Skip to main content

Isolation note service privacy policy

About this policy

This privacy policy relates to a website (https://111.nhs.uk/isolation-note) provided by NHS Digital through which – in support of the Department of Health and Social Care's COVID-19 response – you can "Get an isolation note" and "Check an isolation note" (the "Service").

This privacy policy explains what we do with your data if you choose to use the Service to "Get an isolation note" or "Check an isolation note" and what your rights are.

Note: due to the evolving nature of COVID-19 response, it may be necessary to enhance the Service. This may include changing the way we process personal data it captures and who we share it with. However, personal data will always be processed in accordance with data protection laws and this privacy notice will be updated to reflect any changes to the Service.

Learn more about coronavirus (COVID-19).

Our commitment to protecting your personal information

Whenever you provide personal information to a third party, that party is legally obliged to use your information in line with data protection law.

We take the security of your personal information seriously. We've set up security measures, policies and procedures such as:

  • training all staff annually in data and security protection
  • monitoring our platform to keep your personal information secure
  • following good practice guidance provided by the National Technical Authority
  • always using legally binding agreements with all organisations we use
  • having security and confidentiality policies in place across the organisation, to which staff must agree before they're given access to personal information
  • restricting access to personal information to only those staff who need access to perform their role

The Service and who we are (Controller's contact details)

The Service allows a user to:

  • Get an isolation note as an alternative to obtaining a GP fit note (sometimes referred to as a sick note) to evidence that you or a person you live with and/or care for was instructed to stay at home. This can then be used for sick pay purposes.
  • Check an isolation note enabling an authorised individual or body, such as an employer, to verify it is valid.

The Service also provides a public-facing helpdesk for user queries relating to the functionality of the service.

NHS Digital also operates the NHS 111 online service, including the NHS 111 online coronavirus service.

NHS Digital

NHS Digital was set up by the Department of Health and Social Care in April 2013 and is an executive non-departmental public body that provides national information, data and IT systems for health and care services. Find out more about NHS Digital.

NHS Digital is the controller for the personal data we process, unless otherwise stated.

You can contact us by post, telephone or email. More details are available on our contact page.

Our postal address is:

1 Trevelyan Square
Boar Lane
Leeds
LS1 6AE

Telephone: 0300 303 5678

Email: enquiries@nhsdigital.nhs.uk

Our Data Protection Officer

Our Data Protection Officer, whose duties include monitoring internal compliance and advising the organisation on its data protection obligations, can be contacted via enquiries@nhsdigital.nhs.uk.

Our legal basis for processing personal data

The Department of Health and Social Care on behalf of the Secretary of State has directed NHS Digital under s.254 of the Health and Social Care Act 2012 to collect and analyse data in connection with COVID-19 and set up a system to collect this data. This includes the "Get an isolation note" service and the "Check an isolation note" service. The legal direction is titled COVID-19 Public Health Directions 2020 dated March 2020.

NHS Digital has also been requested by the NHS in Scotland, Wales and Northern Ireland to provide this service to residents of these countries:

Our legal basis for processing your personal data under the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018) is:

  • GDPR Article 6 (1) (c) – processing is necessary to comply with a legal obligation
  • GDPR Article 6 (1) (e) – processing is necessary for the performance of a task carried out in the public interest
  • GDPR Article 9 (2) (g) – processing is necessary for reasons of substantial public interest
  • DPA 2018 – Schedule 1, Part 2, (6) (1) – Statutory and government purposes
  • GDPR Article 9 (2) (h) – processing is necessary for the management of health or social care systems and services
  • DPA 2018 – Schedule 1, Part 1, (2) (2) (f) – Health or social care purposes

If you agree to take part in feedback or surveys about the Service, our legal basis for processing your data in this context is consent (GDPR Article 6 (1) (a)).

What information we collect about you and how it is used

The information processed for the purposes of the Service can be split into several different categories.

Details of the information and personal data falling within each of the categories where NHS Digital is the controller are set out below.

Categories of information and personal data where NHS Digital is the controller – for both "Get an isolation note" service and "Check an isolation note" service.
Category of information Personal data Special categories of personal data
Service audit data Information captured against the user's Client IP Address about your use of the Service, such as the time of use, actions you took using the Service, and associated technical log events. Used to diagnose problems, understand usage by individuals and the Service as a whole. None
Service isolation note data

Collected for "Get an isolation note" service only
Details of the user (name, date of birth, reason(s) for self-isolation, start date of self-isolation) used to personalise the isolation note and their email address used to send it to them through GOV.UK Notify (our processor). Yes – the reason(s) for self-isolation may contain a limited quantity of health data reflecting a coronavirus diagnosis for you or a person you care for.
Service helpdesk information The personal data you provide if you contact the helpdesk; could include information about your use of the Service. None
Service helpdesk feedback and surveys The personal data you provide if you provide feedback such as responding to one of our surveys. None

Who we share your data with

If you are using the "Get an isolation note" service in order to send you a link to download a copy of your isolation note we use the GOV.UK Notify email service. This is operated by the Cabinet Office as our processor. The only personal data we share to use this service is your email address. For more information about the GOV.UK Notify email service, please see their privacy policy.

If you are using the "Check an isolation note" service we do not share any of your personal data in an identifiable form.

We will also share aggregate (non-personal) data with the Department of Health and Social Care (including NHS England, NHSX, Public Health England) and the Department of Work and Pensions. This will be used to understand service usage and performance.

How NHS Digital uses your personal data and why

The processing of your personal data is necessary to provide you with the Service and ensure the functionality of the Service.

You will not be able to use the Service unless you agree to its terms of use and this privacy policy.

We may need to share your personal information if we are required to do so by law.

How long we keep your data for

The retention period for each category of information - for both "Get an isolation note" service and "Check an isolation note" service.
Category of information Retention period
Service audit data 6 years after the audit event occurred
Service isolation note data

Collected for "Get an isolation note" service only
8 years after the isolation note was issued
Service helpdesk information 12 months
Service helpdesk feedback and surveys 12 months

Where this data is stored and processed

We only store and process your personal data within the UK.

Your rights

Under data protection law you have certain rights. The rights available to you depend on our reason for processing your data. These rights are listed below:

  • to know how your data will be collected, processed and stored, and for what purposes
  • to withdraw your consent (only applies for service helpdesk feedback and surveys)
  • to request a copy of your personal data
  • to correct your personal data errors or omissions
  • to request we delete your personal data (only applies for service helpdesk feedback and surveys)
  • to request we restrict our use of your personal data (for example, if you think it's inaccurate and needs to be corrected before it's used)

You can read more about your rights and when they apply on the Information Commissioner's Office's (ICO) website.

Your right to complain

If you wish to raise a complaint about how NHS Digital uses your data, visit our feedback and complaints page. You also have the right to raise a concern with the Information Commissioner's Office at any time.

Points of contact for queries

If you have any queries in relation to the use of your personal data within the Service, or in the Service generally, see the information on our help and support page in the first instance.

Changes to the privacy policy

The terms of our privacy policy may change from time to time. Any updates to the privacy policy will be published on the Service website.

Page last reviewed: 7 April 2020
Next review due: 7 October 2020