General Data Protection Regulation (GDPR)
We explain how we comply with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Please also read our Privacy Notice, which explains what we do with the information we hold about you, how you can request access to this personal data, and other data rights.
Cambridge University Hospitals NHS Foundation Trust is responsible for managing the NIHR BioResource Research Tissue Bank. The University of Cambridge and Cambridge University Hospitals NHS Foundation Trust are the sponsors for the NIHR BioResource – Rare Diseases study based in the United Kingdom.
We will be using information from you and your medical records in order to undertake these studies and will act as the data controller for these studies (Cambridge University Hospitals NHS Foundation Trust for the NIHR BioResource Research Tissue Bank; Cambridge University Hospitals NHS Foundation Trust and University of Cambridge for the NIHR BioResource – Rare Diseases study). This means that we are responsible for looking after your information and using it properly.
The University of Cambridge and Cambridge University Hospitals NHS Foundation Trust will keep identifiable information about you for 10 years after the study has finished, and we may approach you to extend this.
How will we use information about you?
We, the NIHR BioResource, will need to use information from you, from your medical records, including from your GP, hospital records and other health-related central records for this research project.
This information will include your:
- Full name
- NHS number
- Date of birth
- Contact details including address, phone number and email address
- Name and contact details of your GP
- Health-related information e.g. on your lifestyle, disease history, medication etc.
- Genetic information that will be generated from your blood or saliva samples or provided by e.g. NHS health-related central records, disease registries etc.
People will use this information to do the research or to check your records to make sure that the research is being done properly.
People who do not need to know who you are will not be able to see your name, NHS number, date of birth or contact details (which are your “personal identifiable information”). Your data will have a code number instead.
We will keep all information about you safe and secure.
Some of your information, but not your personal identifiable information, will be sent to other countries worldwide. They must follow our rules about keeping your information safe.
Once we have finished the study, we will keep some of the data so we can check the results. We will write our reports in a way that no-one can work out that you took part in the study.
What are your choices about how your information is used?
- You can stop being part of the study at any time, without giving a reason, but we will keep information about you that we already have.
- If you choose to stop taking part in the study by asking us to stop further contact with you, we would like to continue collecting information about your health from central NHS records, your hospital, your GP and/or research done with your sample. This is called ‘no further contact’ withdrawal. If you do not want this to happen, tell us and we will stop using your information and destroy your remaining sample, as well as stopping further contact with you. This is called ‘no further use’ withdrawal.
- We need to manage your records in specific ways for the research to be reliable. This means that we will be able to let you see the data we hold about you. We will be able to change some of the information we hold about you (for example your contact details and contact preferences) if you ask us to; however, we won’t be able to let you change other data we hold about you (such as your genetic information for example).
Where can you find out more about how your information is used?
You can find out more about how we use your information
- at www.hra.nhs.uk/information-about-patients/
- our privacy notice available from https://bioresource.nihr.ac.uk/about-us/governance-and-ethics/, which includes the sponsor’s Data Protection Officer contact details
- by asking one of the research team
- by sending an email to firstname.lastname@example.org
- by ringing us on 0800 090 2233.
You might want to read these pages in this section:
Our Confidentiality Notice: How we keep your information safe;