Terms of Use

This site is currently under development

This is a pilot service operating on an invite-only basis. By using it you agree to the following terms of use.

You can deactivate your tracking cookies at any time.

In these terms, 'us' and 'we' mean NHS Grampian. 'You' means anyone using the service.

What data we collect

We collect the following data from patients:

Title
Full name
Date of birth
Email address
DHP identifier (Greater Glasgow and Clyde only)
Password
Images relating to your condition
Your answers to set questions about your condition

We collect the following data from clinicians:

Title
Full name
Date of birth
Email address
Password

How we use your data

We use your data to:

• identify you
• provide a healthcare service

How we share your data

We sometimes use other organisations to process your personal information on our behalf. When we do, these organisations are bound by legal agreements to ensure your personal information is secure and used only for the purpose we stipulate.

We may need to share your personal information if we are required to do so by law.

How we protect your data

We take the security of your healthcare data seriously. We protect your data through:

two-factor authentication
system auditing functionality and procedures
vulnerability scanning and anti-virus measures
network security including firewalls and penetration testing
encryption of personal data
Cyber Essentials compliance
system security policy and standard operating procedures
ISO 27001 standard for information security compliance
defined information security and related policies
staff training in security and privacy best practice
a documented incident management and reporting process
physical security policies

Your data is securely stored in the European Economic Area (EEA). We'll update this notice if we transfer it outside the EEA.

How long we keep your data

We hold on to your information for as long as is reasonably necessary. This can depend on legal, regulatory, tax, accounting or technical requirements.

Health record type	Minimum retention period
Adult	6 years after date of last entry or 3 years after death if earlier
Records relating to children and young people (including children’s and young person’s Mental Health Records)	Retain until the patient’s 25th birthday or 26th if young person was 17 at conclusion of treatment, or 3 years after death. If the illness or death could have potential relevance to adult conditions or have genetic implications, we’ll seek clinician advice as to whether to retain for a longer period.
Mentally disordered person (within the meaning of any Mental Health Act)	20 years after last contact between the patient/client/service user and any health/care professional employed by the mental health provider, or 3 years after the death of the patient/client/service user if sooner and the patient died while in the care of the organisation. NHS organisations may keep mental health records for up to 30 years before review. Complete records must be kept for the first 20 years, but they may be kept in summary format for the remaining 10-year period. Social services records are retained for a longer period. Where there is a joint mental health and social care record, the higher of the two retention periods should be adopted. When the records come to the end of their retention period, they must be reviewed and not automatically destroyed. If it is decided to retain the records, they should be subject to regular review.

Specific retention periods

Health record type	Minimum retention period
Clinical trials of investigational medicinal products: health records of participants that are the source data for the trial	For trials to be included in regulatory submissions: At least 2 years after the last approval of a marketing application in the EU. Longer if required by the applicable regulatory requirement(s) or by agreement with the Sponsor. For trials not used in regulatory submissions: At least 5 years after completion of the trial. These documents should be retained for a longer period if required by the applicable regulatory requirement(s), the Sponsor or the funder of the trial.
Photographs (where the photograph refers to a particular patient it should be treated as part of the health record)	Retain according to the standard minimum retention period appropriate to the patient/specialty.
Records of destruction of individual health records (case notes) and other health related records (in manual or computer format)	Permanently
Research records other than clinical trials of investigational medicinal products, health records of participants that are the source data for the research	30 years

Cookies

When you use this service, we put small files called cookies onto your device.

We use Google Analytics cookies to collect information about how you use our platform and to help us make improvements to it. Cookies are not computer programs.

They do not collect or store your information, so we cannot identify you from them.

You can remove cookies from your device at any time. Your device will automatically delete expired cookies.

We do not allow Google to share our analytics data.

Google Analytics sets the following cookies:

Name	Function	Expires
_ga	Collects information about how you use this website.	2 years
_gid	Used to distinguish users.	24 hours
_gat	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_ property-id.	1 minute
AMP_TOKEN	Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.	30 seconds to 1 year
_gac_property-id	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.	90 days

Your rights

You have the right to:

request a copy of your personal data and other supplementary information
correct errors or omissions in your personal data

Request your personal information is deleted

You can request that we erase your personal information where:

it's no longer necessary for the purpose for which it was originally collected
you have withdrawn consent
you object to the processing and there’s no legitimate interest for us to continue
your data was unlawfully processed or in breach of General Data Protection Regulation
the data has to be erased in order to comply with a legal obligation
the personal data is processed in relation to the offer of information society services to a child

We can refuse to comply to erase your data where it’s being used to:

it's no longer necessary for the purpose for which it was originally collected
exercise the right of freedom of expression and information
comply with a legal obligation or for the performance of a public interest task or exercise of official authority
for public health purposes in the public interest
archiving purposes in the public interest
inform scientific or historical research, or for statistical purposes
the exercise or defence of legal claims

Object to processing

You can object to:

data processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority, including profiling
direct marketing, including profiling
processing for purposes of scientific/historical research and statistics

Request we restrict our use of your personal information:

You have the right to request a restriction such as a temporary stop of the processing of your personal information where:

you think the personal information is inaccurate and it should not be used until it's corrected
we're using your personal information unlawfully and you want your personal information to be held by us but not processed whilst a complaint / investigation takes place
you require us to keep your personal information and not delete it while you make or defend a legal claim
you have objected to our use of your personal information and we do not have legitimate grounds to override your objection

Published: 13/08/2021 16:01

FitSurgery

Hospitals Hub

Aberdeen Health Village

Aberdeen Maternity Hospital

Aberdeen Royal Infirmary

Aboyne Hospital

Chalmers Hospital

City Hospital

Dr Gray's Hospital

Fleming Hospital

Fraserburgh Hospital

Glen O' Dee Hospital

Insch War Memorial Hospital

Inverurie Hospital

Jubilee Hospital

Kincardine Hospital

Peterhead Hospital

Roxburghe House

Royal Aberdeen Children's Hospital

Royal Cornhill Hospital

Seafield Hospital

Stephen Hospital

The Baird Family Hospital

The Oaks

Turner Memorial Hospital

Turriff Hospital

Ugie Hospital

Woodend Hospital

Terms of Use

How we use your data

How we share your data

How we protect your data

How long we keep your data

Specific retention periods

Cookies

Your rights

Request your personal information is deleted

Object to processing

Request we restrict our use of your personal information:

FitSurgery

Hospitals Hub

Aberdeen Health Village

Aberdeen Maternity Hospital

Aberdeen Royal Infirmary

Aboyne Hospital

Chalmers Hospital

City Hospital

Dr Gray's Hospital

Fleming Hospital

Fraserburgh Hospital

Glen O' Dee Hospital

Insch War Memorial Hospital

Inverurie Hospital

Jubilee Hospital

Kincardine Hospital

Peterhead Hospital

Roxburghe House

Royal Aberdeen Children's Hospital

Royal Cornhill Hospital

Seafield Hospital

Stephen Hospital

The Baird Family Hospital

The Oaks

Turner Memorial Hospital

Turriff Hospital

Ugie Hospital

Woodend Hospital

Services Hub

Terms of Use

How we use your data

How we share your data

How we protect your data

How long we keep your data

Specific retention periods

Cookies

Your rights

Request your personal information is deleted

Object to processing

Request we restrict our use of your personal information:

Cookie Warning