Keeping your personal data private is important to St Vincent’s University Hospital and University College Dublin. It is also the law: the General Data Protection Regulation 2018 or ‘GDPR’. St Vincent’s University Hospital and University College Dublin will follow GDPR when using and storing your data. St Vincent’s University Hospital and University College Dublin has a number of security measure in place to protect your personal data. The personal data collected about you will be held by, St Vincent’s University Hospital and University College Dublin and its authorized representatives. These organisations are responsible for processing your personal data and will follow the applicable data protection laws.
Your personal data will be processed on the basis of your consent. Some of your data will have been originally collected as part of your routine medical care and some data will be collected as part of the research study. We will get most of the personal data directly from you but we will also get some personal data from your:
- hospital medical charts/notes for example: your name, date of birth, gender, medical record number, height, weight, blood pressure
- laboratory reports, for example, blood test results
- x-ray test results
- wearable device
- phone app
- GP, during the course of the study
Personal data is any information which can identify you (such as your name, address, hospital number). The research team will use a study number (a unique number which is used instead of your name) to make sure your data is kept private. Data which has this study number is called coded data. Your name or other identifying details will not appear on any publications or reports from the study. To take part in this study, you must agree to share your personal data, and give your consent for this data to be used and stored (this is called data processing).
All records identifying you will be kept private and, to the extent permitted by the applicable laws and/or regulations, will not be made publicly available or shared without your express written consent. Data will be entered into a password protected database, on a secure hospital server.
Only hospital and research staff who are working on this study will have access to the database. Data from this study will be processed in line with the investigator’s requirements and requirements of the regulatory authorities (local and foreign).
Direct access to your study records will be provided for the purposes of verifying the authenticity of the information collected for the study without violating your confidentiality, to the extent permitted by applicable laws and regulations.
Disclosures to Third Parties: In certain circumstances, we share and/or are obliged to share your personal data with third parties outside St Vincent’s Hospital for the purposes described above and in accordance with Data Protection Legislation.
These third parties include but are not limited to:
- the Health Products Regulatory Authority;
- the Health Service Executive;
- the Joint Commission International;
- relevant industry bodies;
- external professional advisors; and
- Others, where it is permitted by law, or where we have your consent.
We will keep your personal data for 15 years after the study ends. This may mean that some information is held for longer than other information.
Under GDPR, you have rights. However, in certain circumstances, these rights may be restricted.
These rights may include:
- The right to check what type of personal data we hold about you and get a copy of it.
- The right to as to not give your consent for your data to be processed. We will stop using your personal data unless we can show we have a legitimate reason for continuing to use your personal data.
- The right to change your personal data if you feel it is not correct or complete.,
- The right to ask your data to be taken out or erased from the study
- The right to give your consent for your personal data to be processed in some ways but not in others if you feel it is not accurate or not lawful
- The right to take away a copy of your data and to have it sent to another data controller
A Data Controller is the person or organization who is in charge of deciding how and why your personal data will used. The Joint Data Controllers for this study are:
- St Vincent’s University Hospital, Elm Park, Dublin 4, Company Registration Number: 338585
- University College Dublin, Belfield, Dublin 4, Company Registration number: 239961
During the course of the study, you, your doctor or a member of the research team may decide that you should no longer take part in the study. Participants are free to withdraw from the study at any time. If you leave the study you can decide whether to allow your personal data to continue to be processed as part of the overall study objectives or whether to withdraw consent for your data to be processed. A member of the research team will discuss this with you.