NHS Education for Scotland (NES) is a public-sector body as set out in 2002 No. 103 National Health Service – the NHS Education for Scotland Order 2002. It is one of the organisations which form part of NHS Scotland (NHSS).
NES is an education and training body and a special health board within NHS Scotland, with responsibility of developing and delivering education and training for the healthcare workforce in Scotland.
NES holds and manages personal data for the administration and evaluation of training and education of health and social care professionals, for the employment of staff, for research and for related activities in support of our core purposes.
We process several categories of personal data, including:
For SOAR, we process the following categories of personal data:
To enable the NES Medical Appraisal Team and authorised employees of your Health Board to arrange and facilitate your appraisal and supporting information required for revalidation
For those who also have the role of Appraiser, relevant details regarding training and activity as an appraiser will also be retained
NES as a data controller and a data processor, is required to have a legal basis when using personal information. NES considers that performance of our tasks and functions are in the public interest. When using personal information, our legal basis usually is that its use is necessary for the performance of a task carried out in the public interest, or in the exercise of official authority vested in us.
For SOAR NES considers our legal basis for processing is:
We will share personal data where appropriate and necessary with third parties such as employing NHS Boards and other employers, educational institutions and regulatory and professional bodies. We will also share personal data where required to do so by law.
For SOAR we may share your data with:
SOAR will not transfer any of your personal data outside of the UK.
We take our duty to protect your personal information and confidentiality very seriously and we are committed to taking reasonable measures to ensure the confidentiality and security of personal data for which we are responsible for.
All NES staff are required to undertake annual information governance training and to be familiar with information governance policies and procedures.
You have the following rights in regard to your personal data:
You have the right to access the information which NES holds about you, and why, subject to any exemptions using a Subject Access Request. Requests must be made in writing and you will need to provide:
You should send your request to the Information Governance Team. Contact details can be found below.
We will aim to comply with requests for access to personal data as quickly as possible. We will ensure that we deal with requests within 30 days of receipt unless there is a reason for delay that is justifiable.
In the first instance, you should contact the Information Governance Team – contact details can be found below.
NES is a 'data controller' under the Data Protection Act. We have notified the Information Commissioner that we process personal data and our registration number is: Z7921413
The details are publicly available from the: -
Information Commissioner’s Officer
Wilmslow SK9 5AF
NES employs a Data Protection Officer to check that we handle personal information in ways that meet data protection law. Our Data Protection Officer is Tracey Gill who can be contacted at this email address:
Data Protection Officer
Edinburgh EH3 9DN
Our corporate privacy notice is available online at: https://www.nes.scot.nhs.uk/legal-and-site-information/privacy/
This page was last updated on: 20/10/2023