This privacy notice tells you what to expect when Healthy Hearts collects personal information about you. Healthy Hearts operates within an Information Governance policy which is available upon request.
When someone visits healthyhearts.org.uk, we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Our website search and decision notice search is powered by Moz. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either Healthy Hearts or any third party. For more information, please see Moz’s privacy notice.
We use a third party provider, Mailchimp, to deliver our e-newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see Mailchimp’s privacy notice.
Security and performance
Healthy Hearts uses a third party service to help maintain the security and performance of the Healthy Hearts website. To deliver this service it processes the IP addresses of visitors to the Healthy Hearts website.
We use a third party service, WordPress.com, to publish our web site and blog. WordPress requires visitors that want to post a comment to enter a name and email address. For more information about how WordPress processes data, please the WordPress privacy notice.
Healthy Hearts uses a third party service that allows us to collect data entered manually by visitors to our web site. This data is automatically added to our Mailchimp database. Information is stored on the web site, but is wiped manually every three months. For more information, please see Typeform’s privacy statement.
We use a third party provider, Hootsuite, to manage our social media interactions. This allows us to schedule posts which are then sent automatically to our social media feeds. To find out more, please see Hootsuite’s privacy statement.
If you send us a private or direct message via social media the message will be stored by Hootsuite for three months. It will not be shared with any other organisations.
Healthy Hearts offers various services to the public. We use third parties to deal with some requests. We hold the details of the people who have contacted Healthy Hearts in order to provide our services. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information to offer a related Healthy Lifestyle service which may be beneficial to the clients. Client data is retained and disposed in line with Thrive Tribe’s Records Management Policy.
We use a third party service, Batchbook, as a CRM tool. Data stored in our Batchbook account is help on a secure BatchBlue server, which has security measures in place to help protect against the loss, misuse, and alteration of the Data. When Batchbook Site is accessed using any modern browser that supports the protocol, Secure Socket Layer (SSL) technology protects information using both server authentication and data encryption to help ensure that Data is safe, secure, and available only to designated team members in Healthy Hearts. BatchBlue Software also implements an advanced security method based on dynamic data and encoded session identifications, and hosts the Site in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders. Finally, BatchBlue Software provides unique user names and passwords that must be entered each time a customer logs on. These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of Data. To find out more, see Batchbook’s privacy statement.
People who register (notify) under the Data Protection Act 1998
Many businesses are required by law to ‘notify’ certain specified information to the Information Commissioner. This may contain personal information, for example where the business is a sole trader. Healthy Hearts compiles this information into a register which it is required by law to make publicly available. Healthy Hearts cannot therefore give any guarantees as to how the information contained on the register will be used by those accessing it.
Service providers reporting a breach
Public electronic communications service providers are required by law to report any security breaches involving personal data to Healthy Hearts. Security breaches are dealt with in accordance with Thrive Tribes Incident Reporting Policy which is available upon request. All breaches will be reported on the NHS Information Governance Toolkit. Personal Identifiable information will not reported.
Job applicants, current and former Healthy Hearts employees
Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with Healthy Hearts, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with Healthy Hearts has ended, we will retain and delete the file in accordance with the requirements of Records Management policy.
Complaints or queries
Healthy Hearts tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted by Thrive Tribes Risk Management and Governance team. It does not provide exhaustive detail of all aspects of Healthy Hearts’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address provided.
How to access your information
To access your information, you will need to put your request in writing.
You will need to provide information for us to identify you from our records such as name, address and date of birth. You will also need to tell us what kind of information you are requesting to enable us to locate the information. Send your request to the address provider on this page.
Proof of identity
When we receive a request for information, we must make sure you are who you say you are. Unless the staff handling your request know and recognise you, we need proof of identity. These include:
The following documents can be accepted to verify your identity. We require two forms of ID:
These documents must be less than three months old.
We will accept copies of these documents. However, we reserve the right to ask for originals if photocopies are not of a good quality.
In many circumstances we will not disclose personal data without consent. However when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies. Further information is available in our Information Charter about the factors we shall consider when deciding whether information should be disclosed.
You can also get further information on:
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Service changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 7th November 2017.
How to contact us
Information Governance department,
410 Burford Road Business Centre,