References in this policy to "NHS Digital", "we", "our" and "us" are references to the Health and Social Care Information Centre, a non-departmental public body established under primary legislation and known as NHS Digital (see below for more information on who we are).
How we use your personal information
Whenever you provide personal information, we are legally obliged to use your information in line with data protection law. No website can be completely secure; if you have any concerns that your account could have been compromised e.g. someone could have discovered your password, please get in touch with us straight away.
- Who we are
- What information we collect about you
- The legal basis for using your personal data
- How we use your personal data
- Sharing your personal data
- Where your data is stored
- How long we hold onto your personal data
- Your rights
- Our Data Protection Officer
Who we are
NHS Digital are the national information and technology partner to the health and social care system. We're using digital technology to transform the NHS and social care.
Further details can be found here.
This web portal is maintained by the NHS Apps Library work area which is part of a domain called "Empower the Person", developing digital technologies that put people in charge of their own health and care, whilst reducing pressure on front-line NHS services.
Further details can be found here.
What information we collect about you
When you register an account, we collect the following information (personal data) about you:
- Email address
- Contact number
IP addresses are collected for performance analysis of this website by contracted specialist analytical services. The IP addresses are immediately anonymised and are never stored in a form which could identify an individual.
Our legal basis for using your personal data
For health app Developer Organisations: The processing of the personal data of developer organisation employees is necessary for the Health Apps Developer Agreement, or to take steps to enter an agreement.
For Approved Assessor Organisations: The processing of the personal data of Approved Assessor Organisation employees is necessary for the Approved Assessor Agreement, or to take steps to enter into an agreement.
How we use your personal data
For health app Developer Organisations: The processing of your personal data is necessary for the management and performance of the Digital Assessment Portal (operated by NHS Digital and made available to App Developers and Approved Assessors) e.g. register and manage user accounts, record assessment comments and responses.
For Approved Assessor Organisations: The processing of your personal data is necessary for the management and performance of the Digital Assessment Portal (operated by NHS Digital and made available to App Developers and Approved Assessors) e.g. register and manage user accounts, record assessment comments and responses.
Sharing your personal data
Your personal data may be shared with:
- Department of Health
- NHS England
- Public Health England
Where your data is stored
We store your personal data in the UK.
How long we hold onto your personal data
We must not retain your personal data if there are no overriding grounds doing so e.g. to meet a statutory or contractual obligation. We retain records in line with the Records Management Code of Practice for Health and Social Care (2016) which is available here.
Contractual records will be retained for a period of six years after the end of the Digital Tool(s) Promotion Agreement.
Data Protection laws provide a number of rights. You can exercise your applicable rights by contacting us using the details at the bottom of this page. The rights are:
Request a copy of your personal data
You are entitled to request a copy of the personal information we hold about you (usually free of charge).
Correct your personal data errors or omissions
If we have recorded your details incorrectly, or they are incomplete in any way, you can make a request to us and we must act without undue delay (or if your personal data is incomplete then supplemental information may be added).
Request your personal data is deleted
We may not uphold your request if there are other legal grounds for the processing.
Request us to restrict our use of your personal data
You have the right to request a restriction (e.g. a temporary stop) of the processing of your personal data where:
- You think the data is inaccurate and it should not be used until it is corrected.
- We are using your personal data unlawfully and you want your data kept while a complaint / investigation takes place.
- You require us to keep your personal data and not delete it while you make or defend a legal claim.
- You have objected to our use of your data and we do not have legitimate grounds to override your objection.
To be told whether there is a statutory or contractual need for your data and the possible consequences of not providing it
The processing of your personal data is necessary for the performance of the agreement as described in the section "Our legal basis for using your personal data". Should you not provide your personal data, then you will be unable to engage in the appropriate agreement.
Our Data Protection Officer
Our Data Protection Officer (DPO) is responsible for ensuring that we comply with data protection legislation and acts as the first point of contact on data protection issues. Our DPO can be contacted using the details at the bottom of this page.
Objections and complaints
If you have a complaint about the way we have handled your data; believe it is inaccurate, held for too long or it is not secure, you can contact our DPO who will investigate the matter. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
The ICO is the regulator for data protection and upholds information rights. More information is available on the ICO website: https://ico.org.uk/
If you have any questions about our privacy notice or the information we hold, please email firstname.lastname@example.org
Alternatively, you can write to:Information Governance Compliance Team
Health and Social Care Information Centre
1 Trevelyan Square
Last updated: 18 February 2019