COVID-19 NI Menu Toggle Search
  • Home
  • Arrow Right
  • COVIDCert NI – Easy Read Privacy Information

COVIDCert NI – Easy Read Privacy Information


13. How do I complain if I am not happy?

COVID Certification Service and COVIDCert NI app

If you have a specific issue, or complaint, regarding the COVID Certification Service or the COVIDCert NI app, please contact

Personal data

If you are unhappy with how your personal data is being processed by the COVID Certification Service please contact

Vaccine data

If you have a specific issue, or query regarding your vaccine data from the Vaccine Management System, or a complaint in relation to the processing of this data, please contact or

Test data

If you have a specific issue, or query regarding your test data from the Central Test Registry, or a complaint in relation to the processing of this data, please contact

Further compaints

If you are still not happy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Should you have any concerns about how your data has been handled or remain dissatisfied with any response regarding the processing of your personal data, you can raise these concerns with the ICO, as follows:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK0 5AF
Tel:  0303 123 1113

14. Changes to this Privacy Notice

This Easy Read Privacy Notice will be kept under regular review and any updated versions will be placed on our website.

15. Useful links

Users can also refer to the following links for further information:

Vaccine Management System Privacy Notice-
NIDA Privacy Notice-
PHA Testing Programme Privacy Notice – Test Data PN

Annex A

All data processors are appointed under Data Processors Agreements in compliance with Article 28 of the UK GDPR, either via UK GDPR compliant contracts, or MoUs.

Under the terms of these arrangements DoH and PHA are the data controller responsible for assessing that all processors listed below, except DoF/ESS, are competent to process personal data in line with UK GDPR requirements. DoH is responsible for assessing that DoF/ESS are competent to process data in line with UK GDPR requirements under these arrangements. This assessment will consider the nature of the processing and the risks to the data subjects.

Under Article 28(1) DoH and PHA will ensure that only processors that can provide “sufficient guarantees” (in terms of its expert knowledge, resources, and reliability) to implement appropriate technical and organisational measures to ensure the processing complies with the UK GDPR and protects the rights of individuals. DoH will ensure the same regarding DoF/ESS.

Contracts or Memorandum of Understanding (MoUs) will be in place to govern relationships with the data processors, which set out the obligations of each party and the data controllers’ obligations and rights regarding the data that is being processed. All contracts adhere to established BSO Procurement and Logistics Services (PaLs) processes and legal input provided by BSO Department of Legal Services (DLS).

All data processing takes place within the UK area and as such is subject to legislation in the form of the UK – General Data Protection Regulation (GDPR) and Data Protection Act 2018.

The following provides a list of data processors involved in delivery of the system. 

  • Civica is a system integrator organisation who were chosen to develop the end-to-end CCS platform and are regarded as a processor contracted by the DoH/PHA. Civica will provide support on an ongoing basis to the CCS configuration for the duration of its operation, as part of their contract.
  • Kainos will provide the citizen vaccination data that is part of VMS, to be used by Civica in CCS to match against the user entered information and process the COVID certificate request where applicable. Kainos are contracted by DoH/PHA.
  • Big Motive is a software development company who were chosen to develop the CCS user interface and are responsible for the configuration of the CCS webforms and are regarded as a processor contracted by DoH/PHA. BigMotive will provide support for user experience (UX) design on an ongoing basis for the duration of the CCS operation, as part of their contract.
  • Department of Finance, NIdirect/ NIDA – NIdirect is the official government website for Northern Ireland citizens which is run by DoF ESS. NICS Identity Assurance service (NIDA) is a service provided by DoF ESS via NI Direct for the purposes of identity verification. NIdirect aims to make it easier to access government information and services. It does this by working closely with Northern Ireland departments and other public bodies to collate key information based on users’ needs. DoH have a MoU in place with DoF/ ESS, which covers provision of these services.
  • Surecert are an identity service that have been engaged to provide secure identity verification. Surecert supports the NIDA service delivered by the DoF. This service integrates with the NIDA service to provide real-time ID and Biometric identity checking service. Surecert are contracted by DoH/PHA.
  • HH Global – HH Global are a UK government approved (framework CCS RM6170) secure printing organisation who produce NI’s secure printed certificates. Certificate data is sent to HH Global over an encrypted transfer protocol. These certificates incorporate several secure elements around the QR code, bar code and print layouts. These are done in accordance with the Four Nation COVID Certificate letter spec (release 2). DoH/PHA have a contract in place with HH Global for the provision of this service.
  • Ernst & Young – will provide a team to conduct manual matching where the CCS cannot do this automatically and to maintain the certificate generation volumes. EY will also capture your data in the COVIDCert call centre for citizens to apply for exemption and recovery based COVIDCerts. The data you provide in applying for your Covid Certificate may be used by EY to ensure the quality of your data in the Vaccine Management System, to ensure your vaccine data on the VMS is accurate and up to date. In carrying out data quality checks EY will process your data utilising the Azure Synapse Analytics platform. The Azure Synapse Analytics platform is a data storage platform hosted on the public health information platform and controlled by the Public Health Agency (PHA). Data stored within CCS may also be analysed by EY to identify covid certification fraud.
  • Business Services Organisation (BSO) – is a statutory organisation providing services as a data processor for PHA. BSO are responsible for monitoring and managing all Microsoft contracts as commissioned and monitored by PHA. They are responsible for all Civica environments user access and provision of new user hardware (PC and phones). BSO ITS are responsible for the supply and maintenance of user hardware. PHA have overarching SLAs with the BSO for services including ITS. Their services are managed via appropriate agreements with PHA
  • Belfast Health and Social Care Trust (BHSCT). BHSCT is a statutory organisation providing VMS services as a processor for DoH and PHA. BHSCT host the CCS application on their infrastructure. Their services are managed via appropriate agreements with DoH and PHA.
Updated: December 20, 2022 Posted: April 13, 2022