Skip to content
Contact

Navigation breadcrumbs

  1. Home
  2. Protecting your data

How we keep your data safe

All information will be stored to the highest industry and professional standards within our Trusted Research Environment.

Trusted Research Environment

To hold all data safely and securely, we use a Trusted Research Environment. This is a highly secure computing environment that provides remote access to health data for approved researchers.

Personal data (e.g. name, address) will be stored separately from research data. Only the Heartburn Health team will have access to personal data.

Researchers will only be able to access non-identifiable data specifically needed for an approved study in the Trusted Research Environment. They will not be able to remove data from the environment, meaning only approved analysis can be done.

The Trusted Research Environment allows us to maximise use of the data to advance research into heartburn, while ensuring the data is safe and secure.

The ‘Fives Safes’ Model

Data will always be kept safe and secure and will be used responsibly to ensure privacy. To make sure these high standards are met, we will follow the ‘Five Safes’ Model:

[add image from HDR UK]

Regulations and oversight

All personal details and programme data will be protected in accordance with the Data Protection Act (2018) and UK General Data Protection Regulation. Together, the University of Cambridge and Cambridge University Hospitals NHS Foundation Trust are Data Controllers for the trial. This means that they will make decisions about how the data can be used. Queen Mary University of London and King’s College London are Data Processors. This means that they will be responsible for handling the data safely. King’s College London is currently responsible for hosting the Heartburn Health database.

The King’s College London Data Protection Officer provides oversight of King’s College London activities involving the processing of personal data, and can be contacted at info-compliance@kcl.ac.uk. The Queen Mary University of London Data Protection Officer provides oversight of QMUL activities involving the processing of personal data and can be contacted via  data-protection@qmul.ac.uk.

King’s College London may store personal details with a contracted GDPR compliant third-party storage provider within the UK, where they are the best data storage option. Some employees of the third party will have access to personal details and trial data if needed for their role. They are required to keep your personal details and trial data strictly confidential. 

At some point in the future, your data will be transferred from King’s College London to Queen Mary University of London, using secure transfer methods. King’s College London and Queen Mary University of London have a responsibility to keep information collected about you safe and secure. They also have responsibility for ensuring the highest integrity of research data. Specialist teams within King’s College London and Queen Mary University of London continually assess and ensure that data is held in the most appropriate and secure way. 

If you would like more information about how your data will be processed in accordance with UK GDPR, please visit the following links:

In the event of a security breach

We are using every safety measure to ensure the information we hold is secure. This includes meeting standards set by the National Cybersecurity Centre and the NHS. However, there is always the risk of a security breach. In the unlikely event this occurs, someone could access the information we have.  If a security breach ever happens, we will notify everyone affected as soon as possible.