This privacy notice tells you what to expect when NHS Digital collects personal information on this system.
By providing us with your details, you are giving your consent that your personal information may be processed for the purposes necessary to conduct and improve our services. When collecting your personal information we will explain what we intend to do with it.
How we use your information
This information helps to improve our service. We do not know (and do not wish to know) the identities of the individuals who visit our website, unless it is via a specific login for subscribed services.
Receiving communications from NHS Digital
If you do not wish to receive any information from us please let us know at the point you first contact us or by emailing firstname.lastname@example.org.
If you already receive correspondence from the website, and no longer want to, please email email@example.com.
If you would like your account and details to be removed, email firstname.lastname@example.org and we will remove your details from this website and, if applicable, cancel any subscriptions you have on this system. However, records of any downloads made by your account may be retained for logging and audit purposes.
Data Protection within NHS Digital
In order to meet our public task as the national source of health and social care information, NHS Digital collects and process a range of information relating to individuals in their capacity as service users or patients. This includes information on:
- public health
- audits and performance
- mental health
- primary care
- hospital care
- adult social care
- the NHS workforce and estates.
In addition to the above, NHS Digital collects and processes information relating to its customers and stakeholders for business purposes. All personal information is handled with the utmost care and attention — whether on paper, electronically, or other means — and safeguards are in place to ensure that we adhere to the Data Protection Act 1998.
NHS Digital regards the fair and lawful processing of personal information as essential in order to successfully achieve its objectives and ensure the support and confidence of the general public and stakeholders.
Notification is a statutory requirement and every organisation that processes personal information must notify the Information Commissioner's Office (ICO), unless they are exempt. Failure to notify is a criminal offence.
As a data controller, NHS Digital provides the ICO with details about their processing of personal information. The ICO publishes certain details in the register of data controllers, including the name and address of data controllers and a description of the kind of processing they do. You can read this register on the ICO website.
The Principles of The Data Protection Act 1998, as set out below are fully endorsed by NHS Digital. The eight principles require that personal information:
- Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met.
- Shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Shall be accurate and, where necessary, kept up to date.
- Shall not be kept for longer than is necessary for the specified purpose or purposes.
- Shall be processed in accordance with the rights of data subjects under the Act.
- Should be subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of personal data, or the accidental loss, destruction, or damage to personal data.
- Shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Access to your personal information
You are entitled to obtain a copy of the personal information held about you by NHS Digital. Any request to access or obtain a copy of this information will be considered under Section 7 of the Data Protection Act.
To make a request for personal information, email email@example.com or write to:
Information Governance Compliance Team
1 Trevelyan Square
There are robust security measures in place for all personal information held by NHS Digital to protect against the loss or alteration of information under the organisation's control. If you have any questions about our privacy notice or the information we hold please contact us at the above address.
This privacy notice only relates to information that we obtain from you on this website. If you visit a different website through a link included on this site, your information may be used differently by the operator of the linked website. When you are moving to another website you are advised to read the privacy notice on that website.