We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Book a coronavirus vaccination service: GDPR information
Why and how we process your data in the ‘Book a coronavirus vaccination service’ and your rights.
|How we use the information (processing activities)||
We use your information to: check your identity, access your NHS vaccination record, determine whether you are health and social care worker, and whether you are considered to be extremely clinically vulnerable to coronavirus. The information is used to contact you, enable you to book two coronavirus vaccination appointments, and to retrieve your booking information at the vaccination centre. It is also used to enable pseudonymised reports to be produced on the take up of the service and the level of do not attends.
|Does this contain sensitive (special category) data such as health information?||Yes|
|Who are recipients of this data?||
Personal data is shared with the following:
|Is data transferred outside the UK?||This data is not transferred out of the UK|
|How long the data is kept||We will retain your customer record and appointment information for as long as the Book a Coronavirus Vaccination Service exists. We will review whether we need to retain your personal information every six months. The following factors will be considered by us when determining whether we need to retain your data: 1. Whether your personal information is required to arrange your COVID-19 vaccinations appointments 2. Whether it is necessary to retain your information for the purposes of future coronavirus vaccinations and/or booster vaccinations 3. Whether it is necessary to retain your information for clinical safety purposes. We will only retain your personal data for as long as the law allows. Once your customer record is no longer required by the Service, it will be permanently deleted.|
|Our lawful basis for holding this data||Legal obligation|
|How can you withdraw your consent?||
Consent is not the basis for processing.
|Is the data subject to decisions made solely by computers? (automated decision making)||No|
|Where does this data come from?||Data subject, PDS (Personal Demographics Service) and NIMS (National Immunisation Service).|
|The legal basis for collecting this data||