SGP Privacy Policy

Key Points

  • We only store and use your personal information if you send us a message. This policy explains what we do with your information.

  • Our website is hosted by Wix. They use cookies to track your actions on our website. You can turn these off if you want to.

  • Wix uses Google Analytics to track users on our website. We cannot identify you through Google Analytics reports.

About the Scottish Genomes Partnership (SGP)

 

1. SGP is a Scotland-wide research programme between the Universities of Edinburgh, Glasgow, Aberdeen and Dundee, with NHS Scotland, NHS Lothian, NHS Greater Glasgow and Clyde, NHS Grampian and NHS Tayside. Records about the research undertaken are kept by each of the collaborating institutions as required to deliver their part of the SGP research objectives.

2. This notice explains what information we collect on our website visitors and users, how we collect it, what we do with it, how we protect it, and your rights regarding your information. We promise to protect your privacy in accordance with all current relevant Data Protection Legislation.

3. Separate information and formal consent processes are in place for each of the research projects funded through the SGP. You will receive this information if you are considering becoming involved in one of our research studies.

 

Information about you: how we use it and with whom we share it

 

4. There is a “Contact Us” form on our website to enable you to get in touch with any questions about our work. If you send us a message this way, your information including your email address will be used by the SGP project team to reply to you.

 

We would prefer you not to send us detailed personal information such as your address, date of birth or detailed health information, but if you decide to do this we will always aim to protect this information.

 

We do not have a newsletter or use email marketing. If this was to change in the future we would never add your contact details to any marketing lists unless you had asked us to do this.

 

5. The SGP website uses an external company (Wix) to host its website.

All traffic (transferral of files) between our website and your browser is encrypted and delivered through secure channels (HTTPS).

Wix uses “cookies” (small pieces of data stored on your browser) to track your movements and actions on our site. These gather, collect and record website uses, sessions and related information. When you arrive on our site for the first time, we explain our use of cookies in a pop-up message. This information is always available to you through a “Use of Cookies” link at the bottom of each web page.

If you send us a message using the “Contact Us” form, your information will be stored securely by Wix and viewable on the Wix platform by the SGP Project Manager. SGP remains responsible for your information and will ensure it is kept securely.

Your message will also be emailed automatically by Wix to the SGP team over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted and stored by our local University of Edinburgh, University of Aberdeen and University of Glasgow computers and devices.

Once this email containing your information is received safely by us, we will delete your information from the Wix mailbox and contact list. Although your information is saved securely by Wix, this copy is not needed once it has been transferred to us. Your information will always be deleted from Wix within 2 months of submitting your message to us.

6. We are processing information about you because we need this to reply to your message and this is called a legitimate interest.

 

Once the Wix email containing your message is received by us, we will aim to reply to your question or request within 2 weeks. We are a small team, so during holiday periods please bear with us, as this may take a little longer.

 

Sharing your information

 

7. Sharing within our team. If your message is about participation in one of our research studies, we may share enough personal information from your message with other members of the SGP team to give you the best answer. These people may be employed in the NHS Scotland Clinical Genetics Service. The NHS team may keep a copy of the information we share for record-keeping purposes and it may form part of your NHS record. All members of the SGP team are bound by this Privacy notice.

8. Wix as our website provider. Wix has data centres in the United States and Europe. From time to time, Wix may transfer hosting from one location to another, so your message and contact details may be stored in either location. The Wix platform complies with the EU-US Privacy Shield Framework and the Swiss-US privacy shield framework as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union to the United States. It therefore adheres to the Privacy Shield Principles.

9. Google tracking of user interactions. Like many websites, we use Google Analytics (GA) to track user interaction. Because of this, we consider Google to be a third party data processor for our website. For your information, our website uses the Wix implementation of GA. We use the data collected by GA to determine the number of people using our site, to better understand how they find and use our web pages and to track their journey through the website. Although GA records data such as your approximate geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to identify you personally but Google does not grant us access to this. GA makes use of cookies, details of which can be found on Google’s developer guides. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website. Our Use of Cookies link tells you how to do this for your browser.

 

Keeping your information

 

10. We may hold the personal data you gave us for up to 5 years beyond the end of the SGP funding award. The award is expected to end on 28th February 2020, so we may hold your details until February 2025.

11. We may keep a copy of any email response we send you, to make sure we have answered your request and have a record of doing this. In this copy we will have deleted any personal information that we do not need to keep. We will keep this copy for up to 5 years after the SGP research has ended, to meet project management record keeping and audit needs. These archives are kept securely in our project files with other project management documentation.

12. We keep a log of all messages we receive through our website. This log contains the date you contacted us, your surname and the type of enquiry in general terms (e.g. a request for information, a request to participate in one of our projects, and so on). We will also keep a record of when we completed your request and what we did or the information we sent you. This allows auditors and project funders to check our work.

 

Automated decision making

 

13. We do not use profiling or automated decision-making processes. A human decision maker will always be involved before any reply is sent to you.

 

Further queries

 

14. The University of Edinburgh is the administering institution for SGP. If you have any questions, please contact:

 

Scottish Genomes Partnership Project Manager

Email: sgp.project@igmm.ed.ac.uk

 

Institute of Genetics and Molecular Medicine

University of Edinburgh

Western General Hospital

Crewe Road South

Edinburgh EH4 2XU

 

Data Controller and contact details

 

15. For data collected under this privacy notice, members of the SGP Operational Management Committee are considered to be joint Data Controllers, as that term is defined in the EU General Data Protection Regulation (Regulation [EU] 2016/679).

 

16. The University of Edinburgh is registered with the Information Commissioner’s Office, Registration Number Z6426984.

 

17. The University of Edinburgh’s Data Protection Officer can be contacted at:

 

Data Protection Officer

Email: dpo@ed.ac.uk

 

Governance and Strategic Planning

University of Edinburgh

Old College

Edinburgh

EH8 9YL

 

18. The University of Edinburgh’s data protection policy can be found on its website:

https://www.ed.ac.uk/records-management/policy/data-protection

 

Your rights

 

19. You have the right to request access to, copies of and rectification or (in some cases) erasure of personal data held by us and can request that we restrict processing or object to processing as well as (in some cases) the right to data portability (i.e. the right to ask us to put your data into a format that it can be transferred easily to a different organisation). If you wish to make use of one of these rights, please email your local contact.

 

Complaints

 

20. If you are unhappy with the way we have processed your personal data you have the right to complain to the Information Commissioner’s Office (ICO), but we ask that you raise the issue with the University of Edinburgh’s Data Protection Officer first.

 

For information about reporting a concern to the ICO see their website:

https://ico.org.uk/concerns/

© 2019 Scottish Genomes Partnership

Scottish Genomes Partnership gratefully acknowledges the funding received from the Chief Scientist Office of the Scottish Government Health Directorates and the Medical Research Council Whole Genome Sequencing for Health and Wealth Initiative.