We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
At NHS Digital, we collect personal information for two main reasons:
- because of our official role as the safe haven for patient data in England
- as part of our normal business
You can read more about our role in health and care, and why we collect personal information from medical records. Those pages contain important information on your choices about your confidential patient information.
This page is about the personal information we may collect about you as part of our normal business. We want you to understand why we hold and process this information, and your choices.
We always collect, hold and process information securely and legally.
Emails and bulletins
We have made the decision to keep sending operational emails and bulletins to addresses already on our lists when GDPR (General Data Protection Regulation) comes into force. This is because the information we send is important and helps health and care in England.
Lots of our emails contain technical updates or alerts and it may harm the health and care system if we stop sending these. We consider this legitimate interest.
Every email you receive will have an option on it to remove yourself (unsubscribe) from the list. If you get emails that you do not want, email us at firstname.lastname@example.org or call us on 0300 303 5678 and tell us what you want to unsubscribe from, and we will remove you from that list.
When you sign up to one of our mailing lists, we do not pass your email address to any third parties. We only subscribe you to the list you have signed up for, and do not use your address to subscribe you to other lists.
Email sent from our contact management software
In messages from our mailing lists, we automatically add a piece of code that requests a small image from our web servers. When a reader opens the email, the image is downloaded. This allows us to monitor how many of the emails we send are opened. We only use it in summary form, for example ‘2,000 people opened the message’.
By default, most email software will be configured to not download the image.
We publish details of all the cookies we use on our cookies page.
You can also control how we personalise the site for you, including switching off personalisation, even if you want to continue receiving other cookies.
You can also change whether you want to accept all cookies, or just necessary ones. This is also available at the bottom any page by clicking 'Cookie consent'
We only collect information you choose to give us when you use the LivePerson webchat service.
Privacy information is provided at the start of the chat. We log your query to help us resolve it, and to improve our services in the future.
Our privacy notice only relates to information that we obtain from you.
If you visit a website operated by a third party through a link included on this website, your information may be used differently by the operator of the linked website.
When you are moving to another site you are advised to read the privacy notice relating to that website.
Contacting us by email, phone or post
When you email email@example.com, call 0300 303 5678, or write to us, your enquiry will be answered by our contact centre.
We collect the information that you give us, and use it to help resolve your query, to contact you about your query, and to improve our services.
We keep this information for 3 years from the date of your enquiry.
Asking to see the information we hold about you
You have the legal right to request a copy of the information we hold about you, in line with the General Data Protection Regulation (GDPR). You can do this by making a subject access request.