1.1. The NHS Wales App has been produced by the Digital Services for Patients and the Public Programme (“DSPP”).
1.2. DSPP is operated by Digital Health and Care Wales of Tŷ Glan-yr-Afon, 21 Cowbridge Road East, Cardiff, CF11 9AD, a Special Health Authority established by Order made under the National Health Service (Wales) Act 2006.
1.3. To find out more about our role, please visit the DSPP website.
2.1. The NHS Wales App is available to download as an app operating on a mobile device, or the services it enables can be accessed on a website.
2.2. This Privacy Policy relates to the service provided by the NHS Wales App however it is accessed.
2.3. This Privacy Policy should be read alongside the Cookie policy.
3.1. We take the security of your personal information seriously. NHS Wales staff have in place appropriate security measures, policies and procedures which ensure that:
3.2. If you have any concerns that your account could have been compromised (for example, someone could have discovered your password), follow the instructions in the NHS Wales help and support guide
4.1. The NHS Wales App collects the following information about you, for the purposes described below. DSPP collects this information in order to fulfil its public functions to support healthcare provision in Wales. Some of this information may include information about your health.
|
Information type |
Purpose |
|
Identifying information about you, including your NHS number |
Login and management of users of the NHS Wales app – as described below |
|
Technical details about your use of the NHS Wales App |
Management of the NHS Wales App – see our Cookie policy |
|
Details about your healthcare when included in a message sent using the app |
Your healthcare, and service provision using the app, such as GP surgery messaging |
|
Account and login information if you request support |
Support of your use of the NHS Wales App |
|
Details about your symptoms or conditions |
Provision of healthcare services, such as symptom checker, appointment, referral or prescription services |
|
Details about vaccines and medication |
Provision of healthcare services |
|
Our request for your consent to participate in user research |
Support of the NHS Wales App |
4.2. Some information collected by the NHS Wales App is collected by DSPP where it provides services to other NHS Wales bodies, such as Local Health Boards involved in your care. Each Local Health Board is responsible for the collection and use of this data and their policies that describe how they use your information are set out in the Privacy Notice Appendix A.
4.3. The NHS Wales App uses NHS Login to verify your identity.
4.4. NHS Login is managed by NHS England of 7 and 8 Wellington Place, Leeds, LS1 4AP, a non-departmental public body.
4.5. NHS England determines the purposes and uses of any personal information you provide to get an NHS account and verify your identity, and uses that personal information for that purpose and as described in NHS England's Privacy Notice
4.6. The level of services you can access in the NHS Wales App will depend on the level of NHS Login identity verification.
5.1. Where your mobile device permits, you can use authentication methods that do not use a password, such as a fingerprint or facial recognition, to access the NHS Wales App.
5.2. The availability of this type of authentication is based on the technology that is available on your device. We do not have access to or control over the biometric data stored on your device.
6.1. You can choose to activate push notifications to alert you to receipt of messages sent using the NHS Wales App. This functionality may differ from device to device.
6.2. You can opt out of push notifications at any time. Messages can continue to be sent and available via the NHS Wales App whether or not push notifications are activated, but opting out may limit the types of messages you can receive. For example, messages related to your health and care may continue to be sent by other means.
6.3. If you use the NHS Wales App across more than one device, push notifications must be enabled on each one.
6.4. If you share the device you use to log into the NHS Wales App with other people, they may see your notifications.
6.5. Only one NHS Wales App user can receive notifications on each device. If more than one person logs into the NHS Wales App on a device, the user who has most recently enabled notifications on that device will receive them, and any other users will stop receiving them.
6.6. We do not send notifications for messages sent using the patient to practice messaging service (called GP surgery messaging in the NHS Wales App).
7.1. We would like to contact you about taking part in user research to improve the NHS Wales App and connected services. We will ask you if you would like to join our user research panel when you register for the NHS Wales App or on a subsequent login. If you choose to do so, we will email you a short survey to fill in about you and your health. Your answers will help make sure we invite you to user research that is relevant to you. We will also ask you if you want to receive our user research newsletter.
7.2. When you have signed up, we may ask you to:
7.3. Where you receive an invite, you can always say no to an invite, and you can leave the user research panel at any time.
7.4. We only use your information for user research purposes where you agree to provide it to us. If you no longer wish us to use your information in this way you can let us know by responding to any email you receive from us. A link will be provided to unsubscribe.
8.1. As described in paragraph 4, the NHS Wales App provides information to other bodies involved with your healthcare.
8.2. Our services are supported by technology and other service providers who we contract to provide their services to us. They only access your information where needed in order to provide their services, and they are subject to the same requirements in relation to the security and handling of your information as we are. They are not allowed to process your information outside the UK.
8.3. We may need to share your personal information with third parties if we are required to do so by law.
8.4. We do not transfer your personal data outside the UK.
9.1. We keep your personal information for as long as we need in order to fulfil the purposes for which it was collected and to comply with our legal and regulatory obligations.
9.2. If we collect your information because we are working for another body, such as a Local Health Board or NHS England, their privacy policy describes how long they need to retain your information.
10.1. Cookies are pieces of data created when you visit a website. The NHS Wales App uses cookies to store information when you are looking up and viewing specific web pages. You can set your device not to accept cookies. However, if you do this, you may not be able to use some site features because we need to record your preferences in order to effectively run the NHS Wales App during your visit.
10.2. We have a separate Cookie policy
11.1. Under data protection law, you have rights including:
11.2. You can exercise your rights by contacting us, or the body that controls the use of your personal information, as described in clause 12.
12.1. Queries or complaints in relation to individual services should be made directly to that service. Further information is contained in the App Privacy Notice.
12.2. We will investigate and attempt to resolve any data privacy objections and complaints relating to the NHS Wales App.
12.3. We will make every reasonable effort to allow you to exercise your rights as quickly as possible and within the timescales provided by data protection laws.
12.4. Please see our Privacy notice
The terms of our Privacy Policy may change from time to time. We will inform you using the NHS Wales App if we make any significant changes to our Privacy Policy, cookies policy or terms of use.