Privacy Policy/GDPR


Crown Informatics, via the Crown Audit service, operates this website under strict privacy controls to deliver a safe and secure data collection system to support data informatics and audit programmes.

Information collected via the audit service
By submitting personal data in electronic form to this audit service, or by using this site, you give your consent that all personal information you submit may be processed in the manner and for the purposes necessary to conduct our services.

If you do nothing other than read pages or download information while using this audit service, we will capture and store information about your visit. This information will not identify you, it relates to:
The internet domain eg and IP address from which you access the web site.
The type of browser and operating system that you use.
The date and time of your visit.
The public pages you visit.
The address of the web site from which you linked to us (if applicable).

Why information is collected
We collect your information to improve the services available to you and give better access and to provide you with updates of policy together with any key announcements that are made.

How information is handled
All personal information is handled in accordance with the Data Protection Act (DPA) 2018, Privacy in Electronic Communications Regulations (PECR) 2011 and the EU General Data Protection Regulations (GDPR) 2016. We ensure that your personal details and information are managed confidentially and securely, and that members of staff only access the information they need in order to conduct their duties.

GDPR details

Lawful basis:
We hold your data to operate the audit informatics services we provide under contract to the commissioning organisation, who operate and manage the audit on an approved legal basis. As such our lawful basis is contractual in collaboration with the commissioning body and their lawful basis is either contractual or 'public task'.

For 'Secondary uses/Clinical audit' the following GDPR articles apply:
Article 6(1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Article 9(2)(h) processing is necessary for the purposes of preventative or occupational medicine... or,
Article 9(2)(i) processing is necessary for reasons of public interest in the area of public health...

Your rights:
You have the right to review the data we hold about you and you can exercise this right by using the account manager or by contacting the Data Protection Officer (details below).

Patient Subject Access Requests:
If a patients wishes to know if they have been entered in to one of the audit projects and wishes to review the data recorded, they should first contact their treating hospital or unit and ask them for their record(s). If this is not possible, they should refer to our 'Patient Subject Access Request policy' and make a request according to those instructions. Please note that we will require firm evidence of identity before any information can be given to them. Also note that only the treating hospitals can make such enquiries or forward such enquiries to Crown Informatics for fulfilment, neither the audit project teams, nor the data controllers can deal with such enquiries.

Who can see the audit and systems data?

Type of Data
Any member of the Public
Hospital/Unit Clinical team *
Crown System Administrators
Programme commissioners and Other Interested Parties
Publications, reports, run-charts, benchmarks and other summary/aggregate data
Personally identifiable patient data, including clinical data
Yes *
Patients clinical data only -
pseudo anonymised
Yes *
Analytical/Statistical teams,
Approved researchers
Patient clinical data only - aggregated/anonymised
Yes *
HQIP, NHS, Open-Data.GOV, CQC, Approved researchers
System users (Account holders)
Yes *
System and security logs
Non-identifiable Aggregate Website Statistics +
* Each hospital/unit clinical team can only see their own patient data and team colleagues within that unit.
+ Obtained from Google Analytics - limited to 'IP Address' and 'browser statistics' - used to understand website usage.

National Data Opt Out
The national data opt-out is a service that allows patients to opt out of their confidential patient information being used beyond individual care. The national data opt out was introduced to enable patients to opt out from the use of their data beyond individual care, in line with the recommendations of the National Data Guardian in her review of Data Security, Consent and Opt-Outs. You can view or change your national data opt out choice at any time, by visiting:

We have put processes in place to apply national data opt-outs where necessary in accordance with national data opt-out operational policy.

Personal data held for account holders/system users:
Identifiable data is limited to: A person's name, telephone number(s), email address, hospital or organisation where they work, job title, grade and department, account settings and system preferences and details of their recent system logins and activities, mainly for data security reasons. System user names and IP address details may be used in record audit trails, support incident logs and security logs.

Places where a 'user name' is used:
Account manager system for individual and other team members - User account details
Audit records and record audit trails
Support/Helpdesk services
Security and system logs

Places where an 'IP Address' is used:
IP addresses are necessary to provide internet access to websites and are routinely inherently used to provide that service.
Our system and security logs will note the IP Address being used and will log that information.
When a person accesses our public or reporting web pages, we share their IP Address with a website analytics service.
We do not routinely collect or use IP addresses for any other purpose.

System and security event logs:
Names, IP Addresses details and event details and event dates may be stored in system audit trails, security and system event logs. This data is used for service delivery, security and operations management and serves no other purpose. Normally, this data is automatically deleted on a rotational basis. Data relating to a security issue will be extracted for further analysis and retained as necessary to support security incident analysis.

How long is the data kept for?
Audit data - Project lifetime - refer to individual projects
Support/Helpdesk services - 5 years
System and security logs - up to 90 days
Security Incident logs - As required

Policy changes
The personal information we collect and maintain will be subject to the version of the audit Privacy Policy in effect at the time of collection. We reserve the right to change the audit Privacy Policy from time to time and will provide notice of these changes on the home page of our web site. You should make sure you periodically review the audit Privacy Policy to make sure it meets your needs.

Young persons' information
This audit service is not intended to be used by children under 16 years of age. We neither knowingly solicit nor collect personal information from or about children under the age of 16 years without the explicit consent of the child's next of kin or legal guardian.

There are security measures in place for all personal information that is collected, to protect against the loss or alteration of information under our control.

Preparation, maintenance and distribution of this document is the responsibility of the Data Protection Officer (DPO) of Crown Informatics. Moreover, it is the responsibility of the DPO to monitor the procedures contained within this audit Privacy Policy on a regular basis, in order to ensure that all staff members are adhering to them.

DPO will be responsible for reviewing this audit Privacy Policy on an annual basis to ensure that procedures are kept accurate and up-to-date, in line with national best practice.

Contact details
For further assistance and advice, please email:


v4.00 - 27 March 2020