The Clinical Trials Research Unit (CTRU) is part of the Leeds institute of Clinical Trials Research (LICTR) at University of Leeds. CTRU carries out research projects including clinical trials, other health research, and academic teaching.
In order to conduct our research projects we collect and use data in electronic databases and paper filing systems. Some of this data is considered ‘personal data’ according to the European Union General Data Protection Regulation (GDPR) and the UK 2018 Data Protection Act. This means this data is about people and it is sometimes possible to identify those people from the data (either directly through their name, or indirectly through other data such as NHS number).
Broadly speaking, we collect data for two different purposes:
Collecting data for research takes a lot of time and money to do. One way we can get the most benefit from this work is to make data available, when the research has finished, to other researchers who would like to use it for other research projects. These other researchers may be at the CTRU or University of Leeds, or in other organisations such as universities, NHS organisations or companies involved in health and care research. They may be in the UK or abroad.
If we get requests to use our research data, we will only agree to share it for valid and worthwhile research projects in healthcare or medicine. The data we share does not identify individuals and is not combined with other data in a way that means individuals could be identified. We only share data with qualified researchers who agree to store data securely.
Any data we share cannot be used to contact individuals and does not affect anyone’s care. It is not used to make decisions about future services available to individuals, such as insurance.
By law, we are required to identify a ‘lawful basis’ for dealing with people’s personal data.
For our research data, this is usually ‘task in the public interest’, or in other words, we are collecting data that we need in order to complete our research, which aims to improve healthcare for the general public. All our projects are ethically approved, and receive funding from charities or public bodies. All our projects involve patients or patient groups in how they are designed and run.
For all of our projects we need to collect data about people’s health, which is by law a ‘special category’ of personal data. We need an additional lawful basis to justify collecting and using this. In our case, this lawful basis is that the use of the data is necessary for scientific research purposes.
Because we use personal data to support scientific research in the public interest, individuals participating in our research do not have the same rights regarding their personal data as they would in other situations. The laws mentioned above say that data being used for research needs to be protected to make sure the research results are reliable and useful to the public. This means that the following rights are limited for individuals who participate or have participated in our research:
We provide detailed information to people about our purposes for processing personal data at the time they choose to take part in our research.
For most of our research projects, University of Leeds is the ‘data controller’, which means the University has overall responsibility for what data are collected and how they are handled. If some other organisation is the data controller, either alone or jointly with University of Leeds, this will be made clear to the people concerned.
Any queries or concerns about the way personal data has been processed should be sent to the University of Leeds Data Protection Officer using any of the following details:
The University of Leeds data controller registration number provided by the Information Commissioner’s Office is Z553814X.
Individuals whose data are held at the University of Leeds or CTRU, who are not satisfied with the response to any queries or complaints, or believe their data is being used unlawfully, have the right to complain to the Information Commissioner’s Office.
Date last updated:18th July 2019
The information made available by the University of Leeds over the World Wide Web does not form part of any contract. Changing circumstances may cause the University to have to change its provisions at any time. Whilst every effort has been made to ensure the accuracy of the information presented, the University cannot accept responsibility for errors.
This statement tells you how the University of Leeds will collect and process your personal data when you access this website.
As with most other web servers, when you access these web pages certain information you provide will automatically be recorded by the University of Leeds. This may include your IP address, browser type, and information relating to the page you last visited. This information is processed to estimate how much usage of the server is made by different categories of users and in the event of a breach of security may be used to aid detection.
Where you are required under this website to provide personal data this data will be used for the following purposes: to contact you regarding the query that you have made; to send you details of courses, if you have expressed an interest in receiving information about these courses.
Your personal data that you have provided will not routinely be sent to other third-parties (unless notified – see 3. above).
Cookies are small text files that are placed on your device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Our website uses first party cookies which are set by our web server as opposed to a different web server. They are categorised as strictly necessary, which are essential to the operation of the website, and performance cookies which collect anonymous information about the usage of our website. By using our website you agree that we can place these types of cookies on your device.
The table below explains the cookies we use and why:
__utmzThis cookie stores the type of referral used by you to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within the site. The cookie is updated with each page view, and expires 6 months from being set or updated._gatThis cookie is associated with Google Universal Analytics, and is used to throttle the request rate – limiting the collection of data on high traffic sites. It expires after 10 minutes.
|__utma||This cookie is used to determine unique visitors to the site, and is written upon your first visit to this site from your web browser. The cookie is updated with each page view, and expires 2 years from being set or updated.|
|__utmb||This cookie is used to establish the length of your visit to the site. The cookie is updated with each page view, and expires 30 minutes from being set or updated.|
|__utmc||This cookie is set to enable interoperability with the older version of Google Analytics code known as Urchin. This is a Session cookie which is destroyed when the user closes their browser.|
|__utmv||This cookie may be set from some pages which are used to track file downloads, or which are used in advertising campaigns. The cookie is updated with each page view, and expires 2 years from being set or updated.|
|_ga||This cookie is asssociated with Google Universal Analytics and is used to distinguish unique users by assigning a randomly generated number as a client identifier. By default it is set to expire after 2 years, although this is customisable by website owners.|
The University’s Data Protection Code of Practice also applies to the use of personal data under this website. The Code can be accessed at http://www.leeds.ac.uk/secretariat/data_protection_code_of_practice.html
This notice and therefore the ways in which your data may be processed can be changed from time to time. Any changes will only be notified via this web page.
If you have any queries relating to this privacy notice or the way your data is being processed through this website then please contact The University Communications Team email@example.com. If you are dissatisfied with their response please contact the University Webmaster, firstname.lastname@example.org.