From 15th June 2022 the ISG will no longer support the browser you are using, Internet Explorer. Please switch to its successor Microsoft Edge or Google Chrome for a compatible experience. For more information please see: IE11 End of Support - Microsoft

  • Home
  • Features
  • Pricing
  • News
  • Contact
  • About
  • Register
  • Log in

Password Reset

 
© 2023 - Lancashire & Cumbria Information Sharing Gateway Governance Group.
Terms of use    Security    Privacy

Privacy and Cookies

This Privacy Notice tells you what to expect when the Information Sharing Gateway collects personal information.

This Privacy Notice tells you what to expect when the Information Sharing Gateway (the “ISG”) collects personal information.  Providing details on why we hold and process your personal information and your choices, and how to exercise your rights  

Our contact details

Name: Information Sharing Gateway

E-mail: isg@mbhci.nhs.uk

What type of information we have

We currently collect and process the following information:
  • Personal identifiers such as first name, last name
  • Contacts information organisation address, work email address and telephone numbers
  • Cookie identifiers - We only use cookies to store a temporary session number so that the server can identify where a request has come from when it receives one. This information is not shared with anyone, and we do not merge this information with other data.
  • Internet protocol (IP address)

How we get the information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:
  • When registering on the platform
  • Corresponding with us via post, phone or email
  • Sign up to newsletters, updates and registration as part of the ISG community.

We also receive personal information indirectly, from the following sources in the following scenarios:
  • Where individual organisations are part of a Super Administration Group where a lead organisation supports administration and registering organisations and their staff

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

(f) We have a legitimate interest.

What we do with the information we have

We use the information that you have given us in order to
  • To provide you with access to the ISG
  • To support contract and licensing agreements for ISG
  • To administer and protect ISG (including troubleshooting, data analysis, testing system maintenance, support reporting and hosting of data)
  • To ensure information security, which includes preventing unauthorised access to ISG
  • To provide updates and newsletters about ISG and its development either by email or through ISG on-line community
  • To manage your preferences for notifications within ISG

Users accessing the ISG will have visibility of other users’ email addresses, user roles and organisation details to support collaboration and the management of sharing activities within the ISG.

Where organisation’s are part of Super Administration Group, this information will be accessible to Super administrators to support an organisation with their management of ISG.

Other than other users accessing the ISG, your personal data will not ordinarily be shared with any other individual or any other organisation.

When you sign up to our mailing lists, we do not pass your email address to any third parties. You are only subscribed to the list you have signed up for and are not subscribed to any other lists.

If you do not wish to receive any information from us, please let us know at the point you first contact us or by emailing isg@mbhci.nhs.uk

If you already receive correspondence from the Information Sharing Gateway and no longer want to, please email isg@mbhci.nhs.uk. We will remove your details from any tools or products and will stop any communications updates.

How we store your information

Your information is securely stored on University Hospitals of Morecambe Bay NHS Foundation Trust’s Microsoft Azure data centre. Please see security statement for more detailed information.

We do not make international transfers of data. We do not use information for profiling or automated decision making.

We will only retain your personal information for as long as necessary to fulfil the purposes we collect it for, such as the duration of your organisations contract with ISG. When the data is no longer required, the data can be returned to the originating organisation or deleted securely. If a specific format is required, this must be discussed with the System Support to ensure that if it feasible. The data will be transferred securely and with sent and received receipts. Once receipt is confirmed the personal data will be deleted.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at ISG Development Team at isg@mbhci.nhs.uk, if you wish to make a request. The Data Protection Officer responsible for the service can be contacted through this route.

Our use of cookies 

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. 

Most web browsers allow some control of cookies through the browser settings. To find out more about cookies, including how to see what have been set and how to manage and delete them, visit www.allaboutcookies.org . 

We only use cookies to store a temporary session number so that the server can identify where a request has come from when it receives one. This information is not shared with anyone and we do not merge this information with other data. 

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at Data.Officer@mbht.nhs.uk

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Other websites

Our privacy notice only relates to information that we obtain from you. If you visit a website operated by a third party through a link included on this website your information may be used differently by the operator of the linked website. When you are moving to another site you are advised to read the privacy notice relating to that website.

We may change this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately. 

If these changes affect how your personal data is processed, we will take reasonable steps to let you know.

Security Statement

Security Statement

The Information Sharing Gateway is a web-based application that is hosted and supported by University Hospitals of Morecambe Bay NHS Foundation Trust (UHMB) (‘Support Service’).

Web Application

The Web Application is hosted in UHMB Microsoft Azure instance. Microsoft Azure datacentres comply with key industry standards, such as ISO/IEC 27001:2013 and NIST SP 800-53, for security and reliability. To comply with GDPR, the Information Sharing Gateway app is hosted within the MS Azure UK South Data Centre.

Microsoft datacentres have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the datacentre floor. Full details found here: globally distributed data centre infrastructure summarised as:
  • Datacentre access request and approval process
  • Facility’s perimeter security
  • Building entrance security
  • Inside the building security pass system
  • Data centre floor – full body metal detector system
  • CCTV monitoring & body security scan

Database and Data

The database and data are hosted in the University Hospitals of Morecambe Bay data centre is managed with the same high standards as the Acute Hospitals internal systems, protected by intruder alarms and fire suppression systems.

Equipment is housed in a controlled, secure environment, that is monitored for temperature, humidity, power supply quality and is protected from power supply failures.
  • Access to the UHMB Data Centre is limited to authorised personnel only
  • Access to the UHMB Data Centre is via Swipe Card
  • All access to the UHMB Data Centre is audited
  • Regular internal audits and risk assessments
  • Annual 3rd Party IT Health Checks as a minimum
  • CCTV in the building and at the entrances.

Security
  • All data in transit (between the ISG website and the UHMB Data Centre) uses AES 256 Encryption
  • Connection to the ISG web application uses HTTPS (Hypertext Transfer Protocol Secure)
  • Access to the system is via individual username and user set passwords and approval to access is either managed by individual organisations system administration or via super administration groups working on behalf of other organisations
  • Access to the platform is limited to ISG Support Team for activities required to support clients' use of the system
  • UHMB has security protocols in place to support infrastructure management, backup and disaster recovery arrangements and is assured by the Trust completing the NHS Digital Data Security and Protection Toolkit
  • Support services follow strict formal change management processes for any changes to the production environment, system and configuration.
  • Audits are kept of access attempts to the system and changes to some data records within the system.

Information Sharing Gateway Terms & Conditions

1. About these terms of Use

1.1. By using the Information Sharing Gateway system (the “system”), you agree to the terms set out in these Terms of Use

1.2. It is your responsibility to ensure that you understand and comply with these terms and conditions of use.

1.3. If you have any questions about these terms, you should contact the Information Sharing Gateway Administration Team at isg@mbhci.nhs.uk

1.4. A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time. We may ask you to re-confirm you continue to agree to these Terms of Use from time to time, to take account of any changes to legal requirements or how we provide the system.

2. General information about the Information Sharing Gateway

2.1. The Information Sharing Gateway has been provided to aid registered organisations with their responsibilities when sharing information with other organisations and by using the system, this is the sole purpose for which users are permitted to use the system (the “Permitted Purpose”).

2.2. The Information Sharing Gateway must be used in compliance with all relevant laws, regulations, and guidelines, and at no point does it supersede them.

2.3. The Information Sharing Gateway Administration Team reserves the right to withdraw, suspend or limit user access in the case of suspected misuse, inappropriate use, or breach of these terms.


3. Restrictions

3.1. You agree that you will:

3.1.1. not provide, or otherwise make available, the system in any form, in whole or in part, to any person without prior written consent from the Information Sharing Gateway Administration Team

3.1.2. not commercially exploit or otherwise allow or re-sell access to the system to any other third party;

3.1.3. not copy, merge, adapt, vary, alter or modify, the whole, or any part of the system;

3.1.4. not use the system to identify individuals or groups of organisations to target for commercial gain or other activities unconnected with the Permitted Purpose, either on your behalf or on that of a third party;

3.1.5. only use the system for the Permitted Purpose.


4. Acceptable Use Policy

4.1. You must:

4.1.1. not use the system in any unlawful manner, for any unlawful purpose, or in any manner inconsistent with these terms, or act fraudulently or maliciously, for example, by hacking into or inserting malicious code, such as viruses, or harmful data, into the system or any operating system;

4.1.2. not infringe any intellectual property rights in relation to your use of the system;

4.1.3. not transmit any material that is defamatory, offensive, or otherwise objectionable in relation to your use of the system;

4.1.4. not use the system in a way that could damage, disable, overburden, impair or compromise the system or security or interfere with other users;

4.1.5. not collect or harvest any information or data from the system;

4.1.6. not attempt to disguise your identity or that of your organisation;

4.1.7. not attempt to interfere with the technical components, both hardware and software, of the system in any way;

4.1.8. when setting up your user account, identify yourself honestly, accurately, and completely;

4.1.9. ensure your password and answers to your security questions for the system are always kept confidential and secure, and contact the Administration Team if you become aware of any unauthorised access to your Information Sharing Gateway account;.

4.1.10. only access the Information Sharing Gateway with your own username and password and never share your access credentials with others;

4.1.11. never input your Information Sharing Gateway password into any other website, and you will never be asked for your Information Sharing Gateway password e.g., by phone or email. You must not divulge this information to anyone, even if asked.

4.2. All communication and material you send through the Information Sharing Gateway is assumed to be official correspondence from you acting in your official capacity on behalf of your organisation.

4.3. You must familiarise yourself with the Information Sharing Gateway security and privacy statements, as well as the systems guidance documents if required.

4.4. It is your responsibility to check that you are engaging with the correct recipient, as there may be more than one organisation with a similar name using the service or registered with the ICO.

4.5. Content of the Information Sharing Gateway may be admissible as evidence in a court of law and agreements may be classified as legal documents. An organisation’s content within the Information Sharing Gateway may also need to be disclosed under the Freedom of Information Act 2000, the UK GDPR, and the Data Protection Act 2018.

4.6. It is your responsibility to make sure that your details in the system are correct and up to date.

4.7. You have no intellectual property rights in, or to, the system or any information or data held in the system, other than the right to access and use them in accordance with these terms for the Permitted Purpose.


5. Breach of these terms

5.1. The Information Sharing Gateway Administration Team reserves the right to withdraw, suspend or limit user access at any time and in particular in the case of suspected misuse, inappropriate use, or breach of these terms.

6. Governing Law and Jurisdiction

6.1. These terms shall be governed by and construed in accordance with the law of England, and the courts of England shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this agreement or its subject matter.