This research programme is organised by the University of Cambridge and
Cambridge University Hospitals NHS Foundation Trust in partnership with Queen
Mary University of London. The Participant Information Sheet (PIS) that you will
read before joining the programme describes the information collected about you
after you join the programme, how you might be contacted by the Heartburn
Health team and how the programme organisers will use the information
collected about you. As explained in the PIS, the programme organisers will
contract with third party organisations to provide technical support to the
programme. This notice describes how the information is used that is received
about you from the trial.
All personal details and programme data will be protected in accordance with the
Data Protection Act (2018) and UK General Data Protection Regulation.
Who are the data controllers of my information?
Together, the University of Cambridge and Cambridge University Hospitals NHS
Foundation Trust are Data Controllers for the research programme. This means
that they will make decisions about how the data can be used.
Queen Mary University of London will act as the Data Processor for the trial. This
means that they will be responsible for hosting the Heartburn Health database
and handling the data safely. Expert teams within Queen Mary University of
London continually assess and ensure that data is held in the most
appropriate and secure way.
The Queen Mary University of London Data Protection Officer provides oversight
of QMUL activities involving the processing of personal data and can be contact
via data-protection@qmul.ac.uk
What information will third-party organisations receive about me and how will they use it?
Third-party organisations have been contracted by the Heartburn Health team to
provide technical support to run the study. Employees from these companies
may be able to access your personal information (e.g. name, mobile number) to
carry out their role. Some of these organisations may be based outside the UK.
All third parties must meet UK GDPR standards and handle your personal details
securely under appropriate contracts. Services and products from other organisations may be used but will not have access to your personal information.
iPLATO
iPLATO provides technical solutions for patient communication. For Heartburn
Health, they are providing the technical support to send text message invitations
to people in certain regions of the UK before enrolment and collect the online
enrolment form data from these participants. iPLATO will be provided with the
name and mobile number of people selected to invite by text message. Further
details on this process can be found here . If you complete the online enrolment form by clicking the link in the text message, they will also have access to the information you provide in the form.
Arrow Business Communications Limited (ARO)
ARO provides the Trusted Research Environment which allows for secure storage
of data. The Trusted Research Environment is accredited by health data
custodians in the UK to deliver a datacentre which meets all relevant UK
information governance and data security standards. All data for Heartburn
Health will be held in a database built using REDCap and stored in the Trusted
Research Environment provided by ARO. Employees from this company may
have access to any information held by Heartburn Health to carry out their role.
Please note that other equivalent Trusted Research Environment providers may
be used if required.
Twilio
Twilio provides the platform to send text messages to participants in Heartburn
Health after they have enrolled. Twilio can interface with the internal databases
and will be used to send updates about the programme and invitations to future studies. Twilio will be provided with first names and mobile numbers to send the
text messages.
What is the basis for processing my information?
The University of Cambridge, Cambridge University Hospitals NHS Foundation
Trust and Queen Mary University of London need a valid legal reason to process
and use your information. This is called a “legal basis.” This legal basis for
processing your information is their public task in the public interest as research
institutions.
How long will my information be kept?
The University of Cambridge, Cambridge University Hospitals NHS Foundation
Trust and Queen Mary University of London will keep your information for as long
as needed to fulfil the purposes outlined in this notice and the PIS, which may be
indefinitely, unless a different retention period is required by law. The University
of Cambridge, Cambridge University Hospitals NHS Foundation Trust and Queen
Mary University of London will keep this information for five years after
Heartburn Health closes. At current, the programme is planned to run at least 12
years.
Will my information be transferred outside of the United Kingdom?
Twilio is based outside the UK. This means your first name and mobile will be
transferred outside the UK to send the text messages. However, your
information will never be stored by this company.
Your information will not be stored outside the UK.
What are my rights?
Under data protection legislation you have certain rights in relation to your
personal information, including the right to access, correct, erase or restrict or
object to the use of your personal information. These rights are limited in the
research setting, however, because the University of Cambridge and Cambridge
University Hospitals NHS Foundation Trust need to manage your information in
specific ways in order for the research to be reliable and accurate. Because the
University of Cambridge and Cambridge University Hospitals NHS Foundation
Trust do not know your identity, if you wish to exercise any of these rights, you
should contact members of the Heartburn Health team and they can direct your
question to the appropriate people at the University of Cambridge and
Cambridge University Hospitals NHS Foundation Trust.
You also have the right to make a complaint with the Information
Commissioner’s Office (ICO) (the UK data protection regulator). For further
information on your rights and how to complain to the ICO, please refer to
the ICO.
Whom can I contact with questions?
Because the University of Cambridge and Cambridge University Hospitals NHS
Foundation Trust do not know your identity, you should address your questions
to the Heartburn Health team in the first instance at cuh.heartburnhealth@nhs.net.
Use of cookies and other technologies
Cookies are text files containing small amounts of information which are
downloaded to your device when you visit a website. This information is sent
back to the originating website on each subsequent visit, or to another website
that recognises that cookie. Cookies are useful because they allow a website to
recognise a user’s device and are widely used in order to make websites work
more efficiently, as well as to provide information to the owners of the site.
We use Google Analytics, social media plug-in and session ID cookies to help us
improve the speed and security of the website and understand the way our
visitors use our website and improve their experience.
We collect this information in a way which does not identify anyone. We do not
make any attempt to find out the identities of those visiting this website and will
not associate any data gathered from this site with any personally identifying
information from any source. We will not pass the data on to advertising
networks or other third parties.
You can opt out of being tracked by Google Analytics across all websites. Most
web browsers allow some control of most cookies through the browser settings.
Find out more about cookies, including how to see what cookies have been set
and how to manage and delete them.
If you would like more information about how your data will be processed in
accordance with UK GDPR, please visit the links click here
Patient data and research leaflet – Health Research Authority