We only store and use your personal information if you send us a message. This policy explains what we do with your information.
Wix uses Google Analytics to track users on our website. We cannot identify you through Google Analytics reports.
About the Scottish Genomes Partnership (SGP)
1. SGP is a Scotland-wide research programme between the Universities of Edinburgh, Glasgow, Aberdeen and Dundee, with NHS Scotland, NHS Lothian, NHS Greater Glasgow and Clyde, NHS Grampian and NHS Tayside. Records about the research undertaken are kept by each of the collaborating institutions as required to deliver their part of the SGP research objectives.
2. This notice explains what information we collect on our website visitors and users, how we collect it, what we do with it, how we protect it, and your rights regarding your information. We promise to protect your privacy in accordance with all current relevant Data Protection Legislation.
3. Separate information and formal consent processes are in place for each of the research projects funded through the SGP. You will receive this information if you are considering becoming involved in one of our research studies.
Information about you: how we use it and with whom we share it
4. There is a “Contact Us” form on our website to enable you to get in touch with any questions about our work. If you send us a message this way, your information including your email address will be used by the SGP project team to reply to you.
We would prefer you not to send us detailed personal information such as your address, date of birth or detailed health information, but if you decide to do this we will always aim to protect this information.
We do not have a newsletter or use email marketing. If this was to change in the future we would never add your contact details to any marketing lists unless you had asked us to do this.
5. The SGP website uses an external company (Wix) to host its website.
All traffic (transferral of files) between our website and your browser is encrypted and delivered through secure channels (HTTPS).
If you send us a message using the “Contact Us” form, your information will be stored securely by Wix and viewable on the Wix platform by the SGP Project Manager. SGP remains responsible for your information and will ensure it is kept securely.
Your message will also be emailed automatically by Wix to the SGP team over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted and stored by our local University of Edinburgh, University of Aberdeen and University of Glasgow computers and devices.
Once this email containing your information is received safely by us, we will delete your information from the Wix mailbox and contact list. Although your information is saved securely by Wix, this copy is not needed once it has been transferred to us. Your information will always be deleted from Wix within 2 months of submitting your message to us.
6. We are processing information about you because we need this to reply to your message and this is called a legitimate interest.
Once the Wix email containing your message is received by us, we will aim to reply to your question or request within 2 weeks. We are a small team, so during holiday periods please bear with us, as this may take a little longer.
Sharing your information
7. Sharing within our team. If your message is about participation in one of our research studies, we may share enough personal information from your message with other members of the SGP team to give you the best answer. These people may be employed in the NHS Scotland Clinical Genetics Service. The NHS team may keep a copy of the information we share for record-keeping purposes and it may form part of your NHS record. All members of the SGP team are bound by this Privacy notice.
8. Wix as our website provider. Wix has data centres in the United States and Europe. From time to time, Wix may transfer hosting from one location to another, so your message and contact details may be stored in either location. The Wix platform complies with the EU-US Privacy Shield Framework and the Swiss-US privacy shield framework as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union to the United States. It therefore adheres to the Privacy Shield Principles.
Keeping your information
10. We may hold the personal data you gave us for up to 5 years beyond the end of the SGP funding award. The award is expected to end on 28th February 2020, so we may hold your details until February 2025.
11. We may keep a copy of any email response we send you, to make sure we have answered your request and have a record of doing this. In this copy we will have deleted any personal information that we do not need to keep. We will keep this copy for up to 5 years after the SGP research has ended, to meet project management record keeping and audit needs. These archives are kept securely in our project files with other project management documentation.
12. We keep a log of all messages we receive through our website. This log contains the date you contacted us, your surname and the type of enquiry in general terms (e.g. a request for information, a request to participate in one of our projects, and so on). We will also keep a record of when we completed your request and what we did or the information we sent you. This allows auditors and project funders to check our work.
Automated decision making
13. We do not use profiling or automated decision-making processes. A human decision maker will always be involved before any reply is sent to you.
14. The University of Edinburgh is the administering institution for SGP. If you have any questions, please contact:
Scottish Genomes Partnership Project Manager
Institute of Genetics and Molecular Medicine
University of Edinburgh
Western General Hospital
Crewe Road South
Edinburgh EH4 2XU
Data Controller and contact details
15. For data collected under this privacy notice, members of the SGP Operational Management Committee are considered to be joint Data Controllers, as that term is defined in the EU General Data Protection Regulation (Regulation [EU] 2016/679).
16. The University of Edinburgh is registered with the Information Commissioner’s Office, Registration Number Z6426984.
17. The University of Edinburgh’s Data Protection Officer can be contacted at:
Data Protection Officer
Governance and Strategic Planning
University of Edinburgh
18. The University of Edinburgh’s data protection policy can be found on its website:
19. You have the right to request access to, copies of and rectification or (in some cases) erasure of personal data held by us and can request that we restrict processing or object to processing as well as (in some cases) the right to data portability (i.e. the right to ask us to put your data into a format that it can be transferred easily to a different organisation). If you wish to make use of one of these rights, please email your local contact.
20. If you are unhappy with the way we have processed your personal data you have the right to complain to the Information Commissioner’s Office (ICO), but we ask that you raise the issue with the University of Edinburgh’s Data Protection Officer first.
For information about reporting a concern to the ICO see their website: