Privacy and terms

Genomics England’s priority is to ensure that the data of all participants and everyone it deals with is protected – and that we are fully compliant with the latest regulations including the Data Protection Act 2018 and the General Data Protection Regulation (the GDPR) on 25 May 2018.

Read how GDPR is affecting Genomics England, and find our Privacy Notices below.

What is the GDPR?

The GDPR creates a new data protection regime throughout the EU, “designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy”. The Data Protection Act 2018 makes provision for how the GDPR will operate in the UK.

How does the GDPR affect Genomics England?

The GDPR applies to anything we do with your personal data, such as collecting, storing or using it in any way. We are a Data Controller under the GDPR. We process personal data, including something known as ‘special category personal data’ (SCPD). SCPD includes genetic data and data concerning health – which we process as part of the 100,000 Genomes Project.

Under legislation in force before the GDPR – the Data Protection Act (1998) − Genomics England processed data on the basis of Participant Consent. Changes introduced as part of the Data Protection Act 2018 and the GDPR, however, mean that the basis for data processing has evolved.

What is changing?

Article 6 of the GDPR details the six criteria for the lawfulness of processing data. Genomics England can only process personal data if it meets at least one of these. We rely on the provision that allows us to process personal data based on our legitimate interests, which are to carry out medical research and in providing clinical care.

This change in the basis of the lawfulness of Genomics England’s clinical and research data processing will come into effect on 25 May 2018.

What does this mean for consent?

It is important to note that participant informed consent is fundamental to the 100,000 Genomes Project and Genomics England’s work – and this will not change. Indeed, “the creation of an ethical and transparent programme based on consent” is one of our four founding aims. This commitment is further underlined by England’s Chief Medical Officer, Dame Sally Davies, who focuses on the importance of informed consent to the success of genomic medicine in her 2017 report, ‘Generation Genome’.

Genomics England is committed to – and will continue to deliver – a workable consent process that allows participants to make informed choices on how their confidential genomic data is used.

Where can I find out more?

There are resources available to help people understand and make informed choices on the ways in which we use their data.

  • Data Protection Officer (DPO): In compliance with the GDPR and the Data Protection Act 2018, Genomics England has appointed a Data Protection Officer. Our DPO is a senior, qualified data practitioner who, amongst other duties:
  • helps us to monitor internal compliance with the GDPR;
  • informs and advises on our data protection obligations, including under the new Data Protection Act; and
  • provides advice and is the first point of contact for any questions on how we use data.

Genomics England’s DPO can be contacted – here.

  • Data Access and Use: more information on how we use data, as well as our Privacy Notices, can be found on our website – here.
  • Information Commissioner’s Office (ICO): the ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO is an excellent resource on data protection issues and is the body responsible for investigating concerns.
  • Health Research Authority (HRA) guidance for those in the health and social care research sector can be found here.

Privacy Notice for Website Users

Version 1. Dated 24 May 2018

1. About us

We are Genomics England Limited, also known as Genomics England, a company registered in England and Wales (Company No. 08493132). We are listed on the Information Commissioner’s register of data controllers under number: ZA021653

2. Introduction and purpose of this Privacy Notice

This Privacy Notice sets out key information that it is essential for you to know when you provide information to Genomics England.

This informs you of what to expect when Genomics England collects information from you, such as when you visit our website or subscribe to our newsletter. It does not apply to information from participants in the 100,000 Genomes Project; or members of the Discovery Forum or GeCIP. For details on data collected from participants, members of the Discovery Forum and GeCIP please see below.

We are the data controller for your personal data and this Privacy Notice describes how we process it.  By processing, we mean any operations such as collecting, organising, structuring, storing and destroying personal data. We will put in place appropriate technical measures to protect your personal data and to ensure that we process it:

  • Fairly and proportionately;
  • Only in ways that are relevant to the purposes for which it is to be used;
  • Accurately so that it is complete and up to date;
  • So that it is kept no longer than is necessary;
  • So that it is protected by security safeguards to prevent loss, unauthorised destruction, use or disclosure;
  • In accordance with the General Data Protection Regulation (GDPR) 2018 and the Data Protection Act 2018.

3. Our right to change our Privacy Notice

We may make changes to our Privacy Notice and when we do we will post our changed Privacy Notice on our website and it will then apply. We will always put the date and version of our Privacy Notice at the top, so that you can easily find this information.

4. What is personal data?

Personal data is any information about a living individual that can be used to identify the individual, such as name, address, date of birth, email address, photographs or videos. It may also include special categories of personal data. This is information concerning: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic or biometric data; health data; data concerning a person’s sex life or sexual orientation.

5. What information we collect

When you use our website on or register to receive our newsletters we collect the following personal data when you provide it to us, such as:

  • Name and title
  • Username
  • Address
  • Email address
  • Affiliated institutions where you have one

6. Your personal data and how we process it

We only ever use your personal data lawfully and when you have given us your consent to the processing of it.  Most commonly we will use your personal data in the following circumstances:

  • To allow you to register to receive our newsletters.
  • To communicate with you on events, news and updates from Genomics England.

You may withdraw your consent at any time by clicking the ‘unsubscribe’ bottom of any email we sent to you or by contacting us at info@genomicsengland.co.uk.

We will never sell your personal data or share it with third parties who might use it for their own purposes.

7. How we protect your personal data

The security of your personal data is very important to us.  We will ensure that we have in place appropriate organisational and technical measures to prevent unauthorised access, improper use, alteration, destruction or accidental loss of your personal data.

8. How long we keep your personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.

9. Your rights and your personal data

Under certain circumstances, by law you have a number of rights in respect of your personal data.  These include the right to:

  • Request access to your personal information, known as a ‘data subject access request’. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request that we correct the personal data we hold about you if it is inaccurate or out of date.
  • Request that we erase your personal data where there is no good reason for us continuing to process it.
  • Request that we restrict the processing of your personal data where there is a dispute about its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party where our processing of it is under a contract or based on your consent and the processing is carried out by automated means.

If you want to obtain access to, request correction or erasure of, restrict the processing of or request the transfer of your personal information please contact dpo@genomicsengland.co.uk

For more information on your rights and your personal data please see the Information Commissioner’s website.

Complaints

If you consider that we have not handled your personal data lawfully then please contact our Data Protection Officer. You also have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.

You can contact the Information Commissioner at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113

Contact details and useful information

If you have any questions about this Privacy Notice and how we handle your personal data then please contact our Data Protection Officer at dpo@genomicsengland.co.uk

Privacy Notice for Participants in the 100,000 Genomes Project

Version 1. Dated 24 May 2018

1. Introduction

This Privacy Notice describes how we collect, store and process personal information about you as a Participant in the 100,000 Genomes Project and in accordance with the General Data Protection Regulation (GDPR).

At Genomics England we take privacy seriously and will only use your personal information for the benefits of research or for clinical care.  As a Participant you have been kind enough to volunteer for the 100,000 Genomes Project and you will have been referred for inclusion in the 100,000 Genomes Project by your clinician and may have certain rare diseases yourself or in your family, or you may have cancer. You will, in most cases, have been invited to take part by a clinical team and in all cases you will have given your consent to providing your personal information by completing and signing a consent form.

Genomics England is a ‘data controller’ and we want you to be clear about how we collect, store and use personal information about you, how we protect the privacy of your personal information and how you can access your personal information should you choose to do so.

It is therefore important that you read this Privacy Notice as it will explain:

  • What information we collect and why we collect it.
  • Where the information comes from
  • How we use that information.
  • How we keep the information private
  • The choices we offer, including how to access and update information.

We’ve tried to keep this Privacy Notice it as simple as possible, but if you’re not familiar with the terms used in it, such as Health Data, Genome Data then visit our Data types and storage page to read about these key terms.

Your privacy matters to us.  If you have any questions about this Privacy Notice then please contact our Data Protection Officer at dpo@genomicsengland.co.uk.

2. Information we collect, store and process about you

We collect, store and process your personal information and this information includes health data from clinical care that has been given to us about your genome sequence data which is obtained after we have processed samples of blood, tissue, and saliva.  We also produce interpretation reports once we have analysed all your information and these reports are provided to your clinical team for review.

3. Why is this information collected

By considering your health data and genome data together, researchers will be able to better understand the relationship between variations in the genome and the health of the individual. In rare diseases, they may be able to better explain the condition, arrive at a new diagnosis or suggest a new approach to treatment.   In cancer, they may be able to predict the effect of a particular course of treatment, avoiding drugs that would not work for the individual concerned or selecting or developing drugs that have a better chance of success.

Under the GDPR, personal data can only be processed where one of the specific conditions set out in the GDPR is satisfied.  We rely on the provision that allows data controllers to process personal data on the basis of legitimate interests: the interests on which we rely are our interests in carrying out medical research and in providing clinical care.

There are also specific provisions in the GDPR in relation to special categories of personal data (including genetic, biometric and health data), under which such data can only be processed on limited grounds.  In order to process such data, we rely on the provisions that allow such data to be processed for research purposes and for providing clinical care.

4. What type of data is collected

As part of your treatment or clinical care, you may provide personal information about yourself and your condition to your clinical team. This may include personal information, like name, address, date of birth and other demographic information.  It may also include other information (much of it very personal) about your condition and how it affects you. As part of your treatment the information held about you may include photos, scans, images or video and these may all form part of the health data.

To ensure there is the richest possible health data set for research purposes we collect all sorts of data, even things that at first look might not have any relevance to a health condition. This is because we don’t yet know what is important. For instance, we collect details about birth and childhood illnesses because these might – or might not – have an influence on a condition. While some information we collect may not be relevant for an individual, it might be very important in other people’s conditions. For instance, we collect information about mental health and disability which is an important symptom for many of the rare conditions we cover.

5. Where is data collected from

Some of your health data will come from NHS hospitals and GPs or other health care teams that have provided you with care at any time; other health data will come from NHS healthcare organisations (such as NHS Digital, NHS England and Public Health England) that will either provide care in the future or support organisations that provide that care.

Information that we may share or link to other organisations
As part of the 100,000 Genomes Project we need to link different types of your health data, that is held by other organisations, to get a complete overview of your health data footprint so that we may carry out our research.   In practice in order to access and obtain health data held by other organisations, including NHS Digital, NHS England and Public Health England, we may share your personal information with these other organisations so that they can provide your personal information to us.

Before we share any of your personal information we ensure that agreements are in place that include strict rules and processes on how your personal information is shared.

6. Keeping data private

Research users will have restricted access to de-identified datasets which contain only the information they need for their specific and approved research study.  From this information they may produce additional research data based on their analysis.   Researchers should not be able to work out who this data is about, or even who is participating in the Project, simply by looking at the information in the system. However, any non-trivial piece of health data – even a de-identified report of an appointment booking – could be re-identified by somebody who already has enough information about the individual in question. This is why Genomics England insists all access to its data takes place within their secure environment, where it can be monitored.

No data held by Genomics England will be accessible to other government agencies which includes HMRC and the Child Support Agency In the unusual situation that a request for data is made by a court order then this will be referred to Genomics England’s Legal Counsel as promptly as possible so that all representations may be made to the court, for example, to limit the information requested being released.  We do not share information with insurance companies.

7. Withdrawing participation from the 100,000 Genomes Project

If a participant changes their mind and wants to withdraw from the 100,000 Genomes Project then they are free to do so and this will always be acted on without delay as we aim to make this process as easy as possible.  There are two options:

Option 1 – partial withdrawal: ‘no further contact’ – this means Genomics England will not contact the participant again although the clinical team will still get an initial report about the rare condition or cancer but no more reports after this.  The clinical team will ask the participant if they want to receive this initial report only.  Genomics England will continue to use any samples already collected for research purposes and will continue to update and store information from the participant’s health and other records for use in approved research.

Option 2 – full withdrawal: ‘no further use’ – this means the participants would no longer be in the 100,000 Genomes Project although an initial report would still go to the clinical team for them to check if the participant wants to receive this.  After this there is no further contact. We would destroy any DNA samples that we hold and from that point forwards we would restrict researchers from accessing any information we hold by putting it beyond any future use.  Data that has been used already in research cannot be altered as that would affect the research results on which discoveries may be made.

Finally regardless of the option chosen above we will keep an audit record to say that the participant was once part of the Project and then withdrew. This includes their surname, first name, date of birth, address and contact details.  This information is held in a very secure area with access limited to a very small number of staff within Genomics England.

8. Children in the 100,000 Genomes Project

When participants in the 100,000 Genomes Project reach the age of 16 they will be given the opportunity to give their own consent as an adult to remain in the Project.  They will be contacted by their clinical team to complete this process.

9. Information that is captured when we are contacted

Genomics England can be contacted by phone, email or via our website.  When you contact us we may record your details so we can best answer your query and provide you with a response.  We will keep a record of these communications in case you contact us again but these records will not be used for other purposes.  We review the information we hold and the length of time these are held as part of our records management policy.

We may contact you by post to keep you informed about the 100,000 Genomes Project or to discuss clinical trials that may be of interest to you.  We may use email to do this if you prefer and where you have provided us with your email address.

10. Accessing and updating your personal information

Under the GDPR you have the right of access to your personal information; you also have rights to rectify the information or have it erased, and to restrict or object to processing.  These rights are subject to various exceptions, including in relation to information processed for research purposes.

Genomics England aims to ensure we have the most accurate data and up to date information but we do recognise that this may not always be the case.  If the information we hold is wrong we strive to give you ways to update it quickly or to request it is deleted.  When updating your personal information, we may ask you to verify your identity before we can act on your request.

There may also be situations where we may reject requests that we believe are unreasonably repetitive or require disproportionate technical effort.  We may also reject requests that we believe risk the privacy of others and where these circumstances apply we will contact you to discuss our concerns.

Where we can provide information access and correction, we will do so free of charge.  In certain cases we may charge reasonable amounts where we believe this is appropriate due to the effort that may be needed to satisfy the request.  Again where we believe this is the case we will contact you to discuss the matter further.

Like all organisations we take our data security extremely seriously and therefore we make backups of all our data.  This helps to protect this vital data from accidental or malicious destruction. Because of this, after we have deleted information, at your request, we may not immediately be able to delete residual copies from our backup systems.  We will confirm to you as part of our discussions how we can address your privacy concerns in this respect.

11. Information security and period of storage

We work hard to protect all data from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:

  • We encrypt much of the data we hold
  • We use access control techniques
  • We restrict access to personal information to only those staff who need to see this information
  • All staff and suppliers who need to access this information are subject to strict contractual confidentiality obligations. They may be disciplined or their contract terminated if they fail to meet these obligations.
  • We continually review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.

We store your personal data for no longer than is necessary to carry out our legitimate interests of medical research and providing clinical care.  We have implemented appropriate technical and organisational measures to keep your personal data safe and to safeguard your rights and freedoms.

12. Changes

This Privacy Notice may change from time to time. We will post any Privacy Notice changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Privacy Notice changes). We will also keep prior versions of this  Privacy Notice  in an archive for your review.

Contact details and useful information

The address of Genomics England is:

Dawson Hall
Charterhouse Square
London
EC1M 6BQ

For general enquires our contact details can be found on our Contact us page.

Complaints and requests for information

When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including the Information Commissioners Officer, to resolve any complaints.

If you have a complaint, issue or question relating to this privacy notice or data protection you can contact our Data Protection Officer by the following methods:

By Phone – Call 0207 882 5030 (main switchboard) and ask for the Data Protection Officer.

By email – dpo@genomicsengland.co.uk

By letter – Addressed to the Data Protection Officer at the address above.

Genomics England is registered with the Information Commissioners Office Data Protection Register. Our registered number is ZA021653.

Privacy Notice for Applicants for Positions at Genomics England

Version 1. Dated 24 May 2018

1. Introduction

Genomics England was set up by the Department of Health and Social Care to deliver the 100,000 Genomes Project. This ambitious consent-based project is the largest national genome sequencing effort of its kind in the world. Participants are NHS patients with a rare disease, plus their families, and patients with cancer. We are creating a new genomic medicine service for the NHS to support better diagnosis and better treatments for patients. We are also enabling medical research and aim to kick-start a UK genomics industry.

2. Purpose of this Privacy Notice

This Privacy Notice sets out key information that it is essential for you to know when you provide information to Genomics England as part of the recruitment process.

We are the data controller for your personal data and this Privacy Notice describes how we process it.

By processing your personal data we mean any activity we perform on it such as collecting, storing, adapting or using it in any way during our recruitment process. We will put in place appropriate technical measures to protect your personal data and to ensure that we process it:

  • Fairly and proportionately;
  • Only in ways that are relevant to the purposes for which it is to be used;
  • Accurately so that it is complete and up to date;
  • So that it is kept no longer than is necessary;
  • So that it is protected by security safeguards to prevent loss, unauthorised destruction, use or disclosure;
  • In accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

3. Our right to change our Privacy Notice

We may make changes to our Privacy Notice during our recruitment process and when we do we will email you to let you know that we have changed it.

4. What is personal data?

Personal data is any information about a living individual that can be used to identify the individual, such as name, address, date of birth, email address, photographs or videos. It may also include special categories of personal data.  This is information concerning: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic or biometric data; health data; data concerning a person’s sex life or sexual orientation.

5. Your personal data and how we process it

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • To process your personal data as part of our recruitment exercise and before we offer a contract of employment to you;
  • When we need to comply with a legal obligation e.g. to check your eligibility to work in the UK.

From time to time we may seek your consent to process special categories of personal data and we will ask for your explicit consent before we process it.  You are under no obligation to give consent if we ask for it.  Where you do provide consent you may withdraw it at any time.

The personal data we collect and process about you includes:

 Type of information  Examples
Personal details. Name, address, date of birth, nationality, gender, religion, and preferred language, details of any disabilities, work restrictions and/or required adjustments.
Information that is necessary to enable us to carry out our recruitment exercise including information about your work history, your qualifications and your suitability to work for us. Information included in an application form, CV or covering letter provided as part of an application, references, interview notes, results of any assessments carried out as part of the recruitment process (e.g. such as coding ability tests) right to work documents, information to identify you such as passport details, records/results of pre-employment checks, including criminal record checks, credit and fraud checks.
Information that is necessary to enable us to carry out our recruitment exercise including your employment records and experience. CVs, references, records of skills and experience, including job titles, work history, working hours, qualifications, skills, training and other compliance requirements and professional memberships.
Health information. Health and sickness records and details of any medical condition but only where a medical condition will directly impact on your ability to carry out your work.  So we will not collect general health information, such as the illnesses/ diseases you have had or the medicines you take, but we may collect details of, for example, a back injury if this would prevent you from sitting at a desk without reasonable adjustments being made for you to enable you to carry out your work.

We will not use your personal data for any purpose other than the recruitment exercise for which you have applied.

6. Sharing your personal data

Your personal data may be shared internally for the purposes of our recruitment exercise. This includes sharing it with members of our HR team and those directly involved in our recruitment exercise including managers and interviewers.

We will not share your personal data with third parties, unless your application for employment is successful and we make you an offer of employment. In this situation we will share your personal data with Sterling Talent Solutions UK, the organisation we use to carry out pre-employment checks on you, the Disclosure and Barring Service to obtain necessary criminal records checks and your referees.

Occasionally we may transfer your personal information outside the European Economic Area (EEA).  Any third party with whom we share your personal data will be required to protect it and put in place appropriate technical and security measures to protect it in accordance with our instructions.

The third party organisations outside EEA that process your personal information include:

  • Sterling Talent Solutions UK

We limit access to your personal data to those who have a business need to know. They will only process your personal data in accordance with our instructions and they are required to keep your personal data confidential.

7. How we protect your personal data

The security of your personal data is very important to us.  We will ensure that we have in place appropriate organisational and technical measures to prevent unauthorised access, improper use, alteration, destruction or accidental loss of your personal data.

8. How long we keep your personal data

We will only retain your personal data for as long as necessary to fulfil the purposes of the recruitment exercise.  Should your application be successful we will transfer your personal data to your personnel file and your personal data will be retained in accordance with our policies and practices for our employees.  We will provide you with an Employee Privacy Notice in such a situation and it will set out all relevant details.

Should your application be unsuccessful we will destroy your personal data within one month.

9. Your rights and your personal data

Under certain circumstances, by law you have a number of rights in respect of your personal data.  These include the right to:

  • Request access to your personal information, known as a “data subject access request”. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
  • Request that we correct the personal data we hold about you if it is inaccurate or out of date;
  • Request that we erase your personal data where there is no good reason for us continuing to process it;
  • Request that we restrict the processing of your personal data where there is a dispute about its accuracy or the reason for processing it; and
  • Request the transfer of your personal information to another party where our processing of it is under a contract or based on your consent and the processing is carried out by automated means.

If you want to obtain access to, request correction or erasure of, restrict the processing of or request the transfer of your personal information please contact dpo@genomicsengland.co.uk.  Where you would like us to correct the personal data we hold on you, in the first instance we would encourage you to do this by contacting our HR and recruitment teams. However you can contact our Data Protection Officer using the above email address.

For more information on your rights and your personal data please see the Information Commissioner’s website.

Contact details and useful information

If you have any questions about this Privacy Notice and how we handle your personal data then please contact our Data Protection Officer at dpo@genomicsengland.co.uk

Complaints

If you consider that we have not handled your personal data lawfully then please contact our Data Protection Officer.   You also have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.

You can contact the Information Commissioner at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113

Privacy Notice for GeCIP Members

Version 2. Dated 6 July 2018

1. Purpose of this Privacy Notice

This Privacy Notice sets out key information that it is essential for you to know when you provide information to Genomics England as part of the Genomics England Clinical Interpretation Partnership (GeCIP).

We, Genomics England Limited, are the data controller in respect of your personal data that we collect, use and manage and this Privacy Notice describes how we process it.

By “processing” your personal data we mean any activity we may perform on it such as collecting, storing, adapting or using it in any way. We will put in place appropriate technical measures to protect your personal data and to ensure that we process it:

  • Fairly and proportionately;
  • Only in ways that are relevant to the purposes for which it is to be used;
  • Accurately so that it is complete and up to date;
  • So that it is kept no longer than is necessary;
  • So that it is protected by security safeguards to prevent loss, unauthorised destruction, use or disclosure;
  • In accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

2. Our right to change our Privacy Notice

We may make changes to our Privacy Notice and when we do we will post our changed Privacy Notice on our website and it will then apply. We will always put the date and version of our Privacy Notice in its header so that you can easily find this information. It is your responsibility to review this Privacy Notice from time to time.

3. What is personal data?

Personal data is any information about a living individual that can be used to identify the individual, such as name, address, date of birth, email address, photographs or videos. It may also include special categories of personal data.  This is information concerning: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic or biometric data; health data; and data concerning a person’s sex life or sexual orientation.

4. Your personal data and how we process it

We will only use your personal data when we have a legal basis for doing so. In accordance with the purposes for which we collect and use your personal data, as set out below, the legal basis for us processing your personal data will typically be one of the following:

  • your consent;
  • the performance of a contract that we have in place with you or other individuals;
  • our or our third parties’ legitimate interests provided we safeguard your fundamental rights and interests; or
  • compliance with our legal obligations.

Where we refer to “legitimate interests”, we refer to the interests of Genomics England in being able to carry out its activities in managing the GeCIP and its membership and in being able to manage its staff efficiently and effectively.

From time to time we may seek your consent to process special categories of personal data and we will always ask for your consent before we process any such personal data. You are under no obligation to give consent if we ask for it. Where you do provide consent you may withdraw it at any time.

5. The purposes for which we process your personal data

We may process your personal data for the following purposes:

  • when we process your application for membership of the GeCIP or carry out further administration in relation to your membership;
  • when you join our mailing list;
  • to communicate with you;
  • to comply with applicable laws and regulations; and

other purposes relating to our operations, including managing accounts and records, legal, regulatory and internal investigations and debt administration.

6. What personal data we collect

The personal data we collect and process about you includes:

 Type of information  Examples
Personal details Name, address, telephone email address, gender, job title, affiliations, research institutions.
Information that is necessary to enable us to carry out your membership application and membership generally. Information included in membership application forms, meeting notes references, records of skills and experience, including job titles, qualifications, skills, training and other compliance requirements and professional memberships. The name, address, telephone, email address of members of your organisation or associated with your organisation provided you have confirmed to us that they have consented to us having this information.
Publically available information Publically available information from social media, such as Twitter and LinkedIn, when interacting with you via these platforms.
Health information Details of any allergies or dietary requirements so that we can cater for you.

7. Sharing your personal data

We may share your personal data with third parties where it is necessary to enable us to carry out our activities in managing GeCIP. For example we may share your personal data with members of GeCIP and other organisations with whom we collaborate for the purposes of verifying your identity and for developing working partnerships. We may also share your personal data with third parties such as event organizers for health and safety purposes.

We may disclose your personal data to third parties including the authorities, our advisors, suppliers of IT services and third parties engaged by us for the purpose of providing services requested by you; to protect any intellectual property rights in any materials displayed on or otherwise available from our website; for the purposes of seeking legal or other professional advice; to respond to a legal request or comply with a legal obligation; and to enforce the GeCIP Rules

Any third party with whom we share your personal data will be required to protect it and put in place appropriate technical and security measures in accordance with our instructions. They are required to keep your personal data confidential.

8. How we protect your personal data

The security of your personal data is very important to us.  We will ensure that we have in place appropriate organisational and technical measures to prevent unauthorised access, improper use, alteration, destruction or accidental loss of your personal data.

9. How long we keep your personal data

We will only retain your personal data for as long as is necessary for the purposes for which it is collected.

10. Your rights and your personal data

Under certain circumstances and subject to applicable exceptions, you have a number of legal rights in respect of your personal data.  These include the right to:

  • request access to your personal information, known as a “data subject access request”. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
  • request that we correct the personal data we hold about you if it is inaccurate or out of date;
  • request that we erase your personal data where there is no good reason for us continuing to process it;
  • request that we restrict the processing of your personal data where there is a dispute about its accuracy or the reason for processing it; and
  • request the transfer of your personal information to another party where our processing of it is under a contract or based on your consent and the processing is carried out by automated means.

If you want to obtain access to, request correction or erasure of, restrict the processing of or request the transfer of your personal information please contact dpo@genomicsengland.co.uk

Where you would like us to correct the personal data we hold on you, in the first instance we would encourage you to do this by getting in touch with your GeCIP coordinator. However you can contact our Data Protection Officer using the above email address.

If you decide that you do not want to receive our newsletter or any other communications from us, you can ‘opt-out’ from receiving such communications and update your preferences by emailing us at gecip-help@genomicsengland.co.uk, by contacting your GeCIP lead contact, or by clicking on the ‘unsubscribe’ link provided at the bottom of certain emails sent to you.

For more information on your rights and your personal data please see the Information Commissioner’s website at https://ico.org.uk/for-organisations/guide-to-data-protection

Contact details and useful information

If you have any questions about this Privacy Notice and how we handle your personal data then please contact our Data Protection Officer at dpo@genomicsengland.co.uk

Complaints

If you consider that we have not handled your personal data lawfully then please contact our Data Protection Officer.   You also have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.

You can contact the Information Commissioner at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113

Privacy Notice for Genomics England Discovery Forum Members

Version 1. Dated 24 May 2018

 1. Purpose of this Privacy Notice

This Privacy Notice sets out key information that it is essential for you to know when you provide information to Genomics England as part of the Discovery Forum.

We are the data controller for your personal data and this Privacy Notice describes how we process it.

By processing your personal data we mean any activity we perform on it such as collecting, storing, adapting or using it in any way during your membership application. We will put in place appropriate technical measures to protect your personal data and to ensure that we process it:

  • Fairly and proportionately;
  • Only in ways that are relevant to the purposes for which it is to be used;
  • Accurately so that it is complete and up to date;
  • So that it is kept no longer than is necessary;
  • So that it is protected by security safeguards to prevent loss, unauthorised destruction, use or disclosure;
  • In accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

2. Our right to change our Privacy Notice

We may make changes to our Privacy Notice and when we do we will post our changed Privacy Notice on our website and it will then apply. We will always put the date and version of our Privacy Notice in its header so that you can easily find this information.

3. What is personal data?

Personal data is any information about a living individual that can be used to identify the individual, such as name, address, date of birth, email address, photographs or videos. It may also include special categories of personal data.  This is information concerning: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic or biometric data; health data; data concerning a person’s sex life or sexual orientation.

4. Your personal data and how we process it

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances.

  • When we need to process your application for membership of the Discovery Forum;
  • When you join our mailing list; and
  • Where it is necessary for our legitimate interests provided we safeguard your fundamental rights and interests.

Where we refer to “legitimate interests”, we refer to the interests of Genomics England in being able to carry out its activities in managing the Discovery Forum and the membership of it.

From time to time we may seek your consent to process special categories of personal data and we will ask for your consent before we process your personal data. You are under no obligation to give consent if we ask for it. Where you do provide consent you may withdraw at any time.

The personal data we collect and process about you includes:

 Type of information Examples
Personal details Name, address, telephone email address, gender, job title, affiliations, research institutions.
Information that is necessary to enable us to carry out your membership application and membership generally Information included in membership application forms, meeting notes references, records of skills and experience, including job titles, qualifications, skills, training and other compliance requirements and professional memberships. The name, address, telephone, email address of members of your organisation or associated with your organisation provided you have confirmed to us that they have consented to us having this information.
Publically available information Publically available information from social media, such as Twitter and LinkedIn.
Health information Details of any allergies or dietary requirements so that we can cater for you.

5. Sharing your personal data

We may share your personal data with third parties where it is necessary to enable us to carry out our activities in managing the Discovery Forum. For example we may share your personal data with members of the Discovery Forum and other organisations with whom we collaborate. We may also share your personal data with third parties such as event organisers. Any third party with whom we share your personal data will be required to protect it and put in place appropriate technical and security measures in accordance with our instructions. They are required to keep your personal data confidential.

6. How we protect your personal data

The security of your personal data is very important to us.  We will ensure that we have in place appropriate organisational and technical measures to prevent unauthorised access, improper use, alteration, destruction or accidental loss of your personal data.

7. How long we keep your personal data

We will only retain your personal data for as long as you are a part of the Discovery Forum.

8. Your rights and your personal data

Under certain circumstances, by law you have a number of rights in respect of your personal data.  These include the right to:

  • Request access to your personal information, known as a “data subject access request”. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
  • Request that we correct the personal data we hold about you if it is inaccurate or out of date;
  • Request that we erase your personal data where there is no good reason for us continuing to process it;
  • Request that we restrict the processing of your personal data where there is a dispute about its accuracy or the reason for processing it; and
  • Request the transfer of your personal information to another party where our processing of it is under a contract or based on your consent and the processing is carried out by automated means.

If you want to obtain access to, request correction or erasure of, restrict the processing of or request the transfer of your personal information please contact dpo@genomicsengland.co.uk

Where you would like us to correct the personal data we hold on you, in the first instance we would encourage you to do this by getting in touch with your Genomic England Discovery Forum contact. However you can contact our Data Protection Officer using the above email address.

For more information on your rights and your personal data please see the Information Commissioner’s website at https://ico.org.uk/for-organisations/guide-to-data-protection

Contact details and useful information

If you have any questions about this Privacy Notice and how we handle your personal data then please contact our Data Protection Officer at dpo@genomicsengland.co.uk

Complaints

If you consider that we have not handled your personal data lawfully then please contact our Data Protection Officer. You also have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.

You can contact the Information Commissioner at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113


Useful links