Privacy policy – NHS e-Referral Service: Integration Training environment privacy notice
This privacy policy covers the NHS e-Referral Service Integration Training environment.
Information
Version 1.0 – 31 October 2024
Introduction
This statement outlines the privacy statement for individuals wishing to access the NHS e-Referral Service Integration Training environment. The NHS e-Referral Service training team understands your needs as an individual to ensure that your data is being used and held in a responsible way and we aim to reassure you that every reasonable step is being taken to ensure that your data stays private.
Please ensure that you read this statement carefully and contact the NHS e-Referral Service training team on england.ereferrals[email protected] if you have any questions or concerns relating to this privacy statement.
Who we are
The NHS e-Referral Service is a programme service of NHS England. NHS England is the controller for the NHS e-Referral Service.
The Data Protection Officer for NHS England can be contacted at [email protected].
What information we collect
In order to set up an account with the Integration training environment, we are required to collect your first name, last name and organisation as a minimum. We also keep a record of your email address so that we can keep you informed of any changes to the environment or any planned or unplanned outages. Your information will not be shared with any third parties.
How we use personal information
We use your data to keep you up to date with significant changes to the e-RS Integration training environment and to gather feedback from our users. You will receive email communications about changes to the training environment and when we require your feedback.
We provide a link to a survey that you can complete to help us to improve the training environment features for users. All feedback given in these surveys is anonymised. Completion of the survey is completely voluntary. If you do not wish to complete it, this will not affect the service you receive.
The legal basis for processing your personal data
Where we store and process personal data
All data stored for user accounts is held on UK based servers. Currently there are no plans for this to change. Should there be a change to the server locations we will inform users in writing.
How we secure personal data
User accounts are sent to users via an NHS mail account, for more information on NHS mail encryption please see their website.
All user data held on our account manager systems are encrypted at rest and hold SSL security certificates.
To avoid your data being susceptible to accidental loss or destruction, we hold a backup of user accounts. The information held on this backup is encrypted.
All staff employed by NHS England and our suppliers are subject to security checks and are required to complete mandatory data security training.
How long we keep your personal data for
We will retain your personal data for the duration of your time using the Integration training environment.
If you wish to have your access removed from the environment, we will aim to complete this within seven working day and we will immediately and permanently remove your Universally Unique Identifier (UUID) from the Integration training environment. We will confirm your removal in an email which will then be deleted, and we will not retain any of your information beyond this point.
Your rights in relation to personal data
We respect your rights to access and control the personal data that we hold about you, as required by Data Protection Legislation. This includes your rights in respect of:
- access to the personal information we hold about you
- correction
- restriction of processing - where an individual contest the accuracy of the personal data, processing should be restricted until accuracy has been verified
You can exercise these rights at any time by emailing the e-RS training team at [email protected]. Any requests for information will be acknowledged within 1 working day.
If you wish to make a complaint about how we have managed your data, contact details for the Regulator are provided below:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow WSK9 5AF. Website: https://ico.org.uk/.
How to contact us
If you have any questions or concerns about this privacy statement or the way in which we process your data, please contact us at [email protected].
Last edited: 13 November 2024 3:22 pm