What is Blippit?
'Blippit' is an education & health technology brand that is owned by Get Logged In Ltd who is registered with the Information Commissioner's Office with details held publicly on the data protection register.
What do we do?
We provide web-based software, apps, support, training and resources (as 'Blippit') to enhance learning in health and education settings through apps including 'Blippit Meds', in partnership with Health Trusts to champion improvement in fluid stewardship.
What information is shared?
What is the purpose of processing user data?
The lawful basis for processing personal data for all users, whether trial or fully registered Trust membership accounts, comes under legitimate interests. All users/customers proactively must proactively agree to allow us to process their data at registration. Without user consent, neither the administrative or user Support aspects of our service can be provided.
We adhere to data minimisation principles and only collect data that is necessary to deliver and support our core service. We hold the minimum possible number of datapoints per account at all times and none of these reach beyond securely serving the functionality of the Blippit Meds service to Trusts.
User-submitted information is used to:
• give all users the correct functionality and role-based privileges in Blippit Meds
• reach all users as part of an automated email approval process with the required information for joining Blippit Meds
• reach the Trust for organisational billing purposes as required via email solely via the Trust's Key Contact ('Admin') for Blippit Meds
• share service updates and guidance solely via the Trust's Key Contact ('Admin') for Blippit Meds via email or phone as required.
When a Trust upgrades to the full Blippit Meds product, we use a Trust's Key Contact's data under a lawful contract basis to inform billing and service support. All users/customers are their own data controllers who can modify their account data at any time.
We process that which users give to us directly at registration in order provide the Blippit Meds service and enable billing via the Trust Key Contact as required. We may support the correction of user typos or update key account contact information to improve data quality or accuracy.
Automated Processing and profiling
Users' data rights are protected from any potential legal consequences arising from automated data processing and profiling because Blippit Meds has no such automated processing and utilises the Trust Key Contact ('Admin') for all data related account processes.
Personal, sensitive and anonymised information
Blippit Meds does not use, control or process any Special Category data as described under GDPR.
How long is user information stored?
Blippit Meds will store registration and user information only while a Trust is an active user on the platform. We follow established best practices and completely delete your data within 12 months of a subscription ending. There may be scope to allow time for Trusts to download PDF resources from Blippit Meds but this will be at our discretion and need to be agreed in writing between the Trust key contact and their Blippit Meds account manager. Some information, such as any Guidelines or Monograph PDFs uploaded by the Trust, users can download or delete on demand. Your right to portability of personal data is fully acknowledged and supported.
Billing, support and sales-related email
For the duration of the live account. Key Trust Contact address retained for 12 months.
Internal core business account records containing fields required by UK Government revenue reporting
Customer records need to be retained for 6 years
Copy forms and other paperwork regarding account billing
These need to be retained for 6 years
How user data is collected & options for opting out
Organisational public data of Health Trusts and any key contacts are collected manually from Trust websites for the purpose of communication and marketing. Users can opt out of any further contact on receiving information about Blippit Meds via phone 01772657100 or email firstname.lastname@example.org
Website traffic data to BlippitMeds.com, such as IP numbers, is collected using Google Analytics for the purpose of monitoring performance and advertising. Users can opt out of this collection when using the site.
Having a Blippit Meds Administrator is a key requirement of the platform at Trust level. A Trust will select and inform Blippit of their chosen Admin, also known as a Trust Key Contact. The Admin's contact details are shared with Blippit who will then add them to the Trust's account configuration by Blippit Technical Support at the set up stage. When set up is complete, the Trust Admin will log in over the web by entering a username and password which is encrypted securely on submission end-to-end using industry standard SSL encryption. The password can be updated at any time. A user cannot opt out of this collection if they are to fulfil the key role of Trust Admin including receipt of Support.
All other users within a Trust may self-register for a Blippit Meds account following set up and establishment of a Trust Admin. At registration, users enter a first name, second name, select their Department and Trust then add their work email and create a new password. Passwords are enforced as a minimum of 8 characters requiring upper and lower case letters with at least one number.
All information submitted via the self-registration form is and encrypted and transmitted securely end-to-end as it transits the internet using industry standard SSL encryption. All credentials are stored securely behind firewall technologies. All account data submitted is checked and approved by the Trust Admin who ultimately approves or denies a user account registration.
How will your data be protected?
Any personal data sent to the Blippit Meds platform, for the purpose of account set up and management, is fully encrypted in transit via SSL. User data is stored securely, including the encryption of passwords, and protected behind firewall technologies on the Blippit Meds platform in the UK. User passwords are not visible or accessible over the web to Blippit Meds Support as part of data security measures. If a password is lost or forgotten by a user the only way of regaining access is to follow our 'Forgot password' process which is fully automated.
No personal data is stored outside the European Economic area and as such it is stored and used following General Data Protection Regulation. All users have to be approved manually by the nominated Trust Key Contact (known as 'Admin'). The Trust's Blippit Meds Admin may contact a user using the supplied email to verify details at their discretion.
All users of Blippit Meds are approved manually by a Trust Admin who may also contact any user who has signed up for an account, for the purpose of verifying account details, entirely at their discretion. Blippit Meds will never contact any individual Blippit Meds user within a Trust except the Admin.
Additional Security Measures to protect your data
If a user forgets to log out of a device in their Trust or off site, they can log in from any other web connected device to-hand and this will cause the previously logged in device to automatically log out of its session. This additional security measure helps to protect inadvertent undesirable account activity or information being uploaded under the wrong account if the user is a Publisher or Admin.
If you would like to request a copy of the information Blippit holds on you then please make your request in writing to email@example.com
If at any point you believe the information that 'Blippit Meds' (a brand of Get Logged In Ltd) processes regarding your account is incorrect you can request to see it, have it corrected or deleted. Wherever possible we will seek to comply with your request but we may need to hold or process Trust level account information in connection with one or more of our legal functions such as UK revenue reporting.
If you wish to raise a question or complaint about how we have handled your data, you can contact firstname.lastname@example.org who will investigate the matter. If you are not satisfied with our response or believe we are processing your personal data unlawfully, you can complain to the Information Commissioner’s Office (ICO) here.
Name and Contact details of our Organisation as held with ICO
We are registered with the Information Commissioner's Office and are listed on the data protection register
Blippit - (Get Logged In Ltd)
Developer information - all correspondence relating to exercising data rights will be responded to within 2 months.
support @ blippit.co.uk
Name and address details of the Representative
John Bidder ( john.bidder @ blippit.co.uk )
Coppull Enterprise Centre
Blippit has completed the ICO Assessment and Balance Test.
• The Categories of Personal Data obtained being name, job title and email address.
• The Retention Period for the personal data being until notification that the address or recipient is no longer valid.
The Right of Access
A Data Subject has the right to obtain a copy of their personal data which must be provided within one month of the request. Subjects have the choice to use whatever name they are known by professionally within the Trust but can at any time have the Trust Admin update these details on their behalf.
The Right to Erasure
A Data Subject has the right to have their personal data erased within one month if: The personal data is no longer valid for the purpose that we originally processed it. There is no overriding legitimate interest to continue the processing. The processing is for direct marketing purposes and the Data Subject has a legitimate Right to Object.
The Right to Object and Request Restriction or Suppression of Personal data
A Data Subject has the right to object to the processing of personal data if it is for direct marketing purposes and this will be dealt with within one month. Blippit Meds never contacts registered users below the level of a Trust's Key Contact ('Admin'). A Data Subject must give specific reasons why they are objecting, these reasons should be based upon their particular situation. This can be refused if the Data Controller can demonstrate legitimate interests for the processing, which do not override the Data Subject's interests, rights, and freedoms. If the Data Subject requires for exceptional reasons that they must withdraw consent for the use of their personal data this will be accomodated through mediation with the Trust Admin by either deleting their account or changing the first name and last name to suitable alternatives if the Trust agrees.