We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Clinical Audit Platform: GDPR information
Why and how we process your data in the Clinical Audit Platform, and your rights.
|How we use the information (processing activities)||
The data (email addresses and IP addresses) is collected directly from a user via the registration form they submit. Their registration to CAP allows them to submit data for a particular audit / registry / collection. An IP address is required so that CAP can send the contents of the Web page to a user’s browser. The use of the IP Address and the Cookies is not related to tracking anyone or marketing to users, it is just related to the secure login and ensuring that the right person is only logged in when they are logged in.
|Does this contain sensitive (special category) data such as health information?||Yes|
|Who are recipients of this data?||
N/A - the data are not shared outside of NHS Digital.
|Is data transferred outside the UK?||N/A - the data are not shared outside of NHS Digital|
|How long the data is kept||Currently accounts (that is, email addresses) are not deleted from CAP via the Administration tool and are instead made inactive against the audit / registry / collection when access is no longer required and are therefore still held in CAP. An email address could be deleted if requested on a case by case basis. We are reviewing developments on the system to enable email addresses to be routinely deleted when NHS Digital are made aware that the user should no longer have access to the system.|
|Our lawful basis for holding this data||Legal obligation|
|How can you withdraw your consent?||
A user can contact NHS Digital for their access to an audit, registry or collection to be removed. If required, technically an account could be removed by our development team.
To discuss your rights on withdrawing consent or opting out of the data you can email our customer service centre or call us on 0300 303 5678.
|Is the data subject to decisions made solely by computers? (automated decision making)||N/A - no automated decision making is involved|
|Where does this data come from?||Users send in registration forms with their details to the NHS Digital Contact Centre.|
|The legal basis for collecting this data||
Section 270 (additional functions)