PrimaryPoint Privacy Statement

PrimaryPoint uses the information collected by the NHS Midlands and Lancashire Commissioning Support Unit (MLCSU) to operate, maintain, and provide the features and functionality of the website and customer portal.

PrimaryPoint is an online portal which provides access to a range of MLCSU services developed for primary care organisations. It consists of the PrimaryPoint website where MLCSU promote its primary care-related services to non-customers, as well as a log-in point for customers into the PrimaryPoint portal to access specific services. Customer organisations, with an active account, can access to a suite of policies, procedures, information, toolkits, and guidance for primary care across a wide range of services.

When you sign up to our PrimaryPoint services as a customer, an organisation account is set up by MLCSU using your key commercial information such as: name of organisation, address, postcode, telephone number, email address, website address and the name of key contact individuals within your organisation.. This is all information that would be readily available within the public domain.

Each customer organisation is allocated a unique authorisation code, which only enables access to users from that specific organisation, with the code deemed invalid if utilised by another organisation. The code is a unique identifier and can only be supplied by MLCSU staff with system administrator access. The code alone will not identify which organisation it relates to.

To create an account, staff from customer organisations can self-register by completing the required form on the PrimaryPoint portal, which requires full name and valid work email address (this will be the username). No other personal information is stored or retained by the portal.

We will collect all personal data, within a work context, to the extent that it is required for the specific purpose made clear to you at the time. If you contact us via the portal, we will keep a record of that contact including your contact details, which can only be accessed by MLCSU staff with system administrator access rights. In addition to your access details, we will log details of your interactions with us including via the portal and this is to help us to audit our systems and processes all in line with contractual obligations.

The legal basis for processing this data for the purposes of portal account creation forms part of contractual obligation and is defined under Article 6 (1) (b) of the General Data Protection Regulation (GDPR) and implemented into the Data Protection Act 2018 and is summarised as “ processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.”

We may use your personal data in order to:

• exercise our legitimate business interests, including providing services to you, at your request, as a customer of ours
• provide you with the best possible customer service

We will not use your personal data or make it available to any third party without your prior consent except that:

• where we are providing services to you at the request of a third party, we may share your personal data with that third party to the extent necessary to provide the services and perform the contract
• we may disclose your personal data where required to do so by law

We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction. We will not transfer your personal data outside the EU.
You have the following rights under the Data Protection Act 2018 in respect of your personal data held by MLCSU

• to access your personal data
• to be provided with information about how your data is used and for what purpose (this information is set out in this statement)
• to have your data corrected where necessary (please contact us promptly should you become aware of any incorrect or out-of-date information)
• to have your personal data erased in certain circumstances (please refer to the relevant data protection legislation and regulations or consult the ICO for details)

For any concerns relating to the way we use to provide customers with access to this portal, or queries relating to this privacy notice, please contact the Data Protection Officer for the MLCSU:
Hayley Gidman, Head of Information Governance, MLCSU, Heron House, 120 Grove Road, Fenton, Stoke-on-Trent ST4 4LX

Tel: 01782 872648
E-mail: mlcsu.dpo@nhs.net

You have the right to take any complaints about how we use your personal data to the Information Commissioner:

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9
Tel: 0303 123 1113

The PrimaryPoint portal may from time to time contain links to other unrelated sites. This privacy statement does not apply to these sites nor are we responsible for the content and practices of these websites. In particular, please note that such other sites may also use cookies, and that we have no control over this.
We reserve the right to amend this Privacy Statement from time to time without prior notice. You are advised to check the Site regularly for any amendments (but NB amendments will not be made retrospectively).