Privacy Policy
Last updated: 26 February 2026
1. Introduction
University Hospitals of Northmere NHS Trust ("UHON", "we", "us") operates the Staff Intranet portal. This Privacy Policy explains how we collect, use, and protect personal information when you use this service.
2. Information We Collect
When you register and use the Intranet, we may collect:
- Your full name, email address, and department
- Your job title and role within the Trust
- Your Discord User ID (if provided)
- Your Roblox account information (User ID and username) linked via Roblox OAuth
- Login activity and usage data for security and audit purposes
3. How We Use Your Information
We use the information collected to:
- Authenticate your identity and manage access to the Intranet
- Display your profile in the staff directory
- Facilitate internal communications and messaging
- Link your Roblox account for Trust-related Roblox features
- Maintain security through audit logging
4. Data Sharing
We do not sell your personal data. Information may be shared with authorised Trust staff for administrative purposes. Your Roblox account is linked via Roblox's official OAuth 2.0 service; we only store your Roblox User ID and display name.
5. Data Security
All passwords are securely hashed. Sessions are managed via encrypted, HTTP-only cookies. We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, or destruction.
6. Data Retention
Your data is retained for the duration of your employment or affiliation with the Trust. Upon leaving the Trust, your account may be deactivated and personal data removed in accordance with NHS data retention policies.
7. Your Rights
You have the right to access, correct, or request deletion of your personal data. You may update your linked Roblox account at any time through Account Settings. For data access requests, please contact the Trust's Data Protection Officer.
8. Contact
For any questions regarding this Privacy Policy, please contact the UHON IT Services department or the Data Protection Officer at the Trust headquarters.