NI Vaccinations Menu Toggle Search
  • Home
  • Arrow Right
  • COVIDCert NI – Easy Read Privacy Information

COVIDCert NI – Easy Read Privacy Information


14. How do I complain if I am not happy?

If you have a specific issue, or complaint, regarding the CCS and the COVIDCERT NI App, please contact-

If you are unhappy with how your personal data is being processed by the CCS, please contact-

If you have a specific issue, or query regarding your vaccine data from the Vaccine Management System, or a complaint in relation to the processing of this data, please contact –

If you have a specific issue, or query regarding your test data from the Central Test Registry, or a complaint in relation to the processing of this data, please contact –

If you are still not happy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Should you have any concerns about how your data has been handled or remain dissatisfied with any response regarding the processing of your personal data, you can raise these concerns with the ICO, as follows:

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK0 5AF

Tel:  0303 123 1113


15. Changes to this Privacy Notice

This Easy Read Privacy Notice will be kept under regular review and any updated versions will be placed on our website.

16. Useful links

Users can also refer to the following links for further information:


Vaccine Management System Privacy Notice-

NIDA Privacy Notice-       

PHA Testing Programme Privacy Notice – Test Data PN

Annex A

All data processors are appointed under Data Processors Agreements in compliance with Article 28 of the UK GDPR, either via UK GDPR compliant contracts, or MoUs.

Under the terms of these arrangements DoH is the data controller responsible for assessing that all processors listed below, except DoF/ESS/PHA, who are competent to process personal data in line with UK GDPR requirements. DoH is responsible for assessing that DoF/ESS/PHA are competent to process data in line with UK GDPR requirements under these arrangements. This assessment will consider the nature of the processing and the risks to the data subjects.

Under Article 28(1) DoH will ensure that only processors that can provide “sufficient guarantees” (in terms of its expert knowledge, resources, and reliability) to implement appropriate technical and organisational measures to ensure the processing complies with the UK GDPR and protects the rights of individuals. DoH will ensure the same regarding DoF/ESS.

Contracts or Memorandum of Understanding (MoUs) will be in place to govern relationships with the data processors, which set out the obligations of each party and the data controllers’ obligations and rights regarding the data that is being processed. All contracts adhere to established BSO Procurement and Logistics Services (PaLs) processes and legal input provided by BSO Department of Legal Services (DLS).

All data processing takes place within the UK area and as such is subject to legislation in the form of the UK – General Data Protection Regulation (GDPR) and Data Protection Act 2018.

The following provides a list of data processors involved in delivery of the system. 

  • The HSC Public Health Agency is the official government body for the delivery and management of regional immunisation and vaccines programmes in Northern Ireland. PHA governs the day to day management, configuration and support for the VMS.
  • Digital Health Care Northern Ireland is a department within the NI Department of Health that directs and co-ordinates the provision of digital healthcare technologies across the region. DHCNI co-ordinates the development and design of vaccine related systems such as the VMS and NIHAP
  • Civica is a system integrator organisation who were chosen to develop the end-to-end CCS platform and are regarded as a processor contracted by the DoH.  Civica will provide support on an ongoing basis to the CCS configuration for the duration of its operation, as part of their contract.
  • Kainos will provide the citizen vaccination data that is part of VMS, to be used by Civica in CCS to match against the user entered information and process the COVID certificate request where applicable. Kainos are contracted by DOH.
  • Department of Finance, NIdirect/ NIDA – NIdirect is the official government website for Northern Ireland citizens which is run by DoF ESS. NICS Identity Assurance service (NIDA) is a service provided by DoF ESS via NI Direct for the purposes of identity verification.NIdirect aims to make it easier to access government information and services. It does this by working closely with Northern Ireland departments and other public bodies to collate key information based on users’ needs. NI Direct will also capture your data in the COVIDCert call centre for citizens to apply for recovery based COVIDCerts. DoH have a MoU in place with DoF/ ESS, which covers provision of these services. 
  • Surecert are an identity service that have been engaged to provide secure identity verification. Surecert supports the NIDA service delivered by the DoF. This service integrates with the NIDA service to provide real-time ID and Biometric identity checking service. Surecert are contracted by DoH.
  • HH Global – HH Global are a UK government approved (framework CCS RM6170) secure printing organisation who produce NI’s secure printed certificates.  Certificate data is sent to HH Global over an encrypted transfer protocol. These certificates incorporate several secure elements around the QR code, bar code and print layouts. These are done in accordance with the Four Nation COVID Certificate letter spec (release 2).  DoH has a contract in place with HH Global for the provision of this service.
  • Ernst & Young (EY) – will provide a team to conduct manual matching where the CCS cannot do this automatically and to maintain the certificate generation volumes. The data you provide in applying for your Covid Certificate may be used by EY to ensure the quality of your data in the Vaccine Management System, to ensure your vaccine data on the VMS is accurate and up to date. In carrying out data quality checks EY will process your data utilising the NIHAP. The NIHAP is a data analytics platform hosted on the public health information platform and coordinated between DHCNI and the PHA. Data stored within CCS may also be analysed by EY to identify covid certification fraud.
  • Business Services Organisation (BSO) – is a statutory organisation providing services as a data processor for DoH. BSO are responsible for monitoring and managing all Microsoft contracts as commissioned and monitored by DoH.  They are responsible for all Civica environments user access and provision of new user hardware (PC and phones).  BSO ITS are responsible for the supply and maintenance of user hardware.  DoH have overarching SLAs with the BSO for services including ITS. Their services are managed via appropriate agreements with PHA.
  • Belfast Health and Social Care Trust (BHSCT). BHSCT is a statutory organisation providing VMS services as a processor for the PHA. BHSCT host the CCS application on their infrastructure.  Their services are managed via appropriate agreements with the PHA.
Updated: April 28, 2023 Posted: April 13, 2022