Please sign in

About this Notice

We ask that you read this privacy notice carefully, as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event that you have a query or complaint. The University of Warwick is committed to undertaking research to the highest standards of integrity, and this includes compliance with the relevant data protection legislation: the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA). The GDPR governs the way in which organisations use personal data, defined as: any information that relates to an identified or identifiable individual. Under the GDPR there are “special categories” of more sensitive personal data which require a higher level of protection. This privacy notice explains how the University of Warwick will process and use personal data collected from you as part of a research project and your rights under data protection.

Collecting and using your personal data for research

As a University we use personal data to conduct research as part of the core activities set out in our Charter and Statutes. The legal basis under which we will process your personal data for research is called ‘task in the public interest’ (Article 6 of the GDPR). In the cases of ‘special category data’, in addition to Article 6, the legal basis is for ‘archiving purposes, scientific or historical research purposes or statistical purposes in the public interest’ (Article 9 of the GDPR). We may also process your personal data with your consent or (where it concerns special category data) your explicit consent. Special category data is that revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. When creating a user account on the X-Raydar’s web site, we require your name, work e-mail address and affiliation. The University will use your information only for the purposes of research and we will not use your information or contact you for any purpose other than research. Upon creating an account, you will be able to upload fully anonymised chest X-Rays in DICOM format, which will be processed in real-time using our algorithm. It is your responsibility to ensure that these files do not contain any Personally identifiable information (PII) and Protected Health Information (PHI). The DICOM data we collect will also be anonymised shortly after data collection. It will be possible for you to delete your DICOM data at any point simply by removing them from your account. However, it will not be possible to delete the data you provided during the registration process.

Processing your personal data

With regards to the processing of your data, the University of Warwick will be classified as the ‘Data Controller’. This means that we will be responsible for deciding how your personal information is collected, used, shared, archived and deleted (processed). For the purpose of this project, only your registration data (full name, work e-email and affiliation) will be kept indefinitely. The imaging data you upload will be processed in real-time with the purpose of generating a report, and will be automatically deleted after four weeks.

Sharing of your personal data

The privacy of your personal data is extremely important to The University of Warwick (UoW). As such, we expect our researchers to operate to the highest standards of data protection and to keep your personal information safe and secure. We will not disclose the information unless there is a justified reason for the purposes of achieving the research outcomes. The X-Raydar web site provide information about the project, including the research project team and collaborators from external organisation who are also working on the project. None of the information you provide during the registration process will be shared with third parties or published. The University may sometimes use products or services provided by third parties who carry out a task on our behalf, such as Files.Warwick, which is used for sharing research data for collaboration. In such circumstances, the University, as the Data Controller, remains responsible for your personal information and will ensure that appropriate contractual terms and safeguards are in place.

Keeping your personal data secure

The UoW keeps your personal data secure at all times using both physical and technical measures. The security of your data is of great importance to the University of Warwick and we therefore have robust procedures in place to protect your data. Together with security standards and technical measures that ensure your information is stored safely and securely, we also have in place policies and procedures that tell our staff and students how to collect and use your information safely and provide training which ensures our staff and students understand the importance of data protection and how to protect your data. All research projects involving personal data are scrutinised and approved by a research ethics committee. In addition, the University will carry out data protection impact assessments on high-risk projects, and when working with external collaborators, we will put in place appropriate contracts to protect your information. Should the proposed research project include collaborators outside of Europe or we need to transfer your data outside then we will let you know if the receiving country or organisation is deemed to have adequate data protection provision. Where a country or organisation does not have adequate protections, we will put safeguards in place. Details of these safeguards can be provided to you upon request to Legal and Compliance Services. Where UoW engages a third party to process personal data it will do so on the basis of a written contract which conforms to the security requirement of the GDPR UoW takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident. UoW also ensures that we have appropriate processes in place to test the effectiveness of our security measures.

Retention of your personal data

The GDPR and DPA 2018 requires that personal data should be kept for no longer than is necessary for the purposes for which the personal data are processed (except in certain specific and limited instances). The University expects that its researchers will not keep your information for longer than is necessary for the purposes of the research and will be anonymised or pseudonymised, by removing identifying information and replacing this with an artificial identifier or code, where possible. The duration of time we will store your data is dependent on a number of factors, such as the requirements of the research funder or the nature of the research. Once you create an account on X-Raydar, we will keep your registration details for two years.

Data subject rights

Under the GDPR and DPA 2018 you have a number of important rights free of charge. You have the right to:

Who to contact and complaints

We hope that our Data Protection Officer (DPO) can resolve any query, concern or complaint you may raise about our use of your personal data on the contact details below:
The DPO can be contacted via email at DPO@warwick.ac.uk
Or write to:
The Data Protection Officer
University of Warwick
University House
Kirby Corner Road
CV4 8UW
The GDPR and DPA 2018 also gives you the right to lodge a complaint with the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: [0303 123 1113].

Changes to this Privacy Notice

This privacy notice was published on 10th August 2018 and last revised on 14 June 2020.