Last review date
Next revision due
As you use our services, we want you to be clear how we’re using information and the ways in which you can protect your privacy.
We’ve tried to keep it as simple as possible, but if you’re not familiar with terms, please do take the time to get to know our practices – and if you have any questions, contact us.
This policy covers all aspects of privacy protection in our company, Thomson Screening Solutions Ltd.
It has two parts:
When you sign up, we expect you to sign up as a representative of an organisation, Schoolscreener and Schoolscreener EZ are not available to individuals (e.g. parents).
When you or your organisation signs up for our services, they can follow two routes: For Schoolscreener clients, there will be a contract in place prior to starting the service. For Schoolscreener EZ clients or other self-service clients, all new organisations must accept the End User License Agreement which forms the contractual agreement between the Organisation and Thomson Screening.
In both these cases, your organisation is the Data Owner and Thomson Screening is the Data Processor. (as defined by GDPR).
As Data Owner, it is your responsibility to ensure that only persons specifically authorised by you can access the software and to ensure that the data added to the software is managed in accordance with GDPR requirements. We give you the tools to do this.
We collect or store different types of personal information and each type has its own protection, access and deletion framework. These types are:
Patient identifiable information that is part of the Schoolscreener and Schoolscreener EZ operation
Personal information necessary for conducting our business, for example user names and contact details. People in this category are linked to Thomson Screening by some form of contract, or SLA either directly or through their role in their organisation.
Patient/Screening information that you create when you use the Schoolscreener. This information is created by you, either via uploading, adding or amending records and carrying out test.
When you use the system, you will also populate it with your data: details of schools and children you screen, their results and any letters sent out to parents.
This information is highly protected and is entirely under organisation’s control. You and your colleagues are responsible for obtaining the necessary permissions from patients or their legal representatives prior to adding their data to our system. For the purposes of GDPR (General Data Protection Regulation): you are and remain the Data Owner, Schoolscreener/Thomson Screening is the Data Processor.
We provide you with tools to create, maintain and delete this information directly in the system.
Once information is added to our system we have an extensive range of security measures and process in place to protect it from harm and ensure it is available to you. Details of these security measures and our Data Protection framework are available as a separate document.
Business contact information:
We do not actively collect information about users (You), we only collect the minimum necessary for us to provide your service. We record your login details and activities within the system for audit purposes.
When you do, we’ll ask for personal information, like your name, email address, telephone number and the organisation you belong to. This is necessary for us to provide the service and we have your organisation’s permission to record this.
You are able to update this information directly or through the Administrators of your organisation. Once you leave your organisation, the Administrator must inform us so that your access can be removed and your details deleted.
We do not keep user information after a user account is closed.
We automatically collect some system information in the following ways and will not share with anybody:
When you use our services we automatically collect and store certain information in server logs. This includes:
Thomson Screening provides telephone service support to all business clients. That service is delivered through a dedicated, secure third party’s online platform.
All calls are monitored or recorded for quality and training purposes, in accordance with the GDPR act 2018. Prior each conversation:
· We obtain consent for the call to be recorded
· Provide advice on the safest way of the conversation to continue.
· Inform the other party how the recording will be used
· Store the information in a secure location
Despite all our efforts confidential identifiable information may be disclosed and recorded. In such circumstances we strictly follow the company’s secure and confidential disposal process. We do not store or distribute call recordings containing confidential information.
We collect information from publicly available sources (e.g. websites, public directories and publications). We may occasionally purchase databases of contact information from reputable providers. We will only do this from companies that are GDPR compliant and where information has been obtained in line with GDPR requirements.
Anybody can check with us whether we hold any information about them, ask for amendments and removal by filling in this form: What do you know about me
In addition we also use a number of methods that are automated and come under the GDPR regulations:
We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
We use various technologies to collect and store information when you visit the Schoolscreener service, and this may include using cookies or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services we offer.
There are only a few exceptions, all for legal reasons
We will share personal information with companies, organisations or individuals outside Thomson Screening if we have a belief in good faith that access, use, preservation or disclosure of the information is reasonably necessary to:
Information we learn while providing your service:
While we provide the service, we learn about the patterns of screening, activities and outcomes in different geographical regions, age ranges, or other parameters. This information is not specific to an organisation or user and is stored in a format that cannot be used to identify individuals.
We use this information primarily to improve the services we provide. We may also use it to compare best practices, recommend service improvements and in other ways we feel it would benefit our user base. We will not sell this information to Third Parties.
We do not sell personal information.
How we use the information that we collect
Thomson Screening processes personal information on our servers primarily in the UK and other countries of the European Union or countries and conditions permitted by GDPR. We may process your personal information on a server located outside the country where you live.
You may also set your browser to block all cookies, including cookies associated with our services or to indicate when a cookie is being set by us. However, it’s important to remember that many of our services may not function properly if your cookies are disabled.
We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems. For example, if you request your data to be removed, details of the request itself will remain in our records.
We work hard to protect Schoolscreener and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:
Details of these and additional security measures and our Data Protection framework are available in our Information Governance Policy.
Compliance and cooperation with regulatory authorities
Thomson Screening is registered with the Information Commissioner’s Office in the United Kingdom. Our Registration ID is Z3489680
We are also registered with NHS DSP Toolkit. Our registration ID is 8HW22
We are Cyber Essentials Certified. Our certificate ID is: IASME-CE-009057
Part 2: Privacy protection of other company activities
These are personal details of people Thomson Screening would like to market services to. These persons may not be aware that we keep information about them. Thomson Screening will only obtain this kind of information from the public domain and we have clear processes for removing these kind of information when requested.
Part 3: Data retention
Where the company is the Data Owner, it will only retain information beyond its use where the company is required to do so by regulation (e.g. finance or personnel records) or by exception, where the company has defined an alternative retention schedule. Such exceptions will be indicated in the Information Asset Register against each item.