This privacy notice is for research participants and should be read in conjunction with the participant information sheet made available to you by the research study you are participating in. The information sheet contains details about the personal information collected for the particular research study that concerns you.
Who will own my data once I submit it?
Under UK data protection legislation, the University acts as the Data Controller for personal data collected as part of the University's research. This means that the University of Liverpool will decide how your personal information is created, collected, used, shared, archived, and deleted (processed). The Principal Investigator acts as the Data Processor for this study, and any queries relating to handling your personal data can be sent to:
Professor Sir Munir Pirmohamed
The University of Liverpool, Department of Pharmacology and Therapeutics, Wolfson Centre for Personalised Medicine, Waterhouse Building (Block A), Brownlow Street, Liverpool, L69 3GL
Tel: 0151 794 5549. Email: munirp@liverpool.ac.uk
Why do you need my information?
We will only ever collect personal information that is appropriate and necessary for the specific research study being conducted. This specific information that we will collect about you is listed in this participant information sheet given to you by the research team.
To ensure that we show that we are recruiting a representative sample of research participants, we must gather standard demographic data. Some of this data is considered 'sensitive', called 'special category personal data. This may include, but is not limited to, information such as your ethnicity, gender identity and details about your health. These types of personal information require additional protections, particularly in relation to sharing, which the University ensures are in place.
Under UK data protection law, we must have special safeguards in place to help protect your rights and freedoms when using your personal information, and these are:
- Policies and procedures tell our staff and students how to collect and use your information safely.
- Training ensures our staff and students understand the importance of data protection and how to protect your data.
- Security standards and technical measures ensure your information is stored safely and securely.
- All research projects involving personal data are scrutinised and approved by a research ethics committee in line with University policies and procedures.
- Contracts with companies or individuals not associated with the University have confidentiality clauses to set out each party's responsibilities for protecting your information.
- We carry out data protection impact assessments on high-risk projects to ensure that your privacy, rights as an individual or freedoms are not affected.
What allows you to use my information?
Data protection law requires us to have a valid legal reason to process and use personal data about you. For research, the legal reason is "Processing is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller" (Article 6 of the UK GDPR): For sensitive information, the legal reason is: "the processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject". (Article 9 of the UK GDPR).
Who will my information be shared with?
Only anonymised data will be shared with the University of Manchester, our PPIE advisors and our public funder NIHR. Only individuals from The University of Liverpool, The University of Manchester, regulatory authorities, or participating NHS Trusts will look at your personal data to ensure the project is being carried out as planned. We also sometimes use products or services provided by third parties to conduct research activities or share research, e.g. Datanywhere, Teams or Zoom. These third parties are known as data processors, and when we use them, we have agreements to ensure your information is kept safe.
Where no barriers exist, your anonymised data will be kept after the project has ended, placed into a funder and University approved data repository/online archive for sharing with other researchers or used in future research. If the researchers would like to do this with your information, this will be detailed in the consent form. The repositories have technical controls to ensure that only authorised individuals can access the information.
Do I have to provide this information, and what will happen if I don't?
We will only ever ask you to provide information that is appropriate and necessary for the specific research project being conducted. Your personal data will only be shared with the researchers at the University of Liverpool or The University of Manchester who conducting the study you are participating in so they can identify you as a participant and contact you about the study. Written or electronic informed consent is a legal requirement of most research involving people, which should be archived as an essential document. If you could not provide informed consent, you would not be able to participate in this research.
Within the consent form, people can opt-out of sharing their anonymised data with other organisations. If the study you are taking part in involves audio-recording a workshop or interview, you won't be able to participate if you do not want the workshop or interview to be audio-recorded. All demographic questions will include a prefer not to answer question, and you will still be able to participate in the study if you choose not to answer these questions. Demographic data will be de-identified.
How long will you keep this data for and why?
We will only keep your personal information for as long as necessary to complete the research aims. Anonymised (non-identifiable) data and consent forms will be archived for the minimum required retention period of 10 years; all other data will be securely destroyed.
Anonymised data will be archived for use in other research projects in the future. Where there are no barriers to sharing or actions have been taken to overcome barriers, we will also make anonymised study data available for open access via a University and funder-approved research data repository.
How will my information be stored?
Personal contact details, electronic consent forms and the link between a participant's name and ID number (pseudonymisation key) will be encrypted and stored separately from study data on a secure University server. Paper-based consent forms will be held in a locked filing cabinet on University premises until archiving, when they will be digitised. Any audio recordings of will be encrypted and stored on secure University servers until transcribed and anonymised. This means your name and any other identifying information will be removed. At this point, the audio recording will be securely destroyed. All other study data will be anonymised and stored electronically.
Will this information be used to take automated decisions about me?
No.
Will my data be transferred abroad?
No.
What rights do I have when it comes to my data?
Under the UK General Data Protection Regulation, you may have the following rights with regards to your personal data:
- The Right to subject access – you have the right to see a copy of the personal data that the University holds about you and find out what it is used for.
- The Right to rectification – you have the right to ask the University to correct or remove any inaccurate data that we hold about you.
- The Right to erasure (right to be forgotten) you have the right to ask the University to remove data that we hold about you.
- The Right to restriction – you have the right to ask for your information to be restricted (locked down) on University systems.
- The Right to data portability – you have the right to ask for your data to be transferred back to you or to a new provider at your request.
- The Right to object – you have the right to ask the University to stop using your personal data or to stop sending you marketing information, or complain about how your data is used.
- The Right to prevent automated decision making – you have the right to ask the University to stop using your data to make automated decisions about you or to stop profiling your behaviour (where applicable).
Please note that not all rights apply in all situations. To find out more about your rights under the UK GDPR, please visit the Information Commissioner’s website.
To request a copy of your data or ask questions about how it is used, contact Dan Howarth, Data Protection Officer
- Email: legal@liverpool.ac.uk
- Post: Legal & Governance, University of Liverpool, Foundation Building, 765 Brownlow Hill, Liverpool L69 7ZX
Where can I find out more about how my data is used?
You can complain directly to the University's Data Protection Team by writing to Dan Howarth, Data Protection Officer
- Email: legal@liverpool.ac.uk
- Post: Legal & Governance, University of Liverpool, Foundation Building, 765 Brownlow Hill, Liverpool L69 7ZX
You also have the right to complain to the Information Commissioner’s Office using the following details:
- The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
- Telephone: 08456 30 60 60 or 01625 54 57 45
- Website: ico.org.uk
Version 1.1
Last updated: 7 October 2022
Back to: Legal & Governance