This is a summary of the Privacy and Data Protection measures we use.
The full text of our Privacy Policy is available from here: Thomson Screening Privacy Policy. Previous versions of our privacy policies are available by request. Please contact us.
We will not disclose your personal data to any third party
Privacy Policy for SchoolScreener® for Schools
When you sign up, we expect you to sign up as a representative of an organisation, SchoolScreener® for Schools is not available to individuals (e.g. parents).
When you or your organisation signs up for our services, they can follow two routes: For SchoolScreener® for Schools clients, there will be a contract in place prior to starting the service. For self-service clients, all new organisations must accept the End User License Agreement which forms the contractual agreement between the Organisation and Thomson Screening.
In both these cases, your organisation is the Data Owner and Thomson Screening is the Data Processor. (as defined by GDPR).
As Data Owner, it is your responsibility to ensure that only persons specifically authorised by you can access the software and to ensure that the data added to the software is managed in accordance with GDPR requirements. We give you the tools to do this.
Compliance
SchoolScreener® for Schools conforms to all national requirements (eg in the EU the GDPR, in the USA HIPAA and FERPA etc).
Thomson Screening is registered with the Information Commissioner’s Office in the United Kingdom. Our Registration ID is Z3489680
We are also registered with NHS Information IG Toolkit. Our registration ID is 8HW22
We regularly review our compliance with our Privacy Policy. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.
Information that we collect
We collect or store different types of personal information and each type has its own protection, access and deletion framework. These types are:
Patient / Screening information:
Patient identifiable information that is part of the SchoolScreener® for Schools operation.
It is information that you create when you use the SchoolScreener®. This information is created by you, either via uploading, adding or amending records and carrying out test.
When you use the system, you will also populate it with your data: details of schools and children you screen, their results and any letters sent out to parents.
This information is highly protected and is entirely under organisation’s control. You and your colleagues are responsible for obtaining the necessary permissions from patients or their legal representatives prior to adding their data to our system. For the purposes of GDPR (General Data Protection Regulation): you are and remain the Data Owner, SchoolScreener®/Thomson Screening is the Data Processor.
We provide you with tools to create, maintain and delete this information directly in the system.
Once information is added to our system we have an extensive range of security measures and process in place to protect it from harm and ensure it is available to you. Details of these security measures and our Data Protection framework are available on request as a separate document.
At this time, we do not share any data for planning or research purposes for which the national data opt-out would apply. We review all of the confidential patient information we process on an annual basis to see if this is used for research and planning purposes. If it is, then individuals can decide to stop their information being shared for this purpose. You can find out more information at https://www.nhs.uk/your-nhs-data-matters/
We work hard to protect SchoolScreener® and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold.
In particular:
- We encrypt SchoolScreener® services using SSL.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
- We restrict access to personal information to Thomson Screening employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined or their contract terminated if they fail to meet these obligations.
Details of these and additional security measures and our Data Protection framework are available in our Information Governance Policy.
Parent PortalWe use the ‘Parent Portal’ to collect information relating to children from their parents or guardians. The parent portal is used by parents and guardians to indicate that they consent for a given child to receive immunisation or some other treatment, and to record clinical and related information. This information is used by our clients (schools and NHS bodies) to deliver services as allowed by the consent that parents and guardians have provided. Once entered, this information is highly protected and is entirely under our organisation’s control. Access to this information is secured using the user access controls of the parent portal. In this context, our clients (schools and NHS bodies) are the data controllers responsible for the correct management of data. We are the data processor responsible for the safe and secure handling and storage of data. We use extensive controls to ensure data security as itemised in the section above. Our clients will use the information provided by parents and guardians to inform and support the services they provide. This may include direct communication with the parent or guardian on this or related issues. Social Sign-onThe parent portal supports third party ‘social sign-on’ where users can securely use their social media credentials to log into the SchoolScreener system. This enables secure access to SchoolScreener without needing to provide and remember another set of credentials. The social media sign-on provider (Facebook, Google, Hotmail) does not share the password but does share the user’s name, email address, and phone number with SchoolScreener. Note that it is the social media sign-on provider that shares this information with SchoolScreener and it is assumed by us that the parent is deemed to have authorised them to do so. No information is ever sent from SchoolScreener to the social media sign on provider. If you do not wish to share your name, email address, and phone number from the social media sign-on provider to SchoolScreener then you should use the standard (non social media sign-on) registration process.
|
Business contact information:
Personal information necessary for conducting our business, for example user names and contact details. People in this category are linked to Thomson Screening by some form of contract, or SLA either directly or through their role in their organisation. We may also collect and use contact details of public officials available in the public domain.
Please also read our Terms and Conditions.