Privacy Notice: FORM-2C
This is being provided to comply with the GDPR 2018
Who is responsible for your data?
Personal data we collect about you:
Staff within the NHS will collect information from you and/or your medical records for the research study, you have agreed to take part in, in accordance with our instructions. The FORM-2C study team will use your name, address, NHS number and contact details to contact you about the research study, and make sure that relevant information about the study is recorded for your care, and to oversee the quality of the study. Individuals from the Sponsoring Organisation (The University of Oxford) and regulatory organisations may look at your medical and research records to check the accuracy of the research data. The only people in the study team who will have access to information that identifies you will be people involved in the process of contacting you to carry out the study follow-up, sending you a copy of the results or auditing the data collection process..
How we use your personal data:
As a clinical trials unit within the university we use personally-identifiable information to conduct research to improve health, care and services. As a publicly-funded organisation, we have to ensure that it is in the public interest when we use personally-identifiable information from people who have agreed to take part in research. This means that when you agree to take part in a research study, we will use your data in the ways needed to conduct and analyse the research study. Health and care research should serve the public interest, which means that we have to demonstrate that our research serves the interests of society as a whole. To ensure we carry out the research to the highest standards we comply with the Clinical Trials Directive 2001/20/EC and the UK Policy Framework for Health and Social Care Research.
How long we keep your data:
The University of Oxford will keep identifiable information about you for a maximum of 5 years after the study has finished in order to be able to contact you to inform you of the study results.
How we protect your data:
We protect your personal data against unauthorised access, unlawful use, accidental loss, corruption or destruction. We use technical measures such as encryption and password protection to protect your data and the systems they are held in. We also use operational measures to protect the data, for example by limiting the number of people who have access to the databases in which your data is held.
We keep these security measures under review and refer to University Security Policies to keep up to date with current best practice. The university’s data protection policy is at: https://www.admin.ox.ac.uk/councilsec/compliance/gdpr/universitypolicondataprotection/
Our legal basis for processing your information:
In order to process your personal data, The University of Oxford as data controller must have a legal basis for doing so. Your data is processed in accordance with Article 6(1)e and Article 9(2)j of the General Data Protection Regulation:
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject
Sharing your data:
With your consent, your personal data (for instance name, gender, date of birth, and NHS number) which are collected and managed by the study team will be provided to NHS Digital in a secure manner (including encryption during data transfer).
NHS Digital will use this information to identify the relevant records in their databases and provide information to the research team. The information NHS Digital will provide will include details of any hospital admissions including diagnosis data; details of any cancers diagnosed (should they occur), and details of any deaths (should they occur). NHS Digital will also provide data about whether you have moved away or changed GPs.
Your data will not be shared with anyone else. It will be used only to allow us to carry out the follow-up of this trial and to send you a summary of the results. At the end of the trial anonymised data (from which you cannot be identified) may be shared with other research groups who are doing similar research. This information will not identify you and will not be combined with other information in a way that could identify you. The information will only be used for the purpose of health and care research, and cannot be used to contact you or to affect your care. It will not be used to make decisions about future services available to you, such as insurance.
Your rights to access, change or move your information are limited, as we need to manage your information in specific ways in order for the research to be reliable and accurate. If you withdraw from the study, we will keep the information about you that we have already obtained. To safeguard your rights, we will use the minimum personally-identifiable information possible.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer, email@example.com, who will investigate the matter. If you are not satisfied with our response or believe we are processing your personal data in a way that is not lawful you can complain to the Information Commissioner’s Office (ICO) https://ico.org.uk/concerns/handling
If you would like to contact us directly for more information about how we process and protect data collected for research, please email firstname.lastname@example.org