Privacy and Cookies Policy
Privacy and Cookies Policy
This Privacy Notice tells you what to expect when NHS Digital collects personal information on this system.
By providing us with your details, you are giving your consent that your personal information may be processed for the purposes necessary to conduct and improve our services. When collecting your personal information we will explain what we intend to do with it.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Most web browsers allow some control of cookies through the browser settings. To find out more about cookies, including how to see which have been set, and how to manage and delete them, visit www.allaboutcookies.org. If you do nothing other than read pages or download information, we will capture and store information about your visit. This information will not identify you, it relates to:
- the internet domain (such as www.bbc.co.uk) and IP address from which you access the website
- the type of browser (Internet Explorer or Firefox etc) and operating system you use (Windows, Mac OS, UNIX)
- the date and time of your visit
- the pages you visit
- the address of the web site from which you linked to us (if applicable)
What do we use the information for?
We use this information to provide us with information to help improve our service. We do not know (and do not wish to know) the identities of the individuals who visit our website, unless it is via a specific login for subscribed services.
Receiving communications from NHS Digital
If you do not wish to receive any information from us please let us know at the point you first contact us or by emailing firstname.lastname@example.org
If you already receive correspondence from the website, and no longer want to, please email email@example.com and let us know if you would like your account and details to be removed.
We will remove your details from this website and if applicable, cancel any subscriptions you have on this system.
However, records of any downloads made by your account may be retained for logging and audit purposes.
Data Protection within NHS Digital
In order to meet our public task as the national source of health and social care information NHS Digital collects and process a range of information relating to individuals in their capacity as service users or patients. This includes information on:
- public health
- audits and performance
- mental health
- primary care
- hospital care
- adult social care
- NHS workforce and estates
In addition to the above, NHS Digital collects and processes information relating to its customers and stakeholders for business purposes. All personal information is handled with the utmost care and attention - whether on paper, electronically, or other means - and safeguards are in place to ensure the Data Protection Act 1998 is adhered to.
NHS Digital regards the fair and lawful processing of personal information as essential in order to successfully achieve its objectives and ensure the support and confidence of the general public and stakeholders.
Notification is a statutory requirement and every organisation that processes personal information must notify the Information Commissioner's Office (ICO), unless they are exempt. Failure to notify is a criminal offence.
As a data controller NHS Digital provides the ICO with details about their processing of personal information. The ICO publishes certain details in the register of data controllers, including the name and address of data controllers and a description of the kind of processing they do. You can read this register on the ICO website (external).
The Principles of The Data Protection Act 1998, as set out below are fully endorsed by NHS Digital. The eight principles require that personal information:
1. Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met.
2. Shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose of those purposes.
3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4. Shall be accurate and, where necessary, kept up to date.
5. Shall not be kept for longer that is necessary for the specified purpose(s).
6. Shall be processed in accordance with the rights of data subjects under the Act.
7. Should be subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of personal data, or the accidental loss, destruction, or damage to personal data.
8. Shall not be transferred to a country or territory outside the European economic area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Access to your personal information
You are entitled to obtain a copy of the personal information held about you by NHS Digital. Any request to access or obtain a copy of this information will be considered under Section 7 of the Data Protection Act.
To make a request for personal information, email firstname.lastname@example.org, or write to:
Information Governance Compliance Team
1 Trevelyan Square
There are robust security measures in place for all personal information held by NHS Digital to protect against the loss or alteration of information under the organisation's control. If you have any questions about our privacy notice or the information we hold please contact us at the above address.
This privacy notice only relates to information that we obtain from you on this website. If you visit a different website through a link included on this site, your information may be used differently by the operator of the linked website. When you are moving to another site you are advised to read the privacy notice on that website.