Skip to main content

Terminology Server: GDPR information


Why and how we process your data when you choose to use the NHS Digital Terminology Server and your rights.

Controller NHS Digital in determining the purpose for processing the small amount of data required to access the Terminology Server.
How we use the information (processing activities)

NHS Digital collects the minimum amount of information to enable an account to be set up and managed to allow a Terminology Server to be accessed. This service allows people to access the codes that underpin the management of health and care services.

Does this contain sensitive (special category) data such as health information? No
Who are recipients of this data?

Personal information may be accessed for system support purposes. A 3rd party is contracted to provide the Terminology Server.


Is data transferred outside the UK? This data is not transferred out of the UK
How long the data is kept Data is deleted once service is decommissioned. History of user transactions, including user details, is maintained for referential integrity.
Our lawful basis for holding this data Public task
Your rights
  • Tick Be informed
  • Tick Get access to it
  • Tick Rectify or change it
  • Cross Erase or remove it
  • Tick Restrict or stop processing it
  • Cross Move, copy or transfer it
  • Tick Object to it being processed or used
  • Tick Know if a decision was made by a computer rather than a person
How can you withdraw your consent?

Consent is not the basis for processing.

Is the data subject to decisions made solely by computers? (automated decision making) No
Where does this data come from? Staff in health and care organisations that wish to use the Terminology Server.
The legal basis for collecting this data

Article 6 (1e) – Public task - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
DPA 2018:
Schedule 1, Part 1, paragraph 2 - Health or social care purpose