Terms and conditions

This agreement establishes the terms and conditions under which CDEP bulk purchase commissioners and appropriate diabetes clinical leads can access CDEP reporting data.

CDEP data sharing policy is aligned with the 8 data protection principles.

The term 'Commissioner' includes delegated representatives, successors or others as appropriate, that have been given the responsibility to monitor the uptake and utilisation of CDEP within their staffing cohort, by their purchasing organisation.

Agreed Purpose:

CDEP's purpose for systematically sharing data with commissioners and diabetes clinical leads is for the agreed purpose of monitoring the uptake and utilisation of CDEP within its targeted staff cohort. This will allow best use of resources as well as maximum, positive impact on diabetes clinical care and patient safety.

CDEP aggregate data can be used to tailor local diabetes education strategies to support face-to-face training and staff development. The commissioner shall not use the data for any other purposes unless prior approval is obtained from CDEP and explicit consent is obtained from the individuals involved.

The confidentiality of data pertaining to individual users of CDEP will be protected as follows:
1) CDEP does not request, collect or store any 'sensitive personal data' of individuals undertaking CDEP. Only essential and relevant data will be shared for the agreed purpose.

2) CDEP will not release the names of the individual users to the commissioners, unless express consent is obtained from the individual concerned, as per the NHS England Information Governance Guidelines.

3) Individual CDEP user data (such as role, place of work, date of registration, topics started and topics completed) will be provided for the sole purpose of monitoring CDEP uptake and utilisation.

4) CDEP will release aggregate data for the commissioner's cohort of users regarding the average number of attempts taken to successfully pass a competency or topic. CDEP will also release topic evaluation/feedback which demonstrates the impact the CDEP topics have on the cohort's diabetes competence, confidence and guideline familiarity. This aggregate data may be used by the commissioner's organisation to inform diabetes education and training strategies.

5) The commissioner will not release any information that could be linked to an individual, nor will the commissioner present the results of CDEP data analysis (including maps), in any manner, that would reveal the identity of individuals.

6) The commissioner will not release individual practice/organisation addresses, nor will the commissioner present the results of CDEP data analysis (including maps), in any manner, that would reveal individual practice/organisation addresses.

7) The commissioner shall, at all times, be responsible for ensuring that all CDEP data (including data in an electronic format) is stored securely. The commissioner shall take appropriate measures to ensure the security of such data, and guard against unauthorised access, disclosure, loss or destruction, while in its custody.

8) The commissioner will not release data to a third party without prior approval from CDEP and explicit consent from the individuals involved. Any third party granted access to data shall be subjected to the terms and conditions of this agreement. Acceptance of these terms must be provided in writing by the third party before the data is released.

9) The commissioner will not share, publish or otherwise release any findings or conclusions derived from analysis of data obtained from CDEP, without prior approval from CDEP.

10) CDEP requires the commissioner to advise CDEP of any potential or actual loss of data within three (3) working days of identification of any potential or actual loss, whether in relation to its own processing of the data or that of data processed on its behalf. CDEP can then consider what further action is required in relation to such an incident, and the impact of future sharing of data. CDEP further requires the commissioner to notify it as soon as possible of any breaches of security, which might potentially give rise to a risk on the security of the data.

11) CDEP reserves its rights to inspect arrangements for the processing of the shared data and to withdraw agreement to the use of CDEP data, where it considers the commissioner to not be processing the data in accordance with this agreement.

12) The commissioner uses or relies on the data at its own risk. CDEP takes no responsibility for the accuracy, currency, reliability and correctness of the data, or of links or references to other information sources and disclaims all warranties to the maximum extent permitted by legislation.

13) CDEP data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects, in relation to the processing of personal data.

14) As of 2019, Microsoft no longer provides security updates or technical support for Internet Explorer. CDEP recommends that commissioners make use of supported web browsers such as Firefox, Google Chrome, Microsoft Edge, Safari, etc where the web browsers have regular security updates, ensuring that identified issues are rectified. These regular security updates help protect computers from malicious attacks. Upgrading and using current web browsers is therefore important for data protection.

CDEP communication with commissioners:

CDEP will send periodic commissioner newsletters to keep you abreast of new developments and new content. By agreeing to these Terms and Conditions, you are consenting to receive these newsletters.

Newsletters will be sent to you (via Mailchimp) and contain tracking facilities within the actual email. Your email activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity, other activity around how you access and view the emails and tracking with the aim of improving your experience and how we present our email newsletter going forward. This information is used to refine future email campaigns and supply you with more relevant content, based around your activity.

You will be able to unsubscribe from our email newsletter by clicking the applicable unsubscribe link in our email – or by following other instructions as provided by us in the email.