SHOT Privacy Notice
Last updated: February 2025
Our privacy policy
Your privacy is important to us. This privacy policy covers what we collect and how we use, disclose, transfer, and store your information.
About Serious Hazards of Transfusion
SHOT is the UK’s independent, professionally led haemovigilance scheme. Since 1996 SHOT has been collecting and analysing anonymised information on adverse events and reactions in blood transfusion from all healthcare organisations that are involved in the transfusion of blood and blood components in the United Kingdom. SHOT is funded by, and accountable to, the 4 UK Blood Services via the UK Transfusion Forum. Where risks and problems are identified, SHOT produces recommendations to improve patient safety. The recommendations are put into its annual report which is then circulated to all the relevant organisations including the four UK Blood Services, the Departments of Health in England, Wales, Scotland, and Northern Ireland and all the relevant professional bodies as well as circulating it to all the reporting hospitals. As haemovigilance is an ongoing exercise, SHOT can also monitor the effect of the implementation of its recommendations. This notice explains your rights and our obligations under the Data Protection Act 2018 and UK General Data Protection Regulation (GDPR) for information submitted to the SHOT database (haemovigilance reporting), to the SHOT website for symposium and other educational events as well as the SHOT mobile application.
Information Governance
SHOT is hosted by NHS Blood and Transplant (NHSBT) for information governance purposes, as such the NHSBT is the data controller for the data processed by SHOT. The NHSBT is responsible for ensuring that all practices and processes within SHOT are designed to support people’s privacy and data rights and making sure data protection is represented at a board level. All members of the SHOT team are employed by the NHSBT. The NHSBT are the nominated data controllers. For detailed information about how the NHSBT collects and uses data, please refer to the privacy policy available here Privacy – NHS Blood and Transplant
Data Controller contact details
If you have any questions or concerns about your privacy rights within SHOT, please raise these by using the contact details below:
NHS Blood and Transplant Data Controller
- By email:
- [email protected]
- In writing:
-
NHS Blood and Transplant
500 North Bristol Park
Filton
Bristol
BS34 7QH
Data Protection Officer contact details
Please use the information below to contact NHSBT Data Protection Officer:
Data Protection Officer: Eleanor Ward, Head of Data Security, Privacy Records Management
- By email:
- [email protected]
- In writing:
-
NHS Blood and Transplant
500 North Bristol Park
Filton
Bristol
BS34 7QH
The SHOT Website
What we collect from you
You may use the website without providing any personal information.
However, if you wish to contact us using the online form, or when you are registering for the annual symposium or online educational event or if signing up to be included in monthly haemovigilance communications including newsletters, you will be requested to provide relevant contact details to enable us to provide the information you require. Gravity Forms is the website software used to collect applications to events, newsletter signup and general enquires to SHOT.
We will collect and process the following personal data when you contact the team or submit a query or sign up for the newsletter:
- Name (first name and last name)
- email address
- telephone number [optional, you do not have to provide this information]
Details collected for symposium and other events are detailed later.
We use website analytics to track certain information about all our website users based on what you do on the site. We mostly use Google Analytics for this. We use this information to analyse our users’ demographics, interests, and behaviour on the site to understand and serve you better. The information we capture for this purpose does not identify any user. Please refer to our Cookie Policy for further information on how we use Cookies to support Web Analytics, as well as your rights in relation to these.
The website contains links to other Internet sites which are outside our control and are not covered by this privacy policy. We are not responsible for data which you provide through any such linked websites. This privacy notice tells you what to expect us to do with your personal information.
Subscriptions
SHOT sends haemovigilance-related email communications to users who sign up to the mailing list via the SHOT website. These types of communication will include information regarding SHOT symposia, webinars and podcasts, free educational resources, newsletters, and surveys.
For the purposes of ensuring accurate communication and for receiving the newsletter and other haemovigilance-related communications, we will collect and store personal data (email addresses) you share with us as result of subscribing.
All data related to the subscription will be stored securely by NHSBT and will be retained for three years after which it will be reviewed or destroyed or until you unsubscribe from the communications list. At the time of subscribing, you will be asked for consent to process personal data after which your data will only be used in the manner for which it was first collected.
If you do not wish to receive these email communications, then please email us at: [email protected].
Symposium registration
Delegates registering to attend the SHOT symposium are informed at the time of registering that their data will be used for the purposes of registration, delegate badges and to ascertain dietary requirements. Explicit consent regarding the processing of personal information is requested and taken at the time of registration.
The following information is collected when delegates register for the symposium: Name, Address (Home/Work), Email Address, Healthcare Organisation, Phone Number, Mobile Number, Job Title, Hospital/Trust/Health Board/Company, Dietary Requirements, Food allergies or intolerances, Company name, Company address, Accessibility Requirements (individually contacted later for specifics).
Delegates are informed that their Title, Name and Job Role will appear on both the delegate badge and the delegate list. Delegates are informed that if they wish to opt out of having their details included on the delegate list, they must advise us accordingly.
Delegates have the right to request that the Controller forget or anonymise their personal data. If they have attended the event, the Controller will retain event attendee records for reporting purposes, but will remove all personal data from the database, leaving an ‘anonymous’ record. SHOT will follow NHSBT right to request procedure in this instance.
Delegates can identify their full data subject rights in NHSBT privacy policy, available here Privacy – NHS Blood and Transplant.
We share data with event partners as applicable to provide a seamless event for all participants – this will be explicitly mentioned at the time of registration for the symposium. Data may also be shared with exhibitors where delegates have provided explicit consent.
We may retain your Personal Data as long as they are registered to use the Services of SHOT and the Symposium information.
SHOT may retain Personal Data for an additional period as is permitted or required under applicable laws (minimum 3 months). It is important to note that when the delegates’ Personal Data is deleted, it may persist on backup or archival media for an additional period of time for legal, tax or regulatory reasons or for legitimate and lawful business purposes. The data is deleted from both Gravity Forms on the website and the Excel sheets deleted from NHSBT servers.
Webinar and course registrations
For the SHOT webinars run using Zoom, registrations are through the Zoom platform and only name and email addresses are collected. The privacy notice from Zoom can be accessed here.
For Teams based events such as the human factors in transfusion courses, the following information is collected: name, email, job title, organisation, and country/region. Microsoft’s privacy statement can be accessed here.
Why we need your data
The legal basis for processing your personal data is legitimate interest.
Our legitimate interest relates to enabling us to contact you to provide you with the information you requested.
Where your data is stored
Your data is stored on a secure system hosted by our website provider, available only to those with a legitimate need to access your data. We also design, build, and run our systems to make sure that your data is as secure and confidential as possible at every stage, both while it’s processed and when it’s stored.
How long we keep your data
Outside of exemptions under specific legislation related to personal data your information shall be retained for no longer than the purposes for which it is being processed as specified above.
Your rights
You have the right:
- to request information about how your personal data is processed, and to request a copy of that personal data
- to request that any inaccuracies in your personal data are rectified without delay
- to request that any incomplete personal data is completed, including by means of a supplementary statement
- to request that your personal data is erased if there is no longer a justification for them to be processed
- in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted
- to object to the processing of your personal data where it is processed for direct marketing purposes
In relation to monitoring threats to the system, identifying, and fixing technical issues, and identifying and tackling cyber security risks:
- you have the right to object to the processing of your personal data
In relation to all other data:
- you have the right to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used, and machine-readable format
Cookies Policy
The SHOT website uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, and provide anonymised tracking data to third party applications like Google Analytics.
As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser.
Further information about the use of cookies can be found by accessing Cookies – Serious Hazards of Transfusion
The SHOT Database
The Data Protection Rights (right to access and control how your data is used) do not apply to the haemovigilance data held by SHOT. SHOT do not hold any personal patient or donor identifiable data.
What is the SHOT database?
The SHOT database, supplied by Dendrite Clinical Systems Ltd, is the haemovigilance database for adverse events and reactions in blood transfusion reported by healthcare organisations that are involved in the transfusion of blood and blood components in the United Kingdom. The information in the database is used to identify risks and problems, from which SHOT produces recommendations to improve patient safety. Click here to view Dendrite Clinical Systems Ltd privacy an Cookie policy
What is the legal basis for the SHOT database?
SHOT data is processed according to Article 6 1 (e) and Article 9 2 (h) under the General Data Protection Regulation (GDPR) which means that we can process this healthcare data for the performance of our official task or in the public interest and for the provision of healthcare.
What information does SHOT collect?
- Data relating to serious adverse events and reactions: SHOT has been collecting data on adverse events (SAE) and serious adverse reactions (SAR) in blood transfusion since 1996 and since 2010 this has been supplied by reporting healthcare organisations via the SHOT database. The information includes restricted details about the patient, such as medical diagnosis and investigations performed, plus treatments given and outcomes of the adverse event. The information importantly also contains the patient’s date of birth and gender (sex). These details can be essential for assessment of the incident. Transfusion requirements vary at different ages, some of which need to be very precise, so use of age alone may not be sufficiently accurate. There are also substantial differences between patients that do, or do not, have childbearing potential, in relation to transfusion. The Information Commissioner’s Office (ICO) has confirmed that they regard date of birth, gender (sex) and a procedure (incident) as sufficiently anonymous to maintain patient confidentiality.
To increase security of patient identification, a new policy regarding use of the date of birth was introduced in 2017:
- Only the age, calculated from the supplied date of birth, will be shared with SHOT experts as required for analysis of cases.
- The date of birth will remain only accessible to authorised staff via the SHOT database.
- Case studies used in the Annual SHOT Report and for educational purposes will no longer include the age or gender of the patient of the patient, unless it is essential to demonstrate the learning from the case
- Dendrite collects the DOB to be able to distinguish between paediatrics and adults. This is important when reviewing incidents and making recommendations. Also, in some cases, gender is collected when the incident relates to Anti D or is a pregnancy related incident. But no identifiable patient information is collected.
- Data relating to compliance with SHOT recommendations: SHOT releases a survey annually in which reporters are encouraged to indicate their compliance with recommendations from the previous year’s Annual SHOT Report. The survey includes the geographical location of the reporter (UK devolved country), but the data collected is anonymous. This data is published on the SHOT website and available for reporting organisations to use to improve transfusion safety at a local level.
- Participation data: participation benchmarking reports are generated from the information input to the database by reporters when submitting an SAE or SAR. This information is made available on the website for organisations to benchmark their participation according to size or geographical location. This information includes the number of reports and the trends, as well as the name of the reporting organisation. The organisation name, while not anonymous, is only accessible by reporting organisations via a password protected link and not available to the public.
- Data from ad hoc surveys: SHOT may release surveys to support haemovigilance work, these are not mandatory. SHOT may also collaborate with other organisations to release surveys relating to transfusion safety, compliance with national recommendations, or other aspects of haemovigilance. These surveys do not include any identifiable data and publications released from the survey results are anonymous.
- Anonymised case studies, containing essential information only (See page 3, number 1) as provided to SHOT via Dendrite, are used as learning cases in webinars, courses, and publications to share the lessons learnt. No patient, reporting organisation or staff identifiable detail will be included in these case studies, and there should be no expectation that explicit consent will be sought from the reporting organisation.
Who manages the SHOT database and data repository?
The SHOT database is managed by the SHOT Steering Group (SG), which provide professional ownership and strategic direction, monitor the performance of SHOT and is accountable to the UK Forum (representing the four UK blood services) through the SHOT Medical Director for the use of resources and management of the budget. Membership of the Steering Group will consist of nominated representatives of the Medical Royal Colleges and other professional bodies.
What happens to the data and who can see it?
The initial data are collected by hospital staff treating and managing the patient, including doctors, nurses, and laboratory staff. Once the records have been uploaded to the SHOT Database, they can be reviewed by authorised staff at the reporting hospital and by SHOT staff, using an approved user account with a secure password. This data does not include patient names or addresses. All SHOT staff are required to undertake regular mandatory annual Information Governance training.
Hospital staff enter the information directly into a secure Web-based database via the Medicines and Healthcare products Regulatory Agency (MHRA) database known as SABRE. Reporting of serious adverse events and reactions to the MHRA is mandated by law.
When the data have been checked and confirmed by the hospital reporters, the software engineers, and data analysts at Dendrite Clinical Systems™ will download the data to a secure server in Dendrite’s offices (see Section on Dendrite security).
The information collected allows SHOT to analyse adverse events and reactions in blood transfusion and learn from these. SHOT produces an annual report with recommendations for improved practice. These annual reports do not contain the details of individual patients. Annual reports are available via the SHOT website www.shotuk.org. SHOT does not request or collect any patient related identifiable data. All data collected by SHOT will be shared and used for no other purposes other than those required to perform the analysis. If the current arrangements for running this haemovigilance analysis through SHOT should end, the data will be deleted or securely transferred to a new provider.
Data collected though SHOT activities, other than the SAR and SAE reporting database, is stored securely on the NHSBT network and can only be accessed by the SHOT team. We are required under the Blood and Safety Quality Regulations 2007 and Organ Quality and Safety Regulations 2012 to hold and process your data for at least 30 years – https://www.legislation.gov.uk/uksi/2005/50/contents/made
Dendrite Security
SHOT Database Server
The server is hosted on the Health and Social Care Network (HSCN) within a data centre in London, by Piksel. This is a tier four data centre which meets the highest levels of building security.
The service delivery and information security provided complies with ISO 20000 & ISO 9001 accreditation and the security management structure is aligned alongside ISO27001. The security arrangements are internally audited approximately every three months and externally audited every six months.
All servers have firewall and anti-virus software installed which is configured to use real-time scanning.
Backup Resilience for the SHOT Database
The data is securely backed-up each day. All backed up data stored is compressed, de-duplicated and encrypted within a secure off-site vault.
There are two backup vaults, the primary one is hosted locally and is then backed up to a secure secondary off-site vault hosted within a separate datacentre located at Heathrow.
Dendrite Clinical Systems™ is assessed against NHS Information Governance standards, which includes both physical and organisational security measures. Dendrite are compliant with the Data Security and Protection Toolkit (DSPT). Dendrite’s toolkit assessment score is available on the DSPT website (https://www.dsptoolkit.nhs.uk/OrganisationSearch?searchValue=Dendrite) .
The computer software program created by Dendrite, which holds the SHOT data, has been independently evaluated to ensure that it is not vulnerable to unauthorised access, or internal breaches of security.
Can I ask to see the data that the SHOT registry holds about me?
The anonymity associated with SHOT reporting means it would not be possible to identify data about an individual. This means that under the Data Protection rights SHOT would not be able to identify individuals within the anonymous reports. However, if you have any questions or concerns about your privacy rights within SHOT, these can be referred to [email protected].
SHOT App
The owner and data controller for the SHOT App is Conference Compass.
Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection. Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Website.
Unless specified otherwise, all Data requested by this Website is mandatory and failure to provide this Data may make it impossible for this Website to provide its services. In cases where this Website specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Any use of Cookies – or of other tracking tools — by this Website or by the owners of third-party services used by this Website serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy. This can be found here
Users are responsible for any third-party Personal Data obtained, published, or shared through this Website. For full details on the Conference Compass privacy policy please see https://www.conferencecompass.com/privacy-website/
Changes to this notice
We may change this privacy notice. When we make changes to this notice, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, we will take reasonable steps to make sure you know.
Questions and complaints
NHSBT is the Data Controller for the personal data we hold and process about you. Further information can be accessed here.
Contact the NHSBT Privacy Team if you:
- have any questions about anything in this document
- think that your personal data has been misused or mishandled
- want to make a subject access request (SARS)
Data Protection Officer contact
Data Protection Officer : Eleanor Ward
- By email:
- [email protected]
- In writing:
-
NHS Blood and Transplant
500 North Bristol Park
Filton
Bristol
BS34 7QH
Information Commissioner’s Office contact details
For independent advice about data protection, privacy, and data sharing issues, you can contact the Information Commissioner, who is an independent regulator.
Information Commissioner’s Office
- Email address:
- [email protected]
- Local rate:
- 0303 123 1113
- National rate:
- 01625 545 745
Contact form https://ico.org.uk/global/contact-us/email/
There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website).
Anonymised case studies using information provided by reporters to MHRA and SHOT may be used for educational purposes to support learning from haemovigilance and improving transfusion safety. No explicit consent from submitting organisations will be taken.