NACEL Privacy Notice
INTRODUCTION
This privacy notice provides you with details of how we collect and process your personal data through your use of our site www.nacel.nhs.uk, and information for clinicians, hospital staff and those important to deceased patients whose information may be used in the National Audit of Care at the End of life (NACEL). It explains what type of information we collect, why we collect it, and what we do with it.
The NHS Benchmarking Network (The Benchmarking Network Ltd) is the data processor for NACEL, and we are responsible for your personal data (referred to as “we,” “us,” or “our” in this privacy notice).
Aim of NACEL: The overall aim of NACEL is to improve the quality of care when somebody dies in a hospital inpatient setting in England, Wales and Jersey.
Audit objectives:
Improving quality of care by identifying areas for action in relation to delivery and outcomes, and adapting QI priorities in line with evidence and guidance
Reducing unwarranted variation through benchmarking of outcome measures as well as identifying and managing outliers using the appropriate guidance
Understanding and reducing health inequalities in relation to impact on the specified measures
Sharing and adopting best practice including QI examples, and signposting to resources available in the wider End of Life landscape
Data collected from NACEL will provide high quality information about the quality, delivery and outcomes of care delivered to dying patients and those important to them during the final admission in hospital.
COMPANY DETAILS
Full name of legal entity: The Benchmarking Network Limited
NACEL Support Team email address: nhsbn.nacelsupport@nhs.net
Postal address: Colony Fabrica, 269 Great Ancoats Street, Manchester, M4 7DB
ICO Registration: Z1624069
Email address for DPO: nhsbn.dpo@nhs.net
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at enquiries@thebenchmarkingnetwork.co.uk.
WHAT DATA WE COLLECT, PURPOSES, AND LEGAL BASIS
Types of Data and Lawful Basis:
| Data Type | Reason for Processing | Lawful Basis |
|---|---|---|
| Communication Data (e.g., emails, social media messages) | Processed for communication, record-keeping, and legal claims | Legitimate interests |
| Client/Customer Data (e.g., name, contact details, purchase details) | Processed to provide goods/services and keep records | Contract performance |
| User Data (e.g., website interactions, posts) | Processed to operate our website, ensure security, and maintain backups | Legitimate interests |
| Technical Data (e.g., IP address, browser type, usage analytics) | Processed to analyse site use, protect our business, and improve services | Legitimate interests |
| Marketing Data (e.g., preferences for communications) | Processed to deliver promotions and measure effectiveness | Public task |
| Commercial Data (e.g., organisational/service information collected as part of the Hospital/Site Overview) | Processed to provide an understanding of service variation | Public task |
| Personal data (e.g., information about an individual and the care they received. Pseudonymised data collected from the Case Note Review collection) | Processed to provide an understanding of care at the end of life in a hospital setting | Public task |
| Non-Personal data (e.g., anonymous data that can not be linked to an individual, collected from the Bereavement Survey & Staff Reported Measure) | Processed to provide an understanding of care at the end of life in a hospital setting | Public task |
| Special Category Data (e.g race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) | Processed to ensure diversity in audit development | Public task |
HOW WE COLLECT YOUR DATA
We collect personal data through:
· Direct interactions (website forms, emails, phone calls, focus groups, reference groups, events).
· Indirect interactions (case note reviews, data submitted about individuals from other sources)
· Automated technologies (cookies, analytics tools like Google Analytics).
· Third-party sources (e.g., search providers, social media platforms, publicly available sources like Companies House).
For more details, see our Cookie Policy.
Further information about NACEL specifically can be found in the NACEL Data Protection Impact Assessment and NACEL Data Flow Diagram.
Please find available to download The NHS Benchmarking Network's Fair Processing Notice.
MARKETING COMMUNICATIONS
We may send marketing communications under the following conditions:
· If you are or have had a NACEL project role, input into the audit or requested information.
· If you have explicitly opted in.
Under the Privacy and Electronic Communications Regulations (PECR), we may send marketing emails to corporate contacts without prior consent in certain circumstances. This typically includes communications related to our services, events, or updates that we believe may be of interest to you in your professional capacity, particularly if you have previously engaged with us or expressed interest in our services.
We will only send marketing emails to individuals who are corporate contacts, i.e., those associated with an organisation, rather than personal email addresses. You can opt out of receiving marketing emails at any time by using the "unsubscribe" link in our emails or by emailing nhsbn.nacelsupport@nhs.net.
Opting out does not apply to transactional communications related to purchases or service updates.
Before we share your personal data with any third party for their own marketing purposes we will get your express consent.
DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with the parties set out below:
· Other companies in our group who provide services to us.
· Service providers who provide IT and system administration services.
· Professional advisers including lawyers, bankers, auditors and insurers
· Government bodies that require us to report processing activities.
· Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
INTERNATIONAL TRANSFERS
Some of your personal data may be transferred internationally when we engage third-party suppliers who process data on our behalf. This may include transfers to countries outside the United Kingdom or European Economic Area (EEA).
Where such transfers occur, we ensure that appropriate safeguards, such as standard contractual clauses or equivalent measures, are in place to protect your data and comply with applicable data protection laws.
DATA SECURITY
We implement technical and organisational measures to protect data from loss, misuse, and unauthorised access. These include:
Access controls and encryption
Regular security audits
Staff data protection training
We also ensure we have a current Cyber Essentials certification and complete the NHS DSPT annually to provide reassurance around Information Security.
We have procedures to handle data breaches and will notify affected individuals and regulators when legally required.
DATA RETENTION
We follow a retention schedule reviewed annually to ensure data is stored appropriately and deleted when no longer necessary.
If we are required to collect data by law or contract and you do not provide it, we may be unable to deliver our services. In such cases, we will notify you.
We will only use your data for its original purpose or a reasonably compatible one. If we need to use it for a different purpose, we will inform you and explain the legal basis.
We may process your data without your knowledge or consent where required or permitted by law.
YOUR LEGAL RIGHTS
Under data protection laws, you have the right to:
· Request access, correction, or deletion of your data.
· Object to processing and request data portability.
· Withdraw consent for marketing.
More details: ICO Individual Rights Guide.
To exercise these rights, email nhsbn.nacelsupport@nhs.net. We aim to respond within one month. If dissatisfied, you can complain to the ICO (www.ico.org.uk).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
THIRD-PARTY LINKS
Our website may contain links to third-party sites. Clicking on these may allow third parties to collect your data. We are not responsible for their privacy policies and recommend reading their privacy notices.
COOKIES
We use cookies to enhance website functionality and analyse user behaviour. You can manage cookie preferences through your browser settings. Some features may be affected if cookies are disabled. See our Cookie Policy for details.