General privacy notice

Who are we?

Our Future Health collects, stores and links many data sources, with the aim of providing a resource for health researchers to make new discoveries about human health and disease.

Our Future Health Limited is the Data Controller responsible for your personal data. We are registered with the ICO (ZA769724).

Our data protection officer (“DPO”) is responsible for handling questions that relate to this privacy notice. You can contact the DPO, at any time, by email on [email protected] or by post to DPO, Our Future Health, Eversheds House, 70 Great Bridgewater Street, Manchester M1 5ES.

This privacy notice explains how we process and protect your personal data.

Please note that if you are a Participant in Our Future Health, please refer to our Participant Privacy Notice, as this has more specific information on how we collect, store, transfer and use data as part of the research programme.


Introduction

We are committed to the highest standards of data protection, and to making sure that our privacy notices are easy to understand. If there is anything in our privacy notices which you would like to discuss, please contact our support team.

As well as our commitment to complying with all relevant data protection legislative requirements, we also work collaboratively with members of the public across the UK to ensure that how we manage and protect your data is in line with public expectation. This work includes co-design panels, public advocacy groups and public testing of our information materials and focus groups. If you would like to learn more about our public participation activities, please contact our support team.

It is possible to register to receive more information and updates from Our Future Health without consenting to join the research programme. We call this an Information-Only account.

↑back to top


The personal data we collect about you

Your personal data is information which can identify you. It does not include data where your identity has been removed, often called anonymised, de-identified or pseudonymised data. You can read more about these terms here.

Below is a list of the types of personal data we may collect, use, store and transfer when you interact with us:

  • Identity Data includes your name, title and date of birth.
  • Contact Data includes your address, email address, telephone number and any communication we have had with you (including emails, phone calls, voicemail and conversations you may have had with our support team).
  • Technical Data includes your IP address, browser type and version, time-zone setting and location, language preference, operating system and platform, and other information related to the devices you use to access the website.

Our website sometimes includes links to third-party websites and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control third-party websites and are not responsible for their privacy statements. We recommend you read the privacy notice of third-party websites and applications.

↑back to top


How your personal data is collected

We use different methods to collect data from and about you, these include:

  • Directly from you: You may give us your identity data and/or contact data when you contact us, give us feedback or register for more information.
  • Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your device, browsing actions and patterns. However, the type of information that we collect is dependent on whether you chose to accept or decline these using the Cookie Banner when you visit the Our Future Health website.

↑back to top


How we use your personal data

In accordance with GDPR, the use of personal data must be justified. This justification is called a “legal basis” and OFH apply the following legal bases when processing personal information:

  • To fulfil the performance of a contract
  • Where we have a legal obligation
  • To achieve our legitimate interests, provided that this does not affect your rights as a data subject
  • Where you have been asked to provide your consent

The table below describes how we use your personal data, and the legal bases we rely on to process your data.

How we use you personal data
Purpose / Activity Type of data Lawful basis for processing
Purpose / Activity When you register to open an Information Only account with Our Future Health to receive information and learn more about what we are doing. Type of data Name
Email
Phone Number
Home Address
Date of Birth
Lawful basis for processing

We process this information to achieve our legitimate interests in order to:

  • Ensure you are a UK resident and over 18 years of age
  • Provide you with information about Our Future Health, in accordance with your preferences
Purpose / Activity To manage our relationship with you Type of data Name
Email
Phone Number
Lawful basis for processing

We process this information to achieve our legitimate interests in order to:

  • Communicate with you and provide you with information, in accordance with your preferences
  • Respond to your queries, take note of your feedback and ensure the best operation of Our Future Health.
Purpose / Activity For analytical purposes to understand how users interact with Our Future Health Type of data Technical Data
Aggregated/ De-identified Data
(i.e. does not identify you personally)
Lawful basis for processing

We process this information to achieve our legitimate interests in order to:

  • Understand how people interact with, and respond to, information provided about Our Future Health
  • Understand the journey of those who sign up to receive information about Our Future Health and how many proceed to participate in the Our Future Health research programme
  • Ensure the best operation of Our Future Health.
Purpose / Activity To manage the Our Future Health website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Type of data Technical Data
Aggregated/ De-identified Data
(i.e. does not identify you personally)
Lawful basis for processing We process this information to achieve our legitimate interests in order to manage the website, IT services, network security and also to prevent fraud.

Where we have indicated that the processing of your personal data is necessary for our legitimate interests, we conduct a full balancing assessment to ensure that our needs do not affect your data subject rights.

If you no longer wish to receive information about Our Future Health, you can opt-out of communications at any time by using the unsubscribe link in each communication or by changing your preferences in your Account page on the website.

↑back to top


The de-identified data we collect about you

We collect, store and share Aggregated Data, which does not reveal you identity, for example demographic data or statistical data, which helps us to understand how people are using the website. We may aggregate data about how many people use the Our Future Health website to calculate the percentage of people using a specific feature of the website. However, if we combine or connect aggregated data with your personal data, we treat the combined data as personal data which will be processed in accordance with the privacy notice.

↑back to top


How we share your personal data

Sometimes we ask third parties, including suppliers and partners, to carry out business functions for us, for example maintaining and backing up our IT systems software, or providing a data analytics platform. Where we are required to share your data with these third parties, we conduct robust due diligence assessment to ensure that they have appropriate security standards in place that protects your personal data, and we will enter into a written contract imposing appropriate security and usage standards on them.

↑back to top


Your data protection rights

As a data subject, you have a number of rights, in accordance with GDPR, as follows:

Your right What does it mean?
Right to access You have the right to access your personal data. This is sometimes referred to as submitting a “data subject access request”.
Right to data portability You have the right to move or copy your personal data, that we store, from our environment to another.
Rights to rectify You have the right to update, correct or complete your personal data.
Right to object You have the right to object to or ask us to restrict the processing of your personal data, including direct marketing.
Right to be forgotten You are entitled to have your personal data erased, at any time. From time to time, we may be required to retain data for example to comply with a legal obligation, or exercise or defend legal claims.
Right to withdrawal of consent You have the right to withdraw your consent at any time.

Should you wish to discuss this or exercise any of your rights please contact our DPO by email on [email protected] or by post by writing to the address above.

↑back to top


How we use Cookies

You can change your cookie preferences at any time by using the website Cookie Banner. For more information about the cookies that we use, please refer to our Cookie Policy.

↑back to top


International transfers

Where processing activities require data to be transferred outside the UK and European Economic Area (EEA), we will only make that transfer if:

  • the country to which the personal data is to be transferred ensures a level of protection for personal data.
  • we have put in place appropriate safeguards to protect your personal data, such as an appropriate contract with the recipient.
  • the transfer is necessary for one of the reasons specified in data protection legislation, such as the performance of a contract between us and you; or
  • you explicitly consent to the transfer.

↑back to top


How we keep your data secure

We have put in place appropriate and robust security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. In addition, we limit access to your personal data to approved employees and suppliers, who are required to access in accordance with their roles and responsibilities.

We have put in place procedures to respond to any suspected personal data breach and will notify you and any applicable regulator of a breach should that occur.

↑back to top


How long we keep your data

We retain your data for as long as is necessary to provide you with the services described in this notice, or for as long as you have a registered account with Our Future Health. We may also retain and use your data to comply with our legal obligations, resolve disputes, enforce our agreements and protect Our Future Health’s legal rights.

If you no longer wish to be registered to have an information-only account with Our Future Health, please visit the withdrawal page on the website. Your personal data will be erased within 28 days of receipt of the request.

↑back to top


Contact details

Our DPO is available to answer any questions and satisfy any concerns about Our Future Health’s use of your personal data. If you are not satisfied with our response, you can contact the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk).

This privacy notice was last updated in March 2021. If we may make changes to this privacy notice, at any time, the most current version will be published here.

↑back to top