Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

Accept all cookies Reject all non-essential cookies Find out more

Privacy Notice

This Privacy Notice tells you about the information we collect and hold about you, what we do with it, how we will look after it and who we might share it with.  It also explains the choices you can make about the way in which your information is used and how you can opt-out of any part of the study if you wish. It covers information we collect directly from you or collect indirectly from other individuals or organisations for the Pearl and Selina studies which form part of the DeLIVER Programme. This notice is not exhaustive. However, we are happy to provide any additional information or explanation needed. Contact Details can be found here.

Who is responsible for your data?

The Data Controller and the Sponsoring organisation for DeLIVER is the University of Oxford. This means that we, as the University of Oxford researchers, are responsible for looking after your information and using it properly in accordance with the UK General Data Protection Regulation (UK GDPR).

Personal data we collect about you

We are collecting patient information so that we can learn more about liver disease, cirrhosis and hepatocellular carcinoma. The information we need for the study is gathered either at your standard clinic visits by asking you directly or by taking it from your patient records. The staff at the hospital where you enrolled into the study, complete forms with this information and then enter it onto our central database. On enrolment into the study cohort you are allocated a unique Study Number specific to you and the information or ‘data’ collected about you is entered under that Study Number. The pieces of personal information that we collect are listed below:

  • NHS Number (in England and Wales) or CHI Number (in Scotland)
  • Name, phone number and/or email address (only if you have consented to be contacted by the central study team)
  • Date of Birth
  • Gender, Ethnicity & Country of Birth

We also receive information from NHS health registries such as NHS England which hold national health and social care records. We provide your details (date of birth, NHS number or CHI number in Scotland, and gender) to NHS health registries in order to receive information about study participants in return. From NHS England we receive information including: 

  • Hospital attendance and admissions
  • Dates and causes of death
  • Cancers
  • Diagnostic imaging
  • National Disease Registration Service (NDRS)

 Similar information is requested from Public Health Scotland and the NHS Central Register (NHSCR) about Scottish patients.

How we use your personal data

As a University, we use personally-identifiable information to conduct research to improve health, care and services. As a publicly funded organisation, we have to ensure that it is in the public interest* when personally-identifiable information is used from people who have agreed to take part in research. This means that when you agree to take part in a research study, we will use your data in the ways needed to conduct and analyse the research study. Your rights to access, change or move your information are limited, as we need to manage your information in specific ways in order for the research to be reliable and accurate. If you withdraw from the study we will keep the information about you that we have already obtained. To safeguard your rights, we will use the minimum personally-identifiable information possible.

Health and care research should serve the public interest, which means that University of Oxford have to demonstrate that their research serves the interest of society as a whole. They do this by following the UK Policy Framework for Health and Social Care Research.

How long we keep your data

The Sponsor will keep identifiable information about you for up to 5 years after the study has finished (when the last piece of health data is collected about study participants, which will be many years after your last follow up visit), in line with Good Clinical Practice (GCP) and relevant legislation.

How we protect your data

We protect your personal data against unauthorised access, unlawful use, accidental loss, corruption, and destruction. 

We use technical measures such as encryption and password protection to protect your data and the systems in which they are held, and the information that we receive is stored securely in a study database. Access to the study database is by unique combinations of usernames and passwords and only authorised study personnel can access information about participants.

We also use operational measures to protect the data, for example by limiting the number of people who have access to the databases in which your data is held and using a unique study ID number to identify participants. Importantly, no individuals will be identified in any publications arising from this work. 

We keep these security measures under review and refer to University Security Policies to keep up to date with current best practice.

Sharing your data

Any personal data that identifies you are collected and managed by the DeLIVER team at the University of Oxford and will not be shared with anyone else, except to obtain health information about you from the health registries as described. 

Data from which you cannot be identified may be shared with other research groups who are doing similar research. This ‘de-identified’ information will not identify you and will not be combined with other information in a way that could identify you. The information will only be used for the purpose of health and care research, and cannot be used to contact you or to affect your care. It will not be used to make decisions about future services available to you, such as insurance.

Transfer of your data outside of the UK

Your data is securely stored at our premises within the UK, and your identifiable data will not be transferred outside of the UK.

As part of our ongoing research, however, we may send samples – collected from participants during the study – to laboratories outside the UK for analysis. Such analyses will be governed by a collaborative contract between the laboratory and the University of Oxford. Any such samples will be sent with a pseudonymised identifier and any analyses results will be transferred using secure methods.

Your rights

Under the UK General Data Protection Regulation (UK GDPR), you have the following rights in relation to the information that we hold about you (your ‘personal data’): 

The right to request access to your data (commonly known as a "subject access request"). This enables you to receive a copy of your data and to check that we are lawfully processing it.

The right to request correction of your data. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.

The right to request erasure of your data. This enables you to ask us to delete or remove your data in certain circumstances for example, if you consider that there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).

The right to object to the processing of your data. This enables you to oppose our using your data where we are processing it to meet our public tasks or legitimate interests (or the legitimate interests of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your data for direct marketing purposes.

The right to request that the processing of your data is restricted. This enables you to ask us to suspend the processing of your data, for example, if you want us to establish its accuracy or the reason for processing it.

The right to access, change or move your data. Depending on the circumstances, we may have grounds for not complying with your request, for example, where we consider that deleting your information would seriously harm the research or where we need to process your data for the performance of a task in the public interest. 

Your rights to access, change or move your information are limited, as we need to manage your information in specific ways in order for the research to be reliable and accurate. If you withdraw from the study, we will keep the information about you that we have already obtained. To safeguard your rights, we will use the minimum personally-identifiable information possible.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time. Updated versions will be provided on the DeLIVER website.

Complaints

If you wish to raise a complaint on how your personal data has been handled, you can contact our Data Protection Officer (data.protection@admin.ox.ac.uk) who will investigate the matter. If you are not satisfied with the response, or believe we are processing your personal data in a way that is not lawful you can complain to the Information Commissioner’s Office (ICO) by visiting their website at https://ico.org.uk/make-a-complaint/ or by calling their helpline on 0303 123 1113.

Contact us

If you would like to contact us directly for more information about how we process and protect data collected for research, please contact a member of the DeLIVER team who can be found here.


*For research purposes, our lawful basis for processing personal data and special category data are:

 UK GDPR - Article 6(1)(e), Supporting tasks in the public interest

 UK GDPR - Article 9(2)(j) Processing is necessary for archiving purposes in the public interest, or scientific and historical research purposes