The Rotherham NHS Foundation Trust staff mobile app privacy statement.
Version 1 September 2023
The privacy of all our users at The Rotherham NHS Foundation Trust (the Trust) is very important to us. When you, as an App user, use the Service the App Provider uses (Chapelcroft Limited) to deliver the App to you and therefore will need to process your Personal Data. This Privacy Statement describes how we safeguard and process your Personal Data. We recommend you read it carefully.
We, The Rotherham NHS Foundation Trust (the Trust), are a data controller. Our address for communications is:
Rotherham Hospital,
Moorgate Road,
Rotherham,
S60 2UD
Our telephone number is 01709 820000
Our Trust is registered to process personal and sensitive information under the Data Protection Act 2018 - our registration number is ZA067076.
If you want to contact us about this application and how we use your information in the first instance please contact us at rgh-tr.communications@nhs.net.
If you feel that we have not adequately dealt with your complaint regarding how we process your information you can raise the issue with the Information Commissioner who is the supervisory authority for the United Kingdom (the Regulator) at the address below:
Information Commissioner's Office:
By phone: 0303 123 1113
By letter:
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Contact form
Website: ico.org.uk (opens in a new window)
In order to provide you with the Staff App and associated services, we need to process some personal information, where possible the App collects unidentifiable information.
The Lawful basis for the Trust to process your information is your consent. By downloading and using the App, you signify your consent for us to process your information
Parties inform you in this Privacy Statement about:
In order to deliver the Service
Like most other websites and online services, the App gathers and process automatically generated information about how you use the App.
The information gathered includes:
Location information is used for push messaging; however, the user has the option to turn off push notification, but IP addresses and device ID will still be collected. The option to opt in or out is presented at the initial download set up. If you specifically opt-in, the App may collect your geo-location information. In any event, you can block geo-location collection through the settings of your mobile device.
To provide the App-owner (the Trust) with information about the usage of the app we are also collecting the following (anonymous) information:
We may use push notifications (we send information to you) to ask you to engage in certain activities via the App, such as for example loyalty card schemes, newsletters, advertising, however we will not ask for any personal information.
You can turn off Push notifications under settings within the App.
In general, and for specific functionality built in the App, our service asks for Permissions. These permissions are asked of the App user when the App is installed from your App store and / or when a specific functionality is used.
Purposes - to enable you to use the Service:
The Trust processes Personal Data for the following purposes:
The Trust and its App supplier do not sell, trade, or rent your Personal Data to third parties without your prior consent.
We may provide “aggregated anonymous data” about the usage of the Service to third parties for, as it deems to be appropriate for example to improve the APP and the services provided.
“Aggregated anonymous data” is data that cannot be traced back to you and which therefore does not count as Personal Data. For instance, we may use aggregated anonymous data to better understand how Users use the Service.
If the Trust App supplier (ARK Ltd) is transferred to a third party, or that the App supplier is merged with a third party, or undergoes a re-organisation, your Personal Data may also be disclosed and/or transferred to that third party. This third party will have the right to continue to use Personal Data and other information that you provided to us or the App Supplier.
The Trust and its App Supplier may disclose your Personal Data where it is believed, in good faith, that it is necessary to comply with a court order, ongoing judicial proceeding, criminal or civil subpoena, or other legal process or request by law enforcement authorities or to exercise its legal rights or defend themselves against legal claims.
The Service is provided by using hosting services of Microsoft Azure, in the US Area.
The Personal Data processed by the App-publisher may be transferred to, and stored on, servers maintained by Microsoft Azure located in or outside a country in the UK such as the United States of America.
Microsoft adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, although Microsoft does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data considering the judgment of the Court of Justice of the EU in Case C-311/18 (Facebook Ireland Vs Schrems).
You agree to this transfer and processing outside the UK. The App-publisher will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this privacy policy. For more information about Microsoft Azure and the EU-US Privacy Shield look at https://privacy.microsoft.com/en-GB/privacystatement.
The security of your data and that of other Users is very important to us.
The App Supplier has implemented technical and organisational measures to protect your Personal Data against loss or any form of unlawful processing. The App Supplier has implemented the following measures: protection of the servers by firewalls, SSL connections and encryption of sensitive data. This list is not exhaustive.
Our Service may contain services and products offered by third parties, and/or hyperlinks to the websites or services of partners, advertisers and other third parties.
We the Trust have no control or influence over the content, websites, or services of these third parties. Different privacy policies may apply to the use of third-party websites and services. This Privacy Statement only relates to Data which have been obtained by the Trust through your use of the ‘the App’ for its own purposes. We the Trust do not accept any responsibility or liability for the content, practices or operation of third-party websites and services.
You may send a request to access or delete the personal information collected through your use of the App, by contacting us via email. You may be asked to provide additional information to verify your identity.
As we are not able to identify specific users, as we do not have access to the linkage between user and IP address. It will not be possible to provide you with a the data we may hold about you, however if we are required by law to provide the information held in the App system, it maybe possible by a third party, such as Law enforcement, to link IP address and Geo-location to a user.
Can be done by emailing rgh-tr.communications@nhs.net
Personal information about children is not knowingly or intentionally collected. Children must not use this service.
Measures are implemented to secure your personal information, to minimise the risks of damage, loss of information and unauthorised access or use of information. However, these measures are unable to provide absolute information security. Therefore, although efforts are made to secure your personal information, it is not guaranteed and you cannot reasonably expect that the App and its related databases will be immune from any wrongdoings, malfunctions, unauthorised interceptions or access, or other kinds of abuse and misuse.
This Statement may be updated at any time. The Trust and App Supplier will publish any updated version of the Privacy Statement via the Service. The Trust and App Supplier encourage you to check this page from time to time to be aware of any changes to this Privacy Statement and to stay informed about how parties protect your Personal Data. You acknowledge and agree that it is your responsibility to review this Privacy Statement periodically and familiarise yourself with any updates.
You agree to be bound by any of the changes made to this Statement. Your continued use of the App after the changed take effect will indicate your acceptance of the amended Statement. If you do not agree with the amended Statement, you must uninstall the App and avoid any further use of it.
Your information is retained while the app is live or the APP provider is in contract with the Trust. All that is identifiable about the user is the device used, IP address, device type, an android or apple device and Geo Location information if you choose to provide it.
If you have any questions or remarks about this Privacy Statement, please contact us by sending an email to rgh-tr.communications@nhs.net
This Privacy and Statement was last updated: September 2023.