Skip to main content

Digital

Clinical Audit Platform: GDPR information

Summary

Why and how we process your data in the Clinical Audit Platform, and your rights.

Controller NHS Digital
How we use the information (processing activities)

The data (email addresses and IP addresses) is collected directly from a user via the registration form they submit. Their registration to CAP allows them to submit data for a particular audit / registry / collection. An IP address is required so that CAP can send the contents of the Web page to a user’s browser. The use of the IP Address and the Cookies is not related to tracking anyone or marketing to users, it is just related to the secure login and ensuring that the right person is only logged in when they are logged in.
Does this contain sensitive (special category) data such as health information? Yes
Who are recipients of this data?

N/A -  the data are not shared outside of NHS Digital.
Is data transferred outside the UK? N/A - the data are not shared outside of NHS Digital
How long the data is kept Currently accounts (that is, email addresses) are not deleted from CAP via the Administration tool and are instead made inactive against the audit / registry / collection when access is no longer required and are therefore still held in CAP. An email address could be deleted if requested on a case by case basis. We are reviewing developments on the system to enable email addresses to be routinely deleted when NHS Digital are made aware that the user should no longer have access to the system.
Our lawful basis for holding this data Legal obligation
Your rights
  • Tick Be informed
  • Tick Get access to it
  • Tick Rectify or change it
  • Tick Erase or remove it
  • Tick Restrict or stop processing it
  • Cross Move, copy or transfer it
  • Cross Object to it being processed or used
  • Cross Know if a decision was made by a computer rather than a person
How can you withdraw your consent?

A user can contact NHS Digital for their access to an audit, registry or collection to be removed. If required, technically an account could be removed by our development team.

To discuss your rights on withdrawing consent or opting out of the data you can email our customer service centre or call us on 0300 303 5678.
Is the data subject to decisions made solely by computers? (automated decision making) N/A - no automated decision making is involved
Where does this data come from? Users send in registration forms with their details to the NHS Digital Contact Centre.
The legal basis for collecting this data

Section 270 (additional functions)