Privacy Notice

Who we are

We are iED Apps Ltd., company address 61 Manor Drive, Bingley, UK. Our product is CEMBooks. The term "Organisation" in the following statement refers to the NHS Trust department that the user is a member of.

What is Personal Information

For the purposes of this Privacy Notice, "Personal Information" consists of any information that relates to an identifiable individual (such as you). In relation to CEMBooks there are two sets of data that are held:
Registration details: This is your name, email address, and employing organisation. We have aimed to keep this to the minimum information necessary.
Logs/Sit Reps: These are the logs and situation reports that are entered using your username/login credentials. They are also classed as Personal Information and are stored on our servers.

When we process your Personal Information

As part of the sign up process we will request your consent to hold your Personal Information required to create an account and to process the logs/sit reps that are entered on the site.

How we use your Personal Information

We only use your Personal Information in creating and servicing a user account for CEMBooks, or to send you notification of operational issues with CEMBooks.

Where and to whom we disclose your Personal Information

We will not disclose, share or sell your Peronal Information with any third parties.

We will only contact you regarding operational notifications for CEMBooks, for example password resets or site downtime, and not for further marketing topics or for marketing from third parties.

With relation to the information contained within logs/sit reps and GDPR definitions, iED Apps acts as a data processor with Organisations/Trusts acting as data controllers. Their site administrators will have access to any logs/sit reps you share to “All” or to any specific “Team” but no access to any personal logs you post. You should review your Organisation/Trust's Privacy Notice regarding how they control the logs/sit reps that are visible to "All" in that Organisation or to a specific "Team". iED Apps will never release personal logs/sit reps to anyone other than the person who entered them.

What we do to keep your personal information secure

Personal Information submitted to CEMBooks is held on Fasthosts virtual servers. Fasthosts data is held in hgh security UK datacentres compliant with current data protection regulations. Visit www.fasthosts.co.uk for more information. In the rare event of any breach of this security we would contact all users via email to inform them of this and the action taken. CEMBooks account passwords are processed and stored in a "salted" format at all times.

What are your rights

Your rights under GDPR legislation include the right to access a copy of your Personal Information, the right to request the correction or update of any inaccurate Personal Information and the right to objec to the processing of your Personal Information under the conditions set out in applicable law. You also have the right to request the erasure of your Personal Information (see next paragraph) and, where you have consented to the processing of your Personal Information, you have the right to withdraw such consent at any time (without this withdrawal affecting the lawfulness of the processing prior to such withdrawal, for example if the logs are being used as the part of an ongoing investigation or enquiry). In addition, you also have the right to data portability in certain cases. This is the right to request the return of the Personal Information or logs/sit reps you have provided to us and this would be in Excel format if requested and free of charge.

Individuals have the right to be forgotten, where all logs/sit reps entered can be deleted if requested by an individual (for example on leaving the employing Trust), however anonymised versions of the logs/sit reps would still be retrievable if required by the Organisation. These would be held for a maximum of 10 years.

The process for erasure involves a direct request to the data protection officer or the Organisation's site admin in the first instance. This will be confirmed between the three parties prior to deletion.

You have the right to complain to the information commisioner's office if you feel there is a problem with the way handle your Personal Information.

Data Retention - how long we will store your Personal Information

We will only retain your Personal Information login details for the time you are a registered user of CEMBooks. Logs/sit reps will be retained for 10 years.

Third party links

CEMBooks module WebBooks may contain links to third party websites that are not operated by iED Apps Ltd. These are not under iED Apps' control and as such we are not responsible for the privacy practices or the content of any linked websites or applications.

Cookies

CEMBooks uses session-state cookies for the purposes of authentication and navigation of the website. They contain a simple session identifier and no Personal Information, and are automatically deleted shortly after the user logs out or leaves the site. These cookies are not shared with any third parties.

Your choices

Registered users of CEMBooks have the opportunity to opt in to receive operational notifications about CEMBooks or notifications of specific events occurring on the CEMBooks Organisation site you are a member of (for example if a Red status situation report has been entered). You can change these settings at any time by logging in to your account and updating your Notification settings.

Children's Personal Information

Children (by definition those under 18 years of age) are not permitted to be users of CEMBooks and as such no Personal Information about children will be collected.

Changes to this Privacy Notice

iED Apps may change this Privacy Notice in line with future updates on data protection regulations. The date last changed will be displayed on this Privacy Notice. We will provide notification via email if any changes are material or are required by law.

Who is the Data Protection Officer

The Data Protection Officer is Dr Stuart Nuttall. Enquiries about this policy should be directed to the Data Protection Officer at 61 Manor Drive, Bingley, UK, or to stuart@iedapps.com.

Date of current version: 25/5/2018