NHS inform (nhsinform.scot) is owned and operated by NHS 24 on behalf of NHS Scotland and the Scottish Government.
NHS 24 are committed to ensuring privacy is protected and that users can be assured that any data will only be used in accordance with the data protection and privacy requirements outlined in this policy.
This policy outlines:
what data we collect about you when you access this website
how we collect this data
how we store this data securely
who we share it with
how you can access it
Data protection and security
For the purposes of the data protection legislation, NHS 24 are data controllers for personal data collected, stored and shared by NHS inform. Our registration number is Z8707451.
This policy is compliant with the relevant data protection legislation and we’re committed to compliance procedures that demonstrate this.
Data collection
The types of data we collect will depend on how you access and use this website.
NHS inform deals with personal and special category (sensitive) data as classified under the relevant data protection legislation such as the UK General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018.
Processing your information
NHS 24 processes your information under a legal basis defined in the data protection legislation. NHS 24 considers there are several legal bases such as:
the use of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
processing is necessary in order to protect the vital interests of the data subject or of another natural person
When we use more sensitive ‘special category’ types of personal information which includes health information then our legal basis is usually that the use is necessary for the provision of health or social care or treatment or the management of health or social care systems and services, amongst others. Where it is deemed appropriate NHS 24 will share all relevant information with the appropriate organisations.
Web forms
NHS inform contains a number of web forms that deliver to NHS 24 and Public Health Scotland.
NHS 24 manage data collection for the:
feedback form
‘How can we improve this page?’ form
Public Health Scotland manages data collection for the:
request a bowel screening test kit form
request a quit pack form
To help our patient experience and operations teams to respond to feedback and service updates, we’ll collect and store your:
name
address
phone number
email address
Webchat
To help our health information team to respond to your webchat request, we’ll ask you to provide a name and your reason for requesting a webchat.
We might also ask you to provide your age or post code during the session. This will depend on the nature of your request.
Hotjar
We use Hotjar in order to better understand our users’ needs in order to improve NHS inform.
Hotjar is a technology service that helps us better understand our users’ experience such as:
how much time they spend on which pages
which links they choose to click
what users do and don’t like
How Hotjar is used
Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices.
This includes:
a device’s IP address (processed during your session and stored in a de-identified form)
device screen size
device type (unique device identifiers)
browser information
geographic location (country only)
the preferred language used to display our website
Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
When you use this website, we’ll collect information about your browsing habits using cookies. This helps us to understand how you interact with the website and what information you’re interested in.
By using our website and agreeing to this policy, you consent to for us to use cookies to collect this information in accordance with the terms of this policy.
What are cookies?
A cookie is a small amount of data placed on your computer or mobile phone by a website.
Cookies can be:
persistent – meaning they’re stored by your web browser and will remain valid until a set expiry date
session – meaning they’ll expire when your web browser is closed.
Our cookies don’t collect or store any information that personally identifies you.
First-party cookies: Statistics
We use the following first-party cookies to understand how visitors interact with this website:
Cookie name
Expiration time
Description
_ga
Persistent (2 years)
Registers a unique ID that is used to generate statistical data on how the visitor uses the web site.
_gat
Persistent (1 day)
Used by Google Analytics to throttle request rate.
_gid
Persistent (1 day)
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
ai_user
Persistent (1 year)
Used by Microsoft Application Insights software to collect statistical usage and telemetry information. The cookie stores a unique identifier to recognise users on returning visits over time.
First-party cookies: Functional
We use the following first-party cookies to make this website usable and enable basic functions like page navigation:
Cookie name
Expiration time
Description
AI_buffer
Session
Used in context with the “AI_sentBuffer” in order to limit the number of data-server-updates (Azure). This synergy also allows the website to detect any duplicate data-server-updates.
AI_sentBuffer
Session
Used in context with the “AI_buffer” in order to limit the number of data-server-updates (Azure). This synergy also allows the website to detect any duplicate data-server-updates.
ai_session
Persistent (1 day)
Preserves users states across page requests.
ARRAffinity
Session
Used to distribute traffic to the website on several servers in order to optimise response times.
The website cannot function properly without these cookies.
Third-party cookies
We use the following third-party cookies to allow our service or a third-party to recognise you and record non-personal information:
Cookie name
Set by
Expiration time
Description
ARRAffinity
Velaro
Session
Used to distribute traffic to the website on several servers in order to optimise response times.
collect (Pixel)
Google
Session
Used to send data to Google Analytics about the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels.
_fbp
Facebook
Persistent (3 months)
Used by Facebook to deliver a series of advertisement products such as real-time bidding from third-party advertisers.
_gcl_au
Google
Persistent (3 months)
Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.
fr
Facebook
Persistent (3 months)
Used by Facebook to deliver a series of advertisement products such as real-time bidding from third party advertisers
IDE
Google
Persistent (1 year)
Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to users.
r/collect
Google
Session
Used to send data to Google Analytics about the visitor’s device and behaviour. It tracks the visitor across devices and marketing channels.
test_cookie
Google
Persistent (1 day)
Used to check if the user’s browser supports cookies
tr (Pixel)
Facebook
Session
Used by Facebook to deliver a series of advertisement products such as real-time bidding from third-party advertisers.
We use these for our health campaigns to tell us if you’ve seen our adverts on Facebook or Twitter.
This may be held for as long as it’s necessary to monitor aggregated statistics about use of our site and exposure to our brand. If we set a cookie you can see the expiry data in your browser’s cookie settings.
Unclassified cookies
We’re currently waiting for clarification about the purpose of the following first and third-party cookies:
Cookie name
Set by
Expiration time
rtgt-spartan (Pixel)
Avid Media
Session
get_top_level_domain
NHS inform
Session
huBv
Health Unlocked
Persistent (10 years)
velaro_hitCount
Velaro
Persistent (Unspecified)
velaro_pageHits
Velaro
Persistent (Unspecified)
velaro_viewedPages
Velaro
Persistent (Unspecified)
velaro_visitor_events
Velaro
Persistent (Unspecified)
velaroendofday
Velaro
Persistent (Unspecified)
velarofirstvisit
Velaro
Persistent (Unspecified)
velarovisitcount
Velaro
Persistent (Unspecified)
velarovisitor
Velaro
Persistent (1 year)
How to block or delete cookies
Blocking or deleting cookies may have a negative impact on how you use this website and could prevent some of the features from working.
Any data we collect is stored securely in accordance with NHS Scotland standards.
This data will be kept no longer than is necessary and reasonable to do so. After this period, the data will be deleted.
Webchat transcripts
We store transcripts of all webchat sessions within a secure database with our supplier Velaro for a short period of time.
These transcripts:
are deleted in line with the retention period as detailed in the NHS 24 Records Retention schedule
only contain the minimum amount of personal information that you have given us to allow us to provide the associated service
Loss and misuse of data
We take appropriate technical and organisational measures to prevent the loss, misuse or alteration of your personal data.
Data protection and security
As NHS inform is delivered through NHS Scotland, we adhere to all data security standards and protocols that apply to the NHS in Scotland.
In addition, all systems that operate as part of NHS inform have had a detailed system security policy assessment in line with nationally recommended standards. The outcomes of this assessment were accredited by the Scottish Government eHealth team.