Social Media buttons

Privacy Policy

This Privacy Policy applies to the Provider Portal website which is owned by Oxford Computer Consultants.

Oxford Computer Consultants is committed to protecting and respecting your privacy and security. Whenever you provide us with your personal information via our website “Site(s)”, we will treat that information in accordance with this policy, our terms and conditions and current UK Data Protection legislation. By using this website in accordance with your contractual obligations to East Sussex County Council you agree to be bound by this policy.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. This policy may change from time to time, so please check this page periodically.

Oxford Computer Consultants

OCC is the Data Processor for data submitted via the Provider Portal website. Oxford Computer Consultants (OCC) is a company limited by guarantee (number 3521204). The registered address is 23-38 Hythe Bridge Street, Oxford OX1 2EP.

The Data Controller is East Sussex County Council, which retains ownership of all data submitted via the Provider Portal website. Please direct any queries regarding your personal information to East Sussex County Council’s data protection officer at DPO@eastsussex.gov.uk

Data Protection

Your privacy is important to OCC and we are committed to respecting information about you. We comply with the provisions of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

In accordance with the General Data Protection Regulation 2016 (GDPR), the legal basis for our processing of your data is the contract between you (the data subject) and East Sussex County Council (the data controller), whereby the processing of your data is necessary for the performance of this contract.

The GDPR provides you (the data subject) with the following rights regarding your personal data:

  • You have the right to access any personal data which we hold on you, including details of what information is stored, to which (if any) recipients data has been disclosed and how long the data will be retained. We will provide access to your information as soon as is reasonably possible within one month of the request. Access is free of charge, though we may charge an administration fee for any further copies requested of the same data. Please contact East Sussex County Council to request access at DPO@eastsussex.gov.uk.
  • You have the right to rectification of your personal data where it is inaccurate or incomplete; if this data has been disclosed to a third party, we will inform them of the rectification wherever possible. Please contact East Sussex County Council to request rectification at DPO@eastsussex.gov.uk.
  • You have the right to data portability, whereby you can obtain a copy of your personal data and reuse it in a different IT environment. We will provide this data in an open, machine-readable format (e.g. CSV) within one month of your request. Please contact the Council to request a copy of your data at DPO@eastsussex.gov.uk.
  • You have the right to complain to a supervisory body if you are dissatisfied with the way in which your data has been handled. The appropriate body in this case would be the Information Commissioner’s Office.

What personal information is collected from you?

When you visit the Site, we collect the following information: execution times and error messages. Website users remain anonymous as none of the data collected is linked to any personal information.

Purposes of data processing

We may use the information we collect for the following purposes:

  • Enabling access to the Provider Portal web interface to allow social care providers to log in and exchange information with East Sussex County Council.
  • Identifying and repairing problems with the Provider Portal website.

Who has access to your information?

Any details you provide will only available to authorised users within East Sussex County Council and will be held in accordance with the General Data Protection Regulation 2016 and Data Protection Act 2018. East Sussex County Council is the sole owner of all information collected on this Site. We will not sell, share, or rent your information to third parties, unless we have your explicit permission to do so, or we are required to do so by law, for example, by a court order or for the purposes of preventing fraud or other crime.

We may transfer your personal information to a third party as part of a sale of some or all our business and assets to any third party or as part of any business restructuring or reorganisation, or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected in these circumstances.

Data retention policy

Your data will be retained no longer than is necessary for the data processing purposes identified above; please see East Sussex County Council’s privacy policy at East Sussex County Council Data Privacy for details. Your data will be deleted within 6 years at the latest if it is no longer necessary for the fulfilment of your contractual obligations, except where continued processing is required by law.

Cookies

Three cookies (small text files that are stored on your computer by your browser) are required for the operation of this site – they are described below. No personal information is stored in the cookies that are created by this site.

Managing your current visit:

  • Name: ASP.NET_SessionId
  • Purpose: Stores a session ID to allow the site to recognise requests from your browser so that, for example, the choices you make on one page are remembered on the next.
  • Data stored by cookie: A generated session identifier.
  • Duration of cookie: Expires at the end of the session (when you close your browser).
  • More information: Without this cookie, much of the website’s functionality would be impaired, such as searching, filtering results and navigation.

Logging in to the secure area:

  • Name: validPSuser
  • Purpose: Records that you have successfully logged in with your Provider Portal account and are allowed to access the secure area.
  • Data stored by cookie: An encrypted authentication key.
  • Duration of cookie: Expires at the end of the session (when you close your browser) or when you log out.
  • More information: Without this cookie you would not be able to log in to the website.

Upgrading account to an external single sign-on account

  • Name: user_name
  • Purpose: Records that you have successfully logged in with your Provider Portal account and are eligible to upgrade your account to an external single sign-on account.
  • Data stored by cookie: An integer which can be used as an alternative to a username to verify a user’s identity.
  • Duration of cookie: Expires at the end of the session (when you close your browser) or when you log out.
  • More information: The cookie is only used if your installation is configured to support single sign on, and in this case without this cookie, you would not be able to upgrade your account to an external single sign-on account.

Removing and disabling cookies

If you do not wish to accept cookies on to your machine you can disable them by adjusting the settings on your browser. However, this will affect the functionality of the Provider Portal and other websites you may visit. To find out more about how to delete and disable cookies, visit www.aboutcookies.org.

Security precautions in place to protect the loss, misuse or alteration of your information

All sensitive transactions on the ContrOCC Provider Portal are performed using the HTTPS protocol, which encrypts the data passing between your browser and the ContrOCC Provider Portal server. The identity of the server is guaranteed by a trusted certificate identifying the site to your browser.

The ContrOCC Provider Portal website should function with any recent browser. To better protect your security when using the internet, we recommend that you upgrade your browser to the latest version available and check regularly for security updates.

Whilst we take reasonable steps to protect your personal information, the internet is not completely secure and as such Oxford Computer Consultants cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

Where we have given (or where you have chosen) a password which enables you to access certain parts of our Sites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Contact information

If you have any queries or concerns relating to your personal information or you wish to access, correct or delete any of your personal data held by us, please contact East Sussex County Council by email at DPO@eastsussex.gov.uk or by post to:

Data Protection Officer
East Sussex County Council
County Hall
St Anne's Crescent
Lewes
BN7 1UE