NDMRB Privacy Notice
NDMRB Privacy Notice
We are committed to protecting the privacy and security of your personal information. This notice describes how we collect and use your personal data submitted to us online, by email, on paper or face-to-face, in accordance with the General Data Protection Regulation (GDPR) and associated data protection legislation.
The University of Oxford is the “data controller" for the information that you provide to us. This means that we decide how to use it and are responsible for looking after it in accordance with the GDPR.
DATA PROTECTION OFFICER
The University’s Data Protection Officer can be contacted at firstname.lastname@example.org.
ACCESS TO YOUR DATA
Access to your personal data within the University will be provided to those staff who need to view it as part of their work.
WHERE WE STORE OR USE YOUR DATA
We may store the data we collect in hard copy or electronically. The data is stored on secure servers and/or in our premises within the UK. We may share your data with third parties or transfer your data outside the EAA under certain circumstances.
RETAINING YOUR DATA
We will only retain your data for as long as we need it to fulfil our purposes, including any relating to legal, accounting, or reporting requirements.
Full details on your rights to access and modify your personal data are available here.
You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO). A complaint to the ICO can be made by visiting their website https://ico.org.uk/make-a-complaint/ or by calling their helpline on 0303 123 1113
SHARING PERSONAL DATA WITH THIRD PARTIES
We may share your data with third parties who provide services on our behalf.
All our third-party service providers are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
We may also share your personal data with third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property or safety of our site, our users, and others.
Where your data is shared with third parties, we will seek to share the minimum amount necessary.
TRANSFERS OUTSIDE THE EAA
There may be occasions when we transfer your data outside the European Economic Area (EEA). Such transfers will only take place if one of the following applies:
- the country receiving the data is considered by the EU to provide an adequate level of data protection;
- the organisation receiving the data is covered by an arrangement recognised by the EU as providing an adequate standard of data protection e.g. transfers to companies that are certified under the EU US Privacy Shield;
- the transfer is governed by approved contractual clauses;
- the transfer has your consent;
- the transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract; or
- the transfer is necessary for the performance of a contract with another person, which is in your interests.
DATA COLLECTED ON THIS WEBSITE
Details of the personal data we collect on this website
PERSONAL DATA DIRECTLY FROM YOU
When you fill in forms or surveys (for example for booking, asking us a question or reporting a problem with the website).
Unless otherwise stated on the form or survey, this information will be processed by our web content management system via servers based in the EAA in accordance with our standards for third party processors.
DATA AUTOMATICALLY COLLECTED ABOUT YOUR VISIT TO THIS WEBSITE
- Type of device and unique device identifier
- IP address
- Browser type and version
- Time zone
- Browser plug-in types
- Operating system
- Mobile Network information and platform
- URLs (web addresses) of pages visited
- Clicks around the website
- Page response times
- Download errors
- Length of visit
- Page interaction
This information is provided to us by your browser when you visit a webpage and passed to a third-party provider, Google Analytics. We take all possible steps to ensure that no personally identifiable information is processed.
THE PURPOSE AND LAWFUL BASIS FOR PROCESSING
- You will be able to find full details on the purpose and lawful basis for processing information you give to us via a form or survey on the form itself.
- Data collected for purposes arising from your use of this website is to ensure that we understand how our site is used, to improve our site, and ensure it is secure. This processing occurs because it is necessary to meet our legitimate interests in operating this website.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
Please note that we may process your data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
HOW TO CONTACT US
If you have any questions or concerns about a particular research study you are participating in, or wish to withdraw from the study, please use any contact details you have already been supplied with, or use your preferred internet search tool to look for the study name together with “Oxford” or ”NDM”.
Contact Information for this website:
Telephone: +44 (0)1865 612900
If you are unable to find the relevant contact details, you have any general questions about how your personal information is used by the Department, or wish to exercise any of your rights, please contact the University’s Information Compliance Team (email@example.com).
© 2021 NDM Research Building, Nuffield Department of Medicine, University of Oxford, Old Road Campus, Headington, Oxford, OX3 7FZ