Privacy policy and cookies on the Buying Catalogue
A description of the information NHS Digital collects as part of our operation of the Buying Catalogue website. We want you to understand why we hold and process this information, and your choices.
This page covers the information we collect about you as part of our operation of the Buying Catalogue website. We want you to understand why we hold and process this information, and your choices.
We always collect, hold and process information securely and lawfully.
What personal data are you collecting from me?
Personal data means any information relating to an identified or identifiable individual. We collect, use, and store different kinds of personal data about you. Here is a list of the types of personal data that we process about you through the operation of the Buying Catalogue website:
Identity Data
Your first and last name, username, and organisations ODS code.
Contact Data
Your email address and telephone number.
Technical Data
Data collected through use of cookies on the Buying Catalogue website, as listed in the cookies policy below. We also log your internet protocol (IP) address when you access the Buying Catalogue website.
We will only process the minimum personal data necessary to achieve our purposes.
How do we collect your personal data?
We use different methods to collect personal data from and about you including:
Direct interactions
You may give us your Identity Data and Contact Data when you create an account on the Buying Catalogue website or when you enter your personal details into the order form.
Automated interactions
As you interact with the Buying Catalogue website, we will automatically collect personal data.
How is my personal data used?
When using the Buying Catalogue website, we will process your personal data for the following reasons:
- to establish the authority that you are ordering for and using the website from
- to enable each part of the Buying Catalogue website to work with each other part
- to ensure that the Buying Catalogue website can operate in a secure manner
- to authenticate users that log in to the Buying Catalogue website
- to capture personal data of authenticated users on the Buying Catalogue website to facilitate the ordering process
- to enable us to contact authenticated users for the purposes of user research with their explicit consent to help us improve the Buying Catalogue website
See the lawful basis section of this policy below to find out about the types of lawful basis that we rely on to process your personal data for these purposes.
What cookies are used on the Buying Catalogue website?
What are cookies?
Cookies are files saved on your phone, tablet, or computer when you visit a website. They store information about how you use a website, such as the pages you visit.
Cookies are not viruses or computer programs. They are very small so do not take up much space.
Find out more information about cookies.
How we use cookies
Some of the cookies used are essential to the operation of the Buying Catalogue website and only persist while a user’s browser is open. Our non-essential cookies relate to analytics and can be switched off.
If you do nothing other than use the Buying Catalogue website, we will capture and store some information about your visit to make our website work and keep it secure. The information collected in these cookies relates to:
- establishing the authority that you are ordering for and using the website from
- enabling each part of the Buying Catalogue website to work with each other part
- ensuring that the Buying Catalogue website can operate in a secure manner
- checking that the user has the correct permissions
We do not know (and do not wish to know) the identities of individuals who visit the Buying Catalogue website, other than those users who have registered accounts with us. The information collected through the cookies in operation is not shared with anyone and we do not merge this information with other personal data.
List of cookies that make our website work
All but one of the cookies we use are essential to allow you to use the Buying Catalogue website. Our one non-essential cookie lets us know if you dismissed our cookie banner.
| Name | Expires | Necessary | Purpose of cookie |
|---|---|---|---|
| Name buyingcatalogue-cookie-consent | Expires When you close the browser (if you do not dismiss the banner) or 1 year (if you dismiss the banner) | Necessary No | Purpose of cookie Remembers if you dismissed our cookies banner |
| Name io | Expires When you close the browser | Necessary Yes | Purpose of cookie This cookie is generated by an identity server as part of the authentication/authorisation mechanisms |
| Name token | Expires When you close the browser | Necessary Yes | Purpose of cookie This cookie enables authorisation that is passed to our API's to verify that the current user is authorised to use the areas of the site that are being requested |
| Name .AspNetCore.Antiforgery | Expires When you close the browser | Necessary Yes | Purpose of cookie This cookie provides vital security information that enables APIs/User Interfaces to remain trusted between each other and prevent external attacks via strange media |
| Name _csrf Security | Expires When you close the browser | Necessary Yes | Purpose of cookie This cookie provides vital security information focussed on the Cross Site Request Forgery (i.e. fake scripts/redirects that could be injected) |
| Name .AspNetCore.Identity.Application | Expires When you close the browser | Necessary Yes | Purpose of cookie This cookie enables Authorisation confirmation that is used by the token cookie and the User Interface to determine the current authenticated user and their claims (permissions/other necessary information) within the application |
| Name s_ecid | Expires After 2 years | Necessary No | Purpose of cookie Allows persistent ID tracking in the first-party state and is used as a reference ID if the AMCV cookie has expired |
| Name s_cc | Expires When you close your browser | Necessary No | Purpose of cookie Set and read by the JavaScript code to determine if cookies are enabled |
| Name s_sq | Expires When you close your browser | Necessary No | Purpose of cookie Set and read by the JavaScript code when the Adobe Select Map functionality or the Adobe Activity Map functionality are enabled; it contains information about the previous link selected by the user |
| Name s_vi | Expires After 2 years | Necessary No | Purpose of cookie Used to identify a unique visitor |
| Name s_fid | Expires After 2 years | Necessary No | Purpose of cookie Used to identify a unique visitor if the standard s_vi cookie is unavailable due to third-party cookie restrictions. Not used for implementations that use first-party cookies |
| Name _hjSessionUser{site_id} | Expires After 1 year | Necessary No | Purpose of cookie Used to persist the Hotjar User ID, unique to that website on the browser. This ensures that behaviour in subsequent visits to the same website will be attributed to the same user ID |
| Name _hjSession{site_id} | Expires After 30 minutes | Necessary No | Purpose of cookie Holds the current session data to ensure that subsequent requests within the session window will be attributed to the same Hotjar session |
| Name _hjClosedSurveyInvites | Expires After 1 year | Necessary No | Purpose of cookie Set once a user interacts with a Hotjar External Link Survey invitation modal. It is used to ensure that the same invite does not reappear if it has already been shown |
| Name _hjDonePolls | Expires After 1 year | Necessary No | Purpose of cookie Set once a user completes a survey using the Hotjar On-site Survey widget. It is used to ensure that the same survey does not reappear if it has already been filled in |
| Name _hjMinimizedPolls | Expires After 1 year | Necessary No | Purpose of cookie Set once a user minimises a Hotjar On-site Survey widget. It is used to ensure that the widget stays minimised when the user navigates through a website |
| Name _hjShownFeedbackMessage | Expires After 1 year | Necessary No | Purpose of cookie Set when a user minimises or completes Hotjar's Incoming Feedback. This is done so that the Incoming Feedback will load as minimised immediately if the user navigates to another page where it is set to show |
| Name _hjSessionTooLarge | Expires When you close your browser | Necessary No | Purpose of cookie Causes Hotjar to stop collecting data if a session becomes too large. This is determined automatically by a signal from the WebSocket server if the session size exceeds the limit |
| Name _hjSessionRejected | Expires When you close your browser | Necessary No | Purpose of cookie Set to '1' for the duration of a user's session, if Hotjar rejected the session from connecting to its WebSocket due to server overload. This cookie is only applied in extremely rare situations to prevent severe performance issues |
| Name _hjSessionResumed | Expires When you close your browser | Necessary No | Purpose of cookie Set when a session/recording is reconnected to Hotjar servers after a break in connection |
| Name _hjid | Expires After 1 year | Necessary No | Purpose of cookie Set when the user first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that website on the browser. This ensures that behaviour in subsequent visits to the same website will be attributed to the same user ID |
| Name _hjRecordingLastActivity | Expires When you close your browser | Necessary No | Purpose of cookie Found in session storage (as opposed to cookies). This gets updated when a user recording starts and when data is sent through the WebSocket (the user performs an action that Hotjar records) |
| Name _hjTLDTest | Expires When you close your browser | Necessary No | Purpose of cookie When the Hotjar script executes it tries to determine the most generic cookie path to should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, Hotjar tries to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed |
| Name _hjUserAttributesHash | Expires When you close your browser | Necessary No | Purpose of cookie User Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated |
| Name _hjCachedUserAttributes | Expires When you close your browser | Necessary No | Purpose of cookie Stores User Attributes which are sent through the Hotjar Identify API, whenever the user is not in the sample. Collected attributes will only be saved to Hotjar servers if the user interacts with a Hotjar Feedback tool, but the cookie will be used regardless of whether a Feedback tool is present |
| Name _hjLocalStorageTest | Expires After less than 100 milliseconds | Necessary No | Purpose of cookie Used to check if the Hotjar Tracking Script can use local storage. If it can, a value of '1' is set in this cookie. The data stored in _hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created |
| Name _hjIncludedInPageviewSample | Expires After 30 minutes | Necessary No | Purpose of cookie Set to let Hotjar know whether a user is included in the data sampling defined by a website's pageview limit |
| Name _hjIncludedInSessionSample | Expires After 30 minutes | Necessary No | Purpose of cookie Set to let Hotjar know whether that user is included in the data sampling defined by a website's daily session limit |
| Name _hjAbsoluteSessionInProgress | Expires After 30 minutes | Necessary No | Purpose of cookie Used to detect the first pageview session of a user. This is a True/False flag set by the cookie |
| Name _hjFirstSeen | Expires When you close your browser | Necessary No | Purpose of cookie Set to identify a new user's first session. It stores a True/False value, indicating whether this was the first time Hotjar saw this user. It is used by recording filters to identify new user sessions |
| Name _hjViewportId | Expires When you close your browser | Necessary No | Purpose of cookie Stores information about the user viewport, such as size and dimensions |
| Name _hjRecordingEnabled | Expires When you close your browser | Necessary No | Purpose of cookie Added when a recording starts and is read when the recording module is initialised to see if the user is already in a recording in a particular session |
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that the Buying Catalogue website may become inaccessible or not function properly.
Change your cookie settings
Some cookies, like those used to measure how you use our website, are not needed for our website to work.
These cookies send information about how our site is used to services called Adobe Analytics and Hotjar. We use this information to improve our website.
You can read the Adobe Analytics privacy policy and Hotjar privacy policy.
Is my personal data used for user research purposes?
We would like to contact you about taking part in user research panels and surveys to improve the Buying Catalogue website and connected services. We will ask you if you would like to join our user research panel when you register for a Buying Catalogue account and log in for the first time.
If you agree to join, we may ask you to:
- try new features
- answer questions or surveys by email
- talk to our researchers about your experience of using the Buying Catalogue website or connected services
You can always say no to our requests, and you can leave the user research panel at any time.
We will only use your information to contact you about the Buying Catalogue website user research panel. It will not be shared with anyone else. You can unsubscribe at any time by contacting the Buying Catalogue Team.
What lawful basis are you using to process my personal data?
The lawful basis we use to process your personal data is as follows:
Performance of a contact
We will process your personal data as we provide you with products and services through the operation of the Buying Catalogue website. This includes processing your personal data to facilitate the ordering process.
Legitimate Interests
We will process your personal data as it is within the legitimate interests of NHS Digital to process this personal data for the operation of the Buying Catalogue website. Legitimate interest means the interest of NHS Digital in conducting and managing the Buying Catalogue website to enable us to give you the best service and most secure experience.
Consent
For users that have registered accounts on the Buying Catalogue website, we may contact you for user research purposes. The lawful basis for this activity will be consent. We will only contact you for these purposes when you have given us informed and explicit consent. You can withdraw this consent at any time by contacting the Buying Catalogue Team.
Where will my personal data be stored and processed?
We will only store and process your personal data within the UK.
What are my data processing rights?
Data protection laws give you the right:
- to request a copy of the information we hold about you. You can do this by making a subject access request
- to know how your personal data will be collected, processed, and stored, and for what purposes
- to correct your personal data errors or omissions
- to request that we delete your personal data
- to restrict our use of your personal data (for example, if you think it is inaccurate and needs to be corrected before it is used)
- to object to us processing your personal data at any time
- to be subject to a decision based solely on automated decision making, including profiling
- to withdraw your consent, which applies to your participation in user research activities
Find more information on these rights.
If you wish to exercise any of the rights set out above, please contact us using the contact details at the bottom of this page.
Can my personal data be processed for unrelated purposes not listed in this policy?
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to gain an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the lawful basis which allows us to do so in an updated privacy and cookies policy.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How is my personal data protected?
We have organisational technical controls in place to ensure that your personal data is not lost, accidently destroyed, misused, or disclosed, and is not accessed except by our employees in the performance of their duties in operating the Buying Catalogue website. We have set up security measures, policies, and procedures such as:
- training all staff annually in data and security protection
- monitoring our platform to keep your personal information secure
- following good practice guidance provided by the National Technical Authority
- always using legally binding agreements with all organisations we use
- having security and confidentiality policies in place across the organisation, to which staff must agree before they are given access to personal information
- restricting access to personal information to only those staff who need access to perform their role
How long is my personal data retained for?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. Listed below are the different types of personal data that NHS Digital process in the operation of the Buying Catalogue website and the period this data is retained for:
Identity Data and Contact Data
We retain this personal data for as long as you have an active user account on the Buying Catalogue website. Once an account has been requested closed, we delete all the data associated with the account within 30 days.
Technical Data
Data collected from the cookies in use is destroyed as soon as you close the browser. The IP addresses that we process when you access the Buying Catalogue website are retained for 30 days, after which they are over written and destroyed.
Does this policy apply to other websites?
This privacy notice only relates to information obtained through use of the Buying Catalogue website.
If you visit a website operated by a third party through a link included on this website, your information may be used differently by the operator of the linked website. These third parties may include, for example, suppliers that are listed on the Buying Catalogue website.
When you are moving to another site you are advised to read the privacy policy relating to that website.
How can I contact NHS Digital?
You can contact us by:
Email: enquiries@nhsdigital.nhs.uk
Telephone: 0300 303 5678
Or by writing to us:
Information Governance Compliance TeamNHS Digital
1 Trevelyan Square
Boar Lane
Leeds
LS1 6AE
Your enquiry will be answered by our contact centre.
We collect the information that you give us, and use it to help resolve your query, to contact you about your query, and to improve our services.
We keep this information for 3 years from the date of your enquiry.
Our Data Protection Officer is Kevin Willis, whose duties include monitoring internal compliance and advising the organisation on its data protection obligations and can be contacted via enquiries@nhsdigital.nhs.uk.
How can I lodge a complaint?
If you wish to raise a complaint concerning NHS Digital's processing activity, visit our Feedback and Complaints page.
You also have the right to raise a concern with the Information Commissioner's Office (ICO) at any time. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
The contact details for the ICO are:
Information Commissioner's OfficeWycliffe House
Water Lane
Wilmslow
SK9 5AF
Visit the Information Commissioner's Office website.