Skip to main content

NHS Wales App privacy policy

1. About DSPP

1.1. The NHS Wales App has been produced by the Digital Services for Patients and the Public Programme (“DSPP”).

1.2. DSPP is operated by Digital Health and Care Wales of Tŷ Glan-yr-Afon, 21 Cowbridge Road East, Cardiff, CF11 9AD, a Special Health Authority established by Order made under the National Health Service (Wales) Act 2006.

1.3. To find out more about our role, please visit the DSPP website.

2. This privacy policy 

2.1. The NHS Wales App is available to download as an app operating on a mobile device, or the services it enables can be accessed on a website. 

2.2. This Privacy Policy relates to the service provided by the NHS Wales App however it is accessed.

2.3. This Privacy Policy should be read alongside the Cookie policy.

3. Our commitment to protecting your personal information

3.1. We take the security of your personal information seriously. NHS Wales staff have in place appropriate security measures, policies and procedures which ensure that:

  • our platform is secure to protect your personal information
  • robust security and confidentiality policies were in place across the organisation, to which staff must agree before they are given access to personal information
  • we follow recognised standards in our approach to processing personal data
  • we have sufficiently robust data protection arrangements in place between organisations providing DSPP services
  • all staff are trained annually in data security and protection
  • access to information is restricted to those who need access in order to perform their role

3.2. If you have any concerns that your account could have been compromised (for example, someone could have discovered your password), follow the instructions in the NHS Wales help and support guide

4. Information we collect and its use

4.1. The NHS Wales App collects the following information about you, for the purposes described below. DSPP collects this information in order to fulfil its public functions to support healthcare provision in Wales. Some of this information may include information about your health.

Information type


Identifying information about you, including your NHS number

Login and management of users of the NHS Wales app – as described below

Technical details about your use of the NHS Wales App

Management of the NHS Wales App – see our Cookie policy

Details about your healthcare when included in a message sent using the app

Your healthcare, and service provision using the app, such as GP surgery messaging

Account and login information if you request support

Support of your use of the NHS Wales App

Details about your symptoms or conditions

Provision of healthcare services, such as symptom checker, appointment, referral or prescription services

Details about vaccines and medication

Provision of healthcare services

Our request for your consent to participate in user research

Support of the NHS Wales App

4.2. Some information collected by the NHS Wales App is collected by DSPP where it provides services to other NHS Wales bodies, such as Local Health Boards involved in your care. Each Local Health Board is responsible for the collection and use of this data and their policies that describe how they use your information are set out in the Privacy Notice Appendix A.

4.3. The NHS Wales App uses NHS Login to verify your identity. 

4.4. NHS Login is managed by NHS England of 7 and 8 Wellington Place, Leeds, LS1 4AP, a non-departmental public body. 

4.5. NHS England determines the purposes and uses of any personal information you provide to get an NHS account and verify your identity, and uses that personal information for that purpose and as described in NHS England's Privacy Notice

4.6. The level of services you can access in the NHS Wales App will depend on the level of NHS Login identity verification.

5. Biometric data 

5.1. Where your mobile device permits, you can use authentication methods that do not use a password, such as a fingerprint or facial recognition, to access the NHS Wales App.

5.2. The availability of this type of authentication is based on the technology that is available on your device. We do not have access to or control over the biometric data stored on your device. 

6. NHS Wales App notifications

6.1. You can choose to activate push notifications to alert you to receipt of messages sent using the NHS Wales App. This functionality may differ from device to device.

6.2. You can opt out of push notifications at any time. Messages can continue to be sent and available via the NHS Wales App whether or not push notifications are activated, but opting out may limit the types of messages you can receive. For example, messages related to your health and care may continue to be sent by other means.

6.3. If you use the NHS Wales App across more than one device, push notifications must be enabled on each one.

6.4. If you share the device you use to log into the NHS Wales App with other people, they may see your notifications.

6.5. Only one NHS Wales App user can receive notifications on each device. If more than one person logs into the NHS Wales App on a device, the user who has most recently enabled notifications on that device will receive them, and any other users will stop receiving them.

6.6. We do not send notifications for messages sent using the patient to practice messaging service (called GP surgery messaging in the NHS Wales App).

7. User research newsletter

7.1. We would like to contact you about taking part in user research to improve the NHS Wales App and connected services. We will ask you if you would like to join our user research panel when you register for the NHS Wales App or on a subsequent login. If you choose to do so, we will email you a short survey to fill in about you and your health. Your answers will help make sure we invite you to user research that is relevant to you. We will also ask you if you want to receive our user research newsletter.

7.2. When you have signed up, we may ask you to:

  • Try new features
  • Answer more questions by email
  • Talk to our researchers about your experience of using the NHS Wales App or connected services

7.3. Where you receive an invite, you can always say no to an invite, and you can leave the user research panel at any time.

7.4. We only use your information for user research purposes where you agree to provide it to us. If you no longer wish us to use your information in this way you can let us know by responding to any email you receive from us. A link will be provided to unsubscribe.

8. Who else uses data collected by the NHS Wales App

8.1. As described in paragraph 4, the NHS Wales App provides information to other bodies involved with your healthcare.

8.2. Our services are supported by technology and other service providers who we contract to provide their services to us. They only access your information where needed in order to provide their services, and they are subject to the same requirements in relation to the security and handling of your information as we are. They are not allowed to process your information outside the UK.

8.3. We may need to share your personal information with third parties if we are required to do so by law.
8.4. We do not transfer your personal data outside the UK.

9. How long DSPP keep your personal data for

9.1. We keep your personal information for as long as we need in order to fulfil the purposes for which it was collected and to comply with our legal and regulatory obligations. 

9.2. If we collect your information because we are working for another body, such as a Local Health Board or NHS England, their privacy policy describes how long they need to retain your information. 

10. Cookies

10.1. Cookies are pieces of data created when you visit a website. The NHS Wales App uses cookies to store information when you are looking up and viewing specific web pages. You can set your device not to accept cookies. However, if you do this, you may not be able to use some site features because we need to record your preferences in order to effectively run the NHS Wales App during your visit.

10.2. We have a separate Cookie policy

11. Your Rights

11.1. Under data protection law, you have rights including:

  • your right of access - you have the right to ask us for copies of your personal information
  • your right to rectification - you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete
  • your right to erasure - you have the right to ask us to erase your personal information in certain circumstances
  • your right to restriction of processing - you have the right to ask us to restrict the processing of your personal information in certain circumstances
  • your right to object to processing - you have the the right to object to the processing of your personal information in certain circumstances
  • your right to data portability - you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances
  • your right to withdrawal – you have the right to withdraw your consent at any time where processing of your personal information is based on us receiving your consent

11.2. You can exercise your rights by contacting us, or the body that controls the use of your personal information, as described in clause 12.

12. Points of Contact for queries or complaints

12.1. Queries or complaints in relation to individual services should be made directly to that service. Further information is contained in the App Privacy Notice.

12.2. We will investigate and attempt to resolve any data privacy objections and complaints relating to the NHS Wales App.

12.3. We will make every reasonable effort to allow you to exercise your rights as quickly as possible and within the timescales provided by data protection laws.

12.4. Please see our Privacy notice

13. Changes to the Privacy Policy

The terms of our Privacy Policy may change from time to time. We will inform you using the NHS Wales App if we make any significant changes to our Privacy Policy, cookies policy or terms of use.