Privacy Policy

Privacy Policy

NHS Digital Assessment Portal Privacy Policy

References in this policy to “NHS Digital”, “we”, “our” and “us” are references to the Health and Social Care Information Centre, a non-departmental public body established under primary legislation and known as NHS Digital (see below for more information on who we are).

How we use your personal information

Our commitment to protecting your personal information

NHS Digital is committed to protecting your personal information. This Privacy Policy relates to our use of your personal information we collect from you via this web portal and any personal information you provide to us by other means such as phone, SMS, email, in letters and other correspondence.

Whenever you provide personal information, we are legally obliged to use your information in line with data protection law. No website can be completely secure; if you have any concerns that your account could have been compromised e.g. someone could have discovered your password, please get in touch with us straight away.

This Privacy Policy explains the following:

  • Who we are
  • What information we collect about you
  • The legal basis for using your personal data
  • How we use your personal data
  • Sharing your personal data
  • Where your data is stored
  • How long we hold onto your personal data
  • Your rights
  • Our Data Protection Officer

Who we are

NHS Digital are the national information and technology partner to the health and social care system. We’re using digital technology to transform the NHS and social care.

Further details can be found here.

This web portal is maintained by the NHS Apps Library work area which is part of a domain called “Empower the Person”, developing digital technologies that put people in charge of their own health and care, whilst reducing pressure on front-line NHS services.

Further details can be found here.

What information we collect about you

When you submit your app, we collect the following information about you:

  • Name
  • Email address
  • Contact number

When you visit this website, we use analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out information such as the number of visitors to the various parts of this website. This information is only processed in a way that does not identify anyone. We do not make, and do not allow any third-party to make, any attempt to find out the identities of those visiting this website. More details are given in our cookie policy.

IP addresses are collected for performance analysis of this website by contracted specialist analytical services. The IP addresses are immediately anonymised and are never stored in a form which could identify an individual user.

Our legal basis for using your personal data

The processing of your personal data is necessary for the contract agreement between NHS Digital and App Providers (or to take steps to enter into such an Agreement).

How we use your personal data

The processing of your personal data is necessary for the performance of the Digital Tool(s) Promotion Agreement or to take steps to enter into a Digital Tool(s) Promotion Agreement. You should only login to this website if you have a Digital Tool(s) Promotion Agreement.

Sharing your personal data

Your personal data will be shared with:

  • Department of Health
  • NHS England
  • Public Health England

Where your data is stored

We store your personal data in the UK.

How long we hold onto your personal data

We must not retain your personal data if there are no overriding grounds doing so e.g. to meet a statutory or contractual obligation. We retain records in line with the Records Management Code of Practice for Health and Social Care (2016) which is available here.

Contractual records will be retained for a period of six years after the end of the Digital Tool(s) Promotion Agreement.

Your rights

Data Protection laws provide a number of rights to you. These rights are listed below. You can exercise your rights by contacting us using the details at the bottom of this page.

Request a copy of your personal data

You are entitled to request a copy of the personal information we hold about you (usually free of charge).

Correct your personal data errors or omissions

If we have recorded your details incorrectly, or they are incomplete in any way, you can make a request to us and we must act without undue delay (or if your personal data is incomplete then supplemental information may be added).

Request your personal data is deleted

NHS Digital may not uphold your request if there are other legal grounds for the processing.

Request us to restrict our use of your personal data

You have the right to request a restriction (e.g. a temporary stop) of the processing of your personal data where:

  • You think the data is inaccurate and it should not be used until it is corrected.
  • We are using your personal data unlawfully and you want your data kept while a complaint / investigation takes place.
  • You require us to keep your personal data and not delete it while you make or defend a legal claim.
  • You have objected to our use of your data and we do not have legitimate grounds to override your objection.

To be told whether there is a statutory or contractual need for your data and the possible consequences of not providing it

The processing of your personal data is necessary for the performance of the Digital Tool(s) Promotion Agreement between NHS Digital and/or to take steps to enter into the Agreement. Should you not agree to provide your personal data, then you will be unable to engage in the promotion.

Our Data Protection Officer

Our Data Protection Officer (DPO) is responsible for ensuring that we comply with data protection legislation and acts as the first point of contact on data protection issues. Our DPO can be contacted using the details at the bottom of this page.

Objections and complaints

If you have a complaint about the way we have handled your data; believe it is inaccurate, held for too long or it is not secure, you can contact our DPO who will investigate the matter. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).

The ICO is the regulator for data protection and upholds information rights. More information is available on the ICO website: https://ico.org.uk/

 

Contact us

If you have any questions about our privacy notice or the information we hold, please email enquiries@nhsdigital.nhs.uk

Alternatively, you can write to:
Information Governance Compliance Team
Health and Social Care Information Centre
1 Trevelyan Square
Boar Lane
Leeds
LS1 6AE

 

Changes to our Privacy Policy

Last updated: 9 November 2018

We are currently reviewing our policies to ensure they meet the standards introduced by the new Data Protection Act/GDPR. We will inform you whenever we make any significant changes to our Privacy Policy, Cookie Policy or Terms and Conditions.