API Management Product and Platform

Summary

Why and how we process your data in the API Management Platform (Developers Portal) and your rights.

Controller	NHS Digital
How we use the information (processing activities)	NHS Digital runs an application program interface (API) Management Programme to help third parties integrate with NHS data services and align with the Internet First strategy. This Platform provides a standard and secure service for third parties to access NHS Digital information assets. This service improves the mechanism of exchange for patient services and data for health social care organisations. There is a developers portal within the API Management Platform that allows for development, set up and maintenance of the APIs. A small amount of personal data is required for the management of this portal. There is a multi-layer security for both the data that passes through the Platform and also for details of those that use the portal.
Does this contain sensitive (special category) data such as health information?	No
Who are recipients of this data?	No
Is data transferred outside the UK?	Outside EAA
How long the data is kept	400 days from account deletion
Our lawful basis for holding this data	Legal obligation
Your rights	Be informed Get access to it Rectify or change it Erase or remove it Restrict or stop processing it Move, copy or transfer it Object to it being processed or used Know if a decision was made by a computer rather than a person
How can you withdraw your consent?	Consent is not the basis for processing.
Is the data subject to decisions made solely by computers? (automated decision making)	No
Where does this data come from?	Authorised individuals enabled to develop API messages and logic on API Management Platform
The legal basis for collecting this data	Health and Social Care Act (2012) – Schedule 18, part 10 (1) GDPR: Article 6 - Legal Obligation (General Powers), DPA 2018: Schedule 1, Part 1, paragraph 2 - Health or social care purpose