EDGE Privacy Statement
This privacy statement sets out the privacy practices for the EDGE Local Portfolio Management System application (“EDGE LMPS”) provided by the Clinical Informatics Research Unit at the University of Southampton (“the University”).
EDGE LPMS registered users (“subscribers”) register their personal information with the University and it is vital for us to share how we protect that data. Personal data refers to the personal information that we hold about you from which you can be identified (either alone, or in combination with other data available to the University).
The University is the data controller, which means that we are responsible for deciding how we hold and use personal data about you. This statement makes you aware of how and why your personal data will be used, namely for the purposes of providing you with our services, and how long it will usually be retained for. It provides you with information under the General Data Protection Regulation ((EU) 2016/679) (GDPR).
We keep this Privacy statement under regular review and it may be amended from time to time.
Data Protection Principles
We will comply with data protection law and principles, which means that your data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
A list of the types of data we collect is set out below. Processing means doing anything with your data, such as collecting, recording, or holding the data, as well as disclosing, destroying, or using the data in any way.
In order to provide access to the EDGE LMPS application the following personal information is required within a subscriber account profile (“EDGE Profile”) to enable service delivery:
- First Name
- Email Address
In addition to name and email address, subscribers can also voluntarily provide the following personal data identifiers within the EDGE Profile:
- Date of Birth
- Personal URL
- Professional Registration Number
- ORCID ID
- Telephone contact data.
Subscribers can also voluntarily upload personal data characteristics within the EDGE Profile too, these include:
- Record of Qualifications
- Record of Training Courses and Certificates.
What if you do not provide your personal data?
Certain data, such as your contact details, have to be provided to enable us to enter a contract with you. If you do not provide this data we will not be able to provide our services to you.
How will your personal data be collected?
We will only collect your data from you or your nominated EDGE lead “local administrator” from your organisation and not from any third party organisations.
Data you provide to us
Information regarding our subscribers derived from their access and use of the EDGE LPMS is shared with the University to enable the delivery of services to subscribers. The University shall not sell, share or rent this information to any third party.
Lawfulness of Processing:
Processing of this data is necessary for the performance of the Master Service Agreement Contract with your organisation or Local Clinical Research Network.
We will only process your data for the specific purpose or purposes that we tell you about or if specifically permitted under any privacy legislation and will only process your data to the extent necessary for that specific purpose or purposes.
In order to access the application subscribers must have registered a contact name and email address.
All actions within the EDGE LPMS application are audited to conform with 21 CFR Part 11. This requires the logging of user identifiers (First Name & Surname) with a date and time stamp against application actions.
From time-to-time, the Clinical Informatics Research Unit may request voluntary participation in a survey relating to the application or delivery of service. Information requested may include contact information and demographic information. Survey Information will be used to monitor and improve the services provided by the Clinical Informatics Research Unit.
EDGE Developments and Updates:
The EDGE Communications Team send our subscribers updates and announcements about the EDGE service including the release of the monthly EDGE LPMS application upgrades. Subscribers are able to unsubscribe from these announcements by clicking the ‘Unsubscribe’ link at the bottom of the email communication. Communications with users will be by e-mail, telephone or standard mail service.
Data provided to the Clinical Informatics Research Unit regarding any subscriber is stored within secure managed hosting services platform provided by PIksel Ltd (Carelink division). Piksel Ltd have managed NHS hosting since 1998.
Holding and retaining your data
We create and hold your personal data electronically. We will only hold your Data for the duration that your organisation is contracting with EDGE for the purpose or purposes that we have collected it.
Who has access to your personal data?
Your data will be shared internally with staff within CIRU. We may have to disclose your Data if required to do so by law in order to comply with a legal obligation, to protect our rights, interests or property and those of others, act in urgent circumstances to protect the personal safety of our staff, students and the public or to protect us against any legal liability.
This Clinical Informatics Research Unit takes every precaution to protect our subscribers’ information. Only staff members who need a subscriber’s (personal) information to perform a specific job are granted access to the Information. The University’s staff operate within the University’s policies and procedures for Information Security. Staff are also bound by the confidentiality provisions in their employment contract and are kept up-to-date on National, Local and departmental security and privacy practices. They are regularly notified and audited to safeguard customer privacy.
We will keep the Data we store about you accurate and up to date. Data that is inaccurate or out of date will be destroyed. If your data is not accurate then please update your User Profile through the EDGE LPMS application, contact your Local Administrator for EDGE or email us at: firstname.lastname@example.org
You have a number of rights. You can:
- access and obtain a copy of your data on request;
- require us to change incorrect or incomplete data;
- require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where we are relying on our legitimate interests as the legal ground for processing; and
- ask us to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing data.
If you would like to exercise any of these rights, please contact us at: AskHR@soton.ac.uk
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
How do you access your data?
If you would like to exercise any of your rights please make a request using our online form or in writing to:
The Data Protection Officer
University of Southampton, Highfield
In certain circumstances you can request your Data for reuse for your own purposes across different services by emailing us at: email@example.com
Our registration number with the Information Commissioner’s Office is Z6801020
If you would like to find out more about how we use your personal data please contact: firstname.lastname@example.org. We also have additional policies and guidelines concerning particular activities. If you would like further information please see our Publication Scheme.