Supply Chain Coordination Limited (SCCL) is the management function of NHS Supply Chain who procure and deliver goods and services to NHS trusts and other non-trust healthcare providers.
The purpose of this notice is to make you aware of how we use your personal information.
It is important that the personal information we hold about you is accurate and current. Therefore, please keep us informed if your personal information changes (such as address, contact details, etc.).
We will comply with data protection law which says that the personal information we hold must be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about;
- Kept securely.
The kind of information we hold about you
We only collect information about you that is necessary in order to facilitate the provision of services to your organisation and to inform you about the services we provide, which is typically the following information:
- Personal contact details such as your title, name, job title, reporting manager, workplace address, workplace email address, workplace telephone number; organisation name, organisation address;
- Information about your use of our information and communications systems, including your IP address;
- Any information provided in relation to your delivery, sample request or returns;
- Your signature, when you confirm a delivery with an NHS Supply Chain driver.
We typically collect the information:
- When you share your information with SCCL whether face to face, over the phone, email or in writing;
- When you complete forms to request information
- When you complete forms on the www.sccl.nhs.uk website requesting services, marketing communications, signing up to an event or reporting a problem about the website;
- When you or your organisation on your behalf, requests via email, access to any SCCL system (where appropriate);
- When you use the www.sccl.nhs.uk website we may collect information about your computer, including where available your IP address, operating system and browser type.
How we will use information about you
We will only use your personal information when the law allows us to, for example, to allow us to carry out our obligations arising from any contracts entered into between your organisation and SCCL and to enable us to comply with our legal obligations.
We may use your information:
- To identify you;
- To ensure communication between SCCL and key contacts within your organisation to deliver the service(s) you require;
- To provide you with a satisfactory service in relation to – complaints and resolution of your queries;
- To invite you to give feedback on SCCL performance;
- To record your preference if you have opted out of receiving marketing communications;
- To ensure that content from www.sccl.nhs.uk website is presented in the most effective manner for you and for your computer;
- To understand user browsing actions and patterns but not to identify any individual;
- To send you, where you have given and not withdrawn consent.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
We may also process information where we need to protect your interests (or someone else’s interest) or where it is required in the public interest or for an official purpose.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. We will not share your information for marketing purposes or with any other third party other than to provide the services.
When you use the www.sccl.nhs.uk website, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve the www.sccl.nhs.uk website and to deliver a better and more personalised service. They enable us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise the www.sccl.nhs.uk website according to your individual interests.
- To speed up your searches.
- To recognise you when you return to the www.sccl.nhs.uk website.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support website.
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
We may have to share your data with third parties where it is required by law or where it is necessary to provide you and your organisation with the services (e.g. product suppliers, couriers to facilitate samples requests, market research companies to send you an invitation to provide feedback on services received, (where you have given consent for such communication)). However, we will not disclose your personal data unless we are satisfied that they are legally entitled to view the data. Where we do disclose your personal data, we require third parties to respect the security of your data and to treat it in accordance with the law.
Data security and retention
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Once we are no longer contracted to provide the service to your organisation we will retain and securely destroy your personal information in accordance with applicable laws.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
- Request correction of the personal information that we hold about you;
- Request the erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it;
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
- Request the transfer of your personal information to another party;
Withdraw consent to receive marketing communications, if given, by emailing firstname.lastname@example.org
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Our Chief Information Officer (CIO) in writing (contact details below).
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Information Commissioner’s Office (ICO)
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Changes to this privacy notice
This privacy notice may be updated at any time. If we do update it we will inform you of any changes when we make any substantial updates.
For any queries regarding this Privacy Notice, or any other concerns around the use of your data please contact:
SCCL Data Protection Officer
Company Details for Data Protection issues
Name and address of Group company:
FAO Company Secretary Supply Chain Coordination Limited, Skipton House, 80 London Road, London SE1 6LH.
Data Protection Officer to whom initial issues should be addressed
Data Protection Officer (DPO) Supply Chain Coordination Limited, Skipton House, 80 London Road, London SE1 6LH.
Competent supervisory authorities:
For UK: Information Commissioner Office, tel: 0303 123 1113