Privacy and cookies policy

Overview

This policy is available in other languages.

NHS inform (nhsinform.scot) is owned and operated by NHS 24 on behalf of NHS Scotland and the Scottish Government.

NHS 24 are committed to ensuring privacy is protected and that users can be assured that any data will only be used in accordance with the data protection and privacy requirements outlined in this policy.

This policy outlines:

  • what data we collect about you when you access this website
  • how we collect this data
  • how we store this data securely
  • who we share it with
  • how you can access it

Data protection and security

For the purposes of the data protection legislation, NHS 24 are data controllers for personal data collected, stored and shared by NHS inform. Our registration number is Z8707451.

Read our Data Protection Notice

Compliance

This policy is compliant with the relevant data protection legislation and we’re committed to compliance procedures that demonstrate this.

Data collection

The types of data we collect will depend on how you access and use this website.

NHS inform deals with personal and special category (sensitive) data as classified under the relevant data protection legislation such as the UK General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018.

Processing your information

NHS 24 processes your information under a legal basis defined in the data protection legislation. NHS 24 considers there are several legal bases such as:

  • the use of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person

When we use more sensitive ‘special category’ types of personal information which includes health information then our legal basis is usually that the use is necessary for the provision of health or social care or treatment or the management of health or social care systems and services, amongst others. Where it is deemed appropriate NHS 24 will share all relevant information with the appropriate organisations.

Web forms

NHS inform contains a number of web forms that deliver to NHS 24 and Public Health Scotland.

NHS 24 manage data collection for the:

  • feedback form
  • ‘How can we improve this page?’ form

Public Health Scotland manages data collection for the:

  • request a bowel screening test kit form
  • request a quit pack form

To help our patient experience and operations teams to respond to feedback and service updates, we’ll collect and store your:

  • name
  • address
  • phone number
  • email address

Webchat

To help our health information team to respond to your webchat request, we’ll ask you to provide a name and your reason for requesting a webchat.

We might also ask you to provide your age or post code during the session. This will depend on the nature of your request.

Hotjar

We use Hotjar in order to better understand our users’ needs in order to improve NHS inform.

Hotjar is a technology service that helps us better understand our users’ experience such as:

  • how much time they spend on which pages
  • which links they choose to click
  • what users do and don’t like
How Hotjar is used

Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices.

This includes:

  • a device’s IP address (processed during your session and stored in a de-identified form)
  • device screen size
  • device type (unique device identifiers)
  • browser information
  • geographic location (country only)
  • the preferred language used to display our website

Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

Visit the Hotjar website for more information.

Browsing

When you use this website, we’ll collect information about your browsing habits using cookies. This helps us to understand how you interact with the website and what information you’re interested in.

By using our website and agreeing to this policy, you consent to for us to use cookies to collect this information in accordance with the terms of this policy.

What are cookies?

A cookie is a small amount of data placed on your computer or mobile phone by a website.

Cookies can be:

  • persistent – meaning they’re stored by your web browser and will remain valid until a set expiry date
  • session – meaning they’ll expire when your web browser is closed.

Our cookies don’t collect or store any information that personally identifies you.

First-party cookies: Statistics

We use the following first-party cookies to understand how visitors interact with this website:

Cookie nameExpiration timeDescription
_gaPersistent (2 years)Registers a unique ID that is used to generate statistical data on how the visitor uses the web site.
_gatPersistent (1 day)Used by Google Analytics to throttle request rate.
_gidPersistent (1 day)Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
ai_userPersistent (1 year)Used by Microsoft Application Insights software to collect statistical usage and telemetry information. The cookie stores a unique identifier to recognise users on returning visits over time.
First-party cookies: Functional

We use the following first-party cookies to make this website usable and enable basic functions like page navigation:

Cookie nameExpiration timeDescription
AI_bufferSessionUsed in context with the “AI_sentBuffer” in order to limit the number of data-server-updates (Azure). This synergy also allows the website to detect any duplicate data-server-updates.
AI_sentBufferSessionUsed in context with the “AI_buffer” in order to limit the number of data-server-updates (Azure). This synergy also allows the website to detect any duplicate data-server-updates.
ai_sessionPersistent (1 day)Preserves users states across page requests.
ARRAffinitySessionUsed to distribute traffic to the website on several servers in order to optimise response times.

The website cannot function properly without these cookies.

Third-party cookies

We use the following third-party cookies to allow our service or a third-party to recognise you and record non-personal information:

Cookie nameSet by
Expiration time
Description
ARRAffinityVelaroSessionUsed to distribute traffic to the website on several servers in order to optimise response times.
collect (Pixel)GoogleSessionUsed to send data to Google Analytics about the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels.
_fbpFacebookPersistent (3 months)Used by Facebook to deliver a series of advertisement products such as real-time bidding from third-party advertisers.
_gcl_auGooglePersistent (3 months)Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.
frFacebookPersistent (3 months)Used by Facebook to deliver a series of advertisement products such as real-time bidding from third party advertisers
IDEGooglePersistent (1 year)Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to users.
r/collectGoogleSessionUsed to send data to Google Analytics about the visitor’s device and behaviour. It tracks the visitor across devices and marketing channels.
test_cookieGooglePersistent (1 day)Used to check if the user’s browser supports cookies
tr (Pixel)FacebookSessionUsed by Facebook to deliver a series of advertisement products such as real-time bidding from third-party advertisers.

We use these for our health campaigns to tell us if you’ve seen our adverts on Facebook or Twitter.

This may be held for as long as it’s necessary to monitor aggregated statistics about use of our site and exposure to our brand. If we set a cookie you can see the expiry data in your browser’s cookie settings.

Unclassified cookies

We’re currently waiting for clarification about the purpose of the following first and third-party cookies:

Cookie nameSet by
Expiration time
rtgt-spartan (Pixel)Avid MediaSession
get_top_level_domainNHS informSession
huBvHealth UnlockedPersistent (10 years)
velaro_hitCountVelaroPersistent (Unspecified)
velaro_pageHitsVelaroPersistent (Unspecified)
velaro_viewedPagesVelaroPersistent (Unspecified)
velaro_visitor_eventsVelaroPersistent (Unspecified)
velaroendofdayVelaroPersistent (Unspecified)
velarofirstvisitVelaroPersistent (Unspecified)
velarovisitcountVelaroPersistent (Unspecified)
velarovisitorVelaro
Persistent (1 year)
How to block or delete cookies

Blocking or deleting cookies may have a negative impact on how you use this website and could prevent some of the features from working.

Find out how to delete cookies

Storing and sharing your data

Any data we collect is stored securely in accordance with NHS Scotland standards.

This data will be kept no longer than is necessary and reasonable to do so. After this period, the data will be deleted.

Webchat transcripts

We store transcripts of all webchat sessions within a secure database with our supplier Velaro for a short period of time.

These transcripts:

  • are deleted in line with the retention period as detailed in the NHS 24 Records Retention schedule
  • only contain the minimum amount of personal information that you have given us to allow us to provide the associated service

Loss and misuse of data

We take appropriate technical and organisational measures to prevent the loss, misuse or alteration of your personal data.

Data protection and security

As NHS inform is delivered through NHS Scotland, we adhere to all data security standards and protocols that apply to the NHS in Scotland.

In addition, all systems that operate as part of NHS inform have had a detailed system security policy assessment in line with nationally recommended standards. The outcomes of this assessment were accredited by the Scottish Government eHealth team.

Read our Data Protection Notice

Disclosure checks

At NHS 24, all health professionals who handle personal data undergo Disclosure Scotland checks prior to employment.

Sharing your data

Any data we collect will only be shared for the purpose of:

  • investigating and responding to enquiries
  • monitoring the performance of the service
  • complying with our legal obligations as a Health Board within NHS Scotland

We do share data related to health campaigns with third party agencies. This is to track which users have seen the campaign content.

These campaigns are run on behalf of the Scottish Government and other organisations.

Accessing your data

You’ve a right to know what data we collect about you, and to access this data.

You can request this by emailing us at: DP@nhs24.scot.nhs.uk.

How to contact us

This website is maintained by NHS 24 on behalf of NHS Scotland and the Scottish Government.

If you’ve a question or comment about our privacy policy, or would like access to your personal information, email us at: DP@nhs24.scot.nhs.uk. 

For additional information please visit the Information Commissioner’s Office website


Last updated:
09 November 2023

There are no NHS operators available to chat at this time