Terminology Server: GDPR information

Summary

Why and how we process your data when you choose to use the NHS Digital Terminology Server and your rights.

Controller	NHS Digital in determining the purpose for processing the small amount of data required to access the Terminology Server.
How we use the information (processing activities)	NHS Digital collects the minimum amount of information to enable an account to be set up and managed to allow a Terminology Server to be accessed. This service allows people to access the codes that underpin the management of health and care services.
Does this contain sensitive (special category) data such as health information?	No
Who are recipients of this data?	Personal information may be accessed for system support purposes. A 3rd party is contracted to provide the Terminology Server.
Is data transferred outside the UK?	This data is not transferred out of the UK
How long the data is kept	Data is deleted once service is decommissioned. History of user transactions, including user details, is maintained for referential integrity.
Our lawful basis for holding this data	Public task
Your rights	Be informed Get access to it Rectify or change it Erase or remove it Restrict or stop processing it Move, copy or transfer it Object to it being processed or used Know if a decision was made by a computer rather than a person
How can you withdraw your consent?	Consent is not the basis for processing.
Is the data subject to decisions made solely by computers? (automated decision making)	No
Where does this data come from?	Staff in health and care organisations that wish to use the Terminology Server.
The legal basis for collecting this data	GDPR: Article 6 (1e) – Public task - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller DPA 2018: Schedule 1, Part 1, paragraph 2 - Health or social care purpose