Skip to main content

Digital

User Zoom: GDPR information

Summary

Why and how we process data collected about you using User Zoom, and your rights.

Controller NHS Digital
How we use the information (processing activities)

The purpose of the processing is to iterate and improve the operation of our digital services and products based on real user testing and feedback. The unmoderated remote research tool will enable researchers to set pre-defined usability tests for prototypes, wireframes and beta websites to ensure our digital products are well designed and fit for purpose. The tool itself can capture qualitative and quantitative feedback from participants to enable us to assess ‘what’ users do when they interact with a product and also give some insight into ‘why’ they do it.
Does this contain sensitive (special category) data such as health information? Yes
Who are recipients of this data?

Only NHS Digital user researchers or nominated colleagues with a user account on UserZoom will be able to access raw data and video footage. Permission may also be provided for a stakeholder to have ‘results only’ access, which restricts the user permissions only to the results sections of projects they have been given access to. 

NHS Digital user researchers will view and analyse response data in order to create research findings reports. These reports, which may be shared with a wide range of internal and external stakeholders, will never contain personal identifiable or sensitive data unless there is clear permission from an individual respondent to do so.
Is data transferred outside the UK? This data is not transferred out of the UK
How long the data is kept 3 months
Our lawful basis for holding this data Public task
Your rights
  • Tick Be informed
  • Tick Get access to it
  • Tick Rectify or change it
  • Tick Erase or remove it
  • Tick Restrict or stop processing it
  • Cross Move, copy or transfer it
  • Cross Object to it being processed or used
  • Cross Know if a decision was made by a computer rather than a person
How can you withdraw your consent?

Participation in user research is voluntary. You can contact NHS Digital to withdraw consent for us to process your data at any time.
Is the data subject to decisions made solely by computers? (automated decision making) No
Where does this data come from? User research participants such as NHS and other healthcare staff, patients, users of digital NHS services, general public, suppliers of non-health and care related services to the NHS, commissioners, and local authorities.
The legal basis for collecting this data

H&SCA 2012 Section 274 (6) (7) & Schedule 18, paragraph 10 (General Powers) 
GDPR
Article 6 (e) public task

The condition for processing special categories of personal data is: GDPR Article 9(2)(h) - the management of health and social care systems, supplemented by DPA 2018, Schedule 1, Part 1, paragraph 2 - health or social care purposes.

+ DPA18 Section 8

No Common Law Duty of Confidence issues

Legal basis for analysis: No special category data will be processed.

Legal basis for disclosure: No publication or dissemination will take place