NHS Digital Assessment Portal Privacy Policy

References in this policy to "NHS Digital", "we", "our" and "us" are references to the Health and Social Care Information Centre, a non-departmental public body established under primary legislation and known as NHS Digital (see below for more information on who we are).

How we use your personal information

NHS Digital is committed to protecting your personal information. This Privacy Policy relates to our use of your personal information we collect from you via this web portal and any personal information you provide to us by other means such as phone, SMS, email, in letters and other correspondence.

Whenever you provide personal information, we are legally obliged to use your information in line with data protection law. No website can be completely secure; if you have any concerns that your account could have been compromised e.g. someone could have discovered your password, please get in touch with us straight away.

This Privacy Policy explains the following:

  • Who we are
  • What information we collect about you
  • The legal basis for using your personal data
  • How we use your personal data
  • Sharing your personal data
  • Where your data is stored
  • How long we hold onto your personal data
  • Your rights
  • Our Data Protection Officer

Who we are

NHS Digital are the national information and technology partner to the health and social care system. We're using digital technology to transform the NHS and social care.

Further details can be found here.

This web portal is maintained by the NHS Apps Library work area which is part of a domain called "Empower the Person", developing digital technologies that put people in charge of their own health and care, whilst reducing pressure on front-line NHS services.

Further details can be found here.

What information we collect about you

When you register an account, we collect the following information (personal data) about you:

  • Name
  • Email address
  • Contact number

When you visit this website, we use analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out information such as the number of visitors to the various parts of this website. This information is only processed in a way that does not identify anyone. We do not make, and do not allow any third-party to make, any attempt to find out the identities of those visiting this website. More details are given in our cookie policy.

IP addresses are collected for performance analysis of this website by contracted specialist analytical services. The IP addresses are immediately anonymised and are never stored in a form which could identify an individual.

Our legal basis for using your personal data

For health app Developer Organisations: The processing of the personal data of developer organisation employees is necessary for the Health Apps Developer Agreement, or to take steps to enter an agreement.

For Approved Assessor Organisations: The processing of the personal data of Approved Assessor Organisation employees is necessary for the Approved Assessor Agreement, or to take steps to enter into an agreement.

How we use your personal data

For health app Developer Organisations: The processing of your personal data is necessary for the management and performance of the Digital Assessment Portal (operated by NHS Digital and made available to App Developers and Approved Assessors) e.g. register and manage user accounts, record assessment comments and responses.

For Approved Assessor Organisations: The processing of your personal data is necessary for the management and performance of the Digital Assessment Portal (operated by NHS Digital and made available to App Developers and Approved Assessors) e.g. register and manage user accounts, record assessment comments and responses.

Sharing your personal data

Your personal data may be shared with:

  • Department of Health
  • NHS England
  • Public Health England

Where your data is stored

We store your personal data in the UK.

How long we hold onto your personal data

We must not retain your personal data if there are no overriding grounds doing so e.g. to meet a statutory or contractual obligation. We retain records in line with the Records Management Code of Practice for Health and Social Care (2016) which is available here.

Contractual records will be retained for a period of six years after the end of the Digital Tool(s) Promotion Agreement.

Your rights

Data Protection laws provide a number of rights. You can exercise your applicable rights by contacting us using the details at the bottom of this page. The rights are:

  • Request a copy of your personal data

    You are entitled to request a copy of the personal information we hold about you (usually free of charge).

  • Correct your personal data errors or omissions

    If we have recorded your details incorrectly, or they are incomplete in any way, you can make a request to us and we must act without undue delay (or if your personal data is incomplete then supplemental information may be added).

  • Request your personal data is deleted

    We may not uphold your request if there are other legal grounds for the processing.

  • Request us to restrict our use of your personal data

    You have the right to request a restriction (e.g. a temporary stop) of the processing of your personal data where:

    • You think the data is inaccurate and it should not be used until it is corrected.
    • We are using your personal data unlawfully and you want your data kept while a complaint / investigation takes place.
    • You require us to keep your personal data and not delete it while you make or defend a legal claim.
    • You have objected to our use of your data and we do not have legitimate grounds to override your objection.
  • To be told whether there is a statutory or contractual need for your data and the possible consequences of not providing it

    The processing of your personal data is necessary for the performance of the agreement as described in the section "Our legal basis for using your personal data". Should you not provide your personal data, then you will be unable to engage in the appropriate agreement.

Our Data Protection Officer

Our Data Protection Officer (DPO) is responsible for ensuring that we comply with data protection legislation and acts as the first point of contact on data protection issues. Our DPO can be contacted using the details at the bottom of this page.

Objections and complaints

If you have a complaint about the way we have handled your data; believe it is inaccurate, held for too long or it is not secure, you can contact our DPO who will investigate the matter. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).

The ICO is the regulator for data protection and upholds information rights. More information is available on the ICO website: https://ico.org.uk/

Contact us

If you have any questions about our privacy notice or the information we hold, please email enquiries@nhsdigital.nhs.uk

Alternatively, you can write to:

Information Governance Compliance Team
Health and Social Care Information Centre
1 Trevelyan Square
Boar Lane
Leeds
LS1 6AE

Changes to our Privacy Policy

Last updated: 18 February 2019

The terms of our Privacy Policy may change from time to time. We will inform you if we make any significant changes to our Privacy Policy.