Appendix 1 - Pro Forma Staff Privacy Notice
Intelligent Workforce Solution ("IWS")
Overview
Your employer ("we" or "us") has implemented a tasking solution, Intelligent Workforce Solution (“IWS” or the “system”), that uses location data and location-powered scheduling algorithms to optimise resources and workflow and to provide information about the status of tasks, likely start and completion times and the causes of any delays. IWS enables us to optimise our internal processes so we can meet our patient care and performance goals.
You will be given access to a pool of smartphones (“Devices”) for you to use when doing your work. You must keep the Device safe and charged and carry it with you for the duration of your shift in accordance with our equipment policy in the Employee Handbook.
We have set out below details of what types of personal data we collect when using IWS, what it is used for and how long it is kept. We also describe the legal basis for collecting the data, who it is shared with and what your rights are.
Personal Data We Collect and How It Is Collected
The following table sets out the information we collect about you and the Device you are using:
| Data Point | Data Use |
|---|---|
| Location Data | |
| Location (within 1000m of premises) | To establish if user is in the vicinity of the premises. |
| Location (within 400m of premises) | To establish user’s likely entrance to premises. |
| On-site location | To determine arrival / departure / dwell times for optimisation and analytics. |
| Sensor data (accelerometer, gyroscope, magnetometer, pressure gauge) | To update signal maps used for location estimation. |
| Wi-Fi scan data | To update signal maps used for location estimation and to estimate location. |
| BLE scan data | To estimate location. |
| GPS data | To estimate location outside to determine task response / completion times. |
| Battery and charging data | To monitor app efficiency. |
| Last-known locations (not linked to task) | To estimate location for reporting. |
| Semantic / physical / signal maps | To estimate location. |
| Task handler data | |
| Name (first and last) | To allow system users to create, track and review tasks by name. |
| Phone number / extension | To allow system users to communicate with each other. |
| Email address / Username* | To allow users to access the system and communicate with each other. |
| User ID | To allow the system to identify unique users. |
| Default location | To set controls for regions in which task handlers can operate. |
| Skillset | To enable tasks to be given to task handlers with relevant skills. |
| Permissions | To control access privileges in the system. |
| Role | To enable tasks to be assigned to the correct staff group. |
| Shift times | To plan for and optimise availability of staff to complete tasks. |
| Task-handler status (ready, on task, on emergency response, on ad hoc request, on break, in meeting, in / out of range, unavailable) | To allow system to identify suitable task handler and to allow users to track task-handler status. |
| Historical locations (linked to tasks) | To optimise task allocation using recent location data. |
| Any other data characterised as customer staff data | To provide additional information about the task handler or other staff. |
| Tasking data | |
| Task type | To define tasks for users (e.g. patient move or blood move). |
| Task details | To identify specifics about task type. |
| Task priority | To allow tasks to be prioritised. |
| Task status (unassigned, assignment in progress, in progress, paused, cancelled, pending approval, pending verification, completed) | To allow portal users to track status of task. |
| Estimated completion time | To allow portal user to view estimated completion time. |
| Actual completion time | To allow system users to track time taken to complete tasks. |
| Response time | To allow customers to manage service level compliance. |
| Breach time | To allow customers to manage service level compliance. |
| Time stamps for all task activities | To allow the system to track the progress of tasks by time. |
| Notes (excluding patient notes) | To allow system users to add additional instructions for a task. |
| Free text fields for task information | To allow system users to add additional information about a task. |
| Task waypoints | To inform the task handler about locations associated with task. |
| Task linkage information | To allow users to identify tasks that are linked together. |
| Task ID | To allow the system to identify a task by reference. |
| Task skillset | To identify skillsets required for a given. |
Some of this data is collected by us during the commissioning phase of IWS, namely: name, phone number, username, permissions group, role, location, skillset and maps. The remaining data is collected automatically when you log into the Device and start to use the system.
Location information will include GPS data and sensor data from the Device (from the accelerometer, gyroscope, magnetometer, Wi-Fi, BLE beacon or pressure information). The IWS system will start to acknowledge GPS signals when the Device is within 1km of our premises and this frequency will increase the nearer you get. Once you enter our premises, the system will then use a combination of the sensor data and the building plan to work out your location which is then linked to room references inside our premises.
You should note that the Device will continue to determine your approximate location until it is switched off. We recommend that you either switch off the Device if you leave the premises or leave it in your office or designated area when you have finished your shift.
Tasking information will include login / shift times, user state, task state and lapse times. This information is collected when you login to the system and when you are communicating, via the Device, with the person who is assigning tasks. For example, if you accept a task, IWS will track the status of the task and, among other things, how long it takes to be completed. At the end of your shift, when you log out, IWS will record when this happens.
Use of Your Personal Data
We will use your personal data, during the commissioning of IWS, to make sure that the system is set up and functions properly. After commissioning, IWS will use that information, together with the location information it collects when you are using the system, to determine which tasks should be allocated to you. This process is automated but takes into account your work and skills group, location and availability. The system is designed to ensure that tasks are assigned to the right person, in the right place at the right time to improve productivity and enable better healthcare outcomes.
We will also use information collected by IWS to review task-completion data and to run reports. This provides an insight in work and task-completion patterns and allows us to optimise our internal processes. Reports will show aggregated data across a work group or team, or specific data relating to particular tasks or individuals. However, as IWS is a workforce efficiency tool, it is not designed specifically to manage individual performance and only in exceptional cases would it be used for that purpose.
Legal Basis for Processing
We process the personal data collected by the Device (i) to comply with our legal obligations as a healthcare provider and (ii) in order to perform our contract of employment with you.
Sharing of your personal data
We will share your personal data with the supplier of IWS, Navenio Limited, who acts as a data processor on our behalf. We may also disclose your personal data to others where necessary in order to comply with any legal or regulatory obligations.
For data subjects located in the UK, your personal data will not be transferred outside the United Kingdom or the European Economic Area. For data subjects located in other regions, separate arrangements for the secure storage of your personal data have been made with Navenio Limited.
Data Security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and where they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Retention Period
Unless we are under a legal obligation to retain information for a longer period, we will keep your personal data for no longer than is necessary for the purposes set out above under “Legal basis for processing”. The normal retention periods are as follows:
| Data Point | Retention Period |
|---|---|
| Location data | |
| Location (within 1000m of premises) | 2 years |
| Location (within 400m of premises) | 2 years |
| On-site location | 2 years |
| Sensor data | 2 years |
| Wi-Fi scan data | 2 years |
| BLE scan data | 2 years |
| GPS data | 2 years |
| Battery and charging data | 2 years |
| Last-known locations (not linked to task) | 2 years |
| Semantic / physical / signal maps | Indefinitely |
| Task handler data* | |
| Name (first and last) | 3 years |
| Phone number / extension | 3 years |
| Email address / Username** | 3 years |
| User ID | 3 years |
| Default location | 3 years |
| Skillset | 3 years |
| Permissions | 3 years |
| Role | 3 years |
| Shift times | 3 years |
| Task-handler status | 3 years |
| Historical locations (linked to tasks) | 3 years |
| Any other data characterised as customer staff data [configurable] | 3 years |
| Tasking data* | |
| Task type [configurable] | 3 years |
| Task details | 3 years |
| Task priority | 3 years |
| Task status | 3 years |
| Estimated task time | 3 years |
| Actual task time | 3 years |
| Response time | 3 years |
| Breach time [configurable] | 3 years |
| Time stamps for all task activities | 3 years |
| Notes (excluding patient notes) | 3 years |
| Free text field for task information | 3 years |
| Task waypoints | 3 years |
| Task linkage information | 3 years |
| Task ID | 3 years |
| Task skillset | 3 years |
* Task handler data and tasking data are only visible to customer staff for 12 months
** Authentication data required for you to access the system (normally email and password) will in any case be kept for as long as you need access.
If we change the way we process your personal information or how long we need to keep it, we will notify you accordingly.
At the end of the retention period your personal data will either be deleted or anonymised.
Your Rights
You are entitled to make a request to us to get access to your personal data.
If your personal data is inaccurate or misleading, you are entitled to request that we rectify the information.
Under certain conditions, you have the right (i) to request us to erase or restrict access to your personal data or (ii) to object to the processing.
You may also have the right to data portability and, where you do, we will provide you with your data in a suitable format at your request.
If you have any further questions about why and how we process your personal data or if you wish to exercise any of the rights described above, please contact our Data Protection Officer in the first instance.
If you have any concerns or complaints about the way your personal data is being handled, you may also contact the Information Commissioner’s Office.