Team photo

Privacy Notices

Apps and Portals

MAVIS e-Consent System for School-Age Immunisations Privacy Notice

BCHC uses the MAVIS (Manage Vaccinations in Schools) system to securely collect and manage electronic consent for school-age immunisations.

MAVIS e-Consent System for School-Age Immunisations Privacy Notice

Purpose of processing

Birmingham Community Healthcare NHS Foundation Trust uses the MAVIS (Manage Vaccinations in Schools) system to securely collect and manage electronic consent from parents or guardians of children eligible for school-age immunisations. This enables the safe, efficient, and timely delivery of vaccinations within school settings.

 


  
What information is collected

  • Personal data: Child's name, date of birth, address, postcode, NHS number, and parent/guardian contact details.
  • Special category data: health information and, racial/ethnic origin.

 

Data is collected via a secure NHS-hosted digital consent form completed by parents or carers.

 

 

How the information is used

  • To manage and record consent for school-age vaccinations.
  • To support service delivery, reporting, and fulfil statutory public health responsibilities.
  • To improve communication with parents and ensure accurate, timely data handling.

 

 

Lawful basis for processing

Processing is carried out under the following legal bases:

  • UK GDPR Article 6(1)(e): processing is necessary for the performance of a task carried out in the public interest.
  • UK GDPR Article 9(2)(h): processing is necessary for the provision of health or social care.
  • UK GDPR Article 9(2)(i): processing is necessary for reasons of public interest in the area of public health.
  • Section 2A of the NHS Act 2006: statutory duty to provide immunisation services.
  • Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002: permits the use of confidential patient information for public health purposes.

 

 

Data sharing

Data may be shared securely with authorised Trust staff and partner organisations involved in the delivery of immunisation services.

 


 
Data storage and retention

  • Data is stored in a secure UK-based cloud environment (Software as a Service).
  • Retained for 8 years after the last vaccination entry or until the child's 25th birthday, whichever is later, in line with NHS records management policies.
  • Reviewed and securely deleted when no longer required.

 


 
Your rights

Parents and guardians have the following rights under UK GDPR:

  • Right to be informed: via this notice and at the point of consent.
  • Right of access: through a Subject Access Request to the Trust.
  • Right to rectification: by contacting the Trust's Data Protection Officer.
  • Right to restrict processing: in specific circumstances.
  • Right to object: where applicable.
  • No automated decision-making or profiling is used.

 


 
Security measures

We implement robust security controls to protect your data, including:

  • Role-based access controls.
  • Encryption of data in transit and at rest.
  • Regular vulnerability scanning and penetration testing.
  • Incident management and disaster recovery protocols.
  • Monitoring of user activity and system performance.

 

 


Contact information

For queries or to exercise your rights, please contact the Information Governance Team:

Our patients and their carers and families are the reason we're here, so we want to hear your views about the Trust and our services.