LDIS Privacy Notice
INTRODUCTION
This privacy notice provides you with details of how we collect and process your personal data through your use of our site https://www.improvementstandards.nhs.uk/ and information for NHS trust staff, clinicians and patients whose information may be used in the Learning Disability Improvement Standards (LDIS) Programme. It explains what type of information we collect, why we collect it, and what we do with it.
The NHS Benchmarking Network (The Benchmarking Network Ltd) is the data processor for LDIS, and we are responsible for your personal data (referred to as “we,” “us,” or “our” in this privacy notice).
Aim of LDIS: The overall aim is to assess Trust compliance with the standards and identify opportunities to improve the quality, safety and outcomes of care for people with a learning disability.
Audit objectives:
Ambition to garner a clear national picture – isolate key themes, celebrate successes, and identify where to target support.
Identify lack of parity in how policy is interpreted and applied.
Assess relationship between outcomes/experiences and organisational systems/structures.
Support Trusts to measure and demonstrate performance against key measures
Introduce meaningful user/family voice to enhance and provide context to the organisational findings
Inform local improvement planning processes
Data collected from LDIS will provide high quality information about the quality, delivery and outcomes of care delivered to people with a learning disability and or autistic people and those important to them.
COMPANY DETAILS
Full name of legal entity: The Benchmarking Network Limited
LDIS Support Team email address: nhsbn.nhsildsupport@nhs.net
Postal address: Colony Fabrica, 269 Great Ancoats Street, Manchester, M4 7DB
ICO Registration: Z1624069
Email address for DPO: nhsbn.dpo@nhs.net
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at enquiries@thebenchmarkingnetwork.co.uk.
WHAT DATA WE COLLECT, PURPOSES, AND LEGAL BASIS
| Data Type | Reason for Processing | Lawful Basis |
|---|---|---|
| Communication Data (e.g., emails, social media messages) | Processed for communication, record-keeping, and legal claims | Legitimate interests |
| Client/Customer Data (e.g., name, contact details, purchase details) | Processed to provide goods/services and keep records | Contract performance |
| User Data (e.g., website interactions, posts) | Processed to operate our website, ensure security, and maintain backups | Legitimate interests |
| Technical Data (e.g., IP address, browser type, usage analytics) | Processed to analyse site use, protect our business, and improve services | Legitimate interests |
| Marketing Data (e.g., preferences for communications) | Processed to deliver promotions and measure effectiveness | Public task |
| Commercial Data (e.g., organisational information collected as part of the organisational overview) | Processed to provide an understanding of service variation | Public task |
| Personal data (e.g., information about an individual and the care they received. Pseudonymised data collected from the Case Note Review collection) | Processed to provide an understanding of care received by patients with a learning disability and autistic people | Public task |
| Non-Personal data (e.g., anonymous data that can not be linked to an individual, collected from the Patient Survey, Family/Carer Survey & Staff Survey) | Processed to provide an understanding of care received by patients with a learning disability and autistic people | Public task |
| Special Category Data (e.g race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) | Processed to ensure diversity in audit development | Public task |
HOW WE COLLECT YOUR DATA
We collect personal data through:
· Direct interactions (website forms, emails, phone calls, focus groups, reference groups, events).
· Indirect interactions (case note reviews, data submitted about individuals from other sources)
· Automated technologies (cookies, analytics tools like Google Analytics).
· Third-party sources (e.g., search providers, social media platforms, publicly available sources like Companies House).
For more details, see our Cookie Policy.
Further information about LDIS specifically can be found in the LDIS Data Protection Impact Assessment and LDIS Data Flow Diagram.
Please find available to download The NHS Benchmarking Network's Fair Processing Notice.
MARKETING COMMUNICATIONS
We may send marketing communications under the following conditions:
· If you are or have had a LDIS project role, input into the audit or requested information.
· If you have explicitly opted in.
Under the Privacy and Electronic Communications Regulations (PECR), we may send marketing emails to corporate contacts without prior consent in certain circumstances. This typically includes communications related to our services, events, or updates that we believe may be of interest to you in your professional capacity, particularly if you have previously engaged with us or expressed interest in our services.
We will only send marketing emails to individuals who are corporate contacts, i.e., those associated with an organisation, rather than personal email addresses. You can opt out of receiving marketing emails at any time by using the "unsubscribe" link in our emails or by emailing nhsbn.nhsildsupport@nhs.net.
Opting out does not apply to transactional communications related to purchases or service updates.
Before we share your personal data with any third party for their own marketing purposes we will get your express consent.
DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with the parties set out below:
· Other companies in our group who provide services to us.
· Service providers who provide IT and system administration services.
· Professional advisers including lawyers, bankers, auditors and insurers
· Government bodies that require us to report processing activities.
· Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
INTERNATIONAL TRANSFERS
Some of your personal data may be transferred internationally when we engage third-party suppliers who process data on our behalf. This may include transfers to countries outside the United Kingdom or European Economic Area (EEA).
Where such transfers occur, we ensure that appropriate safeguards, such as standard contractual clauses or equivalent measures, are in place to protect your data and comply with applicable data protection laws.
DATA SECURITY
We implement technical and organisational measures to protect data from loss, misuse, and unauthorised access. These include:
Access controls and encryption
Regular security audits
Staff data protection training
We also ensure we have a current Cyber Essentials certification and complete the NHS DSPT annually to provide reassurance around Information Security.
We have procedures to handle data breaches and will notify affected individuals and regulators when legally required.
DATA RETENTION
We follow a retention schedule reviewed annually to ensure data is stored appropriately and deleted when no longer necessary.
If we are required to collect data by law or contract and you do not provide it, we may be unable to deliver our services. In such cases, we will notify you.
We will only use your data for its original purpose or a reasonably compatible one. If we need to use it for a different purpose, we will inform you and explain the legal basis.
We may process your data without your knowledge or consent where required or permitted by law.
YOUR LEGAL RIGHTS
Under data protection laws, you have the right to:
· Request access, correction, or deletion of your data.
· Object to processing and request data portability.
· Withdraw consent for marketing.
More details: ICO Individual Rights Guide.
To exercise these rights, email nhsbn.nhsildsupport@nhs.net. We aim to respond within one month. If dissatisfied, you can complain to the ICO (www.ico.org.uk).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
THIRD-PARTY LINKS
Our website may contain links to third-party sites. Clicking on these may allow third parties to collect your data. We are not responsible for their privacy policies and recommend reading their privacy notices.
COOKIES
We use cookies to enhance website functionality and analyse user behaviour. You can manage cookie preferences through your browser settings. Some features may be affected if cookies are disabled.