Skip to main content
Creating a new NHS England: NHS England and NHS Digital merged on 1 February 2023. All references to NHS Digital now, or in the future, relate to NHS England. More about the merger.

e-Referral Service private providers dashboard - privacy policy

About this policy

This privacy policy (policy) relates to your use of the e-RS providers private dashboard. 

The dashboard is provided by NHS Digital to authorised users of approved organisations. This policy is intended for authorised users of the dashboard and explains how we will use your personal data in relation to your access to and on-going use of the dashboard.  

In this policy, ‘we’ or ‘us’ means NHS Digital. ‘You’ or ‘your’ means you, an authorised user of the dashboard.

This policy tells you what information NHS Digital collects about you and how it is used to provide you with access to and enable your on-going use of the dashboard. It includes information about your rights and how to contact us.

The dashboard

The e-RS data private dashboard provides an organisational and national perspective on advice and referral data within e-RS. The initial release includes performance metrics and summary statistics for providers. One key function of this dashboard is to provide benchmarking for your organisation in relation to other providers. The purpose of the dashboard is to drive service improvements.

Who we are

The Health and Social Care Information Centre, known as NHS Digital, was set up under the Health and Social Care Act 2012 (2012 Act) and is part of the NHS. We securely collect, analyse and share information to improve health and social care services.

Find out more about NHS Digital.

Our Data Protection Officer is Jon Moore, whose duties include monitoring internal compliance and advising the organisation on its data protection obligations, and can be contacted via

NHS Digital is registered with the Information Commissioner's Office as required by data protection legislation.

How we use your personal information and why

Under the authorised user data access conditions that govern your access to the dashboard, it is necessary for you to provide your personal data for the purposes listed below.

We will not be able to grant you access to the dashboard if you do not provide us with your personal data.  

What we will process your personal data for

We will process your personal data to: 

  • verify your identity and status as an authorised user and employee/agent engaged by an approved organisation
  • create and maintain your user profile
  • notify you of changes to the dashboard
  • notify you of changes to any of the terms and conditions associated with the dashboard
  • notify you of any technical issues/changes to the dashboard
  • notify you of any other changes or issues that may be relevant to your access to and/or use of the dashboard
  • monitor and/or audit your use of the dashboard
  • monitor and/or audit the approved organisation's use of the dashboard
  • notify the approved organisation and any other relevant third parties should we have any concerns regarding your access to or use of the dashboard
  • monitor security and online threats

What information we will collect about you

We will collect the following information about you for the purposes above:

  • your name
  • your email address/NHSmail address and account details
  • your role (job title)
  • your organisation name and ODS code
  • your confirmation on the terms and conditions for accessing the dashboard
  • your confirmation that you want to be contacted about future updates to the dashboard
  • information relating to the frequency and duration of your access to the dashboard, what information you view and when
  • data relating to your access credentials such as username and password
  • information necessary to operate multifactor authentication

Who we share your personal information with

It will also be necessary for us to share your personal information with certain third parties for the purposes of monitoring security and preventing online threats.

In addition, it may also be necessary for us to share your personal information with certain other third parties where we are required to do so by law. We will only share your personal information where we have a legal basis to do so under data protection law.

All information which is shared by NHS Digital is subject to robust rules relating to privacy, security and confidentiality and only the minimum amount of information necessary will be shared.

How long we keep your personal information for

We will retain your information for audit purposes for six years from the date on which access to the dashboard is terminated (end date). It will then be securely destroyed. 

Where we store your personal information

We store and process your personal information in the United Kingdom.

Your rights over your personal information

In relation to your personal information, you have the right to:   

  • be informed about how your personal information is being used
  • access the personal information we hold about you
  • request the correction of inaccurate personal information we hold about you (in certain circumstances)
  • request the erasure of your personal information in certain limited circumstances
  • restrict processing of your personal information where certain requirements are met
  • object to the processing of your personal information in certain circumstances
  • request that we transfer elements of your data either to you or another service provider in certain specific circumstances
  • object to certain automated decision-making processes using your personal information (where processing involves automated decision making in relation to your personal data)
  • raise a concern with the Information Commissioner's Office at any time
  • withdraw your consent to processing (where consent is used as the legal basis for processing)

Please note that some of these rights may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information stored and processed by us.

We want you to feel confident that we look after everyone’s personal data in line with the law. If you have any questions about your rights, you can get in touch with us at

More information about your legal rights can be found on the Information Commissioner’s website.


If you wish to raise a complaint concerning NHS Digital’s processing activity, visit our feedback and complaints page.

You also have the right to raise a concern with the Information commissioner’s Office at any time.

Contact us

If you have any queries in relation to the use of your personal information, or if you want to exercise any of your rights above, contact:

Changes to this notice

The terms of this policy may change from time to time. Any updates to the policy will be published on the dashboard website.

Previous versions

Version 1 – first release (current version).

Last edited: 21 October 2022 8:34 am