Information for study participants

Privacy notice

The data we have collected on you for the Caerphilly Prospective Study (CaPS) is to enable us to look at what risk or protective factors may be associated with a wide range of chronic diseases, such as heart disease, stroke, dementia etc. We have a wide range of different types of data; (a) questionnaire – either self-report or responses to an interviewer, (b) clinic measurements - things like weight or blood pressure, (c) biomarkers – measures derived from a blood sample such as cholesterol or genetic variations (d) cognitive function tests of memory (e) outcome data such as whether you have had a heart attack from medical records or other sources. We obtained causes of death or diagnosis of cancer by linking our research data with the records held by NHS-Digital (NHS-D) who support medical research. To do this we provided NHS-D with the forename, surname, date of birth and NHS number of our study participants. In return NHS-D provided us with details from the death certificate for those subjects who had sadly died or the cancer registration information for subjects who were diagnosed with cancer.

We take data security very seriously and adhere fully to the University of Bristol’s data protection and information security policies and procedures. University of Bristol is the Data Controller, and is responsible for ensuring that all data are securely stored, handled and used in accordance with the Data Protection Act 2018 and General Data Protection Regulation (GDPR). University of Bristol data policies and procedures comply with legislative and regulatory requirements, including NHS standards. The principal investigator remains the Data Custodian and oversees the way in which the study members’ data are looked after.

All contact information, such as names, addresses and telephone numbers of study members, is stored on an IT network that is protected by digital access controls, firewalls, security testing, full auditing, and other security provisions, to protect against the risk of unauthorised access. This system is also physically locked down and is only accessible by authorised personnel.

The same security measures are applied to all data that has been collected on study participants, be it questionnaire, clinical data or from any blood samples. All participants are coded with an arbitrary reference number, which means that researchers analysing results cannot directly identify participants and never see any contact information. Similarly, any data that is shared with research collaborators is fully anonymised to protect confidentiality and only used for approved ethical research purposes. All paper records are kept locked away in a secure storage area with restricted access. We will keep your data until we feel it no longer can add to our scientific knowledge and help society. At this moment this will review the value of the study again in 2025 at which point we will decide if we should continue to look after the data for longer or destroy it.

The legal basis for personal data to be obtained and processed for this purpose is Article 6 (1) (e) of the GDPR, which covers processing that is necessary for the performance of a task carried out in the public interest. The legal basis for processing information about particpants’ health is Article 9 (2) (j) that covers processing that is necessary for reasons of public interest in the area of research.

Participants whose data is being processed have certain rights over their data. Further details can be found in the University of Bristol’s Data Protection Policy. Anyone who believes their data is being processed in a way that isn’t fully compliant with requirements has the right to submit a complaint to the Information Commissioner’s Office.

If you do not wish your confidential data to be held by the Caerphilly Prospective Study research team and/or to be shared with organisations that hold official health data (e.g. NHS England) to find your hospital events, cancer registration and/or death certificate records please email Dr Laura Corbin at laura.corbin@bristol.ac.uk. On receipt of your email, we will destroy your confidential information and/or prevent it being shared in accordance with your wishes.

Any queries about the University of Bristol’s compliance with data protection requirements should be directed to data-protection@bristol.ac.uk or (0117) 3941824.