diff --git a/lung_cancer_screening/questions/jinja2/privacy_policy.jinja b/lung_cancer_screening/questions/jinja2/privacy_policy.jinja
index 8e0b3b93..d0314dc9 100644
--- a/lung_cancer_screening/questions/jinja2/privacy_policy.jinja
+++ b/lung_cancer_screening/questions/jinja2/privacy_policy.jinja
@@ -1,300 +1,381 @@
 {% extends 'layout.jinja' %}
 
 {% block content %}
-  <div class="nhsuk-grid-row">
-    <div class="nhsuk-grid-column-two-thirds">
-      <h1 class="nhsuk-heading-l">NHS check if you need a lung scan privacy policy</h1>
-
-      <section>
-        <h2 class="nhsuk-heading-m">1. How we use your personal information</h2>
-
-        <p>This privacy policy explains how we use your personal data when you use the NHS check if you need a lung scan. The NHS check if you need a lung scan pilot is provided as an alternative to the phone appointment, the lung health check. Find out more about the <a href="https://www.nhs.uk/tests-and-treatments/lung-cancer-screening/" target="_blank" rel="noopener">NHS lung cancer screening</a>.</p>
-
-        <h3 class="nhsuk-heading-s">1.1 Terms we use in this policy</h3>
-
-        <p>You may find it helps to understand these terms when reading this policy.</p>
-
-        <ul>
-          <li>Personal data: information that relates to an identified or identifiable individual.</li>
-          <li>Special category data: sensitive personal data given special protection in data protection law including personal data about your health.</li>
-          <li>Data is "processed" when any action is taken with it. For example, when it is collected or reviewed.</li>
-          <li>Controller: the person or organisation (alone or with others) who decides what personal data to process and how it will be used.</li>
-          <li>Processor: an organisation which processes personal data on behalf of, and under the instruction, of the controller.</li>
-          <li>Joint data controller: if two or more controllers jointly determine the purposes and means of processing the same personal data.</li>
-        </ul>
-
-        <p>You can find out more about these terms on the <a href="https://ico.org.uk/for-the-public/" target="_blank" rel="noopener">Information Commissioner's Office website</a>.</p>
-
-        <p>In this privacy policy, 'we' or 'us' means NHS England and Department of Health. 'You' or 'your' means you, a member of the public who is using the NHS check if you need a lung scan.</p>
-      </section>
-
-      <section>
-        <h2 class="nhsuk-heading-m">2. The NHS check if you need a lung scan</h2>
-
-        <p>The NHS check if you need a lung scan invites adults aged 55 to 74 years who have ever smoked to take part in lung cancer screening.</p>
-
-        <p>The check – mainly done by a phone appointment called the lung health check, asks a person questions about their medical history and lifestyle to work out their chances of developing lung cancer in the next 5 years.</p>
-
-        <ul>
-          <li>The NHS check if you need a lung scan is provided by NHS England and Department of Health and Social Care as a pilot. It allows you to complete a lung health check online before you complete your phone appointment.</li>
-        </ul>
-
-        <p>The NHS check if you need a lung scan involves:</p>
-        <ul>
-          <li>filling in an online questionnaire about your health and lifestyle</li>
-          <li>completing your phone appointment and repeating the questionnaire to find out if you would benefit from a lung scan</li>
-        </ul>
-
-        <p>You can access NHS check if you need a lung scan using your NHS login details.</p>
-        <p>If you sign in using NHS login, we will ask your permission to share your NHS login information with our service.</p>
-        <p>We will use your NHS number to compare your responses to NHS check if you need a lung scan to your responses in your phone appointment. Once you have completed your phone appointment we will also use your NHS login email to offer you a £10 voucher from Edenred vouchers.</p>
-        <p>We will not use your NHS login information for any other purposes. You can only share your NHS login information if you have proved your identity to NHS login.</p>
-        <p>For more information, see the <a href="https://www.nhs.uk/nhs-app/nhs-app-legal-and-cookies/" target="_blank" rel="noopener">NHS login privacy notice and terms and conditions</a>.</p>
-      </section>
-
-      <section>
-        <h2 class="nhsuk-heading-m">3. Data controllers for NHS check if you need a lung scan</h2>
-
-        <p>The NHS check if you need a lung scan has been designed in line with the <a href="https://www.england.nhs.uk/publication/targeted-screening-for-lung-cancer/" target="_blank" rel="noopener">NHS lung cancer screening programme standards</a>. You can read more about these in the Local Authorities regulations.</p>
-        <p>Under data protection law, NHS England and Department of Health and Social Care ("DHSC") are joint controllers for the personal data put into the NHS check if you need a lung scan. The DHSC have commissioned NHS England to deliver the NHS check if you need a lung scan.</p>
-        <p>NHS England is controller of NHS login.</p>
-      </section>
-
-      <section>
-        <h2 class="nhsuk-heading-m">4. What information we collect about you</h2>
-
-        <div class="nhsuk-table-container">
-          <table role="table" class="nhsuk-table">
-            <caption class="nhsuk-table__caption">When you use the NHS check if you need a lung scan, we will collect the following information.</caption>
-            <thead role="rowgroup" class="nhsuk-table__head">
-              <tr role="row">
-                <th role="columnheader" class="" scope="col">Category of information</th>
-                <th role="columnheader" class="" scope="col">Description</th>
-              </tr>
-            </thead>
-            <tbody class="nhsuk-table__body">
-              <tr role="row" class="nhsuk-table__row">
-                <td class="nhsuk-table__cell">
-                  <p>NHS login account information</p>
-                </td>
-                <td class="nhsuk-table__cell">
-                  <p>The personal data provided by NHS login to access the NHS check if you need a lung scan, such as name, NHS number, and email.</p>
-                </td>
-              </tr>
-              <tr role="row" class="nhsuk-table__row">
-                <td class="nhsuk-table__cell">
-                  <p>Audit data</p>
-                </td>
-                <td class="nhsuk-table__cell">
-                  <p>Information filled in the NHS check if you need a lung scan about your use of the system such as time of use, actions you took and related technical log events. Your NHS number is also stored against these records.</p>
-                  <p>The logs enable analysis for:</p>
-                  <ul>
-                    <li>incident investigation</li>
-                    <li>fault analysis</li>
-                    <li>non-repudiation (proof that a user has taken action such as agreeing to terms or sending data)</li>
-                  </ul>
-                </td>
-              </tr>
-              <tr role="row" class="nhsuk-table__row">
-                <td class="nhsuk-table__cell">
-                  <p>Performance data</p>
-                </td>
-                <td class="nhsuk-table__cell">
-                  <p>How long the system takes to complete tasks, number of errors, success or failure at task completion.</p>
-                </td>
-              </tr>
-              <tr role="row" class="nhsuk-table__row">
-                <td class="nhsuk-table__cell">
-                  <p>NHS check if you need a lung scan demographic data</p>
-                </td>
-                <td class="nhsuk-table__cell">
-                  <p>The personal information you provide to use the NHS check if you need a lung scan such as your:</p>
-                  <ul>
-                    <li>first name and last name</li>
-                    <li>NHS number</li>
-                    <li>email address</li>
-                  </ul>
-                </td>
-              </tr>
-              <tr role="row" class="nhsuk-table__row">
-                <td class="nhsuk-table__cell">
-                  <p>NHS check if you need a lung scan health and lifestyle questionnaire data</p>
-                </td>
-                <td class="nhsuk-table__cell">
-                  <p>The personal data you provide to calculate the results of the check such as:</p>
-                  <ul>
-                    <li>medical history of you, your parents and siblings</li>
-                    <li>if you smoke</li>
-                    <li>your height and weight</li>
-                    <li>your education</li>
-                    <li>if you have been exposed to damaged asbestos</li>
-                  </ul>
-                </td>
-              </tr>
-              <tr role="row" class="nhsuk-table__row">
-                <td class="nhsuk-table__cell">
-                  <p>Application metadata</p>
-                </td>
-                <td class="nhsuk-table__cell">
-                  <p>The personal data created from the NHS check if you need a lung scan based on the demographic information you provide. Metadata includes date and time of submission, NHS number.</p>
-                </td>
-              </tr>
-            </tbody>
-          </table>
-        </div>
-      </section>
-
-      <section>
-        <h2 class="nhsuk-heading-m">5. How we use your data</h2>
-
-        <h3 class="nhsuk-heading-s">5.1 To compare your responses to NHS check if you need a lung scan to your lung health check phone appointment</h3>
-        <p>The NHS check if you need a lung scan uses the information you have provided to compare your responses to similar questions in your lung health check phone appointment. This comparison will help us assess the clinical safety of the NHS check if you need a lung scan pilot. We take out all personal details, such as your name and email address when we do this.</p>
-
-        <h3 class="nhsuk-heading-s">5.2 For NHS check if you need a lung scan improvement, audit and troubleshooting</h3>
-        <p>We store technical log data for audit and troubleshooting (bug fix) purposes and to make improvements to the NHS check if you need a lung scan.</p>
-        <p>We ask for anonymous user feedback at relevant parts of your journey to help improve the NHS check if you need a lung scan. This data is stored within Qualtrics and may have some basic contact information as well as relevant survey answers. It will not be directly linked to you and your health check data.</p>
-        <p>We analyse data to check the uptake of the NHS check if you need a lung scan, for example how many checks are completed. We take out all personal details, such as your name and address when we do this.</p>
-      </section>
-
-      <section>
-        <h2 class="nhsuk-heading-m">6. Our legal basis</h2>
-
-        <h3 class="nhsuk-heading-s">Statutory basis for NHS England to deliver the NHS check if you need a lung scan pilot</h3>
-        <p>NHSE relies on its powers under the National Health Service Act 2006 to undertake its role which is primarily:</p>
-        <ul>
-          <li>system delivery</li>
-          <li>collection of audit data</li>
-          <li>service management</li>
-          <li>storage of static data to present to users (such as their results)</li>
-        </ul>
-
-        <p><strong>UK General Data Protection Regulation and the Data Protection Act 2018</strong></p>
-        <p>UK GDPR Article 6(1)(e) '…processing is necessary for the performance of a task carried out in the exercise of official authority vested in the controller'. Underpinned by statutory powers set out above.</p>
-
-        <p><strong>Processing of special categories of personal data:</strong></p>
-        <p>UK GDPR Article 9(2)(h) 'processing is necessary …for the provision of health or social care or treatment or the management of health or social care systems and services on the basis of domestic law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.'</p>
-        <p>Underpinned by DPA2018 Sch1:<br>
-        Health or social care purposes<br>
-        2(1) This condition is met if the processing is necessary for health or social care purposes.<br>
-        (2) In this paragraph "health or social care purposes" means the purposes of—<br>
-        ….<br>
-        (f) the management of health care systems or services or social care systems or services.</p>
-
-        <p><strong>NHS login:</strong></p>
-        <p>Directions issued pursuant to the Health and Social Care Act 2012, Section 254(1):</p>
-        <ul>
-          <li>NHS Login Directions 2021, which enabled NHS Digital (now NHS England) to provide the NHS Digital Citizen Identity Platform and related services, collectively the NHS login Services.</li>
-        </ul>
-
-        <p><strong>Setting aside the duty of confidence:</strong></p>
-        <p>Implied consent is given by participants choosing to use the NHS check if you need a lung scan. NHS England's processing of personal data is not in itself directly for direct care but for the operation and maintenance of the system to support direct care.</p>
-
-        <p><strong>Service management and user research:</strong></p>
-        <p>Any personal data collected and processed for these activities will be done pursuant to UK GDPR Article 6(1)(a) '….the data subject has given consent to the processing of his or her personal data for one or more specific purposes' and UK GDPR Article 9(2)(a) '…the data subject has given explicit consent to the processing of those personal data for one or more specified purposes'.</p>
-
-        <h3 class="nhsuk-heading-s">Statutory basis for the Department of Health and Social Care to deliver the NHS check if you need a lung scan pilot</h3>
-        <p>Article 6(1)(e) of the UKGDPR which permits processing that is necessary for the performance of a task in the public interest or in the exercise of the Controller's official authority.</p>
-        <p>The processing is in line with the Secretary of State for Health and Social Care's duties in relation to the promotion and provision of the health service (including public health functions), as outlined in Part 1 of the NHS Act 2006 (as amended by the Health and Social Care Act 2012).</p>
-        <p>The Department of Health and Social Care rely on the same conditions under Article 9 of the UKGDPR as NHS England, outlined above.</p>
-      </section>
-
-      <section>
-        <h2 class="nhsuk-heading-m">7. How long we keep your data for</h2>
-
-        <div class="nhsuk-table-container">
-          <table role="table" class="nhsuk-table">
-            <caption class="nhsuk-table__caption">How long we keep your data for</caption>
-            <thead role="rowgroup" class="nhsuk-table__head">
-              <tr role="row">
-                <th role="columnheader" class="" scope="col">Category of information</th>
-                <th role="columnheader" class="" scope="col">Description</th>
-              </tr>
-            </thead>
-            <tbody class="nhsuk-table__body">
-              <tr role="row" class="nhsuk-table__row">
-                <td class="nhsuk-table__cell">
-                  <p>Audit data</p>
-                </td>
-                <td class="nhsuk-table__cell">
-                  <p>Audit events – 8 years</p>
-                </td>
-              </tr>
-              <tr role="row" class="nhsuk-table__row">
-                <td class="nhsuk-table__cell">
-                  <p>Performance data</p>
-                </td>
-                <td class="nhsuk-table__cell">
-                  <ul>
-                    <li>Service-related logs – up to 3 months</li>
-                    <li>Backups – up to 90 days</li>
-                  </ul>
-                </td>
-              </tr>
-              <tr role="row" class="nhsuk-table__row">
-                <td class="nhsuk-table__cell">
-                  <p>NHS check if you need a lung scan demographic data</p>
-                </td>
-                <td class="nhsuk-table__cell">
-                  <p>8 years</p>
-                </td>
-              </tr>
-              <tr role="row" class="nhsuk-table__row">
-                <td class="nhsuk-table__cell">
-                  <p>NHS check if you need a lung scan health and lifestyle questionnaire data</p>
-                </td>
-                <td class="nhsuk-table__cell">
-                  <p>8 years (28 days if the questionnaire is incomplete)</p>
-                </td>
-              </tr>
-            </tbody>
-          </table>
-        </div>
-      </section>
-
-      <section>
-        <h2 class="nhsuk-heading-m">8. Where your data is stored</h2>
-        <p>We process and store your data in the United Kingdom within Microsoft Azure.</p>
-      </section>
-
-      <section>
-        <h2 class="nhsuk-heading-m">9. Your rights</h2>
-
-        <p>Data protection law gives you a number of rights. You can exercise your rights by contacting NHS England's Data Protection Officer at england.dpo@nhs.net</p>
-
-        <ul>
-          <li><strong>The right to be informed</strong> – this privacy policy explains how we use your personal data to provide the NHS check if you need a lung scan.</li>
-          <li><strong>The right of access</strong> – to get a copy of your data submitted to the NHS check if you need a lung scan, you can request this by completing a Subject Access Request (SAR). If you would like a copy of your GP record, please <a href="https://www.nhs.uk/service-search/find-a-gp" target="_blank" rel="noopener">contact your GP surgery</a>.</li>
-          <li><strong>The right of rectification</strong> – Individuals can ask for corrections to be made to their records.</li>
-          <li><strong>The right to erasure</strong> – This right does not apply to data collected under 6(1e) Public Task. Where information is provided by the recipient for service management and user research under GDPR consent, the requests for erasure can be exercised through the email address above.</li>
-          <li><strong>The right to the restriction of processing</strong> – You have the right to ask us to limit the way we use your data.</li>
-          <li><strong>The right to data portability</strong> – This right does not apply.</li>
-          <li><strong>The right to object</strong> – Individuals can object to the use of their data.</li>
-          <li><strong>The right not to be subject to automated decision making</strong> – You have the right to not be subject to automated decision-making. At any point during the health check, you can end your check and ask a health care provider for a face-to-face check.</li>
-        </ul>
-
-        <h3 class="nhsuk-heading-s">Asking a question or finding out more</h3>
-        <p>If you have a general question about using the NHS check if you need a lung scan, you can contact us by email at: england.digitallungcancerscreening@nhs.net</p>
-
-        <h3 class="nhsuk-heading-s">Your GP health record and healthcare</h3>
-        <p>You can <a href="https://www.nhs.uk/service-search/find-a-gp" target="_blank" rel="noopener">contact your GP surgery</a> for more information about your GP health record data, and data about your care.</p>
-
-        <h3 class="nhsuk-heading-s">Contact the Information Commissioner</h3>
-        <p>If we are unable to resolve any queries or concerns about the use of your personal information in connection with the NHS check if you need a lung scan, you can raise your concern with the Information Commissioner.</p>
-        <p>You can contact the Information Commissioner's Office:</p>
-        <ul>
-          <li>using the <a href="https://ico.org.uk/global/contact-us/" target="_blank" rel="noopener">ICO's online contact service</a></li>
-          <li>by calling 0303 123 1113</li>
-          <li>by writing to the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF</li>
-        </ul>
-        <p>We ask that you try to resolve any issues with us first. However, you have a right to lodge a complaint with the Information Commissioner's Office (ICO) at any time about our processing of your personal information. The ICO is the UK regulator for data protection and upholds information rights.</p>
-      </section>
-
-      <section>
-        <h2 class="nhsuk-heading-m">Changes to this policy</h2>
-        <p>The terms of our privacy policy may change from time to time. Any updates to the privacy policy will be published on the <a href="https://www.nhs.uk" target="_blank" rel="noopener">NHS website</a>.</p>
-      </section>
-
-      <p>More in <a href="https://www.nhs.uk/our-policies/" target="_blank" rel="noopener">NHS Health Check online legal and cookies</a></p>
-    </div>
+<div class="nhsuk-grid-row">
+  <div class="nhsuk-grid-column-two-thirds">
+    <h1 class="nhsuk-heading-l">NHS check if you need a lung scan privacy policy</h1>
+    <section>
+      <h2 class="nhsuk-heading-m">1. How we use your personal information </h2>
+      <p>
+        This privacy policy explains how we use your personal data when you use the NHS check if you need a lung scan
+        digital service. The NHS check if you need a lung scan pilot is provided as an alternative to the phone
+        appointment, the lung health check. Find out more about the <a
+          href="https://lungcancerscreening-westlondon.nhs.uk/" rel="noopener" target="_blank">NHS lung cancer
+          screening</a>.
+      </p>
+      <h3 class="nhsuk-heading-s">1.1 Terms we use in this policy</h3>
+      <p>You may find it helps to understand these terms when reading this policy. </p>
+
+      <ul>
+        <li>Personal data: information that relates to an identified or identifiable individual.</li>
+        <li>Special category data: sensitive personal data given special protection in data protection law including
+          personal data about your health.</li>
+        <li>Data is “processed” when any action is taken with it. For example, when it is collected or reviewed.</li>
+        <li>Controller: the person or organisation (alone or with others) who decides what personal data to process and
+          how it will be used.</li>
+        <li>Processor: an organisation which processes personal data on behalf of, and under the instruction, of the
+          controller.</li>
+        <li>Joint data controller: if two or more controllers jointly determine the purposes and means of processing the
+          same personal data.</li>
+      </ul>
+      <p>You can find out more about these terms on the <a href="https://ico.org.uk/for-the-public/" rel="noopener"
+          target="_blank">Information Commissioner's Office website</a>. </p>
+      <p>In this privacy policy, 'we' or 'us' means NHS England and Department of Health and Social Care (DHSC). 'You'
+        or 'your' means you, a member of the public who is using the NHS check if you need a lung scan. </p>
+    </section>
+    <section>
+      <h2 class="nhsuk-heading-m">2. Data controllers and processors for NHS check if you need a lung scan</h2>
+      <p>The NHS check if you need a lung scan has been designed in line with the <a
+          href="https://www.england.nhs.uk/publication/targeted-screening-for-lung-cancer/" target="_blank"
+          rel="noopener">NHS lung cancer screening programme standards</a>.</p>
+      <p>Under data protection law, NHS England and DHSC are joint controllers for the personal data put into the NHS
+        check if you need a lung scan. The DHSC have commissioned NHS England to deliver the NHS check if you need a
+        lung scan.</p>
+      <p>NHSE controller: <br />
+        NHS England's Data Protection Officer at <a href="mailto:england.dpo@nhs.net">england.dpo@nhs.net</a></p>
+      <p>DHSC controller: <br />
+        Lee Cramp, DHSC data protection officer at <a
+          href="mailto:data_protection@dhsc.gov.uk">data_protection@dhsc.gov.uk</a></p>
+
+      <p>NHSE handles operational delivery, SARs, security. They are the main point of contact.</p>
+      <p>DHSC acts as commissioning authority for NHSE.</p>
+      <p>Individuals can exercise rights via NHSE contact point.</p>
+      <p>NHS England is controller of <a href="https://www.nhs.uk/nhs-services/online-services/nhs-login/"
+          target="_blank" rel="noopener">NHS login</a>.</p>
+
+      <p>Edenred are a processor for the personal data that is entered into the NHS check if you need a lung scan. For
+        more
+        information, see the <a href="https://cdn.edenred.uk.com/static/default/edenred/EdenredPrivacyPolicy.html"
+          target="_blank" rel="noopener">Edenred privacy policy</a>.</p>
+    </section>
+    <section>
+      <h2 class="nhsuk-heading-m">3. What the NHS check if you need a lung scan involves</h2>
+      <p>The NHS check if you need a lung scan invites adults aged 55 to 74 years who have ever smoked to take part in
+        lung cancer screening.</p>
+      <p>The check - mainly done by a phone appointment called the lung health check, asks a person questions about
+        their medical history and lifestyle to work out their chances of developing lung cancer in the next 5 years.</p>
+      <p>We will compare your answers from the online questionnaire and phone appointment to assess the clinical safety
+        and effectiveness of the service.</p>
+      <ul>
+        <li>The NHS check if you need a lung scan is provided by NHS England and Department of Health and Social Care as
+          a pilot. It allows you to complete a lung health check online before you complete your phone appointment.
+        </li>
+      </ul>
+      <p>The NHS check if you need a lung scan involves: </p>
+      <ul>
+        <li>filling in an online questionnaire about your health and lifestyle </li>
+        <li>completing your phone appointment and repeating the questionnaire to find out if you would benefit from a
+          lung scan</li>
+      </ul>
+      <p>You can access NHS check if you need a lung scan using your NHS login details. You will be informed that NHS
+        login will share limited identity information required to access the service. </p>
+      <p>We will use your NHS number to compare your responses to NHS check if you need a lung scan to your responses in
+        your phone appointment. Once you have completed your phone appointment we will also use your NHS login email to
+        offer you a £10 voucher from Edenred vouchers.</p>
+      <p>Your NHS login email address will be shared with Edenred once you have completed your phone appointment.
+        Edenred will use your email to send you a £10 voucher as a thank you for testing the online service.</p>
+      <p>We will not use your NHS login information for any other purposes. You can only share your NHS login
+        information if you have proved your identity to NHS login.</p>
+      <p>For more information, see the NHS login <a href="https://access.login.nhs.uk/privacy" target="_blank"
+          rel="noopener">privacy notice</a> and <a href="https://access.login.nhs.uk/terms-and-conditions"
+          target="_blank" rel="noopener">terms and conditions</a>. </p>
+    </section>
+    <section>
+      <h2 class="nhsuk-heading-m">4. What information we collect about you</h2>
+      <div class="nhsuk-table-container">
+        <table role="table" class="nhsuk-table">
+          <caption class="nhsuk-table__caption">When you use the NHS check if you need a lung scan, we will collect the
+            following information</caption>
+
+          <thead role="rowgroup" class="nhsuk-table__head">
+            <tr role="row">
+              <th role="columnheader" class="" scope="col">Category of information</th>
+              <th role="columnheader" class="" scope="col">Description</th>
+            </tr>
+          </thead>
+          <tbody class="nhsuk-table__body">
+            <tr role="row" class="nhsuk-table__row">
+              <td class="nhsuk-table__cell">
+                <p>NHS login account information</p>
+              </td>
+              <td class="nhsuk-table__cell">
+                <p>The personal data provided by NHS login to access the NHS check if you need a lung scan, such as
+                  name, NHS number, and email.</p>
+              </td>
+            </tr>
+            <tr role="row" class="nhsuk-table__row">
+              <td class="nhsuk-table__cell">
+                <p>Audit data </p>
+              </td>
+              <td class="nhsuk-table__cell">
+                <p>Information filled in the NHS check if you need a lung scan about your use of the system such as time
+                  of use, actions you took and related technical log events. Your NHS number is also stored against
+                  these records. </p>
+                <p>The logs enable analysis for: </p>
+                <ul>
+                  <li>incident investigation </li>
+                  <li>fault analysis </li>
+                  <li>non-repudiation (proof that a user has taken action such as agreeing to terms or sending data)
+                  </li>
+                </ul>
+              </td>
+            </tr>
+            <tr role="row" class="nhsuk-table__row">
+              <td class="nhsuk-table__cell">
+                <p>Performance data </p>
+              </td>
+              <td class="nhsuk-table__cell">
+                <p>How long the system takes to complete tasks, number of errors, success or failure at task completion.
+                </p>
+              </td>
+            </tr>
+            <tr role="row" class="nhsuk-table__row">
+              <td class="nhsuk-table__cell">
+                <p>NHS check if you need a lung scan demographic data </p>
+              </td>
+              <td class="nhsuk-table__cell">
+                <p>The personal information you provide to use the NHS check if you need a lung scan such as your: </p>
+                <ul>
+                  <li>first name and last name </li>
+                  <li>NHS number</li>
+                  <li>email address</li>
+                </ul>
+              </td>
+            </tr>
+            <tr role="row" class="nhsuk-table__row">
+              <td class="nhsuk-table__cell">
+                <p>NHS check if you need a lung scan health and lifestyle questionnaire data</p>
+              </td>
+              <td class="nhsuk-table__cell">
+                <p>
+                  The personal data you provide to calculate the results of the check such as: </p>
+                <ul>
+                  <li>medical history of you, your parents and siblings </li>
+                  <li>if you smoke </li>
+                  <li>your height and weight </li>
+                  <li>your education </li>
+                  <li>if you have been exposed to damaged asbestos </li>
+                </ul>
+              </td>
+            </tr>
+            <tr role="row" class="nhsuk-table__row">
+              <td class="nhsuk-table__cell">
+                <p>Application metadata </p>
+              </td>
+              <td class="nhsuk-table__cell">
+                <p>The personal data created from the NHS check if you need a lung scan based on the demographic
+                  information you provide. Metadata includes date and time of submission, NHS number. </p>
+              </td>
+            </tr>
+          </tbody>
+        </table>
+      </div>
+    </section>
+    <section>
+      <h2 class="nhsuk-heading-m">5. How we use your data </h2>
+      <h3 class="nhsuk-heading-s">5.1 To compare your responses to NHS check if you need a lung scan to your lung health
+        check phone appointment</h3>
+      <p>NHSE uses the information you have provided in NHS check if you need a lung scan to compare your responses to
+        similar questions in your lung health check phone appointment. This comparison will help us assess the clinical
+        safety of the NHS check if you need a lung scan pilot. We remove all personal details, such as your name and
+        email address when we do this. </p>
+      <h3 class="nhsuk-heading-s">5.2 Service improvement, audit and troubleshooting </h3>
+      <p>We use technical and audit data to: </p>
+      <ul>
+        <li>monitor system performance </li>
+        <li>investigate incidents </li>
+        <li>improve the service </li>
+      </ul>
+      <p>We may also collect optional user feedback through surveys. This feedback is: </p>
+      <ul>
+        <li>stored securely </li>
+        <li>not directly linked to your health questionnaire data </li>
+        <li>used only to improve the service </li>
+      </ul>
+    </section>
+    <section>
+      <h2 class="nhsuk-heading-m">6. Our legal basis</h2>
+      <h3 class="nhsuk-heading-s">Statutory basis for NHS England to deliver the NHS check if you need a lung scan pilot
+      </h3>
+
+      <p>NHSE relies on its powers under the National Health Service Act 2006 to undertake its role which is primarily:
+      </p>
+      <ul>
+        <li>system delivery </li>
+        <li>collection of audit data </li>
+        <li>service management </li>
+        <li>storage of static data to present to users (such as their results) </li>
+      </ul>
+      <h3 class="nhsuk-heading-s">UK General Data Protection Regulation and the Data Protection Act 2018 </h3>
+      <p>UK GDPR Article 6(1)(e) ‘…processing is necessary for the performance of a task carried out in the exercise of
+        official authority vested in the controller'. </p>
+      <p>Underpinned by statutory powers set out above. </p>
+      <p>Processing of special categories of personal data: </p>
+      <p>UK GDPR Article 9(2)(h) </p>
+      <p>‘processing is necessary …for the provision of health or social care or treatment or the management of health
+        or social care systems and services on the basis of domestic law or pursuant to contract with a health
+        professional and subject to the conditions and safeguards referred to in paragraph 3.’ </p>
+      <p>Underpinned by DPA2018 Sch1: </p>
+      <p>Health or social care purposes </p>
+      <p>2(1) This condition is met if the processing is necessary for health or social care purposes. </p>
+      <p>(2) In this paragraph “health or social care purposes” means the purposes of— </p>
+      <p>…. </p>
+
+      <p>(f) the management of health care systems or services or social care systems or services. </p>
+
+      <h3 class="nhsuk-heading-s">NHS login:</h3>
+      <p>Directions issued pursuant to the Health and Social Care Act 2012, Section 254(1): </p>
+      <ul>
+        <li>NHS Login Directions 2021, which enabled NHS Digital (now NHS England) to provide the NHS Digital Citizen
+          Identity Platform and related services, collectively the NHS login Services. </li>
+      </ul>
+
+      <h3 class="nhsuk-heading-s">Setting aside the duty of confidence: </h3>
+      <p>Implied consent is given by participants choosing to use the NHS check if you need a lung scan. NHS England's
+        processing of personal data is not in itself directly for direct care but for the operation and maintenance of
+        the system to support direct care. </p>
+
+      <h3 class="nhsuk-heading-s">Service management and user research: </h3>
+      <p>Any personal data collected and processed for these activities will be done pursuant to UK GDPR Article 6(1)(a)
+        '….the data subject has given consent to the processing of his or her personal data for one or more specific
+        purposes' and UK GDPR Article 9(2)(a) '…the data subject has given explicit consent to the processing of those
+        personal data for one or more specified purposes'. </p>
+
+      <h3 class="nhsuk-heading-s">Statutory basis for the Department of Health and Social Care to deliver the NHS check
+        if you need a lung scan pilot</h3>
+      <p>Article 6(1)(e) of the UKGDPR which permits processing that is necessary for the performance of a task in the
+        public interest or in the exercise of the Controller’s official authority. </p>
+      <p>The processing is in line with the Secretary of State for Health and Social Care’s duties in relation to the
+        promotion and provision of the health service (including public health functions), as outlined in Part 1 of the
+        NHS Act 2006 (as amended by the Health and Social Care Act 2012). </p>
+      <p>The Department of Health and Social Care rely on the same conditions under Article 9 of the UKGDPR as NHS
+        England, outlined above. </p>
+    </section>
+    <section>
+      <h2 class="nhsuk-heading-m">7. How long we keep your data for</h2>
+      <div class="nhsuk-table-container">
+        <table role="table" class="nhsuk-table">
+          <caption class="nhsuk-table__caption">How long we keep your data for</caption>
+          <thead role="rowgroup" class="nhsuk-table__head">
+            <tr role="row">
+              <th role="columnheader" class="" scope="col">Category of information</th>
+              <th role="columnheader" class="" scope="col">Description</th>
+            </tr>
+          </thead>
+          <tbody class="nhsuk-table__body">
+            <tr role="row" class="nhsuk-table__row">
+              <td class="nhsuk-table__cell">
+                <p>Audit data </p>
+              </td>
+              <td class="nhsuk-table__cell">
+                <p>Audit events - 8 years </p>
+              </td>
+            </tr>
+            <tr role="row" class="nhsuk-table__row">
+              <td class="nhsuk-table__cell">
+                <p>Performance data </p>
+              </td>
+              <td class="nhsuk-table__cell">
+                <ul>
+                  <li>Service-related logs - up to 3 months </li>
+                  <li>Backups - up to 90 days</li>
+                </ul>
+              </td>
+            </tr>
+            <tr role="row" class="nhsuk-table__row">
+              <td class="nhsuk-table__cell">
+                <p>NHS check if you need a lung scan demographic data </p>
+              </td>
+              <td class="nhsuk-table__cell">
+                <p>8 years</p>
+              </td>
+            </tr>
+            <tr role="row" class="nhsuk-table__row">
+              <td class="nhsuk-table__cell">
+                <p>NHS check if you need a lung scan health and lifestyle questionnaire data </p>
+              </td>
+              <td class="nhsuk-table__cell">
+                <p>8 years (28 days if the questionnaire is incomplete)</p>
+              </td>
+            </tr>
+          </tbody>
+        </table>
+      </div>
+    </section>
+    <section>
+      <h2 class="nhsuk-heading-m">8. Where your data is stored</h2>
+      <p>We process and store your data in the United Kingdom within Microsoft Azure.</p>
+    </section>
+    <section>
+      <h2 class="nhsuk-heading-m">9. Your rights</h2>
+      <p><strong>The right to be informed</strong> - this privacy policy explains how we use your personal data to
+        provide the NHS
+        check if you need a lung scan. </p>
+
+      <p><strong>The right of access</strong> - to get a copy of your data submitted to the NHS check if you need a lung
+        scan, you
+        can request this by completing a <a
+          href="https://digital.nhs.uk/about-nhs-digital/corporate-information-and-documents/publication-scheme/how-to-make-a-subject-access-request/"
+          target="_blank" rel="noopener">Subject Access Request (SAR)</a>. If you would like a copy of your GP record,
+        please contact your GP surgery. </p>
+      <p><strong>The right of rectification</strong> - Individuals can ask for corrections to be made to their records.
+      </p>
+      <p><strong>The right to erasure</strong> - This right does not apply to data collected under 6(1e) Public Task.
+        Where
+        information is provided by the recipient for service management and user research under GDPR consent, the
+        requests for erasure can be exercised through the email address above. </p>
+      <p><strong>The right to the restriction of processing</strong> - You have the right to ask us to limit the way we
+        use your
+        data. </p>
+      <p><strong>The right to data portability</strong> - This right does not apply. </p>
+      <p><strong>The right to object</strong> - We will consider any objection, but may continue processing where we
+        have
+        compelling legitimate grounds or a statutory obligation. </p>
+      <p><strong>The right not to be subject to automated decision making</strong> - The NHS check if you need a lung
+        scan does
+        not make automated decisions that have legal or similarly significant effects. </p>
+
+      <h3 class="nhsuk-heading-s">Asking a question or finding out more </h3>
+      <p>If you have a general question about using the NHS check if you need a lung scan, you can contact us by email
+        at: <a href="mailto:england.digitallungcancerscreening@nhs.net">england.digitallungcancerscreening@nhs.net</a>
+      </p>
+      <h3 class="nhsuk-heading-s">Your GP health record and healthcare</h3>
+      <p>You can <a href="https://www.nhs.uk/service-search/find-a-gp" target="_blank" rel="noopener">contact your GP
+          surgery</a> for more information about your GP health record data, and data about your care. </p>
+      <h3 class="nhsuk-heading-s">Contact the Information Commissioner </h3>
+      <p>If we are unable to resolve any queries or concerns about the use of your personal information in connection
+        with the NHS check if you need a lung scan, you can raise your concern with the Information Commissioner.</p>
+      <p>You can contact the Information Commissioner’s Office:</p>
+      <ul>
+        <li>using the <a href="https://ico.org.uk/global/contact-us/" target="_blank" rel="noopener">ICO's online
+            contact service</a></li>
+        <li>by calling 0303 123 1113</li>
+        <li>by writing to the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
+        </li>
+      </ul>
+      <p>We ask that you try to resolve any issues with us first. However, you have a right to lodge a complaint with
+        the Information Commissioner's Office (ICO) at any time about our processing of your personal information. The
+        ICO is the UK regulator for data protection and upholds information rights.</p>
+      <h3 class="nhsuk-heading-s">Changes to this policy</h3>
+      <p>The terms of our privacy policy may change from time to time. Any updates to the privacy policy will be
+        published on the <a href="https://www.nhs.uk/" target="_blank" rel="noopener">NHS website</a>.</p>
+    </section>
+    <section>
+      <h2 class="nhsuk-heading-m">More in NHS check if you need a lung scan <a href="/terms-of-use" target="_blank"
+          rel="noopener">terms of use</a>, <a href="{{ url('questions:privacy_policy') }}" target="_blank"
+          rel="noopener">privacy policy</a>, and <a href="{{ url('questions:cookies') }}" target="_blank"
+          rel="noopener">cookies policy</a>.</h2>
+    </section>
   </div>
+</div>
 {% endblock %}