS Education for Scotland, 3rd Floor, 2 Central Quay, 89 Hydepark Street, Glasgow G3 8BW
Every NHS organisation has a Caldicott Guardian charged with protecting patient identifiable information. NES does not deal directly with patient care and therefore we do not hold or process medical records. NES does, however, have a Caldicott Guardian tasked with ensuring patient privacy is protected in our work. He can be contacted as follows:
Dr Stewart Irvine, Director of Medicine and Caldicott Guardian
NHS Education for Scotland, Westport 102, West Port, Edinburgh EH3 9DN
A cookie is a small data file that certain websites write to your hard drive when you visit them. This site uses different types of cookie.
If you want to delete any cookies that are already on your computer, please refer to the instructions for your file management software to locate the file or directory that stores cookies. You can access them through some types of browser. Search in your cookie folders for 'NES' to find our cookie and the Google Analytics cookie if you wish to delete them.
More information about cookies, including how to block them or delete them, can be found at AboutCookies.org.
The Cookies in use on the NES Turas platform are listed in the document available at the bottom of this page.
Where other NES websites and portals use different cookies, this will be detailed on those websites.
Cookies used by this website
Visitors can use this website with no loss of functionality if cookies are disabled from the web browser.
The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google undertakes not to associate your IP address with any other data held by Google.
This list shows all cookies used by the main NES website, and what each is used for.
|__utmb||Google Analytics cookie. This stores the domain name (hash code) of site, pages viewed this session, current time.||30 minutes|
|__utmc||Google Analytics cookie. This stores the domain name (hash code) of site.||At end of session|
|__utma||Google Analytics cookie. This stores the domain name (hash code) of site, a unique visitor id (randomly generated number), time of first visit, time of previous visit, current time, number of sessions since first visit.||2 years|
|__utmz||Google Analytics cookie. This stores the domain name (hash code) of site, time when cookie last set, total number of visitor sessions, number of different channels or sources through which this site was reached, source of the last cookie update, search hit tag identifier (or just 'organic' if reached via normal search hit), search medium, keyword phrase used to find site.||6 months|
|NESCookiesWarning||This stores the name of the site (www.nes.scot.nhs.uk), the current time and the expiry time of the cookie. This cookie is used to test whether the visitor has accepted the cookie message.||356 Days|
Collection and use of technical information
Technical details in connection with visits to this website are logged, collected and used by our website host, Scottish Health on the Web (SHOW).
We will make no attempt to identify individual users. However access to web pages will generally create log file entries in the systems of your Internet Service Provider (ISP) or network services provider.
Log files are maintained and analysed of all requests for files on SHOW servers. Aggregated analyses of these log files are used to monitor website usage. These analyses are used to allow us to monitor and evaluate the effectiveness of our websites. All log file information collected by NHS Scotland is kept secure and is not provided to any third parties.
Data Protection Links
Information Commissioner Web Site: http://www.ico.gov.uk/