Privacy Policy

Introduction

We take your privacy very seriously. Please read this privacy policy carefully as it explains who we are, how and why we collect, store, use and share your personal information, your rights, and how to contact us or the UK Information Commissioner’s Office (ICO) if you have a complaint.

We collect, use and are responsible for certain personal information about you. When we do so, we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and we are responsible as ‘controller’ of that personal information.

About Us

When we say “we” or “us” in this privacy policy, we mean the Vaccination Team at NHS Lancashire and South Cumbria Integrated Care Board (ICB), who manage the Vaccination Matters website.

Our Data Protection Officer (DPO) provides help and guidance to make sure we apply good practice standards to protect your personal information.
You can contact our DPO by email at: [email protected]

Definitions

Personal Identifiable Data (PID):
Personal identifiable data (sometimes called “personal data”) means any information that relates to an identified or identifiable individual. This includes information that can directly identify you, such as your name, email address, or NHS number, as well as information that could indirectly identify you when combined with other data, such as your IP address or certain demographic details.

Anonymous Data:
Anonymous data is information that has been processed so that individuals cannot be identified by anyone, either directly or indirectly. Once data is fully anonymised, it is no longer considered personal data under UK GDPR and NHS guidance, and data protection laws no longer apply to it.

Personal Information We Collect About You

We collect and use personal information in two distinct ways:

  • Enquiries: If you contact us through our website form, we collect your name and contact details (such as your email address) so we can respond directly to your enquiry.
  • Surveys: If you take part in one of our surveys, your responses are collected anonymously. This means we do not collect any information that could identify you, and we cannot link your answers back to you personally.

Website Usage: We also collect technical information about how you use our website, such as your IP address and cookies. This helps us ensure the website works properly and allows us to improve your experience. (See our Cookies Policy for more details.)

We never use confidential patient information for research or planning. All research and planning is carried out using anonymous data only.

How Your Personal Information is Collected

We collect most of this personal information directly from you, for example:

  • When you fill in our contact form.

We may also collect information automatically through cookies and similar technologies when you use our website. For more information, please see our Cookies Policy.

How and Why We Use Your Personal Information

We use your personal information only for the purposes of responding to enquiries you make through our website. When you contact us, we use the details you provide (such as your name and email address) solely to reply to your query or feedback.

We do not use confidential patient information for research or planning.
All research and planning activities are based on information that is fully anonymous and cannot be linked back to any individual. Your survey responses are collected anonymously, so we cannot identify you from your answers or provide copies of your individual responses.

We will always treat your personal information with the utmost respect and never share it with other organisations for marketing purposes.

Your Privacy Rights

You have the following rights under data protection laws:

  • Access: You may request access to a copy of your personal information.
  • Rectification: You may ask us to correct any inaccurate information we hold about you.
  • Erasure: You may ask us to delete your personal information where there is no reason for us to continue to hold it.
  • Restriction: You can ask us to restrict the personal information we use about you.
  • Objection: You may object to our processing of your personal information.
  • Portability: You may ask us to provide your personal information in a structured, commonly used, machine-readable format.
  • Withdraw Consent: Where our processing is based on your consent, you can withdraw your consent at any time.

Please note:
If you have taken part in one of our surveys, your responses are collected anonymously. This means we cannot identify your individual answers, and therefore we are unable to provide you with a copy of your survey responses or make changes to them. This approach helps protect your privacy and ensures your feedback remains confidential.

Who We Share Your Personal Information With

We only share your personal information with people or organisations who need access to it in order to respond to your enquiry. This usually means that only authorised members of our team will see your information.

In rare cases, we may need to share your information with another organisation, for example, if it is necessary for safeguarding purposes or if required by law. If this happens, we will only share the minimum information needed and will always aim to let you know unless we are prevented from doing so for legal reasons.

We may also share information with:

  • IT service providers who support our website and keep it secure.

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect it. We also require them to use your information only to provide services to us and to you.

How Long We Keep Your Personal Data

When you contact us with an enquiry, we collect your personal data (such as your name and email address) so we can respond to you directly. We will keep this personal data only for as long as necessary to:

  • Respond to your questions, complaints, or claims.
  • Demonstrate that we have treated you fairly.
  • Meet any legal or regulatory record-keeping requirements.

Our standard practice is to retain personal data provided in enquiries until your query is resolved, plus an additional 6 months. This allows us to follow up if needed and to address any related issues that may arise. After this period, your personal data will be securely deleted or anonymised.

This retention period is considered good practice in the NHS and wider public sector, balancing your privacy rights with our need to manage and evidence our communications responsibly.

Retention of Anonymous Survey Responses

Survey responses collected through our website are fully anonymised, meaning individuals cannot be identified by us or anyone else. According to UK GDPR and NHS guidance, once data is truly anonymous, it is no longer considered “personal data” and the strict retention limits that apply to personal data do not apply. This means we may retain anonymous survey data for as long as it is useful for research purposes. We regularly review our survey data practices ensuring they remain anonymous. If at any point the data could be used to identify individuals, we will take steps to further anonymise or securely delete it.

Your Privacy Rights

You have the following rights under data protection laws:

  • Access: You may request access to a copy of your personal information.
  • Rectification: You may ask us to correct any inaccurate information we hold about you.
  • Erasure: You may ask us to delete your personal information where there is no reason for us to continue to hold it.
  • Restriction: You can ask us to restrict the personal information we use about you.
  • Objection: You may object to our processing of your personal information.
  • Portability: You may ask us to provide your personal information in a structured, commonly used, machine-readable format.
  • Withdraw Consent: Where our processing is based on your consent, you can withdraw your consent at any time.

To exercise any of these rights, please contact our DPO at the email address above.

If you are not happy with the way we process your personal information, you may make a complaint to the ICO by visiting https://ico.org.uk/make-a-complaint/ or calling 0303 123 1113.

 

Security of your information

NHS Lancashire and South Cumbria ICB take our duty to protect your personal information and confidentiality seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper and is held within the UK.

Alongside the Data Protection Officer (DPO), we have appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a ‘Caldicott Guardian’ who is responsible for the management of patient information and patient confidentiality.

All staff are required to undertake annual information governance training and are provided with an information governance handbook that they are required to read and agree to adhere to. The handbook ensures that staff are aware of their information governance responsibilities and follow best practice guidelines ensuring the necessary safeguards and appropriate use of person-identifiable and confidential information.

Under the NHS Confidentiality Code of Conduct, all our staff are also required to protect your information and inform you of how your information will be used. This includes, in most circumstances, allowing you to decide if and how your information can be shared.

Everyone working for the NHS is subject to the common law duty of confidentiality.  Information provided in confidence will only be used for the purposes advised and consented to by the service user unless it is required or permitted by the law.

Changes to This Privacy Policy

This privacy notice was last updated on 25 November 2025.

We may change this privacy notice from time to time, when we do, we will inform you via an announcement on our website.