This site is optimised for modern browsers. For the best experience, please use Google Chrome, Mozilla Firefox, or Microsoft Edge.

CRN SWP Privacy Notice

Contents

Who we are?

The Clinical Research Network South West Peninsula (CRN SWP) is funded by the National Institute for Health Research (NIHR). We provide the infrastructure that allows high-quality clinical research to take place in the NHS, so that patients can benefit from new and better treatments. We help researchers to set up clinical studies quickly and effectively; support the life-sciences industry to deliver their research programmes; provide health professionals with research training; and work with patients to ensure their needs are at the very centre of all research activity.


The CRN SWP is hosted by Royal Devon and Exeter NHS Foundation Trust (RD&E) which is one of the highest performing healthcare organisations in Europe with a proven international reputation for its quality of care, information technology, clinical education and training and research. The Trust employs more than 9,500 staff.


The Trust is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018 (subject to parliamentary approval) and our registration number is Z5368894
For further information please refer to the ‘Information Governance’ page on our website.

Why we collect personal information about you?

When you contact the CRN SWP we may ask you for your contact details, which include your name and a method of contact such as your email address. This is so we may contact you about research opportunities that you have asked to hear more about or events that you have expressed an interest in, or to answer your enquiry. This information can be held in a variety of formats, including paper records, electronically on computer systems, in video and audio files.

What is our legal basis for processing personal information about you?

Consent: you have given clear consent for us to process your personal data for a specific purpose.

What personal information do we need to collect about you and how do we obtain it?

When you contact the CRN SWP we may ask you for your contact details, which include your name and a method of contact such as your email address. Your contact details are collected to facilitate our service offer. CRN SWP staff may also ask you for other details which may include, for example, your occupation and the organisation at which you are employed. These details will be used for various analyses of the service and in reports to other organisations. The information presented from the analyses will be anonymous and will not be linked to any personally identifiable information.


You can register your interest in CRN SWP events and involvement opportunities on our website and join our distribution list. You can also opt-in to receive further emails about CRN SWP news and services. We will ask you for your contact details which include your name and email address.

What do we do with your personal information?

Your personal data is collected, stored and processed only by those people who require access to it for the purposes outlined above. This is through secure systems and the data is stored on servers primarily located in the UK, or countries with robust data protection laws such as the USA.

We may utilise other third-party systems to enable us to collect, store or process your data. We choose systems that we deem to be adequately secure and to perform their duties in compliance with the general data protection regulations (GDPR).

Who do we share your information with and why?

 

  • With all NIHR CRN SWP members of staff and relevant staff at the NIHR CRN Coordinating Centre, where applicable.
  • We may outsource certain functions when we do not have the in-house capacity required. In order to do this, we may communicate your information to third parties who are authorised and/or contracted to provide our services. Any such third parties must handle your information in compliance with our privacy policies.

 


There are occasions where we may be required by law to share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud. There may also be situations where we are under a duty to share your information, due to a legal requirement. This includes, but is not limited to, disclosure under a court order, sharing with the Care Quality Commission for inspection purposes, the police for the prevention or detection of crime or where there is an overriding public interest to prevent abuse or serious harm to others and other public bodies (e.g. HMRC for the misuse of public funds in order to prevent and detect fraud).


For any request to transfer your data internationally outside the UK/EU, we will make sure that an adequate level of protection is satisfied before the transfer.
We are required to protect your personal information, inform you of how your personal information will be used, and allow you to decide if and how your personal information can be shared. Personal information you provide to us in confidence will only be used for the purposes explained to you and to which you have consented. Unless, there are exceptional circumstances, such as when the health or safety of others is at risk, where the law requires it or there is an overriding public interest to do so. Where there is cause to do this, we will always do its best to notify you of this sharing.

How we maintain your records?

We hold and process your information in accordance with the Data Protection Act 2018 (subject to Parliamentary approval) as amended by the GDPR 2016, as explained above. In addition, everyone working for the NHS must comply with the Common Law Duty of Confidentiality and various national and professional standards and requirements.Further information can be found in our Information Governance policies, which are available at: http://www.rdehospital.nhs.uk/trust/information-governance/default.html

What are your rights?

If we need to use your personal information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. The Data Protection Act 2018 (subject to parliamentary approval) gives you certain rights, including the right to:
•Request access to the personal data we hold about you
•Request your personal information to be transferred to other providers on certain occasions
•We will always try to keep your information confidential and only share information when absolutely necessary

If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

Data Protection Officer

Please contact the Information Governance Manager:

Information Governance Team

Wonford Hospital

Barrack Road

Exeter

EX2 5DW

Or via rde-tr.dataprotectionofficer@nhs.net

Information Commissioner’s Office

The Information Commissioner’s Office (ICO) is the body that regulates the Trust under Data Protection and Freedom of Information legislation. https://ico.org.uk/.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the ICO at: Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

If you wish to contact the CRN SWP to ensure that your contact details are correct and up-to-date or to ask for your contact information to be removed from our records, please contact CRN SWP at:

NIHR CRN South West Peninsula

Room N8

Plymouth Science Park

Research Way

Plymouth

Devon

PL6 8BX

Telephone: 01752 431947

Email: CRN.SWP@nhs.net