Privacy and Cookies Policy

This Privacy Notice tells you what to expect when NHS Digital collects personal information on this system.

Personal information

By providing us with your details, you are giving your consent that your personal information may be processed for the purposes necessary to conduct and improve our services. When collecting your personal information we will explain what we intend to do with it.

Cookie declaration

What do we use the information for?

We use this information to provide us with information to help improve our service. We do not know (and do not wish to know) the identities of the individuals who visit our website, unless it is via a specific login for subscribed services.

Receiving communications from NHS Digital

If you do not wish to receive any information from us please let us know at the point you first contact us or by emailing information.standards@nhs.net

If you already receive correspondence from the website, and no longer want to, please email information.standards@nhs.net and let us know if you would like your account and details to be removed.
We will remove your details from this website and if applicable, cancel any subscriptions you have on this system.
However, records of any downloads made by your account may be retained for logging and audit purposes.

Data Protection within NHS Digital

In order to meet our public task as the national source of health and social care information NHS Digital collects and process a range of information relating to individuals in their capacity as service users or patients. This includes information on:

In addition to the above, NHS Digital collects and processes information relating to its customers and stakeholders for business purposes. All personal information is handled with the utmost care and attention - whether on paper, electronically, or other means - and safeguards are in place to ensure the Data Protection Act 1998 is adhered to.

NHS Digital regards the fair and lawful processing of personal information as essential in order to successfully achieve its objectives and ensure the support and confidence of the general public and stakeholders.
Notification is a statutory requirement and every organisation that processes personal information must notify the Information Commissioner's Office (ICO), unless they are exempt. Failure to notify is a criminal offence.
As a data controller NHS Digital provides the ICO with details about their processing of personal information. The ICO publishes certain details in the register of data controllers, including the name and address of data controllers and a description of the kind of processing they do. You can read this register on the ICO website (external).

The Principles of The Data Protection Act 1998, as set out below are fully endorsed by NHS Digital. The eight principles require that personal information:

1. Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met.

2. Shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose of those purposes.

3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

4. Shall be accurate and, where necessary, kept up to date.

5. Shall not be kept for longer that is necessary for the specified purpose(s).

6. Shall be processed in accordance with the rights of data subjects under the Act.

7. Should be subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of personal data, or the accidental loss, destruction, or damage to personal data.

8. Shall not be transferred to a country or territory outside the European economic area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Access to your personal information

You are entitled to obtain a copy of the personal information held about you by NHS Digital. Any request to access or obtain a copy of this information will be considered under Section 7 of the Data Protection Act. To make a request for personal information, email enquiries@nhsdigital.nhs.uk, or write to:
Information Governance Compliance Team
NHS Digital
1 Trevelyan Square
Boar Lane
Leeds
LS1 6AE

Information security

There are robust security measures in place for all personal information held by NHS Digital to protect against the loss or alteration of information under the organisation's control. If you have any questions about our privacy notice or the information we hold please contact us at the above address.

Other websites

This privacy notice only relates to information that we obtain from you on this website. If you visit a different website through a link included on this site, your information may be used differently by the operator of the linked website. When you are moving to another site you are advised to read the privacy notice on that website.