Please read the policy carefully to understand how we will process your personal data and for what purposes.
Please note that any links to external websites have their own privacy policies, and that we do not accept any responsibility or liability for these policies.
Who we are
This website is hosted and managed by RedAnt on behalf of Medicine and Healthcare products Regulatory Agency (MHRA), who is an Executive Agency of the Department of Health and responsible to the Secretary of State for Health.
The Data Controller is the Department of Health of Room 7N, Wellington House, 133-155 Waterloo Road, London SE1 8UG, whose Data Controller Registration Number is Z5571792.
The Data Processor is Red Ant, Floor 11, 240 Blackfriars Rd London SE1 8NW, who processes the personal data on behalf of the Department of Health as the Data Controller.
The Department of Health, as the Data Controller, also has a personal information charter, which explains the way in which it treats your personal information, in addition to the specific practices set out in this policy, which can be accessed here: https://www.gov.uk/government/organisations/department-of-health/about/personal-information-charter
What personal data we will process
We collect information or data about you when you use the Yellow Card website.
- Questions, queries or feedback you leave, including your email address
- Reports that you leave relating to suspected problems or incidents involving – side effects, medical device adverse incidents, defective medicines, counterfeit or fake medicines and medical devices.
- Your IP address, and details of which version of web browser you used.
- Information on how you use the site, including cookies and page tagging techniques to help us improve the website.
Information Collected during registration, and navigation of the MHRA Yellow Card website
We may collect personal identification information from users in a variety of ways, including, but not limited to, when Users visit our Site, register on the Site, fill out a form, respond to a survey, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address and phone number, and relevant personal health data when they register.
Users may visit the Yellow Card site anonymously but they may not be able to use our full range of services, which are aimed at registered Users. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personal information, although it may prevent them from engaging in certain Site related activities.
How we will process your information
Information collected when you are reporting an adverse reaction:
For Yellow Card reports completed by patients or members of the public:
Completed Yellow Cards include personal contact information. We ask for these details so that we can get in touch if more information on the Yellow Card report is needed. The information you provide will be kept safe, secure and confidential. Personal data will not be passed to any person outside the MHRA without your express permission or unless required by law. You can also ask someone else to send a report in about a suspected side effect if you do not wish to give us your name.
For Yellow Card reports completed by a health professional:
Yellow Card reports that health professionals use to report suspected adverse reactions do not include personal information about patients which could be used to identify an individual (such as name or address).
Yellow Card Scheme Website may collect and use your personal information for the following purposes:
- The Yellow Card website uses personal data to understand incidents relating to adverse reactions for it primary purpose of patient safety.
- To share information about adverse reactions with healthcare professionals or Trading Standards where necessary.
- To administer our site and for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To improve our site to ensure that the content is presented in the most effective manner for you and your computer.
- We may use feedback you provide to improve our products and services.
- We may use the email address to respond to enquiries, questions, and/or other requests.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
All information you provide to us is stored on our secure servers. In accordance with the DPA, it may also be stored out of Europe, where our staff or partners could view it.
Keeping your Data Secure
Transmitting information over the internet is not completely secure, and we cannot guarantee the security of your data. Data you transmit is at your own risk. Where we have given you (or you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. We have security controls in place to maintain the security of your data once we receive it.
We do not share your information with any other organisation for marketing, market research or commercial purposes, and we do not pass on your details to other websites.
Disclosing your information
Administrative Complaints Officer
Corporate Governance and Accountability
Medicines and Healthcare products Regulatory Agency
5-T, 151 Buckingham Palace Road
Under the Data Protection Act you have a right to receive a copy of the information that is held about you; any request or queries in relation to this should be directed to
For independent advice on data protection and privacy you can contact: The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.