As a clinical trials unit within the university, we may collect, store and process personal data, either directly or indirectly (for example from pre-existing datasets or other systems).
Depending upon the clinical trial, we may be a Data Controller and/or a Data Processor. If we are the Data Controller, we will determine why and how personal data will be collected and used. As a Data Processor, we are responsible for processing data on behalf of a Controller. In both cases, we act in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 and adhere to ethical and good clinical practice.
Legislation requires we have a lawful basis for the collection and processing of personal data. This lawful basis will vary depending on the nature of the underlying study. Often, study participants will give their explicit consent to their data being collected, stored and processed, in which case consent may be the legal basis. In other cases, the lawful basis might be that the study is a task in the public interest.
Our handling of personal data is regulated by the Information Commissioners Office (ICO). DTU is part of the University of Oxford and is covered by the University’s registration with the ICO. The registration number is Z575783X.
We are responsible for being transparent in our processing of personal data and informing clinical trial participants about the different ways this data is collected and used. Study-specific documentation will explicitly address the collection and use of participants’ personal data and will specify the lawful basis.
We protect your data against unauthorised access, unlawful use, accidental loss, corruption or destruction using both technical (e.g. encryption) and operational (e.g. limited access) measures. The university’s data protection policy is available here.
Information on your rights in relation to your personal data are explained here.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer, email@example.com, who will investigate the matter. If you are not satisfied with our response or believe we are processing your personal data in a way that is not lawful you can complain to the Information Commissioner’s Office (ICO) https://ico.org.uk/concerns/handling/.
If you have any queries about our use of your data, please contact us at firstname.lastname@example.org