Terms of Use
Source: https://www.nhsgrampian.org/service-hub/digital-assessments/terms-of-use
Archived: 2026-04-23 17:34
Terms of Use
Skip to content
Skip to accessibility statement link
Terms of Use
This site is currently under development
This is a pilot service operating on an invite-only basis. By using it you agree to the following terms of use.
You can deactivate your tracking cookies at any time.
In these terms, 'us' and 'we' mean NHS Grampian. 'You' means anyone using the service.
What data we collect
We collect the following data from patients:
Title
Full name
Date of birth
Email address
DHP identifier (Greater Glasgow and Clyde only)
Password
Images relating to your condition
Your answers to set questions about your condition
We collect the following data from clinicians:
Title
Full name
Date of birth
Email address
Password
How we use your data
We use your data to:
• identify you
• provide a healthcare service
How we share your data
We sometimes use other organisations to process your personal information on our behalf. When we do, these organisations are bound by legal agreements to ensure your personal information is secure and used only for the purpose we stipulate.
We may need to share your personal information if we are required to do so by law.
How we protect your data
We take the security of your healthcare data seriously. We protect your data through:
two-factor authentication
system auditing functionality and procedures
vulnerability scanning and anti-virus measures
network security including firewalls and penetration testing
encryption of personal data
Cyber Essentials compliance
system security policy and standard operating procedures
ISO 27001 standard for information security compliance
defined information security and related policies
staff training in security and privacy best practice
a documented incident management and reporting process
physical security policies
Your data is securely stored in the European Economic Area (EEA). We'll update this notice if we transfer it outside the EEA.
How long we keep your data
We hold on to your information for as long as is reasonably necessary. This can depend on legal, regulatory, tax, accounting or technical requirements.
Health record type
Minimum retention period
Adult
6 years after date of last entry or 3 years after death if earlier
Records relating to children and young people (including children’s and young person’s Mental Health Records)
Retain until the patient’s 25th birthday or 26th if young person was 17 at conclusion of treatment, or 3 years after death.
If the illness or death could have potential relevance to adult conditions or have genetic implications, we’ll seek clinician advice as to whether to retain for a longer period.
Mentally disordered person (within the meaning of any Mental Health Act)
20 years after last contact between the patient/client/service user and any health/care professional employed by the mental health provider, or 3 years after the death of the patient/client/service user if sooner and the patient died while in the care of the organisation.
NHS organisations may keep mental health records for up to 30 years before review. Complete records must be kept for the first 20 years, but they may be kept in summary format for the remaining 10-year period.
Social services records are retained for a longer period. Where there is a joint mental health and social care record, the higher of the two retention periods should be adopted.
When the records come to the end of their retention period, they must be reviewed and not automatically destroyed. If it is decided to retain the records, they should be subject to regular review.
Specific retention periods
Health record type
Minimum retention period
Clinical trials of investigational medicinal products: health records of participants that are the source data for the trial
For trials to be included in regulatory submissions: At least 2 years after the last approval of a marketing application in the EU. Longer if required by the applicable regulatory requirement(s) or by agreement with the Sponsor.
For trials not used in regulatory submissions: At least 5 years after completion of the trial. These documents should be retained for a longer period if required by the applicable regulatory requirement(s), the Sponsor or the funder of the trial.
Photographs (where the photograph refers to a particular patient it should be treated as part of the health record)
Retain according to the standard minimum retention period appropriate to the patient/specialty.
Records of destruction of individual health records (case notes) and other health related records (in manual or computer format)
Permanently
Research records other than clinical trials of investigational medicinal products, health records of participants that are the source data for the research
30 years
Cookies
When you use this service, we put small files called cookies onto your device.
We use Google Analytics cookies to collect information about how you use our platform and to help us make improvements to it. Cookies are not computer programs.
They do not collect or store your information, so we cannot identify you from them.
You can remove cookies from your device at any time. Your device will automatically delete expired cookies.
We do not allow Google to share our analytics data.
Google Analytics sets the following cookies:
Name
Function
Expires
_ga
Collects information about how you use this website.
2 years
_gid
Used to distinguish users.
24 hours
_gat
Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_ property-id.
1 minute
AMP_TOKEN
Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
30 seconds to 1 year
_gac_property-id
Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
90 days
Your rights
You have the right to:
request a copy of your personal data and other supplementary information
correct errors or omissions in your personal data
Contact us to request a correction or a copy of your data.
Request your personal information is deleted
You can request that we erase your personal information where:
it's no longer necessary for the purpose for which it was originally collected
you have withdrawn consent
you object to the processing and there’s no legitimate interest for us to continue
your data was unlawfully processed or in breach of General Data Protection Regulation
the data has to be erased in order to comply with a legal obligation
the personal data is processed in relation to the offer of information society services to a child
We can refuse to comply to erase your data where it’s being used to:
it's no longer necessary for the purpose for which it was originally collected
exercise the right of freedom of expression and information
comply with a legal obligation or for the performance of a public interest task or exercise of official authority
for public health purposes in the public interest
archiving purposes in the public interest
inform scientific or historical research, or for statistical purposes
the exercise or defence of legal claims
Object to processing
You can object to:
data processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority, including profiling
direct marketing, including profiling
processing for purposes of scientific/historical research and statistics
Request we restrict our use of your personal information:
You have the right to request a restriction such as a temporary stop of the processing of your personal information where:
you think the personal information is inaccurate and it should not be used until it's corrected
we're using your personal information unlawfully and you want your personal information to be held by us but not processed whilst a complaint / investigation takes place
you require us to keep your personal information and not delete it while you make or defend a legal claim
you have objected to our use of your personal information and we do not have legitimate grounds to override your objection
Published: 13/08/2021 16:01
Website Experience Survey
×
Thanks for visiting the NHS Grampian website. We'd really like to hear your thoughts about it through this short survey.
Survey
Skip to content
Skip to accessibility statement link
Terms of Use
This site is currently under development
This is a pilot service operating on an invite-only basis. By using it you agree to the following terms of use.
You can deactivate your tracking cookies at any time.
In these terms, 'us' and 'we' mean NHS Grampian. 'You' means anyone using the service.
What data we collect
We collect the following data from patients:
Title
Full name
Date of birth
Email address
DHP identifier (Greater Glasgow and Clyde only)
Password
Images relating to your condition
Your answers to set questions about your condition
We collect the following data from clinicians:
Title
Full name
Date of birth
Email address
Password
How we use your data
We use your data to:
• identify you
• provide a healthcare service
How we share your data
We sometimes use other organisations to process your personal information on our behalf. When we do, these organisations are bound by legal agreements to ensure your personal information is secure and used only for the purpose we stipulate.
We may need to share your personal information if we are required to do so by law.
How we protect your data
We take the security of your healthcare data seriously. We protect your data through:
two-factor authentication
system auditing functionality and procedures
vulnerability scanning and anti-virus measures
network security including firewalls and penetration testing
encryption of personal data
Cyber Essentials compliance
system security policy and standard operating procedures
ISO 27001 standard for information security compliance
defined information security and related policies
staff training in security and privacy best practice
a documented incident management and reporting process
physical security policies
Your data is securely stored in the European Economic Area (EEA). We'll update this notice if we transfer it outside the EEA.
How long we keep your data
We hold on to your information for as long as is reasonably necessary. This can depend on legal, regulatory, tax, accounting or technical requirements.
Health record type
Minimum retention period
Adult
6 years after date of last entry or 3 years after death if earlier
Records relating to children and young people (including children’s and young person’s Mental Health Records)
Retain until the patient’s 25th birthday or 26th if young person was 17 at conclusion of treatment, or 3 years after death.
If the illness or death could have potential relevance to adult conditions or have genetic implications, we’ll seek clinician advice as to whether to retain for a longer period.
Mentally disordered person (within the meaning of any Mental Health Act)
20 years after last contact between the patient/client/service user and any health/care professional employed by the mental health provider, or 3 years after the death of the patient/client/service user if sooner and the patient died while in the care of the organisation.
NHS organisations may keep mental health records for up to 30 years before review. Complete records must be kept for the first 20 years, but they may be kept in summary format for the remaining 10-year period.
Social services records are retained for a longer period. Where there is a joint mental health and social care record, the higher of the two retention periods should be adopted.
When the records come to the end of their retention period, they must be reviewed and not automatically destroyed. If it is decided to retain the records, they should be subject to regular review.
Specific retention periods
Health record type
Minimum retention period
Clinical trials of investigational medicinal products: health records of participants that are the source data for the trial
For trials to be included in regulatory submissions: At least 2 years after the last approval of a marketing application in the EU. Longer if required by the applicable regulatory requirement(s) or by agreement with the Sponsor.
For trials not used in regulatory submissions: At least 5 years after completion of the trial. These documents should be retained for a longer period if required by the applicable regulatory requirement(s), the Sponsor or the funder of the trial.
Photographs (where the photograph refers to a particular patient it should be treated as part of the health record)
Retain according to the standard minimum retention period appropriate to the patient/specialty.
Records of destruction of individual health records (case notes) and other health related records (in manual or computer format)
Permanently
Research records other than clinical trials of investigational medicinal products, health records of participants that are the source data for the research
30 years
Cookies
When you use this service, we put small files called cookies onto your device.
We use Google Analytics cookies to collect information about how you use our platform and to help us make improvements to it. Cookies are not computer programs.
They do not collect or store your information, so we cannot identify you from them.
You can remove cookies from your device at any time. Your device will automatically delete expired cookies.
We do not allow Google to share our analytics data.
Google Analytics sets the following cookies:
Name
Function
Expires
_ga
Collects information about how you use this website.
2 years
_gid
Used to distinguish users.
24 hours
_gat
Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_ property-id.
1 minute
AMP_TOKEN
Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
30 seconds to 1 year
_gac_property-id
Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
90 days
Your rights
You have the right to:
request a copy of your personal data and other supplementary information
correct errors or omissions in your personal data
Contact us to request a correction or a copy of your data.
Request your personal information is deleted
You can request that we erase your personal information where:
it's no longer necessary for the purpose for which it was originally collected
you have withdrawn consent
you object to the processing and there’s no legitimate interest for us to continue
your data was unlawfully processed or in breach of General Data Protection Regulation
the data has to be erased in order to comply with a legal obligation
the personal data is processed in relation to the offer of information society services to a child
We can refuse to comply to erase your data where it’s being used to:
it's no longer necessary for the purpose for which it was originally collected
exercise the right of freedom of expression and information
comply with a legal obligation or for the performance of a public interest task or exercise of official authority
for public health purposes in the public interest
archiving purposes in the public interest
inform scientific or historical research, or for statistical purposes
the exercise or defence of legal claims
Object to processing
You can object to:
data processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority, including profiling
direct marketing, including profiling
processing for purposes of scientific/historical research and statistics
Request we restrict our use of your personal information:
You have the right to request a restriction such as a temporary stop of the processing of your personal information where:
you think the personal information is inaccurate and it should not be used until it's corrected
we're using your personal information unlawfully and you want your personal information to be held by us but not processed whilst a complaint / investigation takes place
you require us to keep your personal information and not delete it while you make or defend a legal claim
you have objected to our use of your personal information and we do not have legitimate grounds to override your objection
Published: 13/08/2021 16:01
Website Experience Survey
×
Thanks for visiting the NHS Grampian website. We'd really like to hear your thoughts about it through this short survey.
Survey