Skip to content
Loader

The information in this section explains how and why we are using people's personal data for this survey. We also outline your rights and how to contact us if you have any questions or concerns about the use of your data.

Your details

NHS England is the data controller for this survey. NHS England holds a list of people who are living with diabetes, called the National Diabetes Audit (NDA). If you are invited to take part, your name will be chosen at random from this list. NHS England will match this information with contact details from the list of patients registered with a GP, called the Personal Demographic Service (PDS). Ipsos, as data processor, are carrying out this survey on behalf of NHS England. For those selected to take part, NHS England will share a limited amount of people's personal data so that Ipsos can invite people to take part in this survey. An independent group, which includes members of the public, gave their support for confidential patient information to be used to identify people living with diabetes and invite them to take part in this survey.

The following data will be shared with Ipsos so they can select people to take part in the survey, and to ensure that the anonymised survey data matches the profile of the NDA population as closely as possible: sex, age band, ethnicity, type of diabetes, date of diagnosis, care processes/clinical outcomes, treatment targets, treatment type, GP practice code, Lower Layer Super Output Area (LSOA), and NHS number.

The following data will be shared with Ipsos so they can contact those selected to take part in the survey: name, address, mobile number (where available), and month and year of birth.

If you are chosen to take part, Ipsos will keep your data confidential and will only use your details to invite you to take part in the survey. Once the survey is finished, Ipsos will securely destroy your personal details.

Ipsos will be working with certain supplier organisations to run the survey. Ipsos will need to share your contact details with the following supplier organisations to invite you to take part:

  • Formara (printing letters and questionnaires): name, address and type of diabetes
  • Text Local (distributing text message invitations): mobile number
  • The Delivery Group and Royal Mail (distribution and postage): name and address

Ipsos also work with Rackspace UK to collect online survey responses. All internet facing systems are hosted in the RackSpace UK data centre, including the interviewing platform, Dimensions, used to carry out market research fieldwork. All applications and data are managed by Ipsos.

All these suppliers are approved and compliant with the UK General Data Protection Regulation.

Personal data are held in accordance with the UK General Data Protection Regulation and Data Protection Act 2018. If you are invited to take part, NHS England’s Privacy Notice describes how they will use personal data and explains how you can contact them and invoke your rights as a data subject. NHS England will protect your information in line with the requirements of the Data Protection Act 2018.

Ipsos takes its information security responsibilities seriously and applies various precautions to ensure information is protected from loss, theft, or misuse. Security precautions include appropriate physical security of offices and controlled and limited access to computer systems. Stringent measures have been taken to ensure personal information is securely stored and seen only by the personnel directly involved in the project.

Ipsos has regular internal and external audits of its information security controls and working practices and is accredited to the International Standard for Information Security, ISO 27001.

Individual answers to the questions will not be linked to names or contact details. Ipsos, and approved NHS England staff and researchers, treat individual answers as confidential. They adhere to all aspects and terms of the UK General Data Protection Regulation and all other relevant legislation, including requirements for secure storage.

If you are invited to take part, all of your personal data used and collected for this survey will be stored by Ipsos in data centres and servers within the United Kingdom hosted by RackSpace UK. RackSpace UK provide Ipsos group managed hosted services, this is dedicated infrastructure for Ipsos only. RackSpace provide support up to the operating system level and Ipsos manage their installed applications and data.

You may still receive an invitation to take part in the survey if you have opted out via the National Data Opt Out. The Department of Health and Social Care has confirmed that this survey has been made exempt from the National Data Opt Out. The list of exemptions and policy postponements provides more information.

Your answers

This section explains what will happen to your answers if you are invited and choose to take part in the survey.

No one involved in your care will know whether you have taken part in the survey.

Ipsos will put your answers together with the answers from other people and publish the results of the survey. Your answers will be kept confidential. Nobody will be able to identify you in any published results.

Ipsos will send all the survey responses to NHS England. NHS England will remove any personal details which could be used to identify you from the data. They will link the survey responses with information in the National Diabetes Audit and other healthcare databases. The NHS will use this information to plan diabetes services. You can ask for your survey responses to not be given to NHS England. However, once NHS England has received the survey data, your responses cannot be deleted.

NHS England may share your survey answers with approved researchers, but only in a way that doesn’t identify you. NHS England will only share your answers in line with strict rules about data processing.

By taking part in the survey, you give permission for your personal information to be used in these ways.

In order to be able to use the survey data at the individual patient level, all researchers, including those employed by NHS England and other organisations, must apply for permission. Each application must go through a rigorous approval process, setting out the work that will be done, with an agreement that any publication will only refer to completely anonymised data. All other users may only access anonymised data at national or Integrated Care System (ICS) level.

If you take part in the survey, Ipsos will only hold your data in a way that can identify you for as long as is necessary to support the survey and findings. In practice, this means that once Ipsos have reported the anonymous findings in an acceptable way, they will securely remove your personal, identifying data from their systems and those of any suppliers. For this study, Ipsos will securely remove your personal data from their systems 2 months after publication (estimated deletion date of January 2025).

Website

Some online surveys collect information through the use of "cookies". These are small files stored on your computer. These files are used as sparingly as possible and only for quality control and validation. They also prevent us sending you reminders for an online survey you have already completed. It is possible for you to delete "cookies" or to prevent their use by changing the browser settings on your computer. Ipsos also automatically capture information about your operating system, display settings and browser type to ensure that the survey questionnaire is delivered in a form suited to the software your computer is using. Ipsos do not capture any other information from your computer. For more information, please see our Privacy notice.

Your rights

The UK GDPR includes rights, although not all of these apply where the legal basis for processing is necessary for public health purposes in the public interest (UK GDPR Article 9(2)(h)).

You can request access to any personal data that is held by Ipsos up to when it is deleted (2 months after publication, estimated deletion date of January 2025).

You can object to the processing of your personal data or survey answers you provide, at any time before the data is processed for reporting (end of May 2024). You can object to the linkage of your survey responses with the National Diabetes Audit and other healthcare databases, at any time before survey data is shared with NHS England (estimated date of November 2024).

NHS England must generally respond to requests in relation to your rights within one month, although there are some exceptions to this. NHS England’s Privacy Notice explains your rights and how to exercise them.

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you have concerns on how we have processed your personal data. You can find details about how to contact the Information Commissioner’s Office at https://ico.org.uk/global/contact-us/ or by sending an email to: casework@ico.org.uk.

Contact us

You can contact Ipsos, the supplier running the survey:

Phone: 0800 470 2983

Email:diabetessurvey@ipsos.com

Post:

The NDES team - Ipsos

3 Thomas More Square

London E1W 1YW

Or you can contact NHS England:

You can contact the NHS England Customer Contact Centre via email or by the details below:

Telephone: 0300 311 22 33;

Post: NHS England, PO Box 16738, Redditch, B97 9PT.

If you would prefer, you can directly contact NHS England’s Data Protection Office with questions about data protection.

You have the right to make a complaint against NHS England regarding data protection issues with the Information Commissioner’s Office.

Page last reviewed: March 2024