Estates security systems access control: GDPR information
Why and how we process your data in the Estates security systems access control, and your rights.
|How we use the information (processing activities)||To enable staff to securely gain entry to NHS Digital buildings. To record a transaction associated to a personal token (ID card). To maintain effective security at NHS Digital. For the purpose of investigating security incidents.|
|Does this contain sensitive (special category) data such as health information?||No|
|Who are recipients of this data?||
The data is locally stored in a secure ICT server room and can only be accessed by authorised individuals. Access Control data may be disclosed to HR where it is required for an investigation whereby a manager wants to clarify when a member of staff entered or left the building for timekeeping purposes under relevant conduct and disciplinary proceedings.
|Is data transferred outside the UK?||No|
|How long the data is kept||3 years minimum after no longer required|
|Our lawful basis for holding this data||Public task|
|How can you withdraw your consent?||
Consent not the basis for processing
|Is the data subject to decisions made solely by computers? (automated decision making)||No|
|The legal basis for collecting this data||
Public task and Health and Social Care Act (2012) – Schedule 18, part 10 (1)