EDGE Privacy Statement

(updated 15th JULy 2025)

Introduction:

This Statement sets out the privacy practices for end users (the “End Users”) of the EDGE application (the “System”) provided by the Clinical Informatics Research Unit (“CIRU”) at the University of Southampton (the “University”).   

When you use EDGE as an ‘End User’, your access to the system has been provided by your organisation, and our processing of your personal data in connection with the EDGE platform is governed by a contract between us and your organisation. We process your personal data to provide EDGE to your organisation and you.

When your organisation provides you with access to EDGE, your use of it is subject to your organisation's policies, protocols, and procedures in respect of the processing, therefore if you have questions about EDGE’s processing of your personal data in connection with the purpose and data collection of the platform, please contact your organisation’s EDGE Lead Admin in the first instance.

Likewise, if you have broader privacy queries, including any requests to exercise your data protection rights, these should be directed to your organisation’s administrator.

To enable service delivery and access to the system, the following personal data is required within the System’s End User profile and will usually be provided by your organisation to us:

  • first name;

  • last name; and

  • email address.

In addition to the above, as an end user of the system you can also voluntarily provide the following personal data identifiers within the System’s End User profile:

  • title;

  • gender;

  • contact information;

    - telephone;

    - work address;

    - personal URL; professional registration identifiers; and ORCID ID.

  • CVs;

  • record of qualifications; and

  • record of training courses and certificates.

Data your organisation provides to us:

Information, including personal data, regarding the End Users derived from their access and use of the System is shared with the University to enable the delivery of the System services. The University shall not sell or rent this information to any third party. Your personal data will be shared with selected third parties as part of (enabling) service delivery. (See ‘Information Use’).

Information Processing:

Who has access to your personal data?

Your data will be shared internally with staff within CIRU where access is necessary for their roles. We also engage trusted and contracted third-party service providers (processors and, where relevant, their sub-processors) to support the operation of the System, and your personal data may be processed by them on our behalf under appropriate DPAs.

In addition, we may disclose your data if required to do so by law, to comply with a legal obligation, to protect our rights, interests, or property and those of others, to act in urgent circumstances to protect the personal safety of our staff, students, or the public, or to protect us against any legal liability. 

Processors and sub-processors:

We partner with selected service providers to help us deliver reliable service. Where these providers process personal data on our behalf, we require them to do so in accordance UK GDPR and other applicable data protection laws, under legally binding data processing agreements (“DPAs”), and to ensure that equivalent obligations are imposed on any sub-processors they may appoint.

To be transparent, here is a list of the partners that we engage to process the End Users’ personal data.

Name: Telefonica Tech UK
Services: Cloud Solutions Provider
Location: UK
GDPR Compliance: UK GDPR Compliant https://telefonicatech.uk/privacy-policy//
DPA Signed: YES

Name: SendGrid (Twilio)
Services: Transactional Email
Location: UK
GDPR Compliance: UK GDPR Compliance https://sendgrid.com/resource/general-data-protection-regulation-2/
DPA Signed: YES

Name: Active Campaign
Services: Marketing Comms
Location: EU
GDPR Compliance: UK GDPR Compliance
https://www.activecampaign.com/legal/gdpr-updates/privacy-framework
DPA Signed: YES

Name: Bettermode
Services: Community Forum Platform
Location: EU
GDPR Compliance: UK GDPR Compliance
https://bettermode.com/legal/data-processing-agreement
DPA Signed: YES

Name: Salesforce
Services: Help Desk
Location: UK
GDPR Compliance: UK GDPR Compliance
https://www.salesforce.com/uk/gdpr/overview/
DPA Signed: YES

Name: Microsoft Azure
Services: Web Servers, Database Hosting
Location: See below 
GDPR Compliance: GDRP Compliant https://privacy.microsoft.com/en-gb/privacystatement
DPA Signed: YES

EDGE Instance: EDGE Australia
Data Hosting Provider and Location: Microsoft Azure – Australia East Data Centre (New South Wales, Australia)

EDGE Instance: EDGE Belgium
Data Hosting Provider and Location: Microsoft Azure - EU Data Centre West (Netherlands)

EDGE Instance: EDGE Canada
Data Hosting Provider and Location: Microsoft Azure - Canada Data Centre West (Toronto)

EDGE Instance: EDGE Cyprus
Data Hosting Provider and Location: Microsoft Azure - EU Data Centre West (Netherlands)

EDGE Instance: EDGE India
Data Hosting Provider and Location: Microsoft Azure - India West Data Centre (Mumbai, India)

EDGE Instance: EDGE Malaysia
Data Hosting Provider and Location: Microsoft Azure - South East Asia Data Centre (Singapore, Malaysia)

EDGE Instance: EDGE New Zealand
Data Hosting Provider and Location: Microsoft Azure - Australia East Data Centre (New South Wales, Australia)

EDGE Instance: EDGE South Africa
Data Hosting Provider and Location: MS Azure - South Africa West Data Centre – (Cape Town, South Africa)

EDGE Instance: EDGE UK
Data Hosting Provider and Location: MS Azure - UK Data Centre South – (London – UK)

Audit Reports
All actions within the System are logged with End User identifiers (i.e., first name & last name), and a date and time stamp of system actions. The purpose of this logging is to support traceability, data security, and integrity and compliance with applicable data protection law on data access. 

Surveys
From time to time, we may contact you to request voluntary participation in a survey relating to the System or delivery of related services. Information requested may include contact information and demographic information. Survey information will be used to monitor and improve the services provided by CIRU.

System developments and updates
The EDGE Communications Team send you updates and announcements about the System service including the release of the monthly System application upgrade notices.  You may unsubscribe from these announcements by clicking the ‘Unsubscribe’ link at the bottom of the email communication.

Correcting/Updating personal data
You may update your Information at any time through their “User Profile” pages, via your employer’s designated Lead Administrator of the System, or by contacting the EDGE Team directly on edge@soton.ac.uk.

Accurate data
If your data is not accurate, please update your User Profile through the System, contact your employer’s designated Lead Administrator of the System, or email us at: edge@soton.ac.uk

Our registration number with the Information Commissioner’s Office is Z6801020

ICO Registration:

If you would like to find out more about how we use your personal data please contact: edge@soton.ac.uk. We also have additional policies and guidelines concerning particular activities. If you would like further information, please see our Publication Scheme.

If you are unhappy with the way that we have handled your data you can contact us at: edge@soton.ac.uk or contact the Information Commissioner’s Office via their website.

To download this page as a PDF click here

Further information: