Background

Our Future Health will be the UK’s largest ever health research programme. It is designed to help people live healthier lives for longer through the discovery and testing of more effective approaches to prevention, earlier detection and treatment of diseases.

As part of our research, we are inviting you to take part in user research about how we provide participants with information about their health. Your feedback will help us understand how participants would like to see this information, and how receiving it might affect you. This will help us improve how we offer feedback to our participants in the future.

Our Future Health Limited is the Data Controller responsible for your personal data. We are registered with the ICO (ZA769724).

This privacy notice explains how we process and protect the personal data of participants taking part in user research activities relating to Health Insights Clinic Measurements. For more information about how Our Future Health processes participant data, please read our Participant Privacy Notice.

What personal data we collect

In this section, we explain the types of personal data that we process and why, along with any data that third parties process on our behalf. We collect, use, store and transfer the following types of data:

• Identity Data includes your full name, title, email address, date of birth, age, sex and gender.
• Contact Data includes your full postcode, region location, telephone number and any communication we have with you (including emails, phone calls, voicemail, recordings and conversations you have with our support teams).
• Profile Data includes your participant ID, consent record, feedback, survey responses and interview data including recordings (visual and audio).
• Special Category Data includes personal data which reveals your racial or ethnic origin or information about your health. Biological data is also special category data, and includes clinical data like your weight, waist circumference, blood pressure, heart rate, heart rhythm, and cholesterol.
• Interview Session Data includes your full name, email address, authorisation to take part in the interview, date and time of interview.
• Reimbursement Data includes your full name, email address, and PayPal account details.
• Web analytics Data for more information please refer to our Cookie Policy: Cookies – Our Future Health.

This data is required to help us provide you with feedback about your health. It will also help us understand how participants would like to see this information, how best to present such information to you, perform analysis on different groups to investigate specific impacts on those groups, and how receiving it might affect you.

How we collect your personal data

We use a variety of ways to collect data from our participants, and we try to make this as easy and convenient as possible. This may be through Our Future Health directly or our trusted third-party suppliers who are under contract to us to e.g. manage your appointment, screen participants for interviews, or send you surveys. As a participant, we may collect your personal data in any of the following ways during this pilot user research:

• By you providing information in any contact we, or our trusted provider, have with you.
• By securely accessing the data you have already consented to provide to Our Future Health, this includes your clinic measurements.
• By you filling in a new survey about yourself.
  • If taking part in interviews, our trusted third-party supplier (Roots Recruitment) will ask you to complete a survey that includes questions about your ethnicity, lifestyle and health.
  • We may ask you to fill in a survey that includes questions about your experience of reviewing information about you and your health. This survey will be hosted via a trusted third-party supplier (Qualtrics).
• By you providing feedback.
• By checking your consent status.
• By you taking part in a recorded interview via videoconference software such as Microsoft Teams.
• Web analytics: we collect information about how you access our website (including IP address, browser, device type, operating system). We also track actions and events (such as clicks or screen views) to better understand how you interact with our services.

Our legal basis and purpose for processing your personal data

All collection and processing of personal data must be legally justified with what is called a “legal basis”, under the UK GDPR and Data Protection Act 2018.

When processing the personal data of individuals  user research, the legal bases are:

Purpose / Activity	Type of Data	Lawful Basis & Summary
Selecting the group of participants to invite for pilot user research involvement. Carrying out the surveys Managing interview schedules and sessions	– Length of time in OFH programme – Full name – Full postcode – Email address (to send invite to survey and invite to appointment) – Email address used to sign up to Our Future Health programme – Clinic appointment status – Consent record – Age – Contact telephone number – Date of completion of survey – Signature – Region – Gender   Responses to questions about how satisfied you were with the information you received relating to your measurements at your appointment Your authorisation to take part in the interview   Your acceptance that the interview will be recorded and that interviewers will see your clinic measurements as part of that process.	Article 6(1)(f) of the GDPR. We process this information to achieve our legitimate interests to: – Select which participants to approach for the Health Insights Clinical Measurements User Research pilot – To ensure we have a representative sample of users – To ensure users are selected from England – To be able to contact you for an interview – To manage scheduling of the interview and the carrying out of the interview – To contact users regarding their interview session – To manage any technical issues with surveys or the online interview – To understand the impact when viewing health insights digitally on different groups of people.
	Special category data: clinic appointment health measures (height, weight, waist circumference, blood pressure, heart rate, heart rhythm, cholesterol)   Your responses to whether: – you understood whether clinic measurements were outside healthy range; and of so which measurements you felt uncomfortable being told about any of your clinic measurements; and if so which measurements – you asked for certain measurements not to be taken; and if so which measurements – you asked not to be told about certain measurements, and if so which measurements   Responses to questions about your attitude to your health and your current health status.	Article 9(2)(j) of the GDPR:  We process this information in the public interest in the area of public health relating to scientific or historical research purposes or statistical purposes.
	Special Category data: ethnicity	Article 9(2)(g) of the GDPR and the Data Protection Act, Schedule 1, part 2 condition 8: We process this information as it is necessary for substantial public interest purposes (i.e. ensuring we have a representative sample of users).
Contacting you directly via email to provide you with a link to your digital report and/or to ask you to complete a survey about your experience of viewing your digital reports.	Email address Full Name	Article 6(1)(f) of the GDPR. We process this information to achieve our legitimate interests to contact you for purposes relating to this user research pilot. e.g. email you the links to your digital report and any surveys for you to complete.
Performing the online interview	Video/Audio recording.	Article 6(1)(f) of the GDPR. We process this information to achieve our legitimate interests to carry out an online interview for user research
	Special Category data: this may include discussions around your clinic measurements and/or health information.	Article 9(2)(j) of the GDPR:  We process this information in the public interest in the area of public health relating to scientific or historical research purposes or statistical purposes.
Securely provide you with access to digital reports based on some of the data about you that we hold.	Personal data: name, DOB, postcode; appointment data (date of clinic appointment); Participant ID, sex, gender.	Article 6(1)(f) of the GDPR: We process this information to achieve our legitimate interests of providing you feedback on clinic appointment data and perform user research.
	Special category data: clinic appointment health measures (height, weight, waist circumference, blood pressure, heart rate, heart rhythm, cholesterol).	Article 9(2)(j) of the GDPR:  We process this information in the public interest in the area of public health relating to scientific or historical research purposes or statistical purposes.
Ensure the data presented to you digitally matches the data we hold about you and evaluate insights software	Personal data: name, DOB, postcode; appointment data (date of clinic appointment); Participant ID, sex, gender	Article 6(1)(f) of the GDPR: We process this information to achieve our legitimate interests of evaluating insights software and validate correct performance.
	Special category data: clinic appointment health measures (height, weight, waist circumference, blood pressure, heart rate, heart rhythm, cholesterol).	Article 9(2)(j) of the GDPR:  We process this information in the public interest in the area of public health relating to scientific or historical research purposes or statistical purposes. As part of this, it may be processed for quality control purposes to ensure the quality of our data.
Analyse the impact of digital health insight reports on Public Health e.g. participant experience, lifestyle, health-related behaviours.	Personal data: participant survey and interview data (including visual/audio recordings); Sex; Gender; web analytics data. Consent record	Article 6(1)(f) of the GDPR: We process this information to achieve our legitimate interests of analysing the impact of health insight reports and the associated web access experience on participant engagement.
	Special category data: clinic appointment health measures (height, weight, waist circumference, blood pressure, heart rate, heart rhythm, cholesterol).	Article 9(2)(j) of the GDPR:  We process this information in the public interest in the area of public health relating to scientific or historical research purposes or statistical purposes. As part of this, it may be processed for quality control purposes to ensure the quality of our data.
	Special Category data: ethnicity.	Article 9(2)(g) of the GDPR and the Data Protection Act, Schedule 1, part 2 condition 8. We process this information as it is necessary for substantial public interest purposes (research into equality of opportunity or treatment).
Input into promotional materials to highlight the latest developments in the progress of the Our Future Health study.	Personal data: participant survey and interview data; web analytics data. Consent record	Article 6(1)(f) of the GDPR: We process this information to achieve our legitimate interests of promoting the objectives and latest developments of the Our Future Health Programme.
Informing the design and development of the feedback programme.	Personal data: participant survey and interview data; sex; gender; web analytics data. Consent record	Article 6(1)(f) of the GDPR: – We process this information to achieve our legitimate interests of informing the design and development of the feedback programme with the aim of providing digital feedback as part of the OFH programme. – To understand the impact when viewing health insights digitally on different groups of people.
	Special category data: clinic appointment health measures (height, weight, waist circumference, blood pressure, heart rate, heart rhythm, cholesterol).	Article 9(2)(j) of the GDPR:  We process this information in the public interest in the area of public health relating to scientific or historical research purposes or statistical purposes. As part of this, it may be processed for quality control purposes to ensure the quality of our data.
	Special Category data – ethnicity	Article 9(2)(g) of the GDPR and the Data Protection Act, Schedule 1, part 2 condition 8. We process this information as it is necessary for substantial public interest purposes (research into equality of opportunity or treatment).
Processing payment/ vouchers	Full Name Email address PayPal account details Interview completion status	Article 6(1)(f) of the GDPR: We process this information to achieve our legitimate interests of sending you payment/ vouchers to thank you for your time and effort.

How we share your personal data

Sometimes we ask trusted third parties, including suppliers and partners, to carry out business functions for us, such as maintaining and backing up our IT systems’ software, or providing a data analytics platform. 

Where we are under a legal or regulatory duty to do so, we may disclose your details to the police, regulatory bodies, or legal advisors.

Data provided to Our Future Health is transferred to and stored in a highly secure data environment.

Our trusted supplier, Roots Recruitment, will initiate the screening / interview allocation processes on our behalf.

Our trusted supplier Dovetail will have access to your interview recordings. For more information on how Dovetail processes your data, please refer to their Privacy Notice.

How we keep your data secure

We have put in place appropriate and robust security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. In addition, we limit access to your personal data to approved employees and suppliers, who are required to access it in accordance with their roles and responsibilities.

We have carried out robust due diligence assessments to ensure that third-party data suppliers have appropriate security standards in place that protect your personal data. We have entered into contracts with all partners to ensure they have adequate security and usage standards in place.

You can also find more information about how we keep your data securely in the Our Future Health Participant Privacy Notice Participant privacy notice – Our Future Health.

How long we keep your data

Unless we explain otherwise to you, we will retain your personal data on the basis of the following guidelines:

• for as long as we have a reasonable business need, such as managing the programme, delivering health feedback to Our Future Health participants; and/or
• in line with legal and regulatory requirements or guidance.

PayPal account details are deleted once payment has been made. 

Please see the section ‘Your Data Subject Rights’ below for how to exercise your data protection rights.

International Transfers

Please see the Our Future Health Participant Privacy notice for details: Participant privacy notice – Our Future Health

Your data subject rights

You can opt out from this pilot user research at any time, or exercise your other data subject rights. For more details on your rights and how to exercise them please see the Our Future Health Participant Privacy Notice. Opt-out requests will be dealt with promptly and in line with our  statutory requirements.

Please note if you opt out from this pilot it does not mean that you have withdrawn from the Our Future Health Programme.

Contact details

Our Future Health’s Data Protection Officer is available to answer any questions and address any concerns about Our Future Health’s use of your personal data. You can email: dpo@ourfuturehealth.org.uk, or write to: DPO, Our Future Health, 2 New Bailey, 6 Stanley Street, Manchester, England, M3 5GS. 

If you are not satisfied with our response, you can contact the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk).

This privacy notice was published in May 2025. If we make changes to this privacy notice, at any time, the most current version will be published here.