Who we are
Our website address is: https://northernpaediatrics.com. Northernpaediatrics is a site designed to provide a setting for paediatricians to share information relevant to their specialty in the North East of England. It is run by Dr Yincent Tse, a local paediatrician as a service to paediatricians in the north east of England. It is not a training support site. Dr Yincent Tse (Consultant Paediatrician in Newcastle) and Dr Andrew Mellon (Consultant Paediatrician in Sunderland) are the administrative team behind NorthernPaediatrics. At present Dr Mellon is data protection officer.
What personal data we collect and why we collect it
We only collect information about you if we have a reason to do so — for example, to provide our Services, to communicate with you, or to make our Services better.
We collect this information from three sources: if and when you provide information to us, automatically through operating our Services, and from outside sources. Let’s go over the information that we collect.
Information You Provide to Us
- Basic account information: We do not require sign up from individual visitors to the site. We may ask for basic information from you in order to allow you to contribute to the website as content editors. None of the sub-sections of the website require sign up to access unless you are providing editorial input to the site.
- We require individuals who sign up as content editors to provide full name and an email address and will provide them with password access as appropriate to the area of content they provide. Full administrative access is limited to the named administrators above.
- Content information: You might provide us with information about you in draft and published content (a blog post or comment that includes biographic information about you, or any media or files you upload).
- Communications with us: You may also provide us with information when you respond to surveys, communicate with us about a support question, post a question in our public forums, or sign up for a newsletter.
- When you communicate with us via form or email we store a copy of our communications
Information We Collect Automatically
- Log information: Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, including the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information.
- Usage information: We collect information about your usage of our Services. For example, we collect information about the number of contacts per month for website pages to get insights on how people use our the site so we can make it better.
- Location information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our site from certain geographic regions. We may also collect information about your precise location via our mobile apps (like when you post a photograph with location information) if you allow us to do so through your mobile device operating system’s permissions.
- Stored information: We may access information stored on your mobile device via our mobile apps, for example, if you give us permission to access the photographs on your mobile device’s camera. We access this stored information through your device operating system’s permissions.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms – COOKIES
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
Data sharing is limited to
a. those with management responsibilities for NorthernPaediatrics.com
At present that includes Dr Yincent Tse and Dr Andrew Mellon (Consultant Paediatrician).
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
How we protect your data
Our site is managed by Siteground who undertake regular security checks on behalf of NorthernPaediatrics.
The domain is accessible as an https domain with the added security that confers
If we are alerted to data breaches we would anticipate following GDPR guidance on alerting users of our site of the level of security threat this poses. As our information about users is limited to IP addresses predominantly
What data breach procedures we have in place
NorthernPaediatrics follows the Information Commissioners Office (ICO) guidance in relation to data security
Preparing for a personal data breach
- Limited personal information held
Our use of identifiable information is limited to that required to run the NorthernPaediatrics website
We will never ask for sensitive information related to financial or other personal aspects of day to day life. In certain situations information for equality and diversity monitoring may be required via certain links provided within the site. We do not hold such information.
- We know how to recognise a personal data breach.
Information from Siteground our service provider comes via regular audits reported to the administrative team.
Identification of changes to administrative settings noted by the administrative team.
- We understand that a personal data breach isn’t only about loss or theft of personal data.
NorthernPaediatrics will not contact users of the site for any personal information and will limit personal data held about any one working with us on the editorial team to the least required for site safety.
Personal data breaches can include:
- access by an unauthorised third party;(Administrative rights only provided by Dr Yincent Tse and Dr Andrew Mellon)
- deliberate or accidental action (or inaction) by a controller or processor; (Limited information of any personal kind held on site and no incidents of security threat reported by service provider Siteground)
- sending personal data to an incorrect recipient;(Site not used for collating and sending personal information in this way)
- computing devices containing personal data being lost or stolen; (data not stored on personal computers but via third party web host Siteground)
- alteration of personal data without permission; (limited access to administrative panels of website Dr YT and Dr AM) and
- loss of availability of personal data.(Limited data held and not held personally)
☐ We have prepared a response plan for addressing any personal data breaches that occur.
If informed by Siteground to follow any advice on further management and nature of leak.
If any identifiable information loss to contact those individuals with such information and contact the ICO re potential breach.
To work with Siteground and the ICO in responding in timely fashion to any such breach
(Theoretical example from ICO – Your organisation (the controller NorthernPaediatrics) contracts an IT services firm (the processor Siteground) to archive and store customer records. The IT firm detects an attack on its network that results in personal data about its clients being unlawfully accessed. As this is a personal data breach, the IT firm promptly notifies you that the breach has taken place. You in turn notify the ICO.We have had no information to suggest a security threat has occurred since website established)
☐ We have allocated responsibility for managing breaches to a dedicated person or team.
The administrative lead for monitoring site safety at present is Dr Andrew Mellon.
☐ Our staff know how to escalate a security incident to the appropriate person or team in our organisation to determine whether a breach has occurred.
Dr Tse and Dr Mellon have reviewed the ISO advice on data security. They are also up to date with NHS Information governance relating to data security.
Responding to a personal data breach
☐ We have in place a process to assess the likely risk to individuals as a result of a breach.
Risks from a data breach relating to NorthernPaediatrics website are intrinsically low as it is predominantly an information sharing site with limited data held and none of it likely to be sensitive in terms of identity, health, finance or other similar categories.
☐ We know who is the relevant supervisory authority for our processing activities.
☐ We have a process to notify the ICO of a breach within 72 hours of becoming aware of it, even if we do not have all the details yet.
We are aware of this need and access to emails from Webhost Siteground is maintained
☐ We know what information we must give the ICO about a breach.
When reporting a breach, the GDPR says you must provide:
- a description of the nature of the personal data breach including, where possible:
- the categories and approximate number of individuals concerned; and
- the categories and approximate number of personal data records concerned;
- the name and contact details of the data protection officer (if your organisation has one) or other contact point where more information can be obtained;
- a description of the likely consequences of the personal data breach; and
- a description of the measures taken, or proposed to be taken, to deal with the personal data breach, including, where appropriate, the measures taken to mitigate any possible adverse effects.
☐ We have a process to inform affected individuals about a breach when it is likely to result in a high risk to their rights and freedoms.
If any breach has occurred we would contact individuals about whom we hold the most sensitive information eg editorial providers
We would take advice from the ICO about contacting occasional site users subject to the nature of the threat.
☐ We know we must inform affected individuals without undue delay.
You need to describe, in clear and plain language, the nature of the personal data breach and, at least:
- the name and contact details of your data protection officer (if your organisation has one) or other contact point where more information can be obtained;
- a description of the likely consequences of the personal data breach; and
- a description of the measures taken, or proposed to be taken, to deal with the personal data breach and including, where appropriate, of the measures taken to mitigate any possible adverse effects.
- We know what information about a breach we must provide to individuals, and that we should provide advice to help them protect themselves from its effects.
☐ We document all breaches, even if they don’t all need to be reported.
Siteground reports will be logged and any data breaches noted even if not reported to ISO or users, after assessment.
How and Why We Use Information
Purposes for Using Information
We use information about you for the purposes listed below:
- To provide helpful content.
- To ensure quality, maintain safety, and improve our Services. For example, by providing automatic upgrades and new versions of our Services. Or, for example, by monitoring and analyzing how users interact with our Services so we can create new features that we think our users will find useful.
- To protect our Services, our users, and the public. For example, by detecting security incidents; detecting and protecting against malicious, deceptive, fraudulent, or illegal activity; fighting spam; complying with our legal obligations; and protecting the rights and property of Automattic and others, which may result in us, for example, declining a transaction or terminating Services.
- To fix problems with our Services. For example, by monitoring, debugging, repairing, and preventing issues.
- To communicate with you. For example, by emailing you to ask for your feedback.
Legal Bases for Collecting and Using Information
A note here about our legal grounds for processing information about you under EU data protection laws, which is that our use of your information is based on the grounds that:
(1) The use is necessary in order to fulfill our commitments to you under the applicable terms of service or other agreements with you, or
(2) The use is necessary for compliance with a legal obligation; or
(3) The use is necessary in order to protect your vital interests or those of another person; or
(4) We have a legitimate interest in using your information — for example, to provide and update our Services; to improve our Services so that we can offer you an even better user experience; to safeguard our Services; to communicate with you; and to understand our user retention and attrition; to monitor and prevent any problems with our Services; and to personalize your experience; or
How We Share Information
We share information about you in limited circumstances, and with appropriate safeguards on your privacy. These are spelled out below
- Legal and regulatory requirements: We may disclose information about you in response to a subpoena, court order, or other governmental request. This would only ever be in accordance with legally explicit requirements.
- To protect rights, property, and others: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
- With your consent: We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties when you authorize us to do so.
- Aggregated or de-identified information: We may share information that has been aggregated or de-identified, so that it can no longer reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.
Information Shared Publicly
Information that you choose to make public is disclosed publicly.
That means information like your public profile, posts, other content that you make public on our website is available to others./
For example, if you upload a photo to a public profile, or a default image if you haven’t uploaded one, is your Globally Recognized Avatar, or Gravatar — get it? 🙂 Your Gravatar, along with other public profile information, displays alongside the comments and “Likes” that you make on other users’ websites while logged in to your WordPress.com account. Your Gravatar and public profile information may also display with your comments, “Likes,” and other interactions on websites that use our Gravatar service, if the email address associated with your account is the same email address you use on the other website.
How Long We Keep Information
We generally discard information about you when it’s no longer needed for the purposes for which we collect and use it — described in the section above on How and Why We Use Information — and we’re not legally required to keep it.
For example, we keep the web server logs that record information about a visitor to our website, like the visitor’s IP address, browser type, and operating system, for approximately 30 days. We retain the logs for this period of time in order to, among other things, analyze traffic and investigate issues if something goes wrong.
While no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so. We monitor our Services for potential vulnerabilities and attacks via Siteground , our service provider. See earlier section on data breaches.
You have several choices available when it comes to information about you:
- Limit the information that you provide: you can choose not to provide the optional information and profile information.
- Limit access to information on your mobile device: Your mobile device operating system should provide you with the option to discontinue our ability to collect stored information or location information via our mobile apps. If you choose to limit this, you may not be able to use certain features, like geotagging for photographs.
- Set your browser to reject cookies: At this time, NorthernPaediatrics does not respond to “do not track” signals across all of our Services. However, you can usually choose to set your browser to remove or reject browser cookies before using our website, with the drawback that certain features of may not function properly without the aid of cookies.
- Relinquishing editorial rights: If you have been working with us at NorthernPaediatrics (eg section editing) you will stop being involved at some point. Please keep in mind that we may continue to retain your information after closing your account, as described in How Long We Keep Information above. — for example, when that information is reasonably needed to comply with (or demonstrate our compliance with) legal obligations such as law enforcement requests, or reasonably needed for our legitimate business interests.
If you are located in certain parts of the world, including California and countries that fall under the scope of the European General Data Protection Regulation (aka the “GDPR”), you may have certain rights regarding your personal information, like the right to request access to or deletion of your data.
European General Data Protection Regulation (GDPR)
If you are located in a country that falls under the scope of the GDPR, data protection laws give you certain rights with respect to your personal data, subject to any exemptions provided by the law, including the rights to:
- Request access to your personal data;
- Request correction or deletion of your personal data;
- Object to our use and processing of your personal data;
- Request that we limit our use and processing of your personal data; and
- Request portability of your personal data.
You also have the right to make a complaint to a government supervisory authority.
California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (“CCPA”) requires us to provide California residents with some additional information about the categories of personal information we collect and share, where we get that personal information, and how and why we use it.
The CCPA also requires us to provide a list of the “categories” of personal information we collect, as that term is defined in the law, so, here it is. In the last 12 months, we collected the following categories of personal information from California residents, depending on the Services used:
- Identifiers (like your name, contact information, and device and online identifiers);
- Commercial information (your billing information and purchase history, for example);
- Characteristics protected by law (for example, you might provide your gender as part of a research survey for us);
- Internet or other electronic network activity information (such as your usage of our Services, like the actions you take as an administrator of a WordPress.com site);
- Geolocation data (such as your location based on your IP address);
- Audio, electronic, visual or similar information (such as your profile picture, if you uploaded one);
- Professional or employment-related information (for example, your company and team information if you are a Happy Tools user, or information you provide in a job application); and
- Inferences we make (such as likelihood of retention or attrition).
If you are a California resident, you have additional rights under the CCPA, subject to any exemptions provided by the law, including the right to:
- Request to know the categories of personal information we collect, the categories of business or commercial purpose for collecting and using it, the categories of sources from which the information came, the categories of third parties we share it with, and the specific pieces of information we collect about you;
- Request deletion of personal information we collect or maintain;
- Opt out of any sale of personal information; and
- Not receive discriminatory treatment for exercising your rights under the CCPA.
Contacting Us About These Rights
When you contact us about one of your rights under this section, we’ll need to verify that you are the right person before we disclose or delete anything. For example, if you are a user (editor), we will need you to contact us from the email address associated with your account. You can also designate an authorized agent to make a request on your behalf by giving us written authorization. We may still require you to verify your identity with us.
How to Reach Us
Other Things You Should Know
We would not plan to share personal information with third parties due to the nature of our site not being commercial or business oriented. Any change in this would be highlighted within the website and any future intent to share information would be linked to a change in this policy.
Analytics Services Provided by Others
Other Information and Resources