Skip to main content

NHS Wales App privacy notice

About

Digital Services for Patients and the Public (DSPP) Programme, run by Digital Health and Care Wales, have started work on the NHS Wales App. The App gives people in Wales access to health and care services through their smartphones and tablets.

Being transparent and providing accessible information to individuals about how we may use personal data is a key element of the Data Protection Act (DPA) and the UK General Data Protection Regulation (UK GDPR). Digital Health and Care Wales (DHCW) is committed to building trust and confidence in our ability to process your personal information.

This privacy notices applies to core DSPP services. Services delivered by health and care partner organisation that are accessed via the app will have separate privacy notices. Additional privacy information relevant to DSPP and links to the privacy notices relating to other services will be included in Appendix A.

Data Controller

NHS Wales App

The Controller of the NHS Wales App for the purposes of the UK GDPR is:

Digital Health and Care Wales
Tŷ Glan-yr-Afon 21 Cowbridge Road East
Cardiff
CF11 9AD
Tel: 02920 500500
Email: dhcw-enquiries@wales.nhs.uk

Separate Privacy notices are provided for services made available via the NHS Wales App.

NHS Login

If you access our service using your NHS login details, the identity verification services are managed by NHS England.

DHCW has made a request entitled ‘"NHS login for the NHS Wales App request 202", pursuant to s255 of the Health and Social Care Act. This is a request that NHS England provides the NHS login Service solely to support access to the NHS Wales App. This means that NHS England and DHCW are joint controllers for any personal information you provided to NHS England to get an NHS login account and verify your identity. This restriction does not apply to the personal information you provide to us separately.

View the NHS Login Privacy Notice and Terms and Conditions

You can download full details of the joint controller arrangement between NHS England and Digital Health and Care Wales (193KB)

The Data Controller's Data Protection Officer

The Data Protection officer for Digital Health and Care Wales is:

Darren Lloyd
Digital Health and Care Wales
Tŷ Glan-yr-Afon
21 Cowbridge Road East
Cardiff
CF11 9AD
Tel: 02920 500500
Email: dhcw.informationgovernance@wales.nhs.uk

Data Processor

Digital Health and Care Wales have appointed a processor. The processors details are:

Kainos Group Plc
2nd Floor
21 Farringdon Road
London
EC1M 3HA

Description of our processing and our Lawful Basis for Processing

For Digital Health and Care Wales to process personal data we must have a lawful basis. We consider that where we process information in the NHS App we do so as part of our Public Task (Article 6 1(e) of the UK GDPR) in order to make health and care services available to the public.

The NHS Wales App also processes information about you such as information about your health or ethnicity. This type of information is known as Special Category Data under the UK GDPR. Where we process this type of information we must identify a condition for processing. We will use this data for the:

  • management of health and social care systems in facilitating an app to enable patients access health and care services (Article 9(2(h) of the UK GDPR), and
  • statistical purposes (Article 9 2(j) of the UK GDPR)

The types of Personal Data and Special Category Personal Data we process is detailed below.

Digital Health and Care Wales employs Kainos to develop the App.

What types of personal information we process may include personal details: 

  • Name
  • Age Group
  • Email Address
  • NHS Number

We also process sensitive classes of information, known as Special Category Data that may include:

  • racial and ethnic origin
  • physical or mental health details
  • religious or similar beliefs
  • sexual life

More information is contained in our privacy policy.

Who is the information shared with?

We will share your data with those parties providing health and care services to you via the app. In some circumstances, where you input data, we will not share without your permission.

Where you have opted to share information with a friend or family member acting on your behalf, we will share that information you tell us to using the NHS Wales App on their device.

Retention

Your data will not be stored by the NHS Wales App. Some identity data is stored temporarily to enable the app to work correctly.

Transfers

Personal information will not be transferred or stored in any country that does not have adequate security protection for the purposes of the UK GDPR.

What rights do you have?

Under data protection law, you have rights including your right:

  • of access - you have the right to ask us for copies of your personal information
  • to rectification - you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete
  • to erasure - you have the right to ask us to erase your personal information in certain circumstances
  • to restriction of processing - you have the right to ask us to restrict the processing of your personal information in certain circumstances
  • to object to processing - you have the the right to object to the processing of your personal information in certain circumstances
  • to data portability - you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances


You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Complaints

If you are not happy with how we process your personal information or you are unhappy with any aspect of this privacy notice, or how your personal information is being processed by DSPP, please contact the Data Protection Officer for DSPP. If you have concerns relating to the individual service, please contact the organisation delivering the service using the contact details contained in the Privacy Notice for that service.

If you are still not happy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner's Office - Wales
2nd Floor
Churchill House
Churchill Way
Cardiff
CF10 2HH
Telephone: 0330 414 6421
Fax: 029 2067 8399
Email: wales@ico.gsi.gov.uk

Appendix A

 

DSPP Integrated Services
Services Description of service Link to privacy information
GP services
  • GP health record
  • GP repeat medication
  • GP appointments
 Speak to your GP practice or consult their website
Web services accessed via DSPP
Services Description of service Link to privacy information