Please read these licence terms carefully
BY CLICKING ON THE "ACCEPT" BUTTON BELOW YOU AGREE TO THESE TERMS WHICH WILL BIND YOU.
Before installation of this App, please indicate your consent to our processing of your personal data (including your name, contact details, financial and device information) as described in the
YES I consent to the installation of the App.
BY CLICKING ON THE "ACCEPT" BUTTON BELOW YOU CONSENT TO THE WAY WE COLLECT PERSONAL DATA AS SET OUT IN THESE TERMS.
BY CLICKING ON THE “ACCEPT” BUTTON BELOW YOU ALSO CONSENT TO YOUR NAME, EMPLOYEE NUMBER AND EMAIL ADDRESS BEING PASSED TO EDENRED (UK GROUP) LIMITED FOR THE PURPOSE OF PROVIDING YOU WITH ACCESS TO THEIR RESPECTIVE WEBSITES.
NO I do not consent to the installation of the App.
IF YOU DO NOT AGREE TO THESE TERMS, CLICK ON THE "REJECT" BUTTON BELOW.
Who we are and what this agreement does
We NHS Shared Business Services Limited of Three Cherry Trees Lane, Hemel Hempstead, HP2 7AH, license you to use:
· MySBSPay mobile application software, the data supplied with the software, (App) and any updates or supplements to it
· the related online and electronic documentation (Documentation) and
· the service you connect to via the App and the content we provide to you through it (Service),
as permitted in these terms.
We only use any personal data we collect through your use of the App and the Services in the ways set out in the fair processing notification contained in the Annex to these terms.
Please be aware that internet transmissions are never completely private or secure and that any message or information you send using the App or any Service may be read or intercepted by others, even if there is a special notice that a particular transmission is encrypted
Google Play and App Store's terms also apply
The ways in which you can use the App and Documentation may also be controlled by the rules and policies of Google Play and App Store and they will apply instead of these terms where there are differences between the two. Please find a link to such rules and policies below:
Operating System Requirements
This app requires a mobile telephone running either of the following operating systems: Android v4.4 or iOS 10.
Support for the App and how to tell us about problems
Support. If you want to learn more about the App or the Service or have any problems using them please take a look at our support resources at.
How you may use the app
In return for your agreeing to comply with these terms you may:
· download or stream a copy of the App onto your portable device and view, use and display the App and the Service on such devices for your personal purposes only;
· use any Documentation to support your permitted use of the App and the Service; and
· receive and use any free supplementary software code or update of the App incorporating "patches" and corrections of errors as we may provide to you.
You must be 18 to accept these terms and buy the App
You must be 18 or over to accept these terms and download the App.
You may not transfer the App to someone else
We are giving you personally the right to use the App and the Service as set out above. You may not transfer the App or the Service to someone else, whether for money, for anything else or for free. If you sell any device on which the App is installed, you must remove the App from it.
Changes to these terms
We may need to change these terms to reflect changes in law or best practice or to deal with additional features which we introduce.
We will inform you of any change by notifying you of the change when you next start the App.
If you do not accept the notified changes you will not be permitted to continue to use the App and the Service.
Update to the App and changes to the service
From time to time we may update the App or change the Service automatically to improve performance, enhance functionality, reflect changes to the operating system or address security issues. Alternatively we may ask you to update the App for these reasons.
If you choose not to install such updates or if you opt out of automatic updates you may not be able to continue using the App and the Services.
If someone else owns the phone or device you are using
If you download or stream the App onto any device not owned by you, you must have the owner's permission to do so. You will be responsible for complying with these terms, whether or not you own the phone or other device.
We may collect technical data about your device
By using the App or any of the Services, you agree to us collecting and using technical information about the devices on which you use the App and related software, hardware and peripherals to improve our products and to provide any Services to you.
We may collect Location Data (but you can turn Location Services Off)
Certain Services, will make use of location data sent from your devices. You can turn off this functionality at any time by turning off the location services settings for the App on the device. If you use these Services, you consent to us and Internal Third Parties’ (as defined below) and licensees' transmission, collection, retention, maintenance, processing and use of your location data and queries to provide and improve location-based and road traffic-based products and services.
You may stop us collecting such data at any time by turning off the location services settings on your device.
We are not responsible for other websites you link to
The App or any Service may contain links to other independent websites
which are not provided by us. Such independent sites are not under our control,
and we are not responsible for and have not checked and approved their content
or their privacy policies (if any).
You will need to make your own independent judgement about whether to use any such independent sites, including whether to buy any products or services offered by them.
You agree that you will:
· not rent, lease, sub-license, loan, provide, or otherwise make available, the App or the Services in any form, in whole or in part to any person without prior written consent from us;
· not copy the App, Documentation or Services, except as part of the normal use of the App or where it is necessary for the purpose of back-up or operational security;
· not translate, merge, adapt, vary, alter or modify, the whole or any part of the App, Documentation or Services nor permit the App or the Services or any part of them to be combined with, or become incorporated in, any other programs, except as necessary to use the App and the Services on devices as permitted in these terms;
· not disassemble, de-compile, reverse engineer or create derivative works based on the whole or any part of the App or the Services nor attempt to do any such things, except to the extent that (by virtue of sections 50B and 296A of the Copyright, Designs and Patents Act 1988) such actions cannot be prohibited because they are necessary to decompile the App to obtain the information necessary to create an independent program that can be operated with the App or with another program (Permitted Objective), and provided that the information obtained by you during such activities:
. is not disclosed or communicated without the Licensor's prior written consent to any third party to whom it is not necessary to disclose or communicate it in order to achieve the Permitted Objective; and
. is not used to create any software that is substantially similar in its expression to the App;
. is kept secure; and
. is used only for the Permitted Objective;
· comply with all applicable technology control or export laws and regulations that apply to the technology used or supported by the App or any Service.
Acceptable Use Restrictions
· not use the App or any Service in any unlawful manner, for any unlawful purpose, or in any manner inconsistent with these terms, or act fraudulently or maliciously, for example, by hacking into or inserting malicious code, such as viruses, or harmful data, into the App, any Service or any operating system;
· not infringe our intellectual property rights or those of any third party in relation to your use of the App or any Service, including by the submission of any material (to the extent that such use is not licensed by these terms);
· not transmit any material that is defamatory, offensive or otherwise objectionable in relation to your use of the App or any Service;
· not use the App or any Service in a way that could damage, disable, overburden, impair or compromise our systems or security or interfere with other users; and
· not collect or harvest any information or data from any Service or our systems or attempt to decipher any transmissions to or from the servers running any Service.
Intellectual Property Rights
All intellectual property rights in the App, the Documentation and the Services throughout the world belong to us and the rights in the App and the Services are licensed (not sold) to you. You have no intellectual property rights in, or to, the App, the Documentation or the Services other than the right to use them in accordance with these terms.
Our responsibility for loss or damage suffered by you
We are responsible to you for foreseeable loss and damage caused by us. If we fail to comply with these terms, we are responsible for loss or damage you suffer that is a foreseeable result of our breaking these terms or our failing to use reasonable care and skill, but we are not responsible for any loss or damage that is not foreseeable. Loss or damage is foreseeable if either it is obvious that it will happen or if, at the time you accepted these terms, both we and you knew it might happen.
We do not exclude or limit in any way our liability to you where it would be unlawful to do so. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors or for fraud or fraudulent misrepresentation
When we are liable for damage to your property. If defective digital content that we have supplied damages a device or digital content belonging to you, we will either repair the damage or pay you compensation. However, we will not be liable for damage that you could have avoided by following our advice to apply an update offered to you free of charge or for damage that was caused by you failing to correctly follow installation instructions or to have in place the minimum system requirements advised by us.
We are not liable for business losses. The App is for domestic and private use. If you use the App for any commercial, business or resale purpose we will have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity.
Limitations to the App and the Services. The App and the Services are provided for general information purposes only. They do not offer advice on which you should rely. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of information obtained from the App or the Service. Although we make reasonable efforts to update the information provided by the App and the Service, we make no representations, warranties or guarantees, whether express or implied, that such information is accurate, complete or up to date.
Please back-up content and data used with the App. We recommend that you back up any content and data used in connection with the App, to protect yourself in case of problems with the App or the Service.
Check that the App and the Services are suitable for you. The App and the Services have not been developed to meet your individual requirements. Please check that the facilities and functions of the App and the Services (as described on the Appstore site and in the Documentation) meet your requirements.
We are not responsible for events outside our control. If our provision of the Services or support for the App or the Services is delayed by an event outside our control then we will contact you as soon as possible to let you know and we will take steps to minimise the effect of the delay. Provided we do this we will not be liable for delays caused by the event, but if there is a risk of substantial delay you may contact us to end your contract with us.
We may end your rights to use the App and the Services if you break these terms
We may end your rights to use the App and Services at any time by contacting you if you have broken these terms in a serious way. If what you have done can be put right we will give you a reasonable opportunity to do so.
If we end your rights to use the App and Services:
· you must stop all activities authorised by these terms, including your use of the App and any Services;
· you must delete or remove the App from all devices in your possession and destroy all copies of the App which you have immediately and confirm to us that you have done this; and
· we may access your devices remotely and remove the App from them and cease providing you with access to the Services.
We may transfer this agreement to someone else
We may transfer our rights and obligations under these terms to another organisation. We will always tell you in writing if this happens and we will ensure that the transfer will not affect your rights under the contract.
You need our consent to transfer your rights to someone else
You may only transfer your rights or your obligations under these terms to another person if we agree in writing.
No rights for third parties
This agreement does not give rise to any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this agreement.
If a court finds part of this contract illegal, the rest will continue in force
Each of the paragraphs of these terms operates separately. If any court or relevant authority decides that any of them are unlawful, the remaining paragraphs will remain in full force and effect.
Even if we delay in enforcing these terms, we can still enforce them later
Even if we delay in enforcing these terms, we can still enforce them later. If we do not insist immediately that you do anything you are required to do under these terms, or if we delay in taking steps against you in respect of your breaking these terms, that will not mean that you do not have to do those things and it will not prevent us taking steps against you at a later date.
Which laws apply to these terms and where you may bring legal proceedings
These terms are governed by English law and you can bring legal proceedings in respect of the App or the Services in the English courts. If you live in Scotland you can bring legal proceedings in respect of the App or the Services in either the Scottish or the English courts. If you live in Northern Ireland you can bring legal proceedings in respect of the App or the Services in either the Northern Irish or the English courts.
NHS Shared Business Services Limited (NHS SBS) is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with data protection laws, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. It applies to all employees who are provided payroll services by NHS SBS (as contracted by your employer) and who have selected to utilise the ‘MySBSPay’ App.
For the purposes of this document, NHS SBS is the "data processor", your employer is the “data controller”. This means that we are responsible for the safe management of how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice. This notice applies to current and former employees, agency workers and other data subjects as registered to receive payroll services from NHS SBS via their employer. This notice does not form part of any contract of employment or other contract to provide services. This notice can be updated at any time and we will inform you if this occurs. It is important that you read this notice, together with any other privacy notice that is provided on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
Data Protection Principles
We will comply with the data protection principles set out in GDPR. These say that the personal information we hold about you must be:
· used lawfully, fairly and in a transparent way.
· collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
· relevant to the purposes we have told you about and limited only to those purposes.
· accurate and kept up to date.
· kept only as long as necessary for the purposes we have told you about.
· kept securely.
The kind of information we hold about you
Personal data, or personal information, means any information about a living individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are "special categories" of more sensitive personal data which require a higher level of protection.
We collect, store, and use the following categories of personal information about you:
· personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
· Queries raised with NHS SBS for matters relating to your record and/or pay and pensions data;
· National Insurance number;
· payroll records and tax status information;
· salary, annual leave, pension and benefits information;
· location of employment or workplace;
· job titles, work history, working hours, absences, professional memberships;
· secondary employment;
· information about your use of our information and communications systems;
· Data about the profile you created to provide access to the App;
· Usage Data;
· Marketing and Communications Data;
How is your personal information collected?
We will collect and process the following data about you:
· information you give us. This is information about you, provided by you to us and which you consent to us processing, by filling in forms on the App or by accessing services through the App (“Services”), or by corresponding with us (for example, by email or chat). It includes information you provide when you register to use the App Site, download or register an App, subscribe to any of our Services, search for an App or Service and when you report a problem with an App or our Services. If you contact us, we will keep a record of that correspondence.
· information we collect about you from your employer. We typically collect personal information about employees, agency workers and contactors through the application and recruitment process directly from your employer.
How we will use information about you
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
· where it is necessary for performing the contract we are about to enter or have entered into with you; or
· where we need to comply with a legal obligation.
There can be rare occasions where it becomes necessary to use your personal information to protect your interests (or someone else's interests), such as in the event of an accident at work.
The situations in which we will process your personal information are listed below:
|Purpose/activity||Type of data||Lawful basis for processing|
|To install the App and register you as a new App user||Identity
Performance of a contract with you
|To manage our relationship with you including notifying you of changes to the App
or any Services
Marketing and Communications
Performance of a contract with you
|To administer and protect our business and this App including troubleshooting, data analysis and system testing||Identity
|Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security)
Necessary to comply with a legal obligation
|To deliver content and advertisements to you
To make recommendations to you about goods or services which may interest you
Marketing and Communications
|To measure and analyse the effectiveness of the advertising we serve you||Identity
Marketing and Communications
Necessary for our legitimate interests (to develop our products/Services and grow our business)
|To monitor trends so we can improve the app||Identity
Marketing and Communications
Necessary for our legitimate interests (to develop our products/Services and grow our business)
Disclosures of your personal data
When you consent to providing us with your personal data, we will also ask you for your consent to share your personal data with the third parties set out below for the purposes set out in the table:
· Internal Third Parties such as other companies in NHS SBS’s group.
· External Third Parties such as third party providers, professional advisers and HMRC.
· Specific Third Parties such as Edenred Limited.
If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to perform the service we have entered into with you fully (such as paying you or providing a benefit), or we could be prevented from complying with our legal obligations .
Change of Purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated or new purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we will if necessary, process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How we use particularly sensitive personal information
"Special categories" of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We will, if necessary, process special categories of personal information in the following circumstances:
· where we need to carry out our legal obligations or exercise our employment-related legal rights and in line with the applicable data protection policy;
· where it is in line with our data protection policy and necessary for
. preventing or detecting unlawful acts;
In some circumstances, we will process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.
Do we need your consent?
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations, or for one of the other reasons outlined above under: ‘How we use particularly sensitive personal information’. In limited circumstances, if the need arises, we will approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would require and the reason we need it, so that you can consider carefully whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
You will not be subject to decisions that will have an impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We will in some circumstances have to share your data with third parties such as Internal Third Parties, External Third Parties and Specific Third Parties. We require third parties to respect the security of your data and to treat it in accordance with the law.
We will in some circumstances transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information .
Why might you share my personal information with third parties?
We will share your personal information with third parties where required by law, or where it is necessary to administer the working relationship with you. This will, in some circumstances, involve sharing special categories of personal data.
Which Third-Party service providers process my personal information?
"Third parties" includes Internal Third Parties, External Third Parties and Specific Third Parties. The following activities are processed by NHS Shared Business Services wholly or partly by third-party service providers:
· IT services
· Data Analytics
· Payroll administration
· Discount and shopping services
Third Party links
Our App may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.
How secure is my information with Third-Party service providers?
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
If a third party provider uses your personal information for their own purposes, they do so as data controller, must inform you of what data they are using and the reasons why they using it, and possibly request your consent or that you contract with them directly.
When might you share my personal information with other organisations within the Sopra Steria group?
We will share your personal information with other Sopra Steria organisations as part of our regular reporting activities on departmental performance, in the context of a business reorganisation or restructuring exercise, for system maintenance support and hosting of data; for provision of group-wide information systems, business planning, succession planning, statistical analysis; and general management purposes.
What about other third parties?
If required, we will need to share your personal information with a regulator or to otherwise comply with the law.
Transferring information outside the EU
We do not transfer the personal information we collect about you to countries outside the EU If you require further information about these protective measures, you can request it from Data Protection Officer (NHS SBS), Three Cherry Trees Lane, Hemel Hempstead HP2 7AH or.
We have put in place measures to protect the security of your information.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will you use my information for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are available in our business retention policy which aligns with the National Records Management Code Of Practice:
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we will anonymise your personal information so that it can no longer be associated with you, in which case we will use such information without further notice to you. Once you are no longer an employee, agency worker or contractor whose information we are obliged to process for compliance with laws or for purposes related to legal claims, we will retain and securely destroy your personal information in accordance with our data retention policy and applicable laws and regulations.
Rights of Access, Correction, Erasure and Restriction
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
· request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
· request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
· request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
· object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes;
· request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it; and
· request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Data Protection Officer (NHS SBS), Three Cherry Trees Lane, Hemel Hempstead HP2 7AH in writing, or email . Please note that the Data Protection Act 2018 may apply so that we do not have to grant your request in full. However, we will always meet your request as far as we are able.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we are allowed under the law to charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we can refuse to comply with the request in such circumstances.
What we may need from you
We sometimes need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.If you do not provide such information in a timely manner, this may delay our response to your request.
Right to withdraw consent
In the limited circumstances where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact Data Protection Officer (NHS SBS), Three Cherry Trees Lane, Hemel Hempstead HP2 7AH in writing, or email. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO at (NHS SBS), Three Cherry Trees Lane, Hemel Hempstead HP2 7AH or.You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We will also notify you in other ways from time to time about the processing of your personal information. The new policy may be displayed on-screen and you may be required to read and accept the changes to continue your use of the App.
If you have any questions about this privacy notice, please contact Data Protection Officer, (NHS SBS), Three Cherry Trees Lane, Hemel Hempstead HP2 7AH or .