Data ownership and protecting data
Data in Life QI comes in three types and the ownership is dependent on type:
- Personal data - This is the personal data of users of the system (like their name, email address etc.). This data is owned by the data subject (i.e. the user).
- Content data - This is data added to the Life QI platform when you populate a project, resource, or discussion thread. This is owned by the originating party, in the case of Projects this is defined as the Lead Organisation.
- Meta data - This is data providing information about one or more aspects of the content, personal or service usage data. This data is required to run and administer the platform as is owned by Life QI.
Users and organisations will not be able to publish, sell or distribute data that they do not own without the permission of the originating party. There may be instances where a licence holder (organisation) has permission to report on project data from the organisations which form part of its subscription.
For information on such instances please contact your licence holder or email Life QI on firstname.lastname@example.org.
Life QI will not publish, sell or distribute data that we do not own without the permission of the originating party.
Life QI is hosted on secure servers that comply with a range of information governance (IG) policies, standards and regulations. Amazon Web Services’ (AWS) physical protection against environmental risks has been validated by an independent auditor and has been certified as being in compliant with the ISO 27001 best practice standard for information security management.
Additionally, access to data is controlled by the Life QI platform itself:
- Login protected
- Password complexity enforcement (all passwords must be of a certain length and contain multiple character types)
- In project/document privileges - controlling access to project data is the responsibility of the project team members (as listed on the project).
Life QI is built to be a system that others can learn from, so by default we would not remove content data if an organisation ceases to use the system. This data will continue to benefit the QI community using Life QI (assuming it had been shared with the Life QI community) so by default it remains on the system so others can learn from it. However, you can at anytime remove your content data, and there is the facility to arrange for your content data to be removed from the system. Within 30 days of contract termination you may request removal of all content data (content data being defined as: data added to the system by users to populate a project, resource, or discussion thread, such as project titles, SPC chart data, and uploaded documents). This will be done within 90 days of the request being made in writing. After which point it will have been removed from the system and any backups.
Personal data will only be removed upon request from the data subject.
Meta data will be retained for as long as the system continues to be in use.