|We or Us or Our||The Department of the Health and Social Care who have commissioned this application on behalf of the NHS|
|You or the User||The individual using the Services|
|Services||The services, functionality and capability provided to the User as provided by the NHS Covid-19 within this document|
|Device||The mobile phone that is used to access the Services|
|Online Content||Any materials or content of whatever nature available through the Services (including the NHS Covid-19 App) including any information, data, text, images, videos, interactive services, links to products and apps, and other works in any format|
These are the terms and conditions for COVID19.NHS.UK app.
We have developed an app that lets you know if you may have been near someone with coronavirus (Covid-19) symptoms (the "NHS Covid-19 App").
The NHS Covid-19 App enables you to:
- Report if you have any coronavirus symptoms
- Receive a notification that is not contemporaneous if you have been near someone else who has reported symptoms via this app
- Receive advice on what to do to stop the virus spreading further
- Receive advice on what number to telephone in order to access Covid-19 testing and a code to quote in order to access the testing (the "Services")
You can report coronavirus symptoms and receive coronavirus advice using methods other than the NHS Covid-19 App – when we refer to the "Services" in these terms, we mean such services when they're made available to you specifically through the NHS Covid-19 App.
To find out more about who we are and our role, visit: https://www.nhsx.nhs.uk/.
If you want to learn more about the NHS Covid-19 App, you think the NHS Covid-19 App is faulty, or you wish to contact us for any other reason, please visit our website https://www.covid19.nhs.uk/, where you can see FAQs and find contact details.
2. When these terms apply
- Our https://covid19.nhs.uk/our-policies/ as may be updated from time to time, which sets out the terms on which we process any personal data we collect from you, or that you provide to Us via the NHS Covid-19 App.
In providing you with the Services, We will securely store data provided by you relating to your healthcare information and data in relation to your proximity to other app users, either on the NHS Covid-19 App and/or otherwise. Please see the https://covid19.nhs.uk/our-policies/ for more information about how and why We store your data.
3. How to use the NHS Covid-19 App
The Services are free and available to anyone in the UK.
The Services are intended for use only by people who who are living in or visiting the UK.
Use of the Services is not authorised in any country outside the UK that does not give effect to all provisions of these terms and conditions, including without limitation the choice of law and jurisdiction clauses.
If your device has an operating system provided by:
- APPLE. In order to use the NHS Covid-19 App and experience the full benefits of the Services, you are required to enable Bluetooth and to allow push notifications from the NHS Covid-19 App.
- ANDROID. In order to use the NHS Covid-19 App and experience the full benefits of the Services, you are required to enable Bluetooth and location services and to allow push notifications from the NHS Covid-19 App.
In order to use the NHS Covid-19 App and the Services, you must be aged:
- APPLE USERS: 17 years or older
- ANDROID USERS: 16 years or older
We have many measures in place to keep your data safe. But it is important that you also play your part – visit the government's Get Safe Online for advice on how to do this.
4. Accessing the Services
You are responsible for making all arrangements necessary for you to access the Services, including but not limited to having a mobile phone connection and an appropriate device ("Device") for access to apps.
We do not guarantee that the Services will always be available or that access to them will be error-free or uninterrupted. We may suspend, withdraw, discontinue or change all or any part of the Services (including the NHS Covid-19 App) without notice. We will not be liable to you if for any reason the Services are unavailable at any time or for any period.
We are giving you personally the right to access and use the NHS Covid-19 App and Services. You may not transfer the NHS Covid-19 App or access to the Services to anyone else. If you sell, loan, or otherwise dispose of any device on which the NHS Covid-19 App is installed, you must remove the NHS Covid-19 App from the device beforehand.
The NHS Covid-19 App and Services are only intended to be used by you. Where you permit any other person to use your phone to access and use the NHS Covid-19 App or the Services, you:
- Do so entirely at your own risk
- Are responsible for their access and use of the Services as if it were your access and use
In using the NHS Covid-19 App you must:
- Comply with all applicable laws, including without limitation, Privacy laws, Data Protection Act 2018, Computer Misuse Act 1990 and regulatory requirements
- Ensure that any information you provide to Us via the NHS Covid-19 App is accurate
- Use the NHS Covid-19 App in an honest manner
You also must not:
- Report false information or misrepresent information
- Attempt to use another person’s NHS Covid-19 App
- Copy, use, disclose any information from the NHS Covid-19 App without the consent of DHSC
- Disclose information that you do not have the consent to disclose
- Publicly disclose information which may undermine the security of the NHS Covid-19 App; any identified security issues must be responsibly reported through the NHS vulnerability disclosure programme
The NHS Covid-19 App is available to download, free of charge, onto your device from either Google Play or Apple's AppStore marketplaces (the "App Marketplaces").
When you access and use the Services via the NHS Covid-19 App, you will also be subject to the terms, guidelines and conditions applied by any relevant App Marketplace from whose site you downloaded the NHS Covid-19 App (the "Marketplace Rules"). You should carefully review the Marketplace Rules before downloading the NHS Covid-19 App and ensure that you are able to comply with them. If you have any questions in relation to the relevant Marketplace Rules, you should contact either Google or Apple, as appropriate.
In order to operate correctly, the NHS Covid-19 App requires you to use a device and operating system that comply with certain minimum requirements. These minimum requirements can be found on our website at https://covid19.nhs.uk/.
5. Updates to the NHS Covid-19 App
From time to time We may automatically update the NHS Covid-19 App to improve performance, enhance functionality, reflect changes to the operating system, or address security issues. Alternatively, We may ask you to update the NHS Covid-19 App for these reasons. You must install these updates to ensure optimum functionality and security.
Depending on the update, you may not be able to use the NHS Covid-19 App until you have downloaded the latest available update.
If you choose not to install updates or opt out of automatic updates, you may not be able to continue using the NHS Covid-19 App and the Services, or if you do continue using the NHS Covid-19 App, you may find that its functionality and/or performance is impaired. Failure to install updates may compromise the security of your data.
6. Details about the Services
The Services are designed to help the NHS stop the spread of coronavirus in the UK. In order to achieve the intended benefits of the Services, you must ensure that all data provided by you via the Services is complete and accurate.
The NHS Covid-19 App and Services:
- are intended to provide you with information and services to help you manage potential or actual coronavirus symptoms. It is not a substitute for seeking medical advice from a doctor or other healthcare professional. Always follow any medical advice given by your doctor or other healthcare professional
- do not provide medical or clinical diagnostic services
- are not intended to be prescriptive or authoritative on their own in respect of a diagnosis, condition or treatment, and are not intended to provide information on which you should solely rely
You should always check with your doctor or other healthcare professional if you have any concerns about your condition or treatment and before taking, or not taking, any action on the basis of the NHS Covid-19 App or Services.
Please note your doctor or other healthcare professionals remain ultimately responsible for your health and wellbeing (including but not limited to any diagnosis or other healthcare advice) and the NHS Covid-19 App and Services are additional information resources made available to you to inform and support that care.
7. Ending your use of NHS Covid-19 App
You may stop using the NHS Covid-19 App at any time.
If you delete the NHS Covid-19 App you will not be able to access the Services.
If you delete your NHS Covid-19 App or We end your right to use the NHS Covid-19 App:
- We will cease providing you with access to the NHS Covid-19 App and Services
8. Your right to use the NHS Covid-19 App and Services
We either own or have the right to use for the purposes of providing the Services (including the NHS Covid-19 App) all intellectual property rights, including rights in copyright, patents, database rights, trademarks and other intellectual property rights, ("NHS IPR") in:
- the Services (including the NHS Covid-19 App)
- any materials or content of whatever nature available through the Services (including the NHS Covid-19 App) including any information, data, text, images, videos, interactive services, links to products and apps, and other works in any format ("Online Content")
Permission to use NHS IPR
You may, solely for your own personal use:
- download a copy of the NHS Covid-19 App onto an appropriate device and view, use and display the NHS Covid-19 App and any Online Content on such device
- access and use the Services (including Online Content)
- not copy the NHS Covid-19 App or Services except where such copying is incidental to normal use
- not rent, lease, sub-license, loan, translate, merge, adapt, vary or modify the NHS Covid-19 App or Services
- not modify the NHS Covid-19 App or Services, or permit them to be combined with, or become incorporated in, any other programmes or services
- not disassemble, decompile, reverse-engineer or create derivative works based on the whole or any part of the NHS Covid-19 App or other Services
- comply with all technology control or export laws that apply to the technology used by the NHS Covid-19 App or other Services
9. Prohibited uses
You may not:
- transmit any material that is defamatory, offensive or otherwise objectionable in relation to your use of the NHS Covid-19 App or Services
- collect any data from Our systems or any other systems or attempt to decipher any transmissions to or from the servers running any Services
- use the NHS Covid-19 App or Services on any device or operating system that has been modified outside the mobile device or operating system vendor supported or warranted configurations. This includes devices that have been "jail-broken" or "rooted". A jail-broken or rooted device means one that has been freed from the limitations imposed on it by your mobile service provider and the device manufacturer without their approval:
- in a way that could damage, disable, overburden, impair or compromise Our systems or security or interfere with other users
- in connection with any kind of denial-of-service attack whether in relation to the NHS Covid-19 App, Services or otherwise. By breaching this provision, you may be committing a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities, and We will cooperate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use the NHS Covid-19 App and Services will cease immediately
- in any way that constitutes improper use or otherwise in a manner not reasonably contemplated by these terms and conditions to knowingly transmit any data, send or upload any material that contains viruses, Trojan horses, worms, spyware or any other harmful programmes or similar computer code designed to adversely affect the operation of any computer software or hardware
10. Our liability to you
Please read this clause carefully, as it sets out the limits of Our liability to you in relation to your use of the NHS Covid-19 App, Services and Online Content.
The NHS Covid-19 App and the Services (including any Online Content) may contain technical inaccuracies or typographical errors. We reserve the right at any time and without notice to make changes and improvements to the NHS Covid-19 App, Services and any Online Content.
Although We make reasonable efforts to update them, the NHS Covid-19 App, Services and Online Content, are provided "as is" and, to the extent permitted by law, We make no representations, warranties or guarantees, whether express or implied (including but not limited to the implied warranties of satisfactory quality and fitness for a particular purpose), that the NHS Covid-19 App, Services and Online Content are (a) accurate, complete or up-to-date; (b) meet your particular requirements or needs; or (c) access to, or use of, the same will be uninterrupted or completely secure.
If the need arises, we reserve the right to amend, delete, suspend or withdraw all or any part of the Services (including the NHS Covid-19 App or Online Content) without notice. We will not be liable if, for any reason, the Services (including the NHS Covid-19 App or Online Content) or any parts are unavailable at any time.
We cannot guarantee that the Services (including the NHS Covid-19 App or Online Content) will be uninterrupted or error-free, that defects will be corrected, or that the Services (including the NHS Covid-19 App or Online Content) or the servers that make them available will be free of viruses or represent the full functionality, accuracy or reliability of the materials. You should use your own virus protection software (and ensure that it is regularly updated) when accessing and using the Services through the NHS Covid-19 App, and you acknowledge that the introduction of threats or viruses may be as a result of circumstances that are not within Our control.
Some of the professionally authored links from the Services and Online Content (see 8.1.2) are to reputable institutions and societies, and the content accessed via such third party links can be a valuable source of information. However, not all medical resources on the internet are authoritative or current. Any decision about your health or medical care based solely on information obtained from the internet could cause harm. While We hope that you will find the third-party sites to which We provide links to be of interest, We can accept no responsibility in respect of any third-party websites or any information contained therein.
We will not be liable or responsible for:
- any loss or damage caused by a technological virus, distributed denial-of-service attack, or other technologically harmful material that may infect your device, computer equipment, computer programmes, data or other proprietary material due to your use of the Services (including the NHS Covid-19 App) or to your downloading of any Online Content or in respect of any website linked to it
- any harm that you suffer where this is not caused by Our negligence or for any independent clinical decisions you make based on the information provided by the NHS Covid-19 App
- any business loss (including but not limited to loss of profits, revenue, contracts, anticipated savings, data, goodwill or wasted expenditure)
- any loss or damage arising from an inability to access and/or use the Services in whole or in part
- use or reliance on any content available through the Services (including the NHS Covid-19 App and any Online Content) regardless of the origins of such content unless due to Our breach or negligence
- any other loss or damage whether arising under tort (including negligence), breach of contract, breach of statutory duty or otherwise
This clause 10 does not affect any legal rights you may have as a consumer in relation to defective services or software. Advice about your legal rights is available from your local Citizen's Advice or Trading Standards Office.
These are the terms and conditions for the covid19.nhs.uk website.
You should also read:
- our cookies policy, which may be updated from time to time. This sets out information about the cookies we use and how we use them when you access and use this website
This website enables individuals to get help and information relating to the NHS COVID-19 App.
The Department of Health and Social Care owns or has the right to use all intellectual property rights in the contents of this website or used for the provision of this website. This includes rights in copyright, patents, database rights, trademarks and other intellectual property rights. Those works are subject to crown copyright protection and protected by intellectual property right laws and treaties around the world. All such rights are reserved.
- any logos, visuals, image rights, trademarks, trade names and design styles (except where these are integral to a document or data set) and any other intellectual property rights including, but not limited, to patents, design rights and trademarks
- personal data
- information owned by third parties, which we are not authorised to licence to you
3. Using this website
This website is only authorised for use by people who live in England, Wales, Scotland and Northern Ireland. References to "the NHS" mean "the NHS in England, Wales, Scotland and Northern Ireland" unless otherwise stated.
You are responsible for making all arrangements necessary for you to access this website, including but not limited to an internet connection. You should use your own virus protection software.
We have many measures in place to keep your data safe. But it is important that you also play your part and use a secure internet connection – visit the government's Cyber Aware website for advice.
You may stop using this website at any time.
This website has no functionality to create an account or save progress. This means that if you do not complete the data entry screens for the whole journey in one session you will need to start again when you return. Once you have completed your journey you will receive text updates if you have selected to receive notifications.
If you access this website to obtain an enter information for someone else:
4. Usage terms
We do not guarantee that this website will always be available or that access to it will be error free or uninterrupted. We may suspend, withdraw, discontinue or change all or any part of this website without notice. We do not guarantee that this website will be secure or free from bugs or viruses.
This website may contain links to other sites. We are not responsible for the content of any third-party website and a link to another site in no way constitutes our endorsement of its contents.
You may link to our homepage, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it. You must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part. We reserve the right to withdraw linking permission without notice.
You must not, in relation to your use of this website:
- use our intellectual property rights other than as allowed in using this website section above
- transmit any material that is defamatory, offensive or otherwise objectionable
- collect any data from our systems or attempt to decipher any transmissions to or from our servers
- use it in a way that could damage, disable, overburden, impair or compromise our systems or security or interfere with other users
- misuse it by knowingly introducing viruses, trojans, worms, logic bombs or other material that is malicious or technologically harmful. You must not attempt to gain unauthorised access to our site, the server on which this website is stored, or any server, computer or database connected to this website. You must not attack this website via a denial-of-service attack or a distributed denial-of-service attack. By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them
- use it to knowingly transmit any data, send or upload any material that contains viruses, trojan horses, worms, spyware or any other harmful programmes or similar computer code designed to adversely affect the operation of any computer software or hardware
In the event of such a breach, your right to use this website will cease immediately.
Please read this clause carefully, as it sets out the limits of our liability to you (and any person you are using this website on behalf of).
Although we make reasonable efforts to update it, this website is provided "as is" and, to the extent permitted by law, we make no representations, warranties or guarantees, whether express or implied (including but not limited to the implied warranties of satisfactory quality and fitness for a particular purpose), that (a) this website is accurate, complete or up-to-date; (b) this website will meet your particular requirements or needs; or (c) access to, or use of, the same will be uninterrupted or completely secure.
You acknowledge and agree that we will not be responsible for any injury, loss, damage, costs or expenses (whether direct or indirect) arising out of, or relating to the use or misuse of this website, except to the extent that such liability cannot be excluded by law (i.e. our liability for death or personal injury arising from our negligence, or our fraud or fraudulent misrepresentation or any other liability that cannot be excluded or limited under English law).
This means that we have no liability to you (or anyone else you may use this website on behalf of) for:
- any contractual or statutory sickness pay, or reclamation of statutory sickness pay
- any business loss (including, but not limited to, loss of profits, revenue, contracts, anticipated savings, data, goodwill or wasted expenditure)
- any loss or damage where this is not caused by our negligence
- any loss or damage arising from an inability to access and/or use this website in whole or in part
- any loss or damage caused by a virus, distributed denial-of-service attack, or other technologically harmful material that may infect your device, computer equipment, computer programs, data or other proprietary material due to your use of this website
- any other loss or damage whether arising under tort (including negligence), breach of contract, breach of statutory duty or otherwise
7. Contact details
To find out more about who we are and our role, visit the contact us page.
The NHS COVID-19 app: Privacy notice
The NHS COVID-19 app: Privacy notice
This is the privacy notice for NHS COVID-19 app.
The Government has asked the NHS to develop a mobile application (App) to contribute towards the response to the Coronavirus outbreak, with the aim of reducing the spread of coronavirus. The COVID-19 App does this by recording when its users are in proximity to one another, but without recording their actual identities or location, and by sending alerts to users who have come close to someone who has reported via the App that they have Coronavirus symptoms.
At this stage, use of the App is limited to the Isle of Wight. This is to ensure the App works correctly in advance of its planned nationwide rollout.
The App does not collect, store or reveal its users’ actual identities (i.e. name, telephone number or other such personal data). Nor does the app record your location.
However, to work properly the App creates unique user IDs. These IDs do not identify you and are necessary to support the operation of the App. For example, they are used to work out how close you are to another App user through the use utilisation of Bluetooth technology. This data, if you choose to submit it via the App, is sent to a central database which provides an alerting service. The App protects users’ identities by using a few codes, which are further detailed below, that are unique to the App on your phone but do not link to any information that identifies you.
Whilst the information processed by the App does not directly identify you, the encrypted IDs will be unique to the App on your phone, so we are applying strict measures required by data protection legislation.
Public trust and confidence is paramount to the App’s success and so applying strong privacy controls to the App supports this. This Privacy Notice will be updated should changes be made to the App as a result of our increased understanding of the disease.
NHS COVID-19 App – what is it?
The NHS COVID-19 App (App) is an automated system that enables:
- You to rapidly report symptoms – via a self-diagnosis tool contained in it, and it can return advice to you on next steps
- The generation of a unique but non-identifying code to order test kits if necessary – to confirm a coronavirus diagnosis
- The App to send specific and targeted alerts to other NHS COVID-19 app users that have previously been in close contact with you, if you develop suspected or confirmed coronavirus
To send alerts to other users, they must also have downloaded and enabled the App.
Downloading and using the App is voluntary, and you do not have to use the App. If you do decide to download the App, you have the option to decide which elements of the App you wish to use. You can choose to use all of the functions, or just one, and you should follow any instructions the app gives you.
When you download and use the App, regardless of the functions you choose to use, you do not have to identify yourself. Your identity will also not be accessible by other users of the App, for example, when you receive an alert to inform you that someone you have been in close contact with has reported symptoms, it will say something like “someone you have been in contact with recently has reported symptoms of coronavirus”. It will not display your name, because the App does not collect it or require you to provide it. Another App user’s phone will record the fact that your phone has been in proximity but it will not be possible to identify you personally from the record that will be created on the other phone.
By receiving the alert, you will be able to take the necessary next steps to protect yourself and others.
How we protect your privacy
The App is designed to preserve your anonymity. It does not collect nor transfer any information that identifies you (for example, name, date of birth, telephone number, NHS number or GPS location data).
The App works with a central database, controlled by DHSC, which supports the issue of alerts to other users. The information provided to the database only happens when you choose to send the data collected by your phone via the App. A prompt allowing you to make this choice may occur where you are self-diagnosing through the App or have a positive test result for COVID-19. Alternatively, you may be prompted by the App to send your data where you have been in contact with someone with COVID-19.
For the App to function, it needs a few codes that are unique to the App on your phone. They are not linked to any information that directly identifies you and you will not see them when you use the app. These are:
- A code that is given by the central database when you register as a user. This is used to uniquely reference the data on your phone and the data you may submit to the central database that provides the alerting service.
- An encrypted version of the same code that is collected over Bluetooth by other App users’ phones when they are close to your phone and similarly collected by your phone as a log of your proximity with other App users
- A messaging code used to alert you when you have been close to another App user that has reported having COVID-19 symptoms to the App.
You do not see any of these, and cannot access them when using the App.
The App also allows you to request a one-time use code which you can use to order a diagnostic test if you choose to tell the App that you may have symptoms of COVID-19. The App will not collect any directly identifying data when you do this.
In a future release, the one-time code may be used to allow the reporting of test outcomes back to the App. Where this is the case, this Privacy Notice will be updated.
If you are resident in England, data will be sent to a central NHS database to help NHS organisations to respond to Coronavirus.
For residents in Wales, Scotland and Northern Ireland, your health bodies or national government have requested NHS Digital send test results to your country.
The Department of Health and Social Care (DHSC) is the Data Controller for the App, for the purposes of Data Protection legislation. They decide:
- What information is required
- The purpose/s for using information for the App
- How it is intended to be used by users
As data controller DHSC is legally responsible for the App complying with Data Protection legislation.
NHS England and NHS Improvement will provide resources in support of this processing.
Organisations which carry out data processing on behalf of DHSC are known as data processors. They may only act under instruction set out in a written contract, with a clear legal basis and they are legally obliged to meet their own obligations under data protection legislation. They cannot use your information for any other purpose without the permission of the data controller and to do so would be unlawful.
DHSC have appointed Data Processors under legally binding contracts to;
- process data and information relating to the App; and
- to provide technical support and maintenance for the App.
DHSC has appointed the following Data Processors:
Amazon Web Service (AWS) servers
- Providing the digital portal to support the App functions and exchange of data
- Back-up Data Processor to operate digital portal
- Enables messaging function within the App
Supports the DHSC COVID-19 team in development of the App and having specific access e.g. to fix problems
- Zühkle are operating as a sub-data processor to support Pivotal.
- Supports the DHSC COVID-19 team in development of the App and having specific access e.g. to fix problems
What personal data we collect
When you download the App, it will generate encrypted IDs, unique to your phone, and you will be asked for the first part of your postcode. The App collects data you input about your symptoms, as well as data about the encounters you have with other users of the App (i.e. the fact that you have been in close proximity with another App user but not the location of the encounter). However, the App does not collect any identifiable data about you. This means that it will not be possible for another user to identify that you are using the App or that any data collected from your phone and shared voluntarily by you via the App relates to you as an individual. The data collected on your phone by the App will stay on your phone unless you agree to share it. Other people’s phones will collect a log of proximity to your phone and this will be shared when they choose to upload their proximity events.
What other information may be needed
The information required depends on what App functions you choose to enable and use. The App will also collect the make and model of your phone (e.g. Apple iPhone 10) to help interpret the data as Bluetooth signal strength varies between devices. However, your phone number will not be collected by the App.
How we use your information in the App
The make and model of your phone and information you choose to enter into the App, such as possible symptoms will be used to:
- help provide you with advice on what actions you need to take
- inform other app users (who have been in close proximity to you) of any change in your status (this does not identify you).
Information that directly identifies you will not be collected by the App. The data from the App, will, however, be collected and used to:
- improve the performance of the App – which is standard practice for an app
- provide report information valuable to public health and planning, such as trend analysis, to allow further investigation (an example may be that a particular area is reporting a high level of App users reporting symptoms)
Your information used for other purposes
The information you provide, (and which will not identify you), may also be used for different purposes that are not directly related to your health and care. These include:
- Research into coronavirus
- Planning of services/actions in response to coronavirus
- Monitoring the progress and development of coronavirus
Any information provided by you and collected about you will not be used for any purpose that is not highlighted above.
DHSC’s legal basis for processing your personal data under the General Data Protection Regulation (GDPR) and Data Protection Act (DPA) 2018 legislation is:
- GDPR Article 6(1)(e) – the processing is necessary for the performance of its official tasks carried out in the public interest in providing and managing a health service
- GDPR Article 9(2)(h) – the processing is necessary for medical diagnosis, the provision of health treatment and management of a health and social care system
- GDPR Article 9(2)(i) – the processing is necessary for reasons of public interest in the area of public health
- DPA 2018 – Schedule 1, Part 1, (2) (2) (f) – Health or social care purposes
The other organisations involved in processing your data, as set out in this Notice will be doing so either with an agreement in place with DHSC to provide that service, or with a legal basis of their own.
DHSC with the support of NHSX have consulted with the Ethics Advisory Board (EAB) and Focus Groups regarding User Accessibility Testing to assure the App and its necessary usage of data. They have further consulted with:
- the National Data Guardian’s Panel;
- the Centre for Data Ethics and Innovation; and
- representatives from Understanding Patient Data
Your rights under DPA 2018 and GDPR
By law, you have a number of rights as a data subject, such as the right to access information held about you. The Information Commissioner’s Office provides more detail about individual rights https://ico.org.uk/your-data-matters/.
This App does not take away or reduce these rights.
If you are unhappy or wish to complain about how your information is used as part of this programme, you should contact the DHSC Data Protection Officer in the first instance to resolve your issue (see Data Protection Officer section).
If you are still not satisfied, you can complain to the Information Commissioners Office. Their website address is www.ico.org.uk.
Retention and Storage of your information
In accordance with the law, personal data will not be kept for longer than is necessary. The exact retention period for data that may be processed relating to COVID-19 for public health reasons has yet to be set (owing to the uncertain nature of COVID-19 and the impact that it may have on the public).
In light of this, we will ensure that the necessity to retain the data will be routinely reviewed by an independent authority (at least every 6 months).
There will be a research value for data selected by the NHS COVID-19 App, along with any other COVID-19 data set. Whilst the NHS COVID-19 App will ensure that information processed within the NHS COVID-19 App cannot be linked to any individuals, there may be requests to process data from the App for research purposes, which may be linked with identifiable data. All such requests will be subject to further approvals and independent oversight.
Security of your information
We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to information collected by the App. These include the encryption (i.e. masking) of your phone’s unique reference number when shared with other devices.
Data Protection Officer
The Data Protection Officer for DHSC is John Ryder, who can be contacted by sending an email to email@example.com.
The covid19.nhs.uk website: Privacy notice
The covid19.nhs.uk website: Privacy notice
This the privacy notice for the covid19.nhs.uk website.
- how we use your information
- who we share your information with
- how we keep your data secure
- about your rights to see or change information held about you
Information that can identify you
We only collect information about you when you report a technical problem with the NHS COVID-19 App through our feedback form. This information is only collected to help us contact you to resolve your problem.
We will always tell you when we are collecting this information.
We ask for your:
- Email address
- Device you were using when you encountered the problem. For example, iPhone 7
We will pass your details on to the technical team, who are supporting the NHS COVID-19 App. By agreeing to submit your feedback you consent to the sharing of your personal information in a way which respects the Common Law Duty of Confidentiality.
The feedback form is run by using a tool provided by a third party (Microsoft Dynamics).
Other information we may collect
You can leave feedback of your overall experience of using the NHS COVID-19 App.This feedback is collected anonymously. We don’t look at it all the time and are unable to give you a response. If you need someone to get back to you about a medical issue please call 111.
We also collect anonymous information about how you reached the website, for example details of your web browser and part of your IP address. This is so we can improve the service for future users.
Keeping your personal data secure
A partner organisation is providing hosting services but has no say in how the information is used. There are no legal ways for their employees to see the data, only approved people in the NHS COVID-19 App development team can see it.
If you shared your email with us as part of your feedback answers it will be deleted after 2 years. At that point you can't be identified in the feedback data.
Links to other websites
Other uses of your data
NHSX will also share:
- anonymous information on how the service is used with the Department of Health and Social Care, NHSX and the National Cyber Security Centre.
- results from user research, anonymous feedback comments and changes made to the service as a result of it with NHSX and the NHS COVID-19 App development team.
We may pass on your personal information if we’re legally obliged to do so.
If you make a claim against us, we, and other third parties such as our solicitors, may need to look at this information.
We won’t share your personal information with anyone else without your permission for any other reason.