Overview

NHS inform (nhsinform.scot) is owned and operated by NHS 24 on behalf of NHS Scotland and the Scottish Government.

NHS 24 are committed to ensuring privacy is protected and that users can be assured that any data will only be used in accordance with the privacy requirements outlined in this policy.

This policy outlines:

  • what data we collect about you when you access this website
  • how we collect this data
  • how we store this data securely
  • who we share it with
  • how you can access it

Compliance

This policy is compliant with the relevant data protection legislation and we're committed to compliance procedures that demonstrate this.

Data collection

The types of data we collect will depend on how you access and use this website.

NHS inform deals with personal and special category (sensitive) data as classified under data protection legislation.

Web forms

NHS inform contains a number of web forms that deliver to NHS 24 and NHS Health Scotland.

NHS 24 manage data collection for the:

  • feedback form
  • 'How can we improve this page?' form

NHS Health Scotland manages data collection for the:

  • request a bowel screening test kit form
  • request a quit pack form

To help our patient experience and operations teams to respond to feedback and service updates, we'll collect and store your:

  • name
  • address
  • phone number
  • email address

Webchat

To help our health information team to respond to your webchat request, we'll ask you to provide a name and your reason for requesting a webchat.

We might also ask you to provide your age or post code during the session. This will depend on the nature of your request.

Coronavirus (COVID-19): Question and answer service

Our COVID-19 Q&A service can provide automated responses to a range of your questions. In order to do this it needs to:

  • collect your questions to match them with an appropriate answer
  • be trained with your questions to improve its accuracy

Hotjar

We use Hotjar in order to better understand our users’ needs in order to improve NHS inform.

Hotjar is a technology service that helps us better understand our users’ experience such as:

  • how much time they spend on which pages
  • which links they choose to click
  • what users do and don’t like

Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices.

This includes:

  • a device's IP address (processed during your session and stored in a de-identified form)
  • device screen size
  • device type (unique device identifiers)
  • browser information
  • geographic location (country only)
  • the preferred language used to display our website

Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

Visit the Hotjar website for more information.

Browsing

When you use this website, we'll collect information about your browsing habits using cookies. This helps us to understand how you interact with the website and what information you're interested in.

By using our website and agreeing to this policy, you consent to for us to use cookies to collect this information in accordance with the terms of this policy.

What are cookies?

A cookie is a small amount of data placed on your computer or mobile phone by a website.

Cookies can be:

  • persistent – meaning they're stored by your web browser and will remain valid until a set expiry date
  • session – meaning they'll expire when your web browser is closed.

Our cookies don't collect or store any information that personally identifies you.

First-party cookies: Statistics

We use the following first-party cookies to understand how visitors interact with this website:

Cookie name

Expiration time

Description

_ga

Persistent (2 years)

Registers a unique ID that is used to generate statistical data on how the visitor uses the web site.

_gat

Persistent (1 day)

Used by Google Analytics to throttle request rate.

_gid

Persistent (1 day)

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

ai_user

Persistent (1 year)

Used by Microsoft Application Insights software to collect statistical usage and telemetry information. The cookie stores a unique identifier to recognise users on returning visits over time.

First-party cookies: Functional

We use the following first-party cookies to make this website usable and enable basic functions like page navigation:

Cookie name

Expiration time

Description

AI_buffer

Session

Used in context with the "AI_sentBuffer" in order to limit the number of data-server-updates (Azure). This synergy also allows the website to detect any duplicate data-server-updates.

AI_sentBuffer

Session

Used in context with the "AI_buffer" in order to limit the number of data-server-updates (Azure). This synergy also allows the website to detect any duplicate data-server-updates.

ai_session

Persistent (1 day)

Preserves users states across page requests.

ARRAffinity

Session

Used to distribute traffic to the website on several servers in order to optimise response times.

The website cannot function properly without these cookies.

Third-party cookies

We use the following third-party cookies to allow our service or a third-party to recognise you and record non-personal information:

Cookie name

Set by

Expiration time

Description

ARRAffinity

Velaro

Session

Used to distribute traffic to the website on several servers in order to optimise response times.

collect (Pixel)

Google

Session

Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.

_fbp

Facebook

Persistent (3 months)

Used by Facebook to deliver a series of advertisement products such as real-time bidding from third-party advertisers.

_gcl_au

Google

Persistent (3 months)

Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.

fr

Facebook

Persistent (3 months)

Used by Facebook to deliver a series of advertisement products such as real-time bidding from third party advertisers

IDE

Google

Persistent (1 year)

Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to users.

r/collect

Google

Session

Used to send data to Google Analytics about the visitor's device and behaviour. It tracks the visitor across devices and marketing channels.

test_cookie

Google

Persistent (1 day)

Used to check if the user's browser supports cookies

tr (Pixel)

Facebook

Session

Used by Facebook to deliver a series of advertisement products such as real-time bidding from third-party advertisers.

We use these for our health campaigns to tell us if you’ve seen our adverts on Facebook or Twitter.

This may be held for as long as it's necessary to monitor aggregated statistics about use of our site and exposure to our brand. If we set a cookie you can see the expiry data in your browser’s cookie settings.

Unclassified cookies

We're currently waiting for clarification about the purpose of the following first and third-party cookies:

Cookie name

Set by

Expiration time

rtgt-spartan (Pixel)

Avid Media

Session

get_top_level_domain

NHS inform

Session

huBv

Health Unlocked

Persistent (10 years)

velaro_hitCount

Velaro

Persistent (Unspecified)

velaro_pageHits

Velaro

Persistent (Unspecified)

velaro_viewedPages

Velaro

Persistent (Unspecified)

velaro_visitor_events

Velaro

Persistent (Unspecified)

velaroendofday

Velaro

Persistent (Unspecified)

velarofirstvisit

Velaro

Persistent (Unspecified)

velarovisitcount

Velaro

Persistent (Unspecified)

velarovisitor

Velaro

Persistent (1 year)

Blocking or deleting cookies

Blocking or deleting cookies may have a negative impact on how you use this website and could prevent some of the features from working.

Find out how to delete cookies

Storing and sharing your data

Any data we collect is stored securely in an NHS Scotland database. This database has been formally risk assessed and accredited in accordance with NHS Scotland standards. No third parties will have access to it.

This data will be kept no longer than is necessary and reasonable to do so. After this period, the data will be deleted.

Webchat transcripts

We store transcripts of all webchat sessions within a secure database with our supplier Velaro for a short period of time.

These transcripts:

  • are deleted in line with the retention period as detailed in the relevant retention and destruction schedule
  • only contain the minimum amount of personal information that you have given us to allow us to provide the associated service

Coronavirus (COVID-19) Question and answer service transcripts

We store transcripts of all Q&A sessions within a secure database with our supplier AMIDO for a short period of time (31 days).

These transcripts:

  • are deleted in line with the retention period as detailed in the relevant retention and destruction schedule
  • are used to monitor and improve the accuracy of automated responses to user questions

Loss and misuse of data

We take appropriate technical and organisational precautions to prevent the loss, misuse or alteration of your personal data.

Data protection and security

For the purposes of the data protection legislation, NHS 24 are data controllers for personal data collected, stored and shared by NHS inform.

Our Data Protection Notice can be found here.

Data security

As NHS inform is delivered through NHS Scotland, we adhere to all data security standards and protocols that apply to the NHS in Scotland.

In addition, all systems that operate as part of NHS inform have had a detailed system security policy assessment in line with nationally recommended standards. The outcomes of this assessment were accredited by the Scottish Government eHealth team.

Disclosure checks

At NHS 24, all health professionals who handle personal data undergo Disclosure Scotland checks prior to employment.

Sharing your data

Any data we collect will only be shared for the purpose of:

  • investigating and responding to enquiries
  • monitoring the performance of the service

We do share data related to health campaigns with third party agencies. This is to track which users have seen the campaign content.

These campaigns are run on behalf of the Scottish Government and other organisations.

Accessing your data

You've a right to know what data we collect about you, and to:

  • access or modify it
  • request that we delete this data at any time

You can request this by emailing us at:DP@nhs24.scot.nhs.uk.

How to contact us

This website is maintained by NHS 24 on behalf of NHS Scotland and the Scottish Government.

If you've a question or comment about our privacy policy, or would like access to your personal information, email us at: DP@nhs24.scot.nhs.uk. 

Last updated:
05 October 2020