Privacy Policy

Introduction

This privacy policy provides information on how HDRUK Wales (“we”, “us” or “our”) collects and processes your personal data. It also describes your data protection rights, including a right to object to some of the processing which Datamind carries out.

Who we are

HDRUK Wales is the Health Data Research Hub for Data Health funded by the Medical Research Council (MRC) and Health Data Research (HDR) UK.

Our website address is: https://hdrwales.org.uk/.

For data collected under this Privacy Statement, Swansea University is the Data Controller. Swansea University has a Data Protection Officer who can be contacted through dataprotection@swansea.ac.uk. The University’s data protection policy can be viewed on the University’s website: https://www.swansea.ac.uk/about-us/compliance/data-protection/data-protection-policy/

What information is collected

Personal data, or personal information, means any information about an individual from which that person can be identified.

Information we collect may include:

  • Identity data including your first name and last name, and organisation
  • Contact data such as your email address and telephone number
  • Technical data including IP address, type of browser or operating system

How we collect this information

We use different methods to collect personal data including:

  • When you contact us with an enquiry through the website
  • When you register and participate in our events or training, which may be online or in person
  • When you sign up to receive our newsletters
  • When you consent to receive our marketing materials
  • When you visit our website, unless you have opted out of cookie consent
  • Other information you post, email or otherwise send to us

Our lawful basis for processing

Data Protection Legislation requires that we meet certain conditions before we are allowed to use your data in the manner described in this notice, including having a “lawful basis” for the processing. The basis for processing will be as follows:

  • Legitimate interests – The processing of your personal data may be necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or by fundamental rights and freedoms which require protection of personal data.
  • Consent – You have given us your consent for processing your personal data for the purpose of adding your details to our communications newsletter mailing list.

This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files that can be used by websites to make a user’s experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can view and at any time change or withdraw your consent from the Cookie Declaration on our website by visiting our Cookie Policy.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

We may share your personal data with external third-party system providers who provide services including IT, online training, system administration and cloud-based software services. We may also share your contact information with external third-party organisations which we co-run patient and public involvement activities with or arrange events or training on behalf of HDR UK.

We will not share your personal data with other third parties unless you give your consent for us to do so, and we will not share your information with any other organisations for their own marketing, market research or commercial purposes.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may share your personal information with regulators or other authorities if we have a legal obligation to do so.

How long we retain your data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.

What rights you have over your data

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You can read more about this right here.
  • Request correction of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. You can read more about this right here.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. You can read more about this right here.
  • Object to processing of your personal data. This enables you to object to processing of your personal data if you feel it impacts on your fundamental rights and freedoms or if we are using it for direct marketing purposes. You can read more about this right here.
  • Request restriction of processing your personal data. This enables you to ask us to suspend the processing of your personal data in a number of different scenarios, such as where you want us to establish the accuracy of the data. You can read more about this right here.
  • Request transfer of your personal data. This enables you to request the transfer of your personal data to a third party. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. You can read more about this right here.
  • Right to withdraw consent. This enables you to withdraw your consent, which we are relying on to process your personal data. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of these rights, please contact dataprotection@swansea.ac.uk. You will not have to pay a fee to access your personal data (or to exercise any of the other rights).

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

These rights may be limited, for example, if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to the Information Commissioner, the UK’s data protection authority.