Privacy statement

The Privacy Notice is for this website [http://researchhub.dsru.org] and served by the DSRU and outlines the privacy of Users. The DSRU regards the privacy and security of data and information very seriously. The Notice sets out the different areas where User privacy is concerned and outlines the obligations & requirements of the users, the website and website owners and the way the website processes, stores and protects User data.

When is data collected?

The DSRU collects personal data during the process of a data subject or a person providing data regarding a data subject taking part in an online research study as follows:

  1. To set up a User account for a reporter or data subject;
  2. When collecting research data on data subjects;
  3. Where applicable the website uses a cookie control system to allow or disallow the use of cookies on the User’s first visit to the website on a particular computer or device.

What data is collected?

The data collected during employment consists of:

  1. User account details such as email address, username, etc.;
  2. Study specific research data;
  3. Google Analytics Cookies are used by the website which contain no personally identifiable information but they will use the computer’s IP address to know from where in the world the Internet is being accessed. Google Analytics Cookies used are as follows:
    1. __utma – This cookie keeps track of the number of times a User has visited the site, when the first and last visit occurred. Google Analytics uses the information from this cookie to calculate information such as Days and Visits to purchase;
    2. __utmb –This cookie determines new sessions and visits and expires after 30 minutes. The cookie is updated every time data is sent to Google Analytics. Any activity by a User within the 30 minute life span will count as a single visit, even if the User leaves and then returns to the site;
    3. __utmc – This is a session cookie used in conjunction with __utmb to identify returning Users. The cookie is destroyed when the User closes the browser;
    4. __utmv – This cookie is set by the Google Analytics service to enable website owners to track User behaviour and measure site performance. This cookie is used when site owners create custom visitor-level variables for customising what can be measured. The cookie is updated every time data is sent to Google Analytics. It has a default lifespan of two years which can be customised by site owners;
    5. __utmz – This cookie keeps track of where the User came from, what search engine was used, what link was clicked, what keyword was used, and where located in the world when visited. It expires in 15,768,000 seconds or in 6 months.

What is the data used for?

The purposes for which the data is being processed or will be processed are to:

  1. User account details to prevent unauthorised access to a User’s and a data subject’s details;
  2. Research data for clearly outlined study specific research purposes;
  3. Provide the User the best experience when visiting the website by using cookies.

The DSRU will only use the personal identifiable data for account related activities and what the User and/or data subject has consented the personal identifiable data can be used for. The research data will be used for study specific analysis being conducted which will be outlined in the study protocol and study data management and statistical analysis plans. The DSRU may process personal data without consent only when required or permitted by law.

How is the data protected?

The DSRU has Information Security Policies and Procedures to protect and secure the personal data from being accidentally or maliciously lost or destroyed, altered, disclosed or used for unauthorised purposes or accessed by unauthorised personnel. The DSRU has security measures in place to ensure that only authorised personnel have access to the data.

When the data is shared with third parties, the DSRU require all third parties to have appropriate technical and organisational security measures in place to assure the data is protected and secured in accordance with current data protection legislation. The data will only be used by third parties for specified purposes and in accordance with written instructions.

The DSRU will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and the applicant of any suspected breach in accordance with current data protection legislation.

Who has access to the data?

The DSRU will not share the personal identifiable data with third parties unless specific consent is given. Study specific administrative staff and system support staff may need access from time to personal identifiable data to resolve system issues or for other administrative duties.

The research data may be shared within the DSRU with members of the research department for analysis purposes only. Research data where personal identifiable data has been removed may be shared with third parties for analysis purposes and this will be clearly outlined in the study data sharing plan.

Google stores information collected by cookies on servers in the United States. Google may transfer this information to third-parties where required to do so by law, or where such thirdparties process the information on Google’s behalf.

How long will the data be retained?

The DSRU will retain personal data for as long as is necessary to fulfil the purposes for which it were collected and processed and in accordance with the criteria outlined in the data subject consent form. Anonymous research data will be retained in accordance with the Medicines and Healthcare products Regulatory Agency (MHRA) guidance and may be kept for up to a period of 15 years after completion of the study but at least for 2 years after the granting of the last marketing authorisation in the EC.

What rights does the data subject have in connection with the data?

Data subjects have a number of statutory rights, subject to certain conditions and circumstances, as follows:

  1. To be informed;
  2. To request access to personal data;
  3. To request rectification of personal data;
  4. To request the erasure of personal data;
  5. To restrict the processing of personal data;
  6. To object to the processing of personal data;
  7. To request the transfer of personal data to another party.

To exercise any of these rights, contact the DSRU’s Head of Data Management (details below). If it is believed that the DSRU has contravened current data protection legislation with regard to the data then a complaint can be made to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.

Who to Contact?

Any further information required on the use of cookies by Google Analytics refer to the Google website - http://www.google.com/analytics/learn/privacy.html

Any general questions on DSRU Information Security or regarding an individual’s rights under current Data Protection legislation can be directed to:

Shayne Freemantle, Head of Data Management, DSRU, Bursledon Hall, Blundell Lane, Southampton SO31 1AA. Tel: 02380 408600. Email: shayne.freemantle@dsru.org.

DSRU’s nominated Data Protection Officer is:

Mark James (Mojou Ltd), Barn E, Manor Farm Donnington, Chichester West Sussex, PO20 7PL Tel: 07443 577577 or 0203 8897777. Email: admin@mojou.co.uk.

January 2020 Edited & customised by: DSRU. Company Number 327206 (England and Wales). Registered office address: Bursledon Hall, Blundell Lane, Southampton, SO31 1AA