diff --git a/DigitalLearningSolutions.Data.Migrations/202507111455_UpdatePrivacyNoticeAcceptableUse.cs b/DigitalLearningSolutions.Data.Migrations/202507111455_UpdatePrivacyNoticeAcceptableUse.cs new file mode 100644 index 0000000000..b9dc84ab7e --- /dev/null +++ b/DigitalLearningSolutions.Data.Migrations/202507111455_UpdatePrivacyNoticeAcceptableUse.cs @@ -0,0 +1,430 @@ +using FluentMigrator; +namespace DigitalLearningSolutions.Data.Migrations +{ + [Migration(202507111455)] + public class UpdatePrivacyNoticeAcceptableUse : Migration + { + public override void Up() + { + var PrivacyPolicyNew = @"

PRIVACY NOTICE

This page explains our privacy policy and how we will use and protect any information about you that you give to us or that we collate when you visit this website, or undertake employment with NHS England (NHSE or we/us/our), or participate in any NHSE sponsored training, education and development including via any of our training platform websites (Training).

This privacy notice is intended to provide transparency regarding what personal data NHSE may hold about you, how it will be processed and stored, how long it will be retained and who may have access to your data.

Personal data is any information relating to an identified or identifiable living person (known as the data subject). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number or factors specific to the physical, genetic or mental identity of that person, for example.

1 OUR ROLE IN THE NHS

We are here to improve the quality of healthcare for the people and patients of England through education, training and lifelong development of staff and appropriate planning of the workforce required to deliver healthcare services in England.

We aim to enable high quality, effective, compassionate care and to identify the right people with the right skills and the right values. All the information we collect is to support these objectives.

2 IMPORTANT INFORMATION

NHSE is the data controller in respect of any personal data it holds concerning trainees in Training, individuals employed by NHSE and individuals accessing NHSE’s website.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy or our privacy practices, want to know more about how your information will be used, or make a request to exercise your legal rights, please contact our DPO in the following ways:

Name: Andrew Todd

Email address: gdpr@hee.nhs.uk

Postal address: NHS England of Skipton House, 80 London Road, London SE1 6LH

3 WHAT THIS PRIVACY STATEMENT COVERS

This privacy statement only covers the processing of personal data by NHSE that NHSE has obtained from data subjects accessing any of NHSE’s websites and from its provision of services and exercise of functions. It does not cover the processing of data by any sites that can be linked to or from NHSE’s websites, so you should always be aware when you are moving to another site and read the privacy statement on that website.

When providing NHSE with any of your personal data for the first time, for example, when you take up an appointment with NHSE or when you register for any Training, you will be asked to confirm that you have read and accepted the terms of this privacy statement. A copy of your acknowledgement will be retained for reference.

If our privacy policy changes in any way, we will place an updated version on this page. Regularly reviewing the page ensures you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

4 WHY NHSE COLLECTS YOUR PERSONAL DATA

Personal data may be collected from you via the recruitment process, when you register and/or create an account for any Training, during your Annual Review of Competence Progression or via NHSE’s appraisal process. Personal data may also be obtained from Local Education Providers or employing organisations in connection with the functions of NHSE.

Your personal data is collected and processed for the purposes of and in connection with the functions that NHSE performs with regard to Training and planning. The collection and processing of such data is necessary for the purposes of those functions.

A full copy of our notification to the Information Commissioner’s Office (ICO) (the UK regulator for data protection issues), can be found on the ICO website here: www.ico.org.uk by searching NHSE’s ICO registration number, which is Z2950066.

In connection with Training, NHSE collects and uses your personal information for the following purposes:

  1. to manage your Training and programme, including allowing you to access your own learning history;
  2. to quality assure Training programmes and ensure that standards are maintained, including gathering feedback or input on the service, content, or layout of the Training and customising the content and/or layout of the Training;
  3. to identify workforce planning targets;
  4. to maintain patient safety through the management of performance concerns;
  5. to comply with legal and regulatory responsibilities including revalidation;
  6. to contact you about Training updates, opportunities, events, surveys and information that may be of interest to you;
  7. transferring your Training activity records for programmes to other organisations involved in medical training in the healthcare sector. These organisations include professional bodies that you may be a member of, such as a medical royal college or foundation school; or employing organisations, such as trusts;
  8. making your Training activity records visible to specific named individuals, such as tutors, to allow tutors to view their trainees’ activity. We would seek your explicit consent before authorising anyone else to view your records;
  9. providing anonymous, summarised data to partner organisations, such as professional bodies; or local organisations, such as strategic health authorities or trusts;
  10. for NHSE internal review;
  11. to provide HR related support services and Training to you, for clinical professional learner recruitment;
  12. to promote our services;
  13. to monitor our own accounts and records;
  14. to monitor our work, to report on progress made; and
  15. to let us fulfil our statutory obligations and statutory returns as set by the Department of Health and the law (for example complying with NHSE’s legal obligations and regulatory responsibilities under employment law).

Further information about our use of your personal data in connection with Training can be found in ’A Reference Guide for Postgraduate Foundation and Specialty Training in the UK’, published by the Conference of Postgraduate Medical Deans of the United Kingdom and known as the ‘Gold Guide’, which can be found here: https://www.copmed.org.uk/gold-guide.

5 TYPES OF PERSONAL DATA COLLECTED BY NHSE

The personal data that NHSE collects when you register for Training enables the creation of an accurate user profile/account, which is necessary for reporting purposes and to offer Training that is relevant to your needs.

The personal data that is stored by NHSE is limited to information relating to your work, such as your job role, place of work, and membership number for a professional body (e.g. your General Medical Council number). NHSE will never ask for your home address or any other domestic information.

When accessing Training, you will be asked to set up some security questions, which may contain personal information. These questions enable you to log in if you forget your password and will never be used for any other purpose. The answers that you submit when setting up these security questions are encrypted in the database so no one can view what has been entered, not even NHSE administrators.

NHSE also store a record of some Training activity, including upload and download of Training content, posts on forums or other communication media, and all enquires to the service desks that support the Training.

If you do not provide personal data that we need from you when requested, we may not be able to provide services (such as Training) to you. In this case, we may have to cancel such service, but we will notify you at the time if this happens.

6 COOKIES

When you access NHSE’s website and Training, we want to make them easy, useful and reliable. This sometimes involves placing small amounts of limited information on your device (such as your computer or mobile phone). These small files are known as cookies, and we ask you to agree to their usage in accordance with ICO guidance.

These cookies are used to improve the services (including the Training) we provide you through, for example:

  1. enabling a service to recognise your device, so you do not have to give the same information several times during one task (e.g. we use a cookie to remember your username if you check the ’Remember Me’ box on a log in page);
  2. recognising that you may already have given a username and password, so you do not need to do it for every web page requested;
  3. measuring how many people are using services, so they can be made easier to use and there is enough capacity to ensure they are fast; and
  4. analysing anonymised data to help us understand how people interact with services so we can make them better.

We use a series of cookies to monitor website speed and usage, as well as to ensure that any preferences you have selected previously are the same when you return to our website. Please visit our cookie policies page to understand the cookies that we use: https://www.dls.nhs.uk/v2/CookieConsent/CookiePolicy

Most cookies applied when accessing Training are used to keep track of your input when filling in online forms, known as session-ID cookies, which are exempt from needing consent as they are deemed essential for using the website or Training they apply to. Some cookies, like those used to measure how you use the Training, are not needed for our website to work. These cookies can help us improve the Training, but we’ll only use them if you say it’s OK. We’ll use a cookie to save your settings.

On a number of pages on our website or Training, we use ’plug-ins’ or embedded media. For example, we might embed YouTube videos. Where we have used this type of content, the suppliers of these services may also set cookies on your device when you visit their pages. These are known as ’third-party’ cookies. To opt-out of third-parties collecting any data regarding your interaction on our website, please refer to their websites for further information.

We will not use cookies to collect personal data about you. However, if you wish to restrict or block the cookies which are set by our websites or Training, or indeed any other website, you can do this through your browser settings. The ’Help’ function within your browser should tell you how. Alternatively, you may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your machine as well as more general information about cookies. Please be aware that restricting cookies may impact on the functionality of our website.

7 LEGAL BASIS FOR PROCESSING

The retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR) requires that data controllers and organisations that process personal data demonstrate compliance with its provisions. This involves publishing our basis for lawful processing of personal data.

As personal data is processed for the purposes of NHSE’s statutory functions, NHSE’s legal bases for the processing of personal data as listed in Article 6 of the UK GDPR are as follows:

Where NHSE processes special categories of personal data, its additional legal bases for processing such data as listed in Article 9 of the UK GDPR are as follows:

Special categories of personal data include data relating to racial or ethnic origin, political opinions, religious beliefs, sexual orientation and data concerning health.

Please note that not all of the above legal bases will apply for each type of processing activity that NHSE may undertake. However, when processing any personal data for any particular purpose, one or more of the above legal bases will apply.

We may seek your consent for some processing activities, for example for sending out invitations to you to Training events and sending out material from other government agencies. If you do not give consent for us to use your data for these purposes, we will not use your data for these purposes, but your data may still be retained by us and used by us for other processing activities based on the above lawful conditions for processing set out above.

8 INFORMATION THAT WE MAY NEED TO SEND YOU

We may occasionally have to send you information from NHSE, the Department of Health, other public authorities and government agencies about matters of policy where those policy issues impact on Training, workforce planning, or other matters related to NHSE. This is because NHSE is required by statute to exercise functions of the Secretary of State in respect of Training and workforce planning. If you prefer, you can opt out of receiving information about general matters of policy impacting on Training and workforce planning by contacting your Local Office recruitment lead or tel@hee.nhs.uk. The relevant Local Office or a representative from the relevant training platform website will provide you with further advice and guidance regarding any consequences of your request.

NHSE will not send you generic information from other public authorities and government agencies on issues of government policy.

9 TRANSFERS ABROAD

The UK GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations, in order to ensure that the level of protection of individuals afforded by the UK GDPR is not undermined.

Your data may only be transferred abroad where NHSE is assured that a third country, a territory or one or more specific sectors in the third country, or an international organisation ensures an adequate level of protection.

10 HOW WE PROTECT YOUR PERSONAL DATA

Our processing of all personal data complies with the UK GDPR principles. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. The security of the data is assured through the implementation of NHSE’s policies on information governance management.

The personal data we hold may be held as an electronic record on data systems managed by NHSE, or as a paper record. These records are only accessed, seen and used in the following circumstances:

  1. if required and/or permitted by law; or
  2. by NHSE staff who need access to them so they can do their jobs and who are subject to a duty of confidentiality; or
  3. by other partner organisations, including our suppliers, who have been asked to sign appropriate non-disclosure or data sharing agreements and will never be allowed to use the information for commercial purposes.

We make every effort to keep your personal information accurate and up to date, but in some cases we are reliant on you as the data subject to notify us of any necessary changes to your personal data. If you tell us of any changes in your circumstances, we can update the records with personal data you choose to share with us.

Information collected by NHSE will never be sold for financial gain or shared with other organisations for commercial purposes.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

11 SHARING PERSONAL DATA

So we can provide the right services at the right level, we may share your personal data within services across NHSE and with other third party organisations such as the Department of Health, higher education institutions, clinical placement providers, colleges, faculties, other NHSE Local Offices, the General Medical Council, NHS Trusts/Health Boards/Health and Social Care Trusts, approved academic researchers and other NHS and government agencies where necessary, to provide the best possible Training and to ensure that we discharge NHSEs responsibilities for employment and workforce planning for the NHS. This will be on a legitimate need to know basis only.

We may also share information, where necessary, to prevent, detect or assist in the investigation of fraud or criminal activity, to assist in the administration of justice, for the purposes of seeking legal advice or exercising or defending legal rights or as otherwise required by the law.

Where the data is used for analysis and publication by a recipient or third party, any publication will be on an anonymous basis, and will not make it possible to identify any individual. This will mean that the data ceases to become personal data.

12 HOW LONG WE RETAIN YOUR PERSONAL DATA

We will keep personal data for no longer than necessary to fulfil the purposes we collected it for, in accordance with our records management policy and the NHS records retention schedule within the NHS Records Management Code of Practice at: https://www.england.nhs.uk/contact-us/privacy-notice/nhs-england-as-a-data-controller (as may be amended from time to time).

In some circumstances you can ask us to delete your data. Please see the “Your rights” section below for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

13 OPEN DATA

Open data is data that is published by central government, local authorities and public bodies to help you build products and services. NHSE policy is to observe the Cabinet Office transparency and accountability commitments towards more open use of public data in accordance with relevant and applicable UK legislation.

NHSE would never share personal data through the open data facility. To this end, NHSE will implement information governance protocols that reflect the ICO’s recommended best practice for record anonymisation, and Office of National Statistics guidance on publication of statistical information.

14 YOUR RIGHTS

14.1 Right to rectification and erasure

Under the UK GDPR you have the right to rectification of inaccurate personal data and the right to request the erasure of your personal data. However, the right to erasure is not an absolute right and it may be that it is necessary for NHSE to continue to process your personal data for a number of lawful and legitimate reasons.

14.2 Right to object and withdraw your consent

You have the right in certain circumstances to ask NHSE to stop processing your personal data in relation to any NHSE service. As set out above, you can decide that you do not wish to receive information from NHSE about matters of policy affecting Training and workforce. However, the right to object is not an absolute right and it may be that it is necessary in certain circumstances for NHSE to continue to process your personal data for a number of lawful and legitimate reasons.

If you object to the way in which NHSE is processing your personal information or if you wish to ask NHSE to stop processing your personal data, please contact your relevant Local Office.

Please note, if we do stop processing personal data about you, this may prevent NHSE from providing the best possible service to you. Withdrawing your consent will result in your Training account being anonymised and access to the Training removed.

14.3 Right to request access

You can access a copy of the information NHSE holds about you by writing to NHSE’s Public and Parliamentary Accountability Team. This information is generally available to you free of charge subject to the receipt of appropriate identification. More information about subject access requests can be found here: https://www.hee.nhs.uk/about/contact-us/subject-access-request.

14.4 Right to request a transfer

The UK GDPR sets out the right for a data subject to have their personal data ported from one controller to another on request in certain circumstances. You should discuss any request for this with your Local Office. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

14.5 Right to restrict processing

You can ask us to suspend the processing of your personal data if you want us to establish the data’s accuracy, where our use of the data is unlawful but you do not want us to erase it, where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims or where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

14.6 Complaints

You have the right to make a complaint at any time to the ICO. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact your Local Office or the DPO in the first instance, using the contact details above.

You can contact the ICO at the following address:

The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

14.7 Your responsibilities

It is important that you work with us to ensure that the information we hold about you is accurate and up to date so please inform NHSE if any of your personal data needs to be updated or corrected.

All communications from NHSE will normally be by email. It is therefore essential for you to maintain an effective and secure email address, or you may not receive information or other important news and information about your employment or Training.

"; + + Execute.Sql(@"UPDATE Config SET UpdatedDate = GETDATE() ,ConfigText =N'" + PrivacyPolicyNew + "'" + + "where ConfigName='PrivacyPolicy' AND IsHtml = 1"); + + var AcceptableUseNew = @"

ACCEPTABLE USE POLICY

+
    +
  1. + General +
      +
    1. This Acceptable Use Policy sets out how we permit you to use any of our Platforms. Your compliance with this Acceptable Use Policy is a condition of your use of the Platform.
      2. +
    2. Capitalised terms have the meaning given to them in the terms of use for the Platform which are available at https://www.dls.nhs.uk/v2/LearningSolutions/Terms.
      3. +
    +
    2. +
  2. + Acceptable use +
      +
    1. You are permitted to use the Platform as set out in the Terms and for the purpose of personal study.
      2. +
    2. You must not use any part of the Content on the Platform for commercial purposes without obtaining a licence to do so from us or our licensors.
      3. +
    3. If you print off, copy, download, share or repost any part of the Platform in breach of this Acceptable Use Policy, your right to use the Platform will cease immediately and you must, at our option, return or destroy any copies of the materials you have made.
      4. +
    4. Our status (and that of any identified contributors) as the authors of Content on the Platform must always be acknowledged (except in respect of Third-Party Content).
      5. +
    +
    3. +
  3. + Prohibited uses +
      +
    1. + You may not use the Platform: +
        +
      1. in any way that breaches any applicable local, national or international law or regulation;
        2. +
      2. in any way that is unlawful or fraudulent or has any unlawful or fraudulent purpose or effect;
        3. +
      3. in any way that infringes the rights of, or restricts or inhibits the use and enjoyment of this site by any third party;
        4. +
      4. for the purpose of harming or attempting to harm minors in any way;
        5. +
      5. to bully, insult, intimidate or humiliate any person;
        6. +
      6. to send, knowingly receive, upload, download, use or re-use any material which does not comply with our Content Standards as set out in paragraph 4;
        7. +
      7. to transmit, or procure the sending of, any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation (spam), or any unwanted or repetitive content that may cause disruption to the Platform or diminish the user experience, of the Platform’s usefulness or relevant to others;
        8. +
      8. to do any act or thing with the intention of disrupting the Platform in any way, including uploading any malware or links to malware, or introduce any virus, trojan, worm, logic bomb or other material that is malicious or technologically harmful or other potentially damaging items into the Platform;
        9. +
      9. to knowingly transmit any data, send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware; or
        10. +
      10. to upload terrorist content.
        11. +
      +
      2. +
    2. + You also agree: +
        +
      1. to follow any reasonable instructions given to you by us in connection with your use of the Platform;
        2. +
      2. to respect the rights and dignity of others, in order to maintain the ethos and good reputation of the NHS, the public good generally and the spirit of cooperation between those studying and working within the health and care sector. In particular, you must act in a professional manner with regard to all other users of the Platform at all times;
        3. +
      3. + not to modify or attempt to modify any of the Content, save: +
          +
        1. in respect of Contributions;
          2. +
        2. where you are the editor of a catalogue within the Learning Hub, you may alter Content within that catalogue;
          3. +
        +
        4. +
      4. not to download or copy any of the Content to electronic or photographic media;
        5. +
      5. not to reproduce any part of the Content by any means or under any format other than as a reasonable aid to your personal study;
        6. +
      6. not to reproduce, duplicate, copy or re-sell any Content in contravention of the provisions of this Acceptable Use Policy; and
        7. +
      7. not to use tools that automatically perform actions on your behalf;
        8. +
      8. not to upload any content that infringes the intellectual property rights, privacy rights or any other rights of any person or organisation; and
        9. +
      9. not to attempt to disguise your identity or that of your organisation;
        10. +
      10. + not to access without authority, interfere with, damage or disrupt: +
          +
        1. any part of the Platform;
          2. +
        2. any equipment or network on which the Platform is stored;
          3. +
        3. any software used in the provision of the Platform;
          4. +
        4. the server on which the Platform is stored;
          5. +
        5. any computer or database connected to the Platform; or
          6. +
        6. any equipment or network or software owned or used by any third party.
          7. +
        +
        11. +
      11. not to attack the Platform via a denial-of-service attack or a distributed denial-of-service attack.
        12. +
      +
      3. +
    +
    4. +
  4. + Content standards +
      +
    1. The content standards set out in this paragraph 4 (Content Standards) apply to any and all Contributions.
      2. +
    2. The Content Standards must be complied with in spirit as well as to the letter. The Content Standards apply to each part of any Contribution as well as to its whole.
      3. +
    3. We will determine, in our discretion, whether a Contribution breaches the Content Standards.
      4. +
    4. + A Contribution must: +
        +
      1. be accurate (where it states facts);
        2. +
      2. be genuinely held (where it states opinions); and
        3. +
      3. comply with the law applicable in England and Wales and in any country from which it is posted.
        4. +
      +
      5. +
    5. + A Contribution must not: +
        +
      1. + contain misinformation that is likely to harm users, patients/service users, health and care workers, or the general public’s wellbeing, safety, trust and reputation, including the reputation of the NHS or any part of it. This could include false and misleading information relating to disease prevention and treatment, conspiracy theories, content that encourages discrimination, harassment or physical violence, content originating from misinformation campaigns, and content edited or manipulated in such a way as to constitute misinformation; +
        2. +
      2. + contain any content or link to any content: +
          +
        1. which is created for advertising, promotional or other commercial purposes, including links, logos and business names;
          2. +
        2. which requires a subscription or payment to gain access to such content;
          3. +
        3. in which the user has a commercial interest;
          4. +
        4. which promotes a business name and/or logo;
          5. +
        5. which contains a link to an app via iOS or Google Play; or
          6. +
        6. which has as its purpose or effect the collection and sharing of personal data;
          7. +
        +
        3. +
      3. + be irrelevant to the purpose or aims of the Platform or while addressing relevant subject matter, contain an irrelevant, unsuitable or inappropriate slant (for example relating to potentially controversial opinions or beliefs of any kind intended to influence others); +
        4. +
      4. be defamatory of any person;
        5. +
      5. be obscene, offensive, hateful or inflammatory, or contain any profanity;
        6. +
      6. bully, insult, intimidate or humiliate;
        7. +
      7. + encourage suicide, substance abuse, eating disorders or other acts of self-harm.Content related to self - harm for the purposes of therapy, education and the promotion of general wellbeing may be uploaded, but we reserve the right to make changes to the way in which it is accessed in order that users do not view it accidentally; +
        8. +
      8. + feature sexual imagery purely intended to stimulate sexual arousal. Non - pornographic content relating to sexual health and related issues, surgical procedures and the results of surgical procedures, breastfeeding, therapy, education and the promotion of general wellbeing may be uploaded, but we reserve the right to make changes to the way in which it is accessed in order that users do not view it accidentally; +
        9. +
      9. + include child sexual abuse material. Content relating to safeguarding which addresses the subject of child sexual abuse may be uploaded, but we reserve the right to make changes to the way in which it is accessed in order that users do not view it accidentally; +
        10. +
      10. + incite or glorify violence including content designed principally for the purposes of causing reactions of shock or disgust; +
        11. +
      11. + promote discrimination or discriminate in respect of the protected characteristics set out in the Equality Act 2010, being age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, nationality, religion or belief, sex, and sexual orientation; +
        12. +
      12. infringe any copyright, database right or trade mark of any other person;
        13. +
      13. be likely to deceive any person;
        14. +
      14. breach any legal duty owed to a third party, such as a contractual duty or a duty of confidence;
        15. +
      15. + promote any illegal content or activity, including but not limited to the encouragement, promotion, justification, praise or provision of aid to dangerous persons or organisations, including extremists, terrorists and terrorist organisations and those engaged in any form of criminal activity; +
        16. +
      16. be in contempt of court;
        17. +
      17. + be threatening, abuse or invade another''s privacy, or cause annoyance, inconvenience or needless anxiety; +
        18. +
      18. be likely to harass, bully, shame, degrade, upset, embarrass, alarm or annoy any other person;
        19. +
      19. impersonate any person or misrepresent your identity or affiliation with any person;
        20. +
      20. + advocate, promote, incite any party to commit, or assist any unlawful or criminal act such as (by way of example only) copyright infringement or computer misuse; +
        21. +
      21. + contain a statement which you know or believe, or have reasonable grounds for believing, that members of the public to whom the statement is, or is to be, published are likely to understand as a direct or indirect encouragement or other inducement to the commission, preparation or instigation of acts of terrorism; +
        22. +
      22. contain harmful material;
        23. +
      23. give the impression that the Contribution emanates from us, if this is not the case; or
        24. +
      24. disclose any third party’s confidential information, identity, personally identifiable information or personal data (including data concerning health).
        25. +
      +
      6. +
    6. You acknowledge and accept that, when using the Platform and accessing the Content, some Content that has been uploaded by third parties may be factually inaccurate, or the topics addressed by the Content may be offensive, indecent, or objectionable in nature. We are not responsible (legally or otherwise) for any claim you may have in relation to the Content.
      7. +
    7. When producing Content to upload to the Platform, we encourage you to implement NICE guideline recommendations and ensure that sources of evidence are valid (for example, by peer review).
      8. +
    +
    5. +
  5. + Metadata +

    When making any Contribution, you must where prompted include a sufficient description of the Content so that other users can understand the description, source, and age of the Content. For example, if Content has been quality assured, then the relevant information should be posted in the appropriate field. All metadata fields on the Platform must be completed appropriately before initiating upload. Including the correct information is important in order to help other users locate the Content (otherwise the Content may not appear in search results for others to select).

    +
    6. +
  6. + Updates +

    You must update each Contribution at least once every 3 (three) years, or update or remove it should it cease to be relevant or become outdated or revealed or generally perceived to be unsafe or otherwise unsuitable for inclusion on the Platform.

    +
    7. +
  7. + Accessibility +

    Where practicable, all Contributions should aim to meet the accessibility standards as described in our Accessibility Statement + [https://www.dls.nhs.uk/v2/LearningSolutions/AccessibilityHelp] and as set out in the AA Standard Web Content Accessibility Guidelines v2.1 found here: + https://www.w3.org/TR/WCAG21/.

    +
    8. +
  8. + Rules about linking to the Platform +
      +
    1. The Platform must not be framed on any other site.
      2. +
    2. You may directly link to any Content that is hosted on the Platform, however, please be aware that not all links will continue to be available indefinitely. We will use our best efforts to ensure that all links are valid at the time of creating the related Content but cannot be held responsible for any subsequent changes to the link address or related Content.
      3. +
    +
    9. +
  9. + No text or data mining, or web scraping +
      +
    1. + You shall not conduct, facilitate, authorize or permit any text or data mining or web scraping in relation to the Platform or any services provided via, or in relation to, the Platform. This includes using (or permitting, authorizing or attempting the use of): +
        +
      1. any ""robot"", ""bot"", ""spider"", ""scraper"" or other automated device, program, tool, algorithm, code, process or methodology to access, obtain, copy, monitor or republish any portion of the Platform or any data, Content, information or services accessed via the same; and/or
        2. +
      2. any automated analytical technique aimed at analyzing text and data in digital form to generate information which includes but is not limited to patterns, trends, and correlations.
        3. +
      +
      2. +
    2. The provisions in this paragraph should be treated as an express reservation of our rights in this regard, including for the purposes of Article 4(3) of Digital Copyright Directive ((EU) 2019/790).
      3. +
    3. This paragraph shall not apply insofar as (but only to the extent that) we are unable to exclude or limit text or data mining or web scraping activity by contract under the laws which are applicable to us.
      4. +
    +
    10. +
  10. + Breach of this Acceptable Use Policy +

    Failure to comply with this Acceptable Use Policy constitutes a material breach of this Acceptable Use Policy upon which you are permitted to use the Platform and may result in our taking all or any of the following actions:

    +
      +
    1. Immediate, temporary, or permanent withdrawal of your right to use the Platform;
      2. +
    2. Immediate, temporary, or permanent removal of any Contribution uploaded by you to the Platform;
      3. +
    3. Issue of a warning to you;
      4. +
    4. Legal proceedings against you for reimbursement of all costs...
      5. +
    5. Disclosure of such information to law enforcement authorities...
      6. +
    6. Any other action we reasonably deem appropriate.
      7. +
    +
    11. +
"; + + Execute.Sql(@"UPDATE Config SET UpdatedDate = GETDATE() ,ConfigText =N'" + AcceptableUseNew + "'" + + "where ConfigName='AcceptableUse' AND IsHtml = 1"); + } + public override void Down() + { + var PrivacyPolicyOld = @"

PRIVACY NOTICE

    This page explains our privacy policy and how we will use and protect any information about you that you give to us or that we collate when you visit this website, or undertake employment with NHS England (NHSE or we/us/our), or participate in any NHSE sponsored training, education and development including via any of our training platform websites (Training).
    This privacy notice is intended to provide transparency regarding what personal data NHSE may hold about you, how it will be processed and stored, how long it will be retained and who may have access to your data.
    Personal data is any information relating to an identified or identifiable living person (known as the data subject). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number or factors specific to the physical, genetic or mental identity of that person, for example.

1 OUR ROLE IN THE NHS

    We are here to improve the quality of healthcare for the people and patients of England through education, training and lifelong development of staff and appropriate planning of the workforce required to deliver healthcare services in England.
    We aim to enable high quality, effective, compassionate care and to identify the right people with the right skills and the right values. All the information we collect is to support these objectives.

2 IMPORTANT INFORMATION

    NHSE is the data controller in respect of any personal data it holds concerning trainees in Training, individuals employed by NHSE and individuals accessing NHSE’s website.
    We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy or our privacy practices, want to know more about how your information will be used, or make a request to exercise your legal rights, please contact our DPO in the following ways:
    Name: Andrew Todd
    Email address: gdpr@hee.nhs.uk
    Postal address: NHS England of Skipton House, 80 London Road, London SE1 6LH

3 WHAT THIS PRIVACY STATEMENT COVERS

    This privacy statement only covers the processing of personal data by NHSE that NHSE has obtained from data subjects accessing any of NHSE’s websites and from its provision of services and exercise of functions. It does not cover the processing of data by any sites that can be linked to or from NHSE’s websites, so you should always be aware when you are moving to another site and read the privacy statement on that website.
    When providing NHSE with any of your personal data for the first time, for example, when you take up an appointment with NHSE or when you register for any Training, you will be asked to confirm that you have read and accepted the terms of this privacy statement. A copy of your acknowledgement will be retained for reference.
    If our privacy policy changes in any way, we will place an updated version on this page. Regularly reviewing the page ensures you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

4 WHY NHSE COLLECTS YOUR PERSONAL DATA

    Personal data may be collected from you via the recruitment process, when you register and/or create an account for any Training, during your Annual Review of Competence Progression or via NHSE’s appraisal process. Personal data may also be obtained from Local Education Providers or employing organisations in connection with the functions of NHSE.
    Your personal data is collected and processed for the purposes of and in connection with the functions that NHSE performs with regard to Training and planning. The collection and processing of such data is necessary for the purposes of those functions.
    A full copy of our notification to the Information Commissioner’s Office (ICO) (the UK regulator for data protection issues), can be found on the ICO website here: www.ico.org.uk by searching NHSE’s ICO registration number, which is Z2950066.
    In connection with Training, NHSE collects and uses your personal information for the following purposes:
  1. to manage your Training and programme, including allowing you to access your own learning history;
  2. to quality assure Training programmes and ensure that standards are maintained, including gathering feedback or input on the service, content, or layout of the Training and customising the content and/or layout of the Training;
  3. to identify workforce planning targets;
  4. to maintain patient safety through the management of performance concerns;
  5. to comply with legal and regulatory responsibilities including revalidation;
  6. to contact you about Training updates, opportunities, events, surveys and information that may be of interest to you;
  7. transferring your Training activity records for programmes to other organisations involved in medical training in the healthcare sector. These organisations include professional bodies that you may be a member of, such as a medical royal college or foundation school; or employing organisations, such as trusts;
  8. making your Training activity records visible to specific named individuals, such as tutors, to allow tutors to view their trainees’ activity. We would seek your explicit consent before authorising anyone else to view your records;
  9. providing anonymous, summarised data to partner organisations, such as professional bodies; or local organisations, such as strategic health authorities or trusts;
  10. for NHSE internal review;
  11. to provide HR related support services and Training to you, for clinical professional learner recruitment;
  12. to promote our services;
  13. to monitor our own accounts and records;
  14. to monitor our work, to report on progress made; and
  15. to let us fulfil our statutory obligations and statutory returns as set by the Department of Health and the law (for example complying with NHSE’s legal obligations and regulatory responsibilities under employment law).
    Further information about our use of your personal data in connection with Training can be found in ’A Reference Guide for Postgraduate Foundation and Specialty Training in the UK’, published by the Conference of Postgraduate Medical Deans of the United Kingdom and known as the ‘Gold Guide’, which can be found here: https://www.copmed.org.uk/gold-guide.

5 TYPES OF PERSONAL DATA COLLECTED BY NHSE

    The personal data that NHSE collects when you register for Training enables the creation of an accurate user profile/account, which is necessary for reporting purposes and to offer Training that is relevant to your needs.
    The personal data that is stored by NHSE is limited to information relating to your work, such as your job role, place of work, and membership number for a professional body (e.g. your General Medical Council number). NHSE will never ask for your home address or any other domestic information.
    When accessing Training, you will be asked to set up some security questions, which may contain personal information. These questions enable you to log in if you forget your password and will never be used for any other purpose. The answers that you submit when setting up these security questions are encrypted in the database so no one can view what has been entered, not even NHSE administrators.
    NHSE also store a record of some Training activity, including upload and download of Training content, posts on forums or other communication media, and all enquires to the service desks that support the Training.
    If you do not provide personal data that we need from you when requested, we may not be able to provide services (such as Training) to you. In this case, we may have to cancel such service, but we will notify you at the time if this happens.

6 COOKIES

    When you access NHSE’s website and Training, we want to make them easy, useful and reliable. This sometimes involves placing small amounts of limited information on your device (such as your computer or mobile phone). These small files are known as cookies, and we ask you to agree to their usage in accordance with ICO guidance.
    These cookies are used to improve the services (including the Training) we provide you through, for example:
  1. enabling a service to recognise your device, so you do not have to give the same information several times during one task (e.g. we use a cookie to remember your username if you check the ’Remember Me’ box on a log in page);
  2. recognising that you may already have given a username and password, so you do not need to do it for every web page requested;
  3. measuring how many people are using services, so they can be made easier to use and there is enough capacity to ensure they are fast; and
  4. analysing anonymised data to help us understand how people interact with services so we can make them better.
    We use a series of cookies to monitor website speed and usage, as well as to ensure that any preferences you have selected previously are the same when you return to our website. Please visit our cookie policies page to understand the cookies that we use: https://www.dls.nhs.uk/v2/CookieConsent/CookiePolicy
    Most cookies applied when accessing Training are used to keep track of your input when filling in online forms, known as session-ID cookies, which are exempt from needing consent as they are deemed essential for using the website or Training they apply to. Some cookies, like those used to measure how you use the Training, are not needed for our website to work. These cookies can help us improve the Training, but we’ll only use them if you say it’s OK. We’ll use a cookie to save your settings.
    On a number of pages on our website or Training, we use ’plug-ins’ or embedded media. For example, we might embed YouTube videos. Where we have used this type of content, the suppliers of these services may also set cookies on your device when you visit their pages. These are known as ’third-party’ cookies. To opt-out of third-parties collecting any data regarding your interaction on our website, please refer to their websites for further information.
    We will not use cookies to collect personal data about you. However, if you wish to restrict or block the cookies which are set by our websites or Training, or indeed any other website, you can do this through your browser settings. The ’Help’ function within your browser should tell you how. Alternatively, you may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your machine as well as more general information about cookies. Please be aware that restricting cookies may impact on the functionality of our website.

7 LEGAL BASIS FOR PROCESSING

    The retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR) requires that data controllers and organisations that process personal data demonstrate compliance with its provisions. This involves publishing our basis for lawful processing of personal data.
    As personal data is processed for the purposes of NHSE’s statutory functions, NHSE’s legal bases for the processing of personal data as listed in Article 6 of the UK GDPR are as follows:
    Where NHSE processes special categories of personal data, its additional legal bases for processing such data as listed in Article 9 of the UK GDPR are as follows:
    Special categories of personal data include data relating to racial or ethnic origin, political opinions, religious beliefs, sexual orientation and data concerning health.
    Please note that not all of the above legal bases will apply for each type of processing activity that NHSE may undertake. However, when processing any personal data for any particular purpose, one or more of the above legal bases will apply.
    We may seek your consent for some processing activities, for example for sending out invitations to you to Training events and sending out material from other government agencies. If you do not give consent for us to use your data for these purposes, we will not use your data for these purposes, but your data may still be retained by us and used by us for other processing activities based on the above lawful conditions for processing set out above.

8 INFORMATION THAT WE MAY NEED TO SEND YOU

    We may occasionally have to send you information from NHSE, the Department of Health, other public authorities and government agencies about matters of policy where those policy issues impact on Training, workforce planning, or other matters related to NHSE. This is because NHSE is required by statute to exercise functions of the Secretary of State in respect of Training and workforce planning. If you prefer, you can opt out of receiving information about general matters of policy impacting on Training and workforce planning by contacting your Local Office recruitment lead or tel@hee.nhs.uk. The relevant Local Office or a representative from the relevant training platform website will provide you with further advice and guidance regarding any consequences of your request.
    NHSE will not send you generic information from other public authorities and government agencies on issues of government policy.

9 TRANSFERS ABROAD

    The UK GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations, in order to ensure that the level of protection of individuals afforded by the UK GDPR is not undermined.
    Your data may only be transferred abroad where NHSE is assured that a third country, a territory or one or more specific sectors in the third country, or an international organisation ensures an adequate level of protection.

10 HOW WE PROTECT YOUR PERSONAL DATA

    Our processing of all personal data complies with the UK GDPR principles. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. The security of the data is assured through the implementation of NHSE’s policies on information governance management.
    The personal data we hold may be held as an electronic record on data systems managed by NHSE, or as a paper record. These records are only accessed, seen and used in the following circumstances:
  1. if required and/or permitted by law; or
  2. by NHSE staff who need access to them so they can do their jobs and who are subject to a duty of confidentiality; or
  3. by other partner organisations, including our suppliers, who have been asked to sign appropriate non-disclosure or data sharing agreements and will never be allowed to use the information for commercial purposes.
    We make every effort to keep your personal information accurate and up to date, but in some cases we are reliant on you as the data subject to notify us of any necessary changes to your personal data. If you tell us of any changes in your circumstances, we can update the records with personal data you choose to share with us.
    Information collected by NHSE will never be sold for financial gain or shared with other organisations for commercial purposes.
    We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

11 SHARING PERSONAL DATA

    So we can provide the right services at the right level, we may share your personal data within services across NHSE and with other third party organisations such as the Department of Health, higher education institutions, clinical placement providers, colleges, faculties, other NHSE Local Offices, the General Medical Council, NHS Trusts/Health Boards/Health and Social Care Trusts, approved academic researchers and other NHS and government agencies where necessary, to provide the best possible Training and to ensure that we discharge NHSEs responsibilities for employment and workforce planning for the NHS. This will be on a legitimate need to know basis only.
    We may also share information, where necessary, to prevent, detect or assist in the investigation of fraud or criminal activity, to assist in the administration of justice, for the purposes of seeking legal advice or exercising or defending legal rights or as otherwise required by the law.
    Where the data is used for analysis and publication by a recipient or third party, any publication will be on an anonymous basis, and will not make it possible to identify any individual. This will mean that the data ceases to become personal data.

12 HOW LONG WE RETAIN YOUR PERSONAL DATA

    We will keep personal data for no longer than necessary to fulfil the purposes we collected it for, in accordance with our records management policy and the NHS records retention schedule within the NHS Records Management Code of Practice at: https://www.england.nhs.uk/contact-us/privacy-notice/nhs-england-as-a-data-controller (as may be amended from time to time).
    In some circumstances you can ask us to delete your data. Please see the “Your rights” section below for further information.
    In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

13 OPEN DATA

    Open data is data that is published by central government, local authorities and public bodies to help you build products and services. NHSE policy is to observe the Cabinet Office transparency and accountability commitments towards more open use of public data in accordance with relevant and applicable UK legislation.
    NHSE would never share personal data through the open data facility. To this end, NHSE will implement information governance protocols that reflect the ICO’s recommended best practice for record anonymisation, and Office of National Statistics guidance on publication of statistical information.

14 YOUR RIGHTS

14.1 Right to rectification and erasure

    Under the UK GDPR you have the right to rectification of inaccurate personal data and the right to request the erasure of your personal data. However, the right to erasure is not an absolute right and it may be that it is necessary for NHSE to continue to process your personal data for a number of lawful and legitimate reasons.

14.2 Right to object and withdraw your consent

    You have the right in certain circumstances to ask NHSE to stop processing your personal data in relation to any NHSE service. As set out above, you can decide that you do not wish to receive information from NHSE about matters of policy affecting Training and workforce. However, the right to object is not an absolute right and it may be that it is necessary in certain circumstances for NHSE to continue to process your personal data for a number of lawful and legitimate reasons.
    If you object to the way in which NHSE is processing your personal information or if you wish to ask NHSE to stop processing your personal data, please contact your relevant Local Office.
    Please note, if we do stop processing personal data about you, this may prevent NHSE from providing the best possible service to you. Withdrawing your consent will result in your Training account being anonymised and access to the Training removed.

14.3 Right to request access

    You can access a copy of the information NHSE holds about you by writing to NHSE’s Public and Parliamentary Accountability Team. This information is generally available to you free of charge subject to the receipt of appropriate identification. More information about subject access requests can be found here: https://www.hee.nhs.uk/about/contact-us/subject-access-request.

14.4 Right to request a transfer

    The UK GDPR sets out the right for a data subject to have their personal data ported from one controller to another on request in certain circumstances. You should discuss any request for this with your Local Office. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

14.5 Right to restrict processing

    You can ask us to suspend the processing of your personal data if you want us to establish the data’s accuracy, where our use of the data is unlawful but you do not want us to erase it, where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims or where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

14.6 Complaints

    You have the right to make a complaint at any time to the ICO. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact your Local Office or the DPO in the first instance, using the contact details above.
    You can contact the ICO at the following address:

    The Office of the Information Commissioner
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire
    SK9 5AF

14.7 Your responsibilities

    It is important that you work with us to ensure that the information we hold about you is accurate and up to date so please inform NHSE if any of your personal data needs to be updated or corrected.
    All communications from NHSE will normally be by email. It is therefore essential for you to maintain an effective and secure email address, or you may not receive information or other important news and information about your employment or Training.
"; + + Execute.Sql(@"UPDATE Config SET UpdatedDate = GETDATE() ,ConfigText =N'" + PrivacyPolicyOld + "'" + + "where ConfigName='PrivacyPolicy' AND IsHtml = 1"); + + var AcceptableUseOld = @"

ACCEPTABLE USE POLICY

+
    +
  1. + General +
      +
    1. This Acceptable Use Policy sets out how we permit you to use any of our Platforms. Your compliance with this Acceptable Use Policy is a condition of your use of the Platform.
      2. +
    2. Capitalised terms have the meaning given to them in the terms of use for the Platform which are available at https://www.dls.nhs.uk/v2/LearningSolutions/Terms.
      3. +
    +
    2. +
  2. + Acceptable use +
      +
    1. You are permitted to use the Platform as set out in the Terms and for the purpose of personal study.
      2. +
    2. You must not use any part of the Content on the Platform for commercial purposes without obtaining a licence to do so from us or our licensors.
      3. +
    3. If you print off, copy, download, share or repost any part of the Platform in breach of this Acceptable Use Policy, your right to use the Platform will cease immediately and you must, at our option, return or destroy any copies of the materials you have made.
      4. +
    4. Our status (and that of any identified contributors) as the authors of Content on the Platform must always be acknowledged (except in respect of Third-Party Content).
      5. +
    +
    3. +
  3. + Prohibited uses +
      +
    1. + You may not use the Platform: +
        +
      1. in any way that breaches any applicable local, national or international law or regulation;
        2. +
      2. in any way that is unlawful or fraudulent or has any unlawful or fraudulent purpose or effect;
        3. +
      3. in any way that infringes the rights of, or restricts or inhibits the use and enjoyment of this site by any third party;
        4. +
      4. for the purpose of harming or attempting to harm minors in any way;
        5. +
      5. to bully, insult, intimidate or humiliate any person;
        6. +
      6. to send, knowingly receive, upload, download, use or re-use any material which does not comply with our Content Standards as set out in paragraph 4;
        7. +
      7. to transmit, or procure the sending of, any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation (spam), or any unwanted or repetitive content that may cause disruption to the Platform or diminish the user experience, of the Platform’s usefulness or relevant to others;
        8. +
      8. to do any act or thing with the intention of disrupting the Platform in any way, including uploading any malware or links to malware, or introduce any virus, trojan, worm, logic bomb or other material that is malicious or technologically harmful or other potentially damaging items into the Platform;
        9. +
      9. to knowingly transmit any data, send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware; or
        10. +
      10. to upload terrorist content.
        11. +
      +
      2. +
    2. + You also agree: +
        +
      1. to follow any reasonable instructions given to you by us in connection with your use of the Platform;
        2. +
      2. to respect the rights and dignity of others, in order to maintain the ethos and good reputation of the NHS, the public good generally and the spirit of cooperation between those studying and working within the health and care sector. In particular, you must act in a professional manner with regard to all other users of the Platform at all times;
        3. +
      3. + not to modify or attempt to modify any of the Content, save: +
          +
        1. in respect of Contributions;
          2. +
        2. where you are the editor of a catalogue within the Learning Hub, you may alter Content within that catalogue;
          3. +
        +
        4. +
      4. not to download or copy any of the Content to electronic or photographic media;
        5. +
      5. not to reproduce any part of the Content by any means or under any format other than as a reasonable aid to your personal study;
        6. +
      6. not to reproduce, duplicate, copy or re-sell any Content in contravention of the provisions of this Acceptable Use Policy; and
        7. +
      7. not to use tools that automatically perform actions on your behalf;
        8. +
      8. not to upload any content that infringes the intellectual property rights, privacy rights or any other rights of any person or organisation; and
        9. +
      9. not to attempt to disguise your identity or that of your organisation;
        10. +
      10. + not to access without authority, interfere with, damage or disrupt: +
          +
        1. any part of the Platform;
          2. +
        2. any equipment or network on which the Platform is stored;
          3. +
        3. any software used in the provision of the Platform;
          4. +
        4. the server on which the Platform is stored;
          5. +
        5. any computer or database connected to the Platform; or
          6. +
        6. any equipment or network or software owned or used by any third party.
          7. +
        +
        11. +
      11. not to attack the Platform via a denial-of-service attack or a distributed denial-of-service attack.
        12. +
      +
      3. +
    +
    4. +
  4. + Content standards +
      +
    1. The content standards set out in this paragraph 4 (Content Standards) apply to any and all Contributions.
      2. +
    2. The Content Standards must be complied with in spirit as well as to the letter. The Content Standards apply to each part of any Contribution as well as to its whole.
      3. +
    3. We will determine, in our discretion, whether a Contribution breaches the Content Standards.
      4. +
    4. + A Contribution must: +
        +
      1. be accurate (where it states facts);
        2. +
      2. be genuinely held (where it states opinions); and
        3. +
      3. comply with the law applicable in England and Wales and in any country from which it is posted.
        4. +
      +
      5. +
    5. + A Contribution must not: +
        +
      1. + contain misinformation that is likely to harm users, patients/service users, health and care workers, or the general public’s wellbeing, safety, trust and reputation, including the reputation of the NHS or any part of it. This could include false and misleading information relating to disease prevention and treatment, conspiracy theories, content that encourages discrimination, harassment or physical violence, content originating from misinformation campaigns, and content edited or manipulated in such a way as to constitute misinformation; +
        2. +
      2. + contain any content or link to any content: +
          +
        1. which is created for advertising, promotional or other commercial purposes, including links, logos and business names;
          2. +
        2. which requires a subscription or payment to gain access to such content;
          3. +
        3. in which the user has a commercial interest;
          4. +
        4. which promotes a business name and/or logo;
          5. +
        5. which contains a link to an app via iOS or Google Play; or
          6. +
        6. which has as its purpose or effect the collection and sharing of personal data;
          7. +
        +
        3. +
      3. + be irrelevant to the purpose or aims of the Platform or while addressing relevant subject matter, contain an irrelevant, unsuitable or inappropriate slant (for example relating to potentially controversial opinions or beliefs of any kind intended to influence others); +
        4. +
      4. be defamatory of any person;
        5. +
      5. be obscene, offensive, hateful or inflammatory, or contain any profanity;
        6. +
      6. bully, insult, intimidate or humiliate;
        7. +
      7. + encourage suicide, substance abuse, eating disorders or other acts of self-harm.Content related to self - harm for the purposes of therapy, education and the promotion of general wellbeing may be uploaded, but we reserve the right to make changes to the way in which it is accessed in order that users do not view it accidentally; +
        8. +
      8. + feature sexual imagery purely intended to stimulate sexual arousal. Non - pornographic content relating to sexual health and related issues, surgical procedures and the results of surgical procedures, breastfeeding, therapy, education and the promotion of general wellbeing may be uploaded, but we reserve the right to make changes to the way in which it is accessed in order that users do not view it accidentally; +
        9. +
      9. + include child sexual abuse material. Content relating to safeguarding which addresses the subject of child sexual abuse may be uploaded, but we reserve the right to make changes to the way in which it is accessed in order that users do not view it accidentally; +
        10. +
      10. + incite or glorify violence including content designed principally for the purposes of causing reactions of shock or disgust; +
        11. +
      11. + promote discrimination or discriminate in respect of the protected characteristics set out in the Equality Act 2010, being age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, nationality, religion or belief, sex, and sexual orientation; +
        12. +
      12. infringe any copyright, database right or trade mark of any other person;
        13. +
      13. be likely to deceive any person;
        14. +
      14. breach any legal duty owed to a third party, such as a contractual duty or a duty of confidence;
        15. +
      15. + promote any illegal content or activity, including but not limited to the encouragement, promotion, justification, praise or provision of aid to dangerous persons or organisations, including extremists, terrorists and terrorist organisations and those engaged in any form of criminal activity; +
        16. +
      16. be in contempt of court;
        17. +
      17. + be threatening, abuse or invade another''s privacy, or cause annoyance, inconvenience or needless anxiety; +
        18. +
      18. be likely to harass, bully, shame, degrade, upset, embarrass, alarm or annoy any other person;
        19. +
      19. impersonate any person or misrepresent your identity or affiliation with any person;
        20. +
      20. + advocate, promote, incite any party to commit, or assist any unlawful or criminal act such as (by way of example only) copyright infringement or computer misuse; +
        21. +
      21. + contain a statement which you know or believe, or have reasonable grounds for believing, that members of the public to whom the statement is, or is to be, published are likely to understand as a direct or indirect encouragement or other inducement to the commission, preparation or instigation of acts of terrorism; +
        22. +
      22. contain harmful material;
        23. +
      23. give the impression that the Contribution emanates from us, if this is not the case; or
        24. +
      24. disclose any third party’s confidential information, identity, personally identifiable information or personal data (including data concerning health).
        25. +
      +
      6. +
    6. You acknowledge and accept that, when using the Platform and accessing the Content, some Content that has been uploaded by third parties may be factually inaccurate, or the topics addressed by the Content may be offensive, indecent, or objectionable in nature. We are not responsible (legally or otherwise) for any claim you may have in relation to the Content.
      7. +
    7. When producing Content to upload to the Platform, we encourage you to implement NICE guideline recommendations and ensure that sources of evidence are valid (for example, by peer review).
      8. +
    +
    5. +
  5. + Metadata +
      + When making any Contribution, you must where prompted include a sufficient description of the Content so that other users can understand the description, source, and age of the Content. For example, if Content has been quality assured, then the relevant information should be posted in the appropriate field. All metadata fields on the Platform must be completed appropriately before initiating upload. Including the correct information is important in order to help other users locate the Content (otherwise the Content may not appear in search results for others to select). +
    +
    6. +
  6. + Updates +
      + You must update each Contribution at least once every 3 (three) years, or update or remove it should it cease to be relevant or become outdated or revealed or generally perceived to be unsafe or otherwise unsuitable for inclusion on the Platform. +
    +
    7. +
  7. + Accessibility +
      + Where practicable, all Contributions should aim to meet the accessibility standards as described in our Accessibility Statement + [https://www.dls.nhs.uk/v2/LearningSolutions/AccessibilityHelp] and as set out in the AA Standard Web Content Accessibility Guidelines v2.1 found here: + https://www.w3.org/TR/WCAG21/. +
    +
    8. +
  8. + Rules about linking to the Platform +
      +
    1. The Platform must not be framed on any other site.
      2. +
    2. You may directly link to any Content that is hosted on the Platform, however, please be aware that not all links will continue to be available indefinitely. We will use our best efforts to ensure that all links are valid at the time of creating the related Content but cannot be held responsible for any subsequent changes to the link address or related Content.
      3. +
    +
    9. +
  9. + No text or data mining, or web scraping +
      +
    1. + You shall not conduct, facilitate, authorize or permit any text or data mining or web scraping in relation to the Platform or any services provided via, or in relation to, the Platform. This includes using (or permitting, authorizing or attempting the use of): +
        +
      1. any ""robot"", ""bot"", ""spider"", ""scraper"" or other automated device, program, tool, algorithm, code, process or methodology to access, obtain, copy, monitor or republish any portion of the Platform or any data, Content, information or services accessed via the same; and/or
        2. +
      2. any automated analytical technique aimed at analyzing text and data in digital form to generate information which includes but is not limited to patterns, trends, and correlations.
        3. +
      +
      2. +
    2. The provisions in this paragraph should be treated as an express reservation of our rights in this regard, including for the purposes of Article 4(3) of Digital Copyright Directive ((EU) 2019/790).
      3. +
    3. This paragraph shall not apply insofar as (but only to the extent that) we are unable to exclude or limit text or data mining or web scraping activity by contract under the laws which are applicable to us.
      4. +
    +
    10. +
  10. + Breach of this Acceptable Use Policy +
      + Failure to comply with this Acceptable Use Policy constitutes a material breach of this Acceptable Use Policy upon which you are permitted to use the Platform and may result in our taking all or any of the following actions: +
    1. immediate, temporary, or permanent withdrawal of your right to use the Platform;
      2. +
    2. immediate, temporary, or permanent removal of any Contribution uploaded by you to the Platform;
      3. +
    3. issue of a warning to you;
      4. +
    4. legal proceedings against you for reimbursement of all costs on an indemnity basis (including, but not limited to, reasonable administrative and legal costs) resulting from the breach, and/or further legal action against you;
      5. +
    5. disclosure of such information to law enforcement authorities as we reasonably feel is necessary or as required by law; and/or
      6. +
    6. any other action we reasonably deem appropriate.
      7. +
    +
    11. +
"; + + Execute.Sql(@"UPDATE Config SET UpdatedDate = GETDATE() ,ConfigText =N'" + AcceptableUseOld + "'" + + "where ConfigName='AcceptableUse' AND IsHtml = 1"); + } + } +}