Skip to main content

Estates security systems access control: GDPR information


Why and how we process your data in the Estates security systems access control, and your rights.

Controller NHS Digital
How we use the information (processing activities)

To enable staff to securely gain entry to NHS Digital buildings. To record a transaction associated to a personal token (ID card). To maintain effective security at NHS Digital. For the purpose of investigating security incidents.

Does this contain sensitive (special category) data such as health information? No
Who are recipients of this data?

The data is locally stored in a secure ICT server room and can only be accessed by authorised individuals. Access Control data may be disclosed to HR where it is required for an investigation whereby a manager wants to clarify when a member of staff entered or left the building for timekeeping purposes under relevant conduct and disciplinary proceedings.

Is data transferred outside the UK? No
How long the data is kept 3 years minimum after no longer required
Our lawful basis for holding this data Public task
Your rights
  • Tick Be informed
  • Tick Get access to it
  • Tick Rectify or change it
  • Cross Erase or remove it
  • Tick Restrict or stop processing it
  • Cross Move, copy or transfer it
  • Tick Object to it being processed or used
  • Tick Know if a decision was made by a computer rather than a person
How can you withdraw your consent?

Consent not the basis for processing

Is the data subject to decisions made solely by computers? (automated decision making) No
The legal basis for collecting this data

Public task and Health and Social Care Act (2012) – Schedule 18, part 10 (1)