skip to Main Content

Privacy Policy

Accelerating Clinical Trials Ltd (ACT) is a Clinical Research Organisation specialising in blood cancer studies. We are registered with the Information Commissioners Office as a Data Controller, registration number ZB505572. 

Our registered business address is: 48 Chancery Lane, London, WC2A 1JF

This privacy notice is addressed to all customers, vendors, suppliers, contact persons, and other individuals (“Data Subjects”, “you”) of or in contact with ACT (“ACT”, “us”, “we”). It is meant to help you understand what personal data we collect, why we collect it, and how you can exercise your data protection rights. “Personal Data” in this document is any information relating to an identified or identifiable natural person, by direct or indirect means. This can sometimes be called “personally identifiable information”.

You might have been provided with a privacy notice or contract to you for a specific purpose. If that is the case, the terms of the notice or contract will control your interaction with ACT, to the extent that such notice or contract conflicts with this notice.

We take your data privacy and the protection of your personal data seriously and we are committed to the highest data privacy standards, patient confidentiality and adherence to the Data Protection Act 2018 and UK GDPR. We adopt the six core principles of data protection:

  1. Lawfulness, fairness and transparencywe process personal data lawfully, fairly and in a transparent manner in relation to you, the data subject.
  2. Purpose limitationwe only collect personal data for a specific, explicit and legitimate purpose. We clearly state what this purpose is in this Privacy Notice, and we only collect data for as long as necessary to complete that purpose.
  3. Data minimisationwe ensure that personal data we process is adequate, relevant and limited to what is necessary in relation to the processing purpose.
  4. Accuracywe take every reasonable step to update or remove data that is inaccurate or incomplete. You have the right to request that we erase or rectify erroneous data that relates to you, and we will complete this task as soon as possible but guarantee to do so within a month.
  5. Storage limitationwe delete personal data when we no longer need it. Whilst the timescales in most cases aren’t set, we outline our retention strategy within this Privacy Notice.
  6. Integrity and confidentialitywe keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. 

Collection of your Personal Data

We collect your personal information via disclosure directly from you or in some cases someone you have nominated. This might be via our website, online portal, E mail, post, telephone, or face to face engagement.

Categories and Types of Personal Data Collected and processed

We may collect contact details from you, when relevant, including:

  • Name
  • Address/work address
  • Telephone number(s)
  • Email addresses

In addition to this contact information, you may in some cases also have provided us with other personal data which could include age, sex, medical or health related information. The detail and type of this information will be related to the type of engagement with us.

We treat all personal data as confidential but acknowledge that we also may process special category data.

Reason for Data collection and processing activities.

Contact information is captured to enable us to communicate effectively with you and ensure we provide you with the outcome your engagement with us requires.

Additional information beyond contact details will only be required if it is relevant to the enquiry, application or report you are making to us and is needed in order to assist you or meet our regulatory obligations. It will be with your agreement that this information is processed and/or as provided by you.

Sharing of Personal Data

Your personal data will only be shared with our own staff, associates, or contractors when it is necessary for them to have access to complete their assigned responsibilities or provide their contracted services. Sharing of your data will be relative to the nature of our engagement with you.

We utilise the services of other organisations who are critical for the provision of our service to you and will be viewed as data processors. Their access is restricted, and they are contractually bound to strict confidentiality and the protection of your personal data.

There may also be legal obligations under which we have to share data as requested by nationally recognised regulators or authorities.

Transferring information outside the UK

Our operations are based in the UK, and your personal information is generally processed within the UK and countries within the European Economic Area (EEA). In some instances, we may transfer your personal information to third countries, for example, where our suppliers or cloud service providers are situated outside the UK and EEA.

If the recipient is situated in a third country that has not received an adequacy decision from the relevant regulator, we will ensure additional safeguards are in place including the use of applicable standard contractual clauses.

Securing and Processing of your Personal Data

We employ physical, electronic, and administrative measures that are designed to protect your Personal Data from loss, misuse and unauthorised access, disclosure, alteration, and destruction.

We undertake regular reviews of our processing activities, their risks and technical and organisational measures in place to ensure that the integrity and confidentiality of your data is protected.

In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, and we identify a risk to your rights and freedoms, we will report this to the Information Commissioner’s Office (ICO) , who are responsible for regulating data protection legislation in the UK. Where the loss or unauthorised access of your data has potential to cause you harm we will notify you without undue delay.

Our legal basis for processing your personal data

We will not collect or process your personal data without ensuring that we are doing so on a basis which meets UK GDPR. In general, we will collect and process your personal data based on the following:

  • you have formally given us your expressed consent.
  • in meeting requirements of a contract between us.
  • it is in our or your legitimate interests.
  • it is in your vital interests.
  • to perform a public task.
  • we have a legal obligation to do so. 

Our legal basis for the processing of your Personal Data will depend on the nature of your engagement with us.

In general, you will have provided your personal data to us, and the processing of that data will be primarily on the basis of a contract or legitimate interest.

The processing of your data on systems supported by contracted organisations is done so on the basis of legitimate interests.

Where special category data is processed, we do so where we are permitted to under UK GDPR Article 9.

How long do we keep your personal data for?

Personal data will not be kept for longer than is necessary to fulfil its purpose. As an exception, we may be required to retain your Personal Data for longer periods as required or permitted by law, or as necessary to protect our rights and interests. In such a case, you will be informed of the intended retention period in the applicable Privacy Notice, Informed Consent Form, or Patient Information Sheet.

Your rights in connection with personal information

Under UK data protection law, you have following rights:

Right Explanation
Right to be Informed This means that we have to be transparent in how we collect and use your personal data
Right of Access You have the right to access your personal data.
Right to Rectification If the information we hold about you is inaccurate or incomplete you can request that we correct this
Right to Erasure You can request that we delete or remove personal data in certain circumstances
Right to Restrict Processing

You have the right to request that we cease processing your data if

  • you consider it inaccurate or incomplete and/or
  • you object to the reason we’re processing your data

We will review the validity of your request and respond to you with our decision

Right to Data Portability Where you have consented to our processing your data or where the processing is necessary for us to deliver a contract you can request a copy of that data be provided to a third party
Right to Object

You have the right to object to our processing in certain circumstances. For example, you can object to:

  • direct marketing and
  • processing for the purposes of scientific/historical and statistics
Rights relating to Automated Decision-Making including Profiling

We do not use automated decision-making or profiling

Where automated decision-making is applied, organisations must

  • give you information about the processing
  • introduce simple ways for you to request human intervention or challenge a decision
  • carry out regular checks to make sure that our systems are working as intended

 

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of your other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

How to exercise your rights

If you took part in a clinical trial as a study subject, you should ideally contact the institute where your trial took place (as we will not be able to identify you from the study data). Contact details will have been given on your Informed Consent Form or Patient Information Sheet. Failing this you can contact us directly using the details below.

You can exercise your rights by emailing our Data Protection Officer.

If you are unhappy with anything we have done with your data, please let us know. You also have the right to complain to the Information Commissioner’s Office. To make a complaint to the Information Commissioners Office (ICO) use the link below or call their hotline on Tel No.: 0303 123 1113

https://ico.org.uk/make-a-complaint/ 

How to contact us?

For all data protection matters or questions relating to how we manage your data, you can contact our Data Protection Officer:

Data Protection Officer:             Clinical DPO.
Phone Number:                        0203 411 2848
Email:                                      actdpo@clinicaldpo.com