nhsuk · vickytnz · Nov 24, 2024 · Nov 27, 2024
diff --git a/app/views/layout.html b/app/views/layout.html
@@ -31,6 +31,10 @@
       {
         label: "Cookies",
         URL: "/cookies"
+      },
+      {
+        label: "Privacy policy",
+        URL: "/privacy-policy"
       }
     ]
   }) }}

diff --git a/app/views/privacy-policy.html b/app/views/privacy-policy.html
@@ -0,0 +1,151 @@
+{% extends 'layout.html' %}
+
+{% block pageTitle %}
+  Privacy policy - NHS prototype kit
+{% endblock %}
+
+{% block beforeContent %}
+  {{ breadcrumb({
+    href: "/",
+    text: "Home"
+  }) }}
+{% endblock %}
+
+{% block content %}
+<div class="nhsuk-grid-row">
+  <div class="nhsuk-grid-column-two-thirds">
+    <h1>Privacy policy</h1>
+
+    <p>
+      Your privacy is important to us. This privacy policy covers what we
+      collect and how we use, share and store your information.
+    </p>
+    <p>This page tells you:</p>
+
+    <ul class="nhsuk-list nhsuk-list--bullet">
+      <li>about the information we may collect</li>
+      <li>how we keep your data secure</li>
+      <li>who we share your data with</li>
+      <li>about your rights to see or change information we hold about you</li>
+    </ul>
+    <h2>Information we may collect</h2>
+    <p>
+      You can leave feedback on some pages of the website or on a user survey.
+      You can choose to share your email address if you want a reply. Otherwise,
+      we collect and store feedback anonymously
+    </p>
+    <h2>Cookies</h2>
+    <p>
+      Our website uses cookies. These are small files saved on your phone,
+      tablet or computer when you visit a website. They store information about
+      how you use the website, such as the pages you visit.
+    </p>
+    <p>
+      The law says that we can store cookies on your device if they are strictly
+      necessary to make our website work. For all other types of cookies we need
+      your permission before we can use them on your device.
+    </p>
+    <p>
+      Read our <a href="/cookies">cookie policy</a> to find out more about the
+      cookies we use.
+    </p>
+    <p>
+      We sometimes use tools on other organisations' websites to collect data or
+      to ask for feedback. These tools set their own cookies.
+    </p>
+    <h2>Why we need your data</h2>
+    <p>
+      For a number of the activities that we undertake to complete our function,
+      we need to process personal data. We collect certain personal data when
+      you use the NHS prototype kit.
+    </p>
+    <p>We collect your data so that we can:</p>
+    <ul class="nhsuk-list nhsuk-list--bullet">
+      <li>tell you about work and updates on the kit</li>
+      <li>
+        work with you on contributions, where you’ve proposed to add or improve
+        part of the kit
+      </li>
+      <li>
+        support you, including both the provision of support and responses to
+        user enquiries
+      </li>
+      <li>
+        gather feedback, including gathering it to improve our services, and
+        responding to it, if you have asked us to
+      </li>
+      <li>invite you to take part in user research</li>
+    </ul>
+    <p>
+      We collect your user profile if you interact with us on collaboration
+      tools and platforms.
+    </p>
+    <h2>Keeping your personal data secure</h2>
+    <p>
+      We convert your data into secure code (encrypt it) and store it on secure
+      servers in England. A partner organisation is providing hosting services
+      but has no say in how the information is used. There are no legal ways for
+      their employees to see the data. Only approved people in the NHS digital
+      service manual team can see it.
+    </p>
+    <p>
+      If you shared your email with us as part of a survey, we will delete it
+      after 2 years. At that point no one can identify you in the survey data.
+    </p>
+    <h2>Data sharing</h2>
+    <p>
+      As part of NHS prototype kit we share your personal data with data
+      processors who provide us with:
+    </p>
+    <ul class="nhsuk-list nhsuk-list--bullet">
+      <li>
+        software collaboration platforms when you share research, feedback or
+        make a contribution
+      </li>
+      <li>support providers when you contact us for assistance</li>
+    </ul>
+    <p>
+      NHS England may share anonymous information on how the service is used
+      with the Department of Health and Social Care, integrated care boards
+      (ICBs), and national governance groups.
+    </p>
+    <h2>Legal powers</h2>
+    <p>
+      When you give us personal information, we may pass it on if the law says
+      we must.
+    </p>
+    <p>
+      If you make a claim against us, we and other third parties such as our
+      solicitors may need to look at this information.
+    </p>
+    <p>
+      We will not share your personal information with anyone else without your
+      permission for any other reason.
+    </p>
+    <h2>Your rights</h2>
+    <p>You can:</p>
+    <ul class="nhsuk-list nhsuk-list--bullet">
+      <li>
+        find out what information we hold about you, ask us to correct it if
+        it's wrong, or delete it by emailing enquiries@nhsdigital.nhs.uk
+      </li>
+      <li>
+        contact the Information Commissioner's Office, Wycliffe House Water
+        Lane, Wilmslow SK9 5AF if you want to make a complaint about how we have
+        managed your data
+      </li>
+    </ul>
+    <p>
+      NHS Digital (NHS England), 1 Trevelyan Square, Boar Lane, Leeds, LS1 6AE
+      is the Data Controller for the NHS digital service manual under data
+      protection legislation. We will process your data in line with data
+      protection legislation.
+    </p>
+    <p
+      class="nhsuk-body-s nhsuk-u-secondary-text-color nhsuk-u-margin-top-6 nhsuk-u-margin-bottom-0"
+    >
+      Updated: November 2024
+    </p>
+  </div>
+</div>
+{% endblock %}