This page was last updated on 19 May 2026.
This privacy notice relates to the Medical Certificate of Cause of Death (MCCD) service, which provides the paper‑based certificates required to register all non‑coronial deaths in England and Wales. The service ensures that authorised organisations receive secure and reliable supplies of MCCDs.
The NHS Business Services Authority (NHSBSA) delivers this service on behalf of the Department of Health and Social Care (DHSC). NHSBSA is responsible for the printing, storage, stock management, and distribution of MCCD forms, with these activities carried out through a third‑party supplier, Xerox.
Why we process your information
As per The Medical Certificate of Cause of Death Regulations 2024 we must process your information to ensure that appropriate medical professionals have access to MCCDs.
When you register to place orders for MCCDs we will collect your:
- name
- email address
- organisation details
We will use this information to confirm your eligibility to order MCCDs. This information will be shared with third-party supplier Xerox who will use this to set up a user account on their online portal to enable you to place orders for MCCDs.
We may contact you about taking part in surveys and research to learn what you need from our services.
Sharing your personal information
Your information may be shared with anyone who has a legal right to it, in line with UK data protection laws.
We may share your information with other organisations:
- Xerox – to provide you with MCCDs.
- DHSC – for quality purposes, analysis and to make improvements to the service.
Your information will not be transferred outside the UK or European Economic Area, unless this is stated in the privacy notice of the service you use.
Keeping your personal information
Your personal data will be retained for 7 years and then deleted or anonymised when we no longer need to be able to identify you from that information.
Your rights
The information you provide will be managed as required by Data Protection law.
You have the right to:
- receive a copy of the information we hold about you
- request your information be changed if you believe it was not correct at the time you provided it
- request that your information be deleted if you believe we are keeping it for longer than necessary
- object to us using your personal data in certain limited circumstances
- lodge a complaint with the Information Commissioner's Office (ICO) if you think we are not handling your data fairly or in accordance with the law
Request a copy of your personal information
The easiest way to make a request is by using our subject rights request portal:
Alternatively, you can contact us using the details shown in the Contact us section on this page.
We follow the Subject Rights Request Procedure (Word: 252KB) when we receive your request and will respond within one month. If you are not happy with our response, you can request a review (PDF: 128KB).
Find out about your rights and how we will use your information.
Contact us
If you have any queries, want to exercise your information rights or have a copy of this information in another format or language, contact us:
Data Protection Officer
Information Governance
NHS Business Services Authority
Stella House
Newcastle upon Tyne
NE15 8NY
Email: [email protected]
Data Protection Officers are responsible for upholding your rights and making sure we process your information correctly.
Concerns about how we are using your information
If you have any concerns about the processing of your information, contact the Data Protection Regulator:
Information Commissioner’s Office
Wycliffe House
Wilmslow
SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/