We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Use of personal data in our corporate email communications: GDPR information
Summary
Why and how we process your data and how our communications team uses personal data in bulk email communications with the NHS and care system and your rights.
| Controller | NHS England |
| How we use the information (processing activities) | Our corporate communications team use the govDelivery platform (managed by our processor Granicus) to send bulk emails to people across the health and care system to help them get the best out of our products and services and stay abreast of new standards and requirements for the use of data and digital technology. We maintain email distribution lists for key groups in the health and care system (for example, GP practice staff, Chief Information Officers, and pharmacy professionals) and use these lists to distribute regular bulletins and one-off announcements. We ask people on these distribution lists to provide information about themselves to help us make these communications more useful. For example, by understanding the job roles recipients in GP practices are performing, we can tailor our emails to their needs. We also collect information about how recipients use our emails. This helps us make our emails more effective. For example, information about the number of recipients who open and click links in a bulletin shows us how useful people found it and helps us make the next bulletin more useful. We use web beacons in our emails to do this. More information is available in Granicus’ GovDelivery platform privacy policy and cookie policy. |
| Does this contain sensitive (special category) data such as health information? | No |
| Is data transferred outside the UK? | We use the Granicus govDelivery platform to hold mailing list data and send regular email bulletins to our stakeholders. Granicus are our data processor and their data centres are based in the United States (US). Granicus also use sub-processors based in the US and India. We have an International Data Transfer Agreement (ITDA) in place with Granicus. |
| How long the data is kept | We will hold your information for as long as you are using our bulletins. |
| Your rights |
|
| How can you withdraw your consent? |
Bulletins issued include a link to enable subscribers to unsubscribe or manage their preferences. Alternatively, subscribers may email [email protected] with their full name and email address and we will respond within 48 hours. |
| Is the data subject to decisions made solely by computers? (automated decision making) | No |
| Where does this data come from? | (1) From individuals who have signed up to receive the bulletins of their choice via a sign-up page hosted on our website. (2) From research done by NHS Digital (now merged with NHS England) which indicates you are in one of the key audience groups with whom we need to share information and, if you were not to receive this information, may harm your ability to work effectively with us and use our products and services. Personal data collected includes the subscriber's name, email address, job role, organisation name and the use of our emails (for example, whether recipients have opened a bulletin and what links they clicked on). |
| The legal basis for collecting this data | UK GDPR Article 6(1)(e) – public task |
