Introduction
UCLPartners (“we” “us”, or “our”) is the ‘Hub operator’ of DATA-CAN: The Health Data Research Hub for Cancer, a consortium of six organisations including UCLPartners, The Leeds Teaching Hospitals NHS Trust, Queen’s University Belfast, Genomics England, University of Leeds and IQVIA, and respects your privacy and is committed to protecting your personal data.
Please read this Privacy Notice carefully – it describes why and how we collect and use personal data and provides information about your rights. It applies to personal data provided to us, both by individuals themselves or by third parties
About Us
DATA-CAN aims to make high-quality health data more accessible for cancer researchers, clinicians and other health professionals. By working with data custodians to connect data from across the UK and make it easier to find, access and use, DATA-CAN will facilitate research into new treatments and improvements in care for people affected by cancer. Working with patients, the public and health professionals, DATA-CAN will ensure that data is used transparently and responsibly, and that the benefits are returned to the NHS and the wider UK community.
UCLPartners, a company incorporated in England and Wales (06878225), is the entity that determines how and why your personal data is processed. This means that UCLPartners is the ‘joint controller’ of your personal data with the other members of the consortium for the purposes of data protection law.
How we use your personal data
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- To help you with your enquiry. In order to process your enquiry, we may collect, use, store and transfer the following fields of personal data:
- Name (and title)
- Job title
- Email address
- To enrol you onto our DATA-CAN mailing list (we use Mailchimp for this purpose)
- To register you as a client and/or interested party and to manage our relationship with you (we use Zoho – a Customer Relationship Management system for this purpose).
In each case where we share your information with one of our external service providers (as detailed above), the service provider is required to keep it safe and secure. They are also not permitted to use your information for their own purposes.
Our lawful basis for processing
Data Protection Legislation requires that we meet certain conditions before we are allowed to use your data in the manner described in this notice, including having a “lawful basis” for the processing. The basis for processing will be as follows:
- Legitimate interests – The processing of your personal data may be necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or by fundamental rights and freedoms which require protection of personal data.
- Consent – You have given us your consent for processing your personal data for the purpose of adding your details to our communications newsletter mailing list.
Who we share your personal data with
Your personal data will be collected and processed primarily by our staff. We may share your data with other members of the consortium for the purposes outlined above; where we do so personal data will be shared within the protocols of the data sharing agreement in place for the consortium.
We require all third parties, including all members of the consortium, to respect the security of your personal data and to treat it in accordance with the law.
As detailed above, we may also share your personal data with Mailchimp and Zoho for the purpose of managing our communications with you.
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have established procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data retention
Personal data that you have provided to join the ‘mailing list’ will be retained for a period of three years. One month prior to the end of this period you will be contacted to reconfirm your marketing preferences. If you do not re-confirm by the end of this period then your personal data will be deleted.
Personal data that has been gathered for the purposes of registering you as a client or managing your query will be kept for a period of three years after which your personal data will be deleted.
Your rights
Under certain circumstances, you may have the following rights under data protection laws in relation to your personal data:
- Right to request access to your personal data;
- Right to request correction of your personal data;
- Right to request erasure of your personal data;
- Right to object to processing of your personal data;
- Right to request restriction of the processing your personal data;
- Right to request the transfer of your personal data; and
- Right to withdraw consent.
If you wish to exercise any of these rights, please contact us using the details set out below.
Contacting us
You can contact UCLPartners, the hub operator of DATA-CAN, by telephoning 020 7679 6633 or by writing to:
UCLPartners, 3rd Floor, 170 Tottenham Court Road, London, W1T 7HA.
Please note that UCLPartners has appointed a Data Protection Officer, Rebecca Graham. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact our Data Protection Officer using the details set out below:
Rebecca Graham gdpr@uclpartners.com
Complaints
If you wish to complain about our use of personal data, please send an email with the details of your complaint to gdpr@uclpartners.com so that we can look into the issue and respond to you.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) (the UK data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website at https://ico.org.uk.