All personal data processing in the UK must conform to the European Union (EU) General Data Protection Regulation (GDPR). The GDPR defines personal data as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Personal information held by HMR might include your name, address, date of birth and photograph.
How we use your information
This privacy notice tells you how we, HMR (Hammersmith Medicines Research Ltd), will collect and use your personal data. We’ll ensure that information is kept confidential in line with the GDPR. If you consent, we’ll use the information to contact you in the future about clinical trials. If you take part in a clinical trial, we’ll keep your records for as long as required by law and international guidelines for clinical trials.
Why does HMR need to collect and store personal data?
The information that you submit to HMR will be held by us for the sole purpose of checking your suitability for future clinical trials, and contacting you to tell you about those clinical trials. We’ll ensure that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy. We will not contact you for any other marketing purposes, without first obtaining your additional consent.
Will HMR share my personal data with anyone else?
You’ll be asked to agree that HMR can store your information, including personal and medical details. We may keep the information about you on paper and in a computer database. HMR will keep that information confidential.
However, if you consent to take part in a clinical trial, your information will form part of the clinical trial records and will be processed in line with the laws that control clinical trials. We’ll give you full details before you agree to take part in a trial. As part of a clinical trial, we might share your personal identifiable information with other parties (such as a specialist doctor or scanning unit who work on the trial). Those parties must keep your information confidential and use it only for the clinical trial. We’ll never allow third parties access to your personal information for their own marketing purposes.
If you take part in a clinical trial, your personal identifiable information might be seen at HMR by:
- HMR staff
- medical professionals who work on the study or help with your care
- the authorities that control medicines, such as the UK Medicines and Healthcare products Regulatory Agency (MHRA) or the US Food and Drug Administration (FDA)
- representatives of the sponsor (the company paying for the study), who check that the study procedures are being done correctly
However, unless required by law, we won’t send your name, address or any other information that identifies you, to anyone outside HMR except for medical professionals working on the study or those responsible for your care (such as your GP). When HMR sends your information to anyone else, we’ll replace your name with a code, so they won’t know that it came from you. HMR will keep the key that links your results to you; we won’t share that key with anyone else.
We’ll never sell personally identifiable information to third parties.
How will HMR use the personal data it collects about me?
HMR will process (collect, store and use) the information you provide in line with the GDPR. We’ll do our best to keep your information accurate and up to date, and not keep it for longer than is necessary. By law, HMR must keep certain types of information (such as information for clinical trials, income tax and audit) for fixed periods of time. HMR may also keep personal information if there is a legitimate business need.
Under what circumstances will HMR contact me?
If you’re an existing volunteer, we’ll ask your consent to contact you in future by email or telephone to tell you about forthcoming studies. We’ll stop contacting you about clinical trials if you inform us at any time that you no longer wish to be contacted. In any case, we’ll remove your name from our ‘active’ list if you haven’t been in touch for the last 3 years. We aim not to be intrusive, and not to ask irrelevant or unnecessary questions.
Cookies are small files sent from websites (or through a service from a third party such as Google via Google Analytics) and stored in your internet browser. They allow a website’s systems to recognise your internet browser and remember certain information. However, we cannot collect your personal information (name, date of birth, contact details etc) from cookies on our website. Also, you can reject receiving cookies from websites through the settings on your internet browser. If you’d like to reject cookies from Google Analytics, please refer to the link below. [Google Analytics Opt-out Browser Add-on]
Can I find out the personal data that HMR holds about me?
HMR, at your request, can confirm what information we hold about you and how it is processed. If you give HMR your personal information but you never take part in a clinical trial, you can request the following information.
- The name and the contact details of the person or organisation that has decided how and why to process your data. In some cases, this will be a representative in the EU.
- Contact details of the Data Protection Officer.
- The purpose of the processing, and the legal basis for processing.
- If the processing is based on the legitimate interests of HMR or a third party, information about those interests.
- The categories of personal data collected, stored and processed.
- Details of who will see your data.
- If we intend to send the personal data to a country outside the EU or international organisation, information about how we ensure that this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure that there are specific measures in place to secure your information.
- How long the data will be stored.
- Details of your rights to correct or erase your data or to restrict or object to the processing.
- Information about your right to withdraw consent at any time.
- How to make a complaint to the supervisory authority.
- Whether your providing your personal data is a statutory or contractual requirement, or is necessary to enter into a contract, whether you‘re obliged to provide the personal data, and the possible consequences of not providing such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information about automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What rights do I have over my personal data if I take part in a clinical trial?
If you take part in a clinical trial, the information we hold about you will form part of the clinical trial records, and will be processed as described in the information and consent form for the trial. Because the information is used for a clinical trial that has been approved by a research ethics committee, your rights to access, change, delete or move your information are limited, as follows:
- you can’t make us delete study information and results we’ve already collected, or object to or limit our processing them.
- we might not have to make corrections to your study results and information if you ask us to.
- you can ask to see your study results and information at any time, but you don’t have an automatic right to have a copy; however, the study doctor will share any important medical information with you and other doctors responsible for your care.
What forms of ID will I need to provide to access my personal information held by HMR?
We must make sure that we don’t give your personal information to anyone else. So, if you want to access your personal information, you should provide two of the following forms of ID as evidence of your identity (at least one must have your photo and signature):
- driving licence
- birth certificate
- credit or debit card
- utility bill (from last 3 months)
- bank statement (from last 3 months)
Contact details of the Data Protection Officer / GDPR Owner: firstname.lastname@example.org