GDPR PRIVACY NOTICE
This document refers to personal data, this is defined as information concerning any living person from which that person can be identified (who hereafter will be called the Data Subject). It does not include anonymous data – where the Data Subject’s identity has been removed.
The Data Protection Act (DPA), Privacy and Electronic Communications Regulations (PECR) and The General Data Protection Regulations (GDPR) which is EU wide and far more extensive, seek to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. It should be noted that GDPR does not apply to information already in the public domain such as Companies House data.
MSKHUB is pleased to provide the following GDPR information:
Who we are
MSKHUB is an online self-management platform for people with Rheumatic and Musculoskeletal Conditions and it is a University of Salford initiative, designed and led by Dr Yeliz Prior, an Advanced Clinical Specialist Occupational Therapist in Rheumatology and a Senior Research Fellow in the School of Health and Society at the University of Salford.
MSKHUB uses the information collected from you to provide you with a personal health profile to enable you to build a record of your self-assessments to help with self-management of your condition. We will also collate the data we collect about your health status over time in a secure, anonymised, confidential database to help us inform future interventions for people with rheumatic and musculoskeletal conditions. This dataset will not identify you in anyway, and will only be accessed by the University of Salford and their research partners, following the completion of appropriate ethical review and research governance checks by the University. Any findings arising from the research conducted using the data collated through the MSKHUB may be submitted for publication in Scientific Journals to help musculoskeletal researchers and health services to learn from our research. You will not be identified in any report or publication.
Upon your registration to the MSKHUB, you consent us to maintain a dialogue with you until you either optout (which you can do at any stage) or if we decide to cease providing this service. The MSKHUB, also acts on behalf of the University of Salford in the capacity of data processor. When working exclusively as a data processor, MSKHUB will be acting on the instruction of the University, and will work hard to ensure that the data collection processes are fully GDPR compliant. As well as determining the means by and purposes for which that data is processed, the University of Salford is the Data Controller, and is the legally responsible for the transparent, lawful, secure and fair collection of your personal information. The University of Salford will:
- Ensure data is accurate
- Collect it for legitimate purposes that are clearly stated
- Provide ability for amends/ deletion of data
- Not keep data without reason or if consent is withdrawn
- Not to re-use data for a different purpose other than that for which it was obtained, and permission given
Some personal data may be collected about you from the forms you complete online, from records of our correspondence and phone calls and details of your visits to our website, including but not limited to personally-identifying information like Internet Protocol (IP) addresses. MSKHUB from time to time may use such information to identify its visitors. MSKHUB may also collect statistics about the behaviour of visitors to its website.
Through agreeing to this privacy notice you are consenting to the MSKHUB processing your personal data for the purposes outlined. You can withdraw consent at any time by completing the online form GDPR Checklist or by phoning 0044 (0) 1612950211 or writing to us, see last section for full contact details.
MSKHUB do not broker or pass on information gained from your engagement with the website without your consent. However, MSKHUB may disclose your Personal Information to meet legal obligations, regulations or valid governmental request. MSKHUB may also enforce its Terms and Conditions, including investigating potential violations of its Terms and Conditions to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of the MSKHUB, its clients and/or the wider community.
MSKHUB will process personal data during the duration of any registration and will continue to store only the personal data needed for six years after the registration has expired to meet any legal obligations. After six years any personal data not needed will be deleted.
Data is held primarily in the United Kingdom and also the EU, using different (multiple) servers by the Pixelkicks Ltd. The MSKHUB does not store personal data outside the EEA.
Your rights as a data subject
At any point whilst the MSKHUB is in possession of or processing your personal data, all data subjects, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
In the event that the MSKHUB refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
The MSKHUB at your request can confirm what information it holds about you and how it is processed.
You can request the following information:
- Identity and the contact details of the person or organisation that has determined how and why to process your data.
- Contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of the MSKHUB or a third party such as one of its clients, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority (ICO).
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
To access what Personal data is held, identification will be required.
MSKHUB will accept the following forms of ID when information on your personal data is requested:
A copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If the MSKHUB is dissatisfied with the quality, further information may be sought before personal data can be released.
All requests should be made to the GDPR@MSKHUB.com or by phoning 0044 (0) 161 2950211 or writing to us at the address further below.
In the event that you wish to make a compliant about how your personal data is being processed by the MSKHUB or its partners, you have the right to complain to the University of Salford using the contact details below. If you do not get a response within 30 days you can complain to the ICO.
The details for each of these contacts are:
Data Protection Officer
Legal and Governance Directorate
Maxwell 6th floor
University of Salford
Or email firstname.lastname@example.org
Additionally, you have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”)
You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites) or email via: https://ico.org.uk/global/contact-us/email/.
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.