Privacy policy

Read our Privacy Notice

The purpose of this privacy notice is to inform you, as a user of Be Part of Research, about what information we collect when you visit the service, how we use the information, whether the information is disclosed and the ways in which we protect users' privacy. At all times, we want you to feel secure when using the website and associated services.

We are committed to respecting your privacy and how we do that is outlined in this Privacy Notice below. 

Introduction - protecting your privacy

The Department of Health and Social Care (DHSC) is the Data Controller for the Be Part of Research site under the Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679 (Data Protection Laws).

The Consortium of the University of Leeds and Guy’s and St Thomas’ NHS Foundation Trust (The Consortium) is the Data Processor for Be Part of Research. The Consortium provides the National Institute for Health Research (NIHR) Clinical Research Network Coordinating Centre (CRNCC) on behalf of the Department of Health and Social Care and the CRNCC is responsible for the processing of your personal data.

About the NIHR Clinical Research Network Coordinating Centre and Be Part of Research

The NIHR Clinical Research Network Coordinating Centre (CRNCC) is a service provided by the Consortium, supported by a wider partnership which includes King’s College London, Imperial College London, Newcastle University, University of Liverpool and PA Consulting Services Limited.

The CRNCC manages the NIHR Clinical Research Network (CRN) on behalf of the Department of Health and Social Care. The CRN makes it possible for patients and health professionals across England to participate in clinical research studies within the NHS.

The CRN provides the infrastructure that allows high-quality clinical research funded by charities, research funders and life-sciences industry to be undertaken throughout the NHS. The CRN works with patients and the public to make sure their needs are placed at the heart of all research, and provides opportunities for patients to gain earlier access to new and better treatments through research participation.

The CRN provides practical help in identifying and recruiting patients for clinical research studies, so that researchers can be confident of completing the study on time and as planned.

The CRN supports around 5,000 clinical research studies each year.

The information we collect

The CRNCC collects your personal data on behalf of and as directed by the Department of Health and Social Care.

The CRNCC collects information directly and indirectly. When you use Be Part of Research, we use technology to collect information indirectly - such as your internet address. This is commonplace across all internet services to enable the investigation of issues such as malicious use.

This information is then kept in our internet access logs. We collect information directly from you in a number of ways. One way is by using cookies. Cookies are small files of information that save and retrieve information about your visit to our site, such as how you entered our site, how you navigated through the site and what information was of interest to you. This information is collected for a number of reasons, for example, to help develop the website and associated services.

The cookies we use identify you only as a number. If you are uncomfortable about the use of cookies, you can disable them by changing the settings in the preferences or options menu in your internet browser. However, disabling cookies may affect our ability to provide services to you: if certain cookies are disabled you may not be able to access the service.

See our separate Cookies statement for more information on the cookies we use.

The only data stored in relation to navigation of the site will be cookie ID, IP address or device identifier information that the system collects when you access the system.

Specifically:

  • Navigation data – data on how you move around our site and the hyperlinks you click upon
  • The IP address of your device and, if applicable, the website you originated from

The personal data we collect may vary depending on the nature of your interaction with CRN. However, we always protect your personal data within the terms of this Privacy Notice.

Hotjar

NIHR CRNCC use Hotjar to better understand users’ needs and to optimize this service and experience. Hotjar is a technology service that allows us to better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback.

Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website).

Hotjar stores this information in an anonymous user profile. Neither Hotjar nor CRNCC will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this linkYou can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

How and why we use your personal data

Use of personal data:

  • Analytics - uses navigation data to anonymously track visitors to the site to provide statistics to help us understand how many people and who is visiting our site so we can improve service to users. This is done via Google analytics.
  • Login session cookie to control and recognise your secure session whilst you are on the site.
  • All third party contractors are required to sign up to an Agreement, which prevents them from sharing your data with other non-authorised third parties and provides for the secure disposal of this data.

How we protect your data

We are committed to ensuring that your information is secure.  We use leading technologies and encryption software to safeguard your data, and maintain strict security standards to prevent any unauthorised access to it.

What is the data journey

Due to the nature and function of Be Part of Research, it has to link to other websites to obtain the data presented on the site. The sites that Be Part of Research links to are third-party sites and the site does not control the way these sites use your information. If you choose to access these sites using the links provided, the operators of these sites may collect information from you that may be used by them in accordance with their privacy policies; please be aware, these policies may differ from ours. You should read their privacy policies carefully to find out what happens to any information that is collected by these services when you use them.

The security of Be Part of Research is managed by the NIHR Information Systems Function, on behalf of the Department of Health and Social Care. This Function has the appropriate technical expertise to protect against unlawful processing and/or accidental loss of information.

Be Part of Research is hosted on the Amazon Web Services platform, a cloud-based software platform which provides for disaster recovery processes across its servers, which are all located within the European Economic Area (EEA). None of the data contained within Be Part of Research will go outside the EEA. The Be Part of Research platform is accredited to ISO 27001 security standards.

We will not sell your personal data. We will not disclose your personal data to third parties outside of the CRNCC, unless we have your explicit permission, or are required by law to do so.

We will hold the data for as long as we are providing you services and for as long as you agree to this. We will retain your data for varying amounts of time depending on the nature of your interactions with Be Part of Research:

  • We only store data that is necessary for a specific purposes
  • We will not store your data for longer than is necessary
  • Your data will be securely deleted when no longer needed for the purpose(s)

Destruction of data

  • When a disc drive fails or is no longer required for use, this is securely destroyed in accordance with the NHS Code of Practice.
  • When an electronic file containing personal identifiable information (i.e. a complaints file) is no longer required it is securely deleted by overwriting the space several times with selected patterns, thus rendering any information unreadable.
  • No paper records are kept of personal confidential data.

Your rights over your personal data

The Data Protection Officer for the CRNCC is:

  • Name of Data Protection Officer: John Ryder
  • Address: Department of Health and Social Care, 39 Victoria Street, Westminster, London, SW1H 0EU
  • Email: data_protection@dhsc.gov.uk


As a data subject, you have the following rights under the Data Protection Laws:

  • the right of access to personal data relating to you
  • the right to correct any mistakes in your information
  • the right to ask us to stop contacting you with direct marketing
  • rights in relation to automated decision making
  • the right to restrict or prevent your personal data being processed
  • the right to have your personal data ported to another data controller (e.g. if you decide to contract with a different supplier)
  • the right to erasure
  • the right to withdraw consent

These individual rights are explained on the Information Commissioner's Office website:

If you wish to exercise any of your data subject rights, please contact the NIHR Service Desk in the first instance - either: 

We will respond in a timely manner to any rights that you wish to exercise, and for Subject Access Requests (SARs) this has to be within a month of receiving your request unless the request is particularly complex.

Contacting the regulator

It is important that you ensure you have read this privacy notice - and if you do not think that we have processed your data in accordance with this privacy notice - you should let us know as soon as possible. Similarly, you may complain to the Information Commissioner's Office. Information about how to do this is available at www.ico.org.uk.