NIHR Leicester Biomedical Research Centre (BRC) Privacy statement
Who are we?
The National Institute for Health Research (NIHR) Leicester Biomedical Research Centre (BRC) is a partnership between Leicester’s Hospitals, the University of Leicester and Loughborough University. Its remit is to enable pioneering research into medical advancements.
Mr Tim Skelton – Chief Operating Officer – NIHR Infrastructure
Tim.email@example.com 0116 258 8128
NIHR Leicester Biomedical Research Centre
Leicester General Hospital
The Name & Contact details of our Data Protection Officer:
University Hospitals of Leicester Data Protection Officer (DPO):
Mr Saiful Choudhury – Head of Privacy
firstname.lastname@example.org 0116 258 6053
Why are we processing your data?
We will use participant’s data to research the causes of disease, identify biomarkers and find better treatments to improve patient outcomes. Our aims are to:
- Drive innovation in the prevention, diagnosis and treatment of ill-health
- Translate advances in biomedical research into benefits for patients
The source of the personal data
We may collect your data from many sources which may include:
- Research questionnaires or surveys
- Hospital & GP based medical records
- NHS National datasets
The data we collect will be dependent on the study. Please refer to the study specific information held on the NIHR Leicester BRC website – https://www.leicesterbrc.nihr.ac.uk/
What will we do with the information we gather?
- Research and statistical analysis using anonymised data.
- Sharing information – including personal identifiers – with authorised external services that collect and collate further information on research outputs.
- Some of the data we will gather will help to identify suitable candidates for invitation to our studies.
What is the lawful basis for the processing?
For processing to be lawful under the General Data Protection Regulation (GDPR) we need to identify a legal basis before we can process personal data. This is often referred to as the ‘lawful basis for processing’. The identified legal basis for the NIHR Leicester BRC to process healthcare data is:
‘6(1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.’
The type of personal data we process for research is ‘special category data’ as defined by GDPR. The identified legal basis for the NIHR Leicester BRC to process this data is:
‘9(2)(j) processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject’.
What categories of the personal data may be obtained?
The actual data collected will depend on the specific study. Each study will only collect enough information to answer the research question and may include any of the following:
- Demographic detail eg. Name, Address, Date of birth, Sex
- Personal contact details, eg. Telephone number(s), Email
- Identifiers eg. NHS number and hospital number
- Family, social and lifestyle factors
- Race, Ethnicity or Religious Belief
- Health and Medical History including interventions, medication and diagnoses
- Medical Records eg. Clinical Images, test results etc.
- Genetic and Biomedical samples
Who will have access to my data?
Access to identifiable data (e.g. names, addresses etc.) will be limited to selected members of the research team and to regulatory authorities, the host organisation (where you take part in the study), the Sponsor (who is legally responsible for the study) for auditing and monitoring purposes.
Access to data may also extend to the contracted third parties as listed above to provide study related activities.
Who will we share your data with?
Data may be shared with but not limited to:
- Contracted third parties
- National and international collaborators
What are the security arrangements for my data?
All data which is used for the purpose of your participation in the research is held securely on NHS or university network servers. Wherever possible your data will be anonymised. Identifiable data will only be stored and used for the purpose of contacting you or your GP for clinically significant findings. Research study specific data handling arrangements can be found on the following the NIHR Leicester BRC website – https://www.leicesterbrc.nihr.ac.uk/
How long will we keep your data?
We will keep your data for varying amounts of time depending on nature of research and UK regulatory requirements.
- We only store data that is necessary for the specific purpose of the research.
- We will not store your data for longer than is necessary for the purpose for which it was collected, unless we are legally obligated to do so by contract or other legal requirement as a public body.
- Your data will be securely deleted when no longer needed for the purpose(s) for which it was collected and/or the NIHR Leicester BRC are no longer obligated to keep it.
What are your rights as a participant?
Under GPDR you have the following rights as a participant for research data related activities:
- You have the right to request erasure and restriction of processing of your personal data held by the NIHR Leicester BRC.
- You have the right to object to processing.
- You have the right to object to processing for direct marketing. For the purpose of research this may include invitations to studies, newsletters and participant and public involvement (PPI) activities.
- You also have the right to object to profiling taking place to support those activities.
- You have the right to lodge a complaint with the Information Commissioner’s Office, if you think there is a problem with the way we are handling your personal identifiable information.
Your rights are not absolute. If we are not able to meet your request, we will explain the reason. Restrictions to these rights may apply due to the nature of the research you are participating in.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
Your right to withdraw consent.
- You have the right to withdraw from a study at any time without your healthcare being affected. The process of withdrawal will be dependent on the nature of the study you have consented to.
- You can also be withdraw consent to be contacted for further research.
- Your contact preferences will be recorded accordingly.
Your right to lodge a complaint with a supervisory authority.
You have the right to lodge a complaint with the Information Commissioner’s Office, if you think there is a problem with the way we are handling your personal identifiable information
Changes to this Statement