About this policy
The Service is intended for people aged 18 and over.
Learn more about coronavirus (COVID-19).
The Service and who we are
The Service allows you to give your permission for NHS Digital to collect your information and share the details you provide through the Service with the Department for Health and Social Care (DHSC) to provide you with vitamin D supplements.
The Health and Social Care Information Centre, known as NHS Digital, was set up under the Health and Social Care Act 2012 (2012 Act) and is part of the NHS in England. We securely collect, analyse and share information to improve health and social care services. Find out more about NHS Digital.
Our legal basis for collecting, analysing, and sharing personal information
NHS Digital is the controller for the personal information collected and processed about you as part of this Service under the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA18).
When we share your details with DHSC, they are the controller for processing your personal information in order to get the vitamin D supplements delivered to you.
NHS Digital is a controller jointly with the Secretary of State for Health and Social Care, who has legally directed NHS Digital to operate IT systems and to collect, analyse and share information to support the response to the coronavirus outbreak in England. This includes operating the Service. The COVID-19 Public Health Directions 2020 (COVID-19 Directions) are made under the 2012 Act. A direction is a legally binding document.
GDPR legal basis
NHS Digital’s legal basis for processing your personal information under the GDPR is:
GDPR Article 6 (1) (e) – processing is necessary for the performance of a task carried out in the public interest, where we have been legally directed and requested to provide the Service and where you choose to register your application to receive vitamin D supplements.
Article 6 (1)(c) of GPDR – processing is necessary under legal obligation as NHS Digital is directed to process personal data for COVID-19 purposes and is also necessary under legal obligation by virtue of the Control of Patient Information Regulations 2002 in order to provide the Service to register for your vitamin D supplements
NHS Digital’s legal basis for processing the information you provide us about your health and ethnicity under GDPR is:
- GDPR Article 9 (2) (g) – processing is necessary for reasons of substantial public interest, where we have been legally directed and requested to provide the Service, plus Part 2 Schedule 1 of the DPA18, paragraph 6, statutory and governmental purpose;
We have in place an appropriate policy document for this Service, which is required under the DPA18 in order to process the information we collect about your health (or special category data). This provides information about our procedures for complying with the data protection principles under GDPR and explains how long we will retain your information for. This is also explained below under 'How long we keep your personal information for'.
How we use your personal information and why
The processing of your personal data is necessary to provide you with the Service and ensure the functionality of the Service.
We may need to share your personal information if we are required to do so by law.
We collect the following personal data from you, via you entering this on the Service site:-
- NHS Number
- Date of Birth
- Contact email address
- Preferred delivery address
To check that you are on the shielded patient list
NHS Digital will use your NHS number and Date of Birth to check that you are on the shielded patient list and entitled to receive this Service.
For more information about how we use your data for the shielded patient list see the shielded patient list transparency notice.
To contact you by email
If you provide us with a contact email address, you will receive an email communication from DHSC to inform you whether your application for vitamin D supplements has been accepted or if you are not entitled to them. NHS Digital performs this on behalf of DHSC.
If you do not provide an email address for us to contact you we will not be able to confirm if your application has been accepted.
To give your details to distributor, who are supplying the service on behalf of the DHSC, so you receive the vitamin D supplements
- Application Reference Number (generated by the Service at the point at which you submit your application)
To produce reports
We will provide anonymous data (for example statistical reports which does not allow you to be identified) with DHSC, this will be used to understand service usage and performance.
Who we share your personal information with
The personal information you provide be shared with DHSC’s suppliers in order to supply you with the vitamin D supplement.
How long we keep your personal information for
The partner provider will retain your personal data until 31 March 2021.
DHSC and NHSD will retain your personal data for a two-year period from the end of the service (that is, until 31 March 2023) to enable us to deal with queries and to contact you if necessary.
Where we store your personal information
We store and process your personal information for this Service in the United Kingdom.
Your rights over your personal information
To read more about the health and care information NHS Digital collects, our legal basis for collecting this information and what choices and rights you have, see how we look after your health and care information , our general transparency notice and our Coronavirus (COVID-19) response transparency notice
If you have any queries in relation to the use of your personal information in connection with the Service, or if you want to exercise any of your rights above, please contact email@example.com.
Our Data Protection Officer is Kevin Willis, whose duties include monitoring internal compliance and advising the organisation on its data protection obligations. You can contact him at firstname.lastname@example.org.
Contact the Information Commissioner
If we are unable to resolve any queries or concerns in relation to the use of your personal information in connection with the Service, you can raise your concern with the Information Commissioner. You can contact the Information Commissioner’s Office:
- using the online Contact Us service
- by calling 0303 123 1113
- by writing to the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Changes to this notice