3C Study Privacy Notice

We are committed to protecting the privacy and security of your personal information. This notice describes how we collect and use your personal data in accordance with the General Data Protection Regulation (GDPR) and associated data protection legislation.

The name and contact details of our organisation

The University of Oxford is the “data controller" for the information that you provide to us. This means that we decide how to use it and are responsible for looking after it in accordance with the GDPR. The University of Oxford central office address is:

Wellington Square, Oxford, OX1 2JD.

The 3C Study is coordinated by the Clinical Trial Service Unit, whose address is:

CTSU, Richard Doll Building, Old Road Campus, Headington, Oxford OX3 7LF.

The contact details of our data protection officer

The University’s Data Protection Officer can be contacted at:

            data.protection@admin.ox.ac.uk.

The purposes of the processing

Your data are being collected and analysed (“processed”) in order to investigate the effects of different treatment strategies on outcomes after kidney transplantation. As part of this work, we may use your data to conduct methodological trial research, for example to compare different methods of follow-up and the information they provide. We may also use the data to assess the importance of other factors on outcomes after kidney transplantation. We may share your de-identified data (i.e. a version of the data from which any information which could identify you has been removed) with other scientists if they wish to use it for research which the trial’s principal investigators approve of. We may also combine your data with that from other similar trials to understand all of the available data.

The lawful basis for the processing

Your data are being processed under what the GDPR refers to as “legal basis” of “as task in the public interest”.

The categories of personal data obtained (if the personal data is not obtained from the individual it relates to)

We have collected personal data including health information such as:

The recipients or categories of recipients of the personal data

These data have been collected at CTSU and are stored securely (both physically and electronically). We may share your data with other scientists if the trial’s principal investigators approve of their research plan. In this case, your data would be “de-identified” (which means that any information which could identify you has been removed).

We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose. Please note that we may process your data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We may share your data with third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property or safety of our site, our users, and others. Any such third-party would be required to take appropriate security measures to protect your data in line with our policies. We permit them to process your data only for specified purposes.Where your data is shared with third parties, we will seek to share the minimum amount necessary.

 

The details of transfers of the personal data to any third countries or international organisations

There may be occasions when we transfer your data outside the European Economic Area (EEA). Such transfers will only take place if one of the following applies:

The retention periods for the personal data

Any data included in the study database will be stored for 25 years in accordance with clinical trial regulations.

Your data protection rights

Under the General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018, you have the following rights in relation to the information that we hold about you (your ‘personal data’).

Further information on these rights is available from the Information Commissioner’s Office.

Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where there is a statutory or contractual requirement for us to process your data and it would not be possible to fulfil our legal obligations if we were to stop. However, you can withdraw from the study at any time by emailing 3cstudy@ndph.ox.ac.uk.

If you want to exercise any of the rights described above or are dissatisfied with the way we have used your information, you should contact the University’s Information Compliance Team. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the GDPR. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

The source of the personal data

In addition to the data we have received from directly (either through interviews during study clinic visits, on questionnaires or by telephone) we will collect data from central registries which routinely collect data for the NHS. These include:

transparent area to click on