Supply Chain Coordination Limited

SCCL

Privacy Policy

Privacy

Supply Chain Coordination Limited (SCCL) is the management function of NHS Supply Chain who procure and deliver goods and services to NHS trusts and other non-trust healthcare providers.

The purpose of this notice is to make you aware of how we use your personal information.

It is important that the personal information we hold about you is accurate and current. Therefore, please keep us informed if your personal information changes (such as address, contact details, etc.).

We will comply with data protection law which says that the personal information we hold must be:

  1. Used lawfully, fairly and in a transparent way;
  2. Collected only for valid purposes and not used in any way that is incompatible with those purposes;
  3. Relevant to the purposes we have told you about and limited only to those purposes;
  4. Accurate and kept up to date;
  5. Kept only as long as necessary for the purposes we have told you about;
  6. Kept securely.

The kind of information we hold about you

We only collect information about you that is necessary in order to facilitate the provision of services to your organisation and to inform you about the services we provide, which is typically the following information:

We typically collect the information:

How we will use information about you

We will only use your personal information when the law allows us to, for example, to allow us to carry out our obligations arising from any contracts entered into between your organisation and SCCL and to enable us to comply with our legal obligations.

We may use your information:

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

We may also process information where we need to protect your interests (or someone else’s interest) or where it is required in the public interest or for an official purpose.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. We will not share your information for marketing purposes or with any other third party other than to provide the services.

Cookies

When you use the www.sccl.nhs.uk website, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve the www.sccl.nhs.uk website and to deliver a better and more personalised service. They enable us:

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the www.supplychain.nhs.uk website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to the www.sccl.nhs.uk website.

We use Hotjar with carefully selected pages only, in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (for example how much time they spend on which pages, which links they choose to click, what users do and don’t like) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support website.

Automated decision-making

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

Data sharing

We may have to share your data with third parties where it is required by law or where it is necessary to provide you and your organisation with the services (e.g. product suppliers, couriers to facilitate samples requests, market research companies to send you an invitation to provide feedback on services received, (where you have given consent for such communication)). However, we will not disclose your personal data unless we are satisfied that they are legally entitled to view the data. Where we do disclose your personal data, we require third parties to respect the security of your data and to treat it in accordance with the law.

Data security and retention

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Once we are no longer contracted to provide the service to your organisation we will retain and securely destroy your personal information in accordance with applicable laws.

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

Withdraw consent to receive marketing communications, if given, by emailing consent@supplychain.nhs.uk

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Our Chief Information Officer (CIO) in writing (contact details below).

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Information Commissioner’s Office (ICO)

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

Changes to this privacy notice

This privacy notice may be updated at any time. If we do update it we will inform you of any changes when we make any substantial updates.

For any queries regarding this Privacy Notice, or any other concerns around the use of your data please contact:

SCCL Data Protection Officer

dpo@supplychain.nhs.uk

Company Details for Data Protection issues

Name and address of Group company:

FAO Company Secretary Supply Chain Coordination Limited, Skipton House, 80 London Road, London SE1 6LH.

Data Protection Officer to whom initial issues should be addressed

Data Protection Officer (DPO) Supply Chain Coordination Limited, Skipton House, 80 London Road, London SE1 6LH.

Competent supervisory authorities:

For UK: Information Commissioner Office, tel: 0303 123 1113

or https://www.gov.uk/data-protection/make-a-complaint