We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Creating a new NHS England: NHS England and NHS Digital merged on 1 February 2023. All references to NHS Digital now, or in the future, relate to NHS England. More about the merger.
About this policy
The dashboard is provided by NHS Digital to authorised users of approved organisations. This policy is intended for authorised users of the dashboard and explains how we will use your personal data in relation to your access to and on-going use of the dashboard.
In this policy, ‘we’ or ‘us’ means NHS Digital. ‘You’ or ‘your’ means you, an authorised user of the dashboard.
This policy tells you what information NHS Digital collects about you and how it is used to provide you with access to and enable your on-going use of the dashboard. It includes information about your rights and how to contact us.
The e-RS data private dashboard provides an organisational and national perspective on advice and referral data within e-RS. The initial release includes performance metrics and summary statistics for providers. One key function of this dashboard is to provide benchmarking for your organisation in relation to other providers. The purpose of the dashboard is to drive service improvements.
Who we are
The Health and Social Care Information Centre, known as NHS Digital, was set up under the Health and Social Care Act 2012 (2012 Act) and is part of the NHS. We securely collect, analyse and share information to improve health and social care services.
Our Data Protection Officer is Jon Moore, whose duties include monitoring internal compliance and advising the organisation on its data protection obligations, and can be contacted via email@example.com.
NHS Digital is registered with the Information Commissioner's Office as required by data protection legislation.
Our legal basis for processing your personal information
NHS Digital is the controller of the personal data that we collect from you for the purposes of enabling and maintaining your access to the dashboard.
UK General Data Protection Regulation (UK GDPR) legal basis
Our legal bases for processing your personal information under the UK GDPR are:
UK GDPR Article 6 (1) (c) – processing is necessary for compliance with a legal obligation to which the Controller is subject, and
UK GDPR Article 6 (1) (e) – processing is necessary for a task carried out in the public interest or in the exercise of official authority vested in the controller
Our lawful bases under Article 6 (1) (c) and Article 6 (1) (e) are based on the fact that NHS Digital is required to share the disclosed data within the dashboard to approved organisations in order to meet its legal obligations under Sections 254(1), (3) and (6) of the Health and Social Care Act 2012. Directions given by NHS England requiring NHS Digital to establish and operate a system for the collection of information to be known as the e-RS data collection.
In order to share the disclosed data lawfully, it is necessary for us to implement certain controls and security measures which necessitate the processing of your personal data, as an authorised user of the dashboard, as described below.
How we use your personal information and why
Under the authorised user data access conditions that govern your access to the dashboard, it is necessary for you to provide your personal data for the purposes listed below.
We will not be able to grant you access to the dashboard if you do not provide us with your personal data.
What we will process your personal data for
We will process your personal data to:
verify your identity and status as an authorised user and employee/agent engaged by an approved organisation
create and maintain your user profile
notify you of changes to the dashboard
notify you of changes to any of the terms and conditions associated with the dashboard
notify you of any technical issues/changes to the dashboard
notify you of any other changes or issues that may be relevant to your access to and/or use of the dashboard
monitor and/or audit your use of the dashboard
monitor and/or audit the approved organisation's use of the dashboard
notify the approved organisation and any other relevant third parties should we have any concerns regarding your access to or use of the dashboard
monitor security and online threats
What information we will collect about you
We will collect the following information about you for the purposes above:
your email address/NHSmail address and account details
your role (job title)
your organisation name and ODS code
your confirmation on the terms and conditions for accessing the dashboard
your confirmation that you want to be contacted about future updates to the dashboard
information relating to the frequency and duration of your access to the dashboard, what information you view and when
data relating to your access credentials such as username and password
information necessary to operate multifactor authentication
Who we share your personal information with
It will also be necessary for us to share your personal information with certain third parties for the purposes of monitoring security and preventing online threats.
In addition, it may also be necessary for us to share your personal information with certain other third parties where we are required to do so by law. We will only share your personal information where we have a legal basis to do so under data protection law.
All information which is shared by NHS Digital is subject to robust rules relating to privacy, security and confidentiality and only the minimum amount of information necessary will be shared.
How long we keep your personal information for
We will retain your information for audit purposes for six years from the date on which access to the dashboard is terminated (end date). It will then be securely destroyed.
Where we store your personal information
We store and process your personal information in the United Kingdom.
Your rights over your personal information
In relation to your personal information, you have the right to:
be informed about how your personal information is being used
access the personal information we hold about you
request the correction of inaccurate personal information we hold about you (in certain circumstances)
request the erasure of your personal information in certain limited circumstances
restrict processing of your personal information where certain requirements are met
object to the processing of your personal information in certain circumstances
request that we transfer elements of your data either to you or another service provider in certain specific circumstances
object to certain automated decision-making processes using your personal information (where processing involves automated decision making in relation to your personal data)
raise a concern with the Information Commissioner's Office at any time
withdraw your consent to processing (where consent is used as the legal basis for processing)
Please note that some of these rights may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information stored and processed by us.
We want you to feel confident that we look after everyone’s personal data in line with the law. If you have any questions about your rights, you can get in touch with us at firstname.lastname@example.org.