Privacy Policy for Care Workforce

Privacy Policy

This Privacy Policy describes the information that we gather on, or through, our Services and how we use and process such information. For each processing purpose we will articulate the reason for requiring the data, what data we will process and the legal basis for processing the data and how long we will keep the data.

Where the legal basis of consent is to be used, this will be gathered freely, and we will use clear, plain language that is easy to understand, and you will be able to remove your consent at any point.

References in this Privacy Policy and on our website to “we”, “our” or “us” are references to Hive Learning Limited (who operate this website as a partner to the National Health Service Business Services Authority (“NHS”) for use by Adult Social Care (“ASC”)). References to “you” and “your” means each natural or legal person who uses our website or the associated services.

1. What Information do we collect about you and how do we use it?

We collect/process information so that we can provide the best possible experience when you utilise our Services.  This section of the policy will describe the purpose for processing your Personal Data, the legal basis to do so and how long we will keep your data.

“Personal Data” has the meaning given to it in the Data Protection Laws.

“Data Protection Laws” means any and all laws, statutes, enactments, orders or regulations or other similar instruments of general application and any other rules, instruments or provisions in force from time to time relating to the processing of personal data and privacy applicable to the performance of this Agreement, including where applicable the Data Protection Act 1998, the Data Protection Act 2018, the Regulation of Investigatory Powers Act 2000, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) and the GDPR (Regulation (EU) 2016/679), as amended or superseded. 

1.1. Our Product / Service

If you choose to use our Service, including email notifications, newsletters and product/service updates, you must provide us with some Personal Data so that we can provide our Services to you; this will include your name, email address and IP address. Other non-mandatory Personal Data may also be gathered. 

If you are associated with a contracted client (such as the NHS or ASC) we will use legitimate interest as the legal basis to process the data, as we may not have a direct relationship with you as the data subject.

Our ability to retain the Personal Data will be determined by account activity, if the account is not used for over two (2) years we will delete your data. Accounts associated with contracted clients will be deleted on termination of the contract.

1.2. Our use of Productivity Tools

If you choose to use our Service, Personal Data items such as name, email address, telephone number and other non-mandatory Personal Data may be stored in our corporate cloud application platform, corporate email platform and our help desk platform. 

If you are associated with a contracted client (such as the NHS or ASC) we will use legitimate interest as the legal basis to process the data.

Our ability to retain the Personal Data will be determined by account activity, if the account is not used for over two (2) years we will delete your data. Accounts associated with contracted clients will be deleted on termination of the contract.

1.3 Cookies

Like many websites, we use cookies and similar technologies to collect additional website usage data and to improve our Services. Website usage information is collected using cookies to monitor aggregate site usage metrics such as total number of visitors, pages viewed and web traffic routing on our Services. We will store the cookie values on our platform to allow us to perform our analysis, however this will not be used to target marketing material to an individual user.

We will process data under the legitimate interest legal basis as we only use the data to perform aggregated tracking analysis and will not target individuals based upon this analysis. You will also need to accept our cookie policy to allow us to process the data.

We will retain active cookie data for a period of up to one (1) year, a cookie will remain active if a user re-visits our platform.

Learn more about how we use cookies in our Cookie Policy available on the website. 

2. Updating This Policy

We may change our Service and policies, and we may need to make changes to this Privacy Policy so that they accurately reflect our Service and policies. We may change or update this Privacy Policy at any point, without notice if we do not believe your data rights have been affected. If you continue to use the Service once the Privacy Policy has been updated or amended, you will be bound by the updated Privacy Policy. If you do not want to agree to any updated or amended Privacy Policy, you can request an account deletion.

3. Your Rights

3.1. Accessing or Rectifying your personal data

We want to make sure that your personal information is accurate and up to date and you have the right to request a copy and update the Personal Data that we hold about you. You may ask us to correct or remove information you think is inaccurate. If you would like to invoke this right, please email or write to us at dp@hivelearning.com or DP - Hive Learning, Scale Space, 58 Wood Lane, London, W12 7RZ.

3.2. Deletion

Based upon the retention periods described above we will remove your Personal Data from our platforms.

3.3. Object, Restrict or Withdraw Consent

You may wish to object to or restrict our ability to process your Personal Data, this can be done either via email or in writing, using the contact details below. Further context may need to be requested to ensure we can carry out the relevant tasks on our platforms to perform the request.

3.4. Portability

You may wish to port your Personal Data to another platform. If you would like to invoke this right, please email or write to us at dp@hivelearning.com or DP - Hive Learning, Scale Space, 58 Wood Lane, London, W12 7RZ.

4. Who We Are And How To Contact Us

Hive Learning Limited operates this website on behalf of the NHS. If you are associated with a contracted client (such as the NHS or ASC) we will be a data processor and the contract client (the NHS) will be responsible for defining and managing how your personal data is processed (as the data controller).  

Our company name is: Hive Learning Limited

Our company address is: Scale Space, 58 Wood Lane, London, W12 7RZ.

Our email address is: dp@hivelearning.com

5. To Whom We Disclose Information

Except as described in this Privacy Policy, we will not intentionally disclose the Personal Data that we collect or store on the Service to third parties without the consent of the data subject. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

Unrestricted Information

Any information that you voluntarily choose to include in a public area of the Service, such as a public profile page, will be available to any visitor or User who has access to that content.

6. Service Providers

We work with third party service providers who provide email hosting, core corporate applications, web hosting, maintenance, and other services for us. These third parties may have access to, or process Personal Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.

Service providers include:

• Fospha Limited, 1 Hammersmith Broadway, London W6 9DL; for the purpose of Aggregated Web Journey Analytics
• Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043; for the purpose of Corporate Applications
• Slack, 500 Howard Street, San Francisco, CA 94105, United States for the purposes of Messaging Tools
• ZenDesk, 1019 Market St, San Francisco, CA 94103 for the purposes of HelpDesk software
• Trello, 55 Broadway, New York, NY 10006, United States for the purpose of Project Management Tasks
• HubSpot, 25 First Street, 2nd Floor, Cambridge, MC 02141, USA; for the purposes as our internal CRM to store details of client account management team
• Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg; for the purposes of hosting
• Hive Learning Inc., 3rd Floor, 119 W 24th Street, Floor 4, New York, NY10011; for the purposes of intercompany operations 
• Typeform SL; for the purposes of obtaining feedback from clients
• Microsoft; for the purposes of service and usage analytics and reporting
• Blenheim Chalcot LTF Limited; for the purposes of internal operations
• Accelerate Technology Limited; for the purposes of internal operations
• Accelerate People Limited; for the purpose of internal operations 

• Blenheim Chalcot IT Services India PVT.LTD; for the purposes of helpdesk queries
• Freshdesk, Freshworks, Inc.; for the purpose of effective management of invoice queries 

6.1. Overseas transfers

The information you provide may be transferred to countries outside the UK or European Economic Area (EEA) that do not have similar protections in place regarding your data and restrictions on its use as set out in this policy. However, we will take steps to ensure adequate protections are in place to ensure the security of your information. By submitting your information, you consent to these transfers for the purposes specified above.

We may transfer your personal information to the following which are located outside the European Economic Area (EEA) as follows:

• HubSpot, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA; for the purposes as our marketing CRM
• Slack, 500 Howard Street, San Francisco, CA 94105, USA; for the purposes of messaging tools
• ZenDesk, 1019 Market St, San Francisco, CA 94103, USA; for the purposes of HelpDesk software
• Trello, 55 Broadway, New York, NY 10006, US; for the purpose of project management tasks
• Hive Learning Inc., 119 W 24th Street, Floor 4, New York, NY 10011, USA; for the purposes of intercompany operations
• Trello, 55 Broadway, New York, NY 10006, United States for the purpose of Project Management Tasks
• Blenheim Chalcot IT Services India PVT.LTD, 103-104 Fulcrum, B Wing, Hirandani Business Park, Sahar Airport Road, Andheri, Mumbai 400099 for the purpose of helpdesk queries
• Freshdesk, Freshworks, Inc. 2950 S.Delaware Street, Suite 201, San Mateo, CA 94403, United States; for the purpose of effective management of queries relating to customer and supplier invoices 

All of our international service providers have each provided the information to demonstrate they have appropriate technical and organisational measures in place to safeguard Personal Data, and it shall be processed to at least the same standards as set out by the General Data Protection Regulations: Each organisation outside the EEA operates under EU Standard Contractual Clauses, which is accepted by the European Commission as evidence that an adequate level of protection exists for the Personal Data in the country, territory, or organisation where it is being transferred. 

You can obtain a copy of the safeguards and any other of HubSpot’s data protection documentation by visiting https://www.hubspot.com, or applying via post to HubSpot, 25 First Street, 2nd Floor Cambridge, MA 02141 United States.

You can obtain a copy of the safeguards and any other of Slack’s data protection documentation by visiting https://www.slack.com/security, or applying via post to Slack, 500 Howard Street, San Francisco, CA 94105, United States.

You can obtain a copy of the safeguards and any other of ZenDesk’s data protection documentation by visiting https://www.zendesk.co.uk/product/zendesk-security, or applying via post to ZenDesk, 1019 Market St, San Francisco, CA 94103 

You can obtain a copy of the safeguards and any other of Trello’s data protection documentation by visiting https://trello.com/legal/security, or applying via post to Trello, 55 Broadway, New York, NY 10006, United States

You can obtain a copy of the safeguards and any other of Hive Learning Inc.’s data protection documentation by emailing dp@hivelearning.com 

You can obtain a copy of the safeguards and any other of Blenheim Chalcot IT Services India PVT.LTD’s data protection documentation by emailing info@blenheimchalcot.com 

You can obtain a copy of the safeguards and any other of Freshdesk’s data protection documentation by emailing support@freshworks.com 

6.2. Law Enforcement, Legal Process and Compliance

We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.

6.3. Change of Ownership

Information about data subjects may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of the Personal Data commits to a privacy policy that has terms substantially consistent with this Privacy Policy.

7. Our Data Security

We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way.

The following security procedures, and technical and organisational measures to safeguard your personal information have been put in place:

• In cases where Personal Data is being processed in third countries or third parties, a rigorous data protection impact assessment is being performed to ensure that your data is always secured.
• Our application platform is hosted in ISO 27001 certified secure data centres in the UK.
• Firewalls, intrusion detection and prevention, anti-virus and anti-malware and backup and disaster recovery are in place to prevent data loss or deletion.
• 24/7 security guard, closed circuit television and a door access control system to authorized personnel secures our offices and data centres.
• Our applications are engineered by following industry standards to minimise security vulnerabilities and updates on a regular basis.
• Intrusion detection and prevention secures the network traffic to the servers and applications.
• Anti-malware and anti-virus software is deployed to all of our servers and regularly scan and update with the latest anti-malware and virus signatures.
• We regularly apply critical, security patches and firmware updates to operating systems and physical hardware to minimise the risk of vulnerabilities.
• Our employees undergo background screening and selection processes, with a restricted list of employees having access to secure areas of the applications, databases and physical infrastructure. The access to the secure areas are logged and auditable.
• We will use all reasonable efforts to safeguard your personal information. However, you should be aware that the use of the Internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet.
• We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
• We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

This Privacy Policy was last updated December 2020.