Last updated on 1st September 2020 v2.3
We are Device Access UK Ltd, Kenneth Dibben House, Enterprise Rd, Chilworth, Southampton Science Park, Southampton SO16 7NS. A company registered in England and Wales with company number 07257316.
We will post any modifications or changes to the Policy on our Site. We reserve the right to modify the Policy at any time, so we encourage you to review it frequently. The “Last Updated” legend above indicates when this Policy was last changed. If we make any material change(s) to the Policy, we will notify post a notice on our Site prior to such changes(s) taking effect. In the event that such a change could materially affect your privacy, you will be notified without delay by appropriate means.
Device Access UK Ltd,
Kenneth Dibben House,
Southampton Science Park,
This privacy notice tells you what to expect when Device Access collects personal information. It applies to information we collect about:
When someone visits this site we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
We store the IP address transmitted by your web browser for a period of seven (7) days, strictly for the purpose of identifying, restricting and eliminating attacks on our website. After seven (7) days, we delete or anonymize your IP address. The legal basis for the processing of this personal data is provided for in Art. 6 para. 1 s. 1 lit. f GDPR.
When you visit our website, the data collected from the use of the website is temporarily stored on our web server for statistical purposes in the legitimate interest to improve the quality of our website. The legal basis for the processing of this personal data is provided for in Art. 6 para. 1 s. 1 lit. f GDPR. This data set contains:
The listed usage data is stored anonymously.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), you have rights as an individual that you can exercise in relation to the information we hold about you.
Device Access tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:
To make a request to Device Access for any personal information we may hold you need to put the request in writing to the address provided below.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes.
In most circumstances we will not disclose personal data without consent. The exceptions to this are;
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
You have the right to:
Access the personal data which the Company holds about you. This is called a Subject Access Request (SAR) and can be made by calling us or in writing via email or at the address as provided in the "How to contact us" section.
You may use this process to exercise your right to:
DAUK is the Data Controller and a Data Processor of NHS Hospital Episode Statistics (HES) data provided under a formal Data Sharing Agreement with NHS Digital.
Hospital Episode Statistics (HES) is a data warehouse containing details of all admissions, outpatient appointments and A and E attendances at NHS hospitals in England. See NHS Digital and DARS for further details.
We receive and process this data as a result of the Data Sharing Agreement with NHS Digital and our legitimate interest in conducting scientific and statistical research in order to enable medical device providers to achieve NICE approvals and accreditation and subsequent NHS Adoption, and thus positively impact patients Hospitals and the NHS.
This is covered under GDPR as the most appropriate lawful basis for processing under Article 6 being "Legitimate interest"; coupled with Article 9 condition: – Article 9(2) (j) following a formal assessment to ensure that this meets the purpose, necessity and balancing test criteria.
The preparation and delivery of the bespoke anonymised, aggregated dataset to any medical device manufacturer is only processed; following a formal approval process to ensure it meets the Purpose, Necessity and balancing test criteria for each particular recipient.
The NHS HES data we receive is pseudonymised special category "health data" and non-identifiable; which means individuals cannot be identified from the data.
We never give direct access to unprocessed NHS HES data to any third parties. We do aggregate and anonymise the data at appropriate levels level in accordance with the NHS Digital HES Analysis Guide Methodology to provide insight and build analytical models into bespoke data sets. These are provided to medical device manufacturers following formal external approval process to ensure the requirements for purpose and benefit are met.
We have been able to identify where new technologies could replace the current standard of care and show significant benefits to patients, providers of care, and payers of care. This has been the foundation of the success in over 27 NICE evaluations since 2010.
The HES data sets containing the pseudonymised data are retained for four (4) years after which they are securely destroyed. These data sets are downloaded stored and processed securely in conformance with the NHS Digital Toolkit requirements and the Data Sharing Agreement conditions.
DAUK only has access to pseudonymised NHS HES data for the past four years and cannot remove individuals from the datasets.
Should you wish to request that your data is removed from future datasets, then please visit NHS Digital Opting Out Choices for more information about how to opt out of your data being shared.
You also have the right to lodge a complaint with the Information Commissioner’s Office:
Address: Information Commissioner's Office
Telephone: 0303 123 1113 (local rate)