Privacy Notice

Last updated: June 2020

About this Notice

We ask that you read this privacy notice carefully, as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event that you have a query or complaint.

The University of Warwick is committed to undertaking research to the highest standards of integrity, and this includes compliance with the relevant data protection legislation: the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA).

Collecting and using your personal data

The legal basis under which we will process your personal data for research is called 'task in the public interest' (Article 6 of the GDPR).

When creating a user account on X-Raydar, we require your name, work email address and affiliation. The University will use your information only for the purposes of research and we will not contact you for any purpose other than research.

Upon creating an account, you will be able to upload fully anonymised chest X-rays in DICOM format. It is your responsibility to ensure that these files do not contain any Personally Identifiable Information (PII) or Protected Health Information (PHI).

Processing your personal data

The University of Warwick is the Data Controller. Only your registration data (full name, email and affiliation) will be kept. Imaging data you upload will be processed in real-time and automatically deleted after four weeks.

Sharing of your personal data

None of the information you provide during registration will be shared with third parties or published.

Keeping your personal data secure

The University keeps your personal data secure at all times using both physical and technical measures. All research projects involving personal data are scrutinised and approved by a research ethics committee.

Retention of your personal data

Once you create an account on X-Raydar, we will keep your registration details for two years. Uploaded imaging data is automatically deleted after four weeks.

Your rights

Under the GDPR and DPA 2018 you have the right to:

• Be informed of how we collect and use your personal data
• Access your personal data
• Require us to correct any mistakes in the data we hold on you
• Require the erasure of personal data in certain situations
• Restrict our processing of your personal data in certain circumstances
• Object to processing of your personal data for direct marketing

To exercise any of these rights please contact infocompliance@warwick.ac.uk.

Who to contact

The Data Protection Officer can be contacted at DPO@warwick.ac.uk, or write to: The Data Protection Officer, University of Warwick, University House, Kirby Corner Road, CV4 8UW.

You also have the right to lodge a complaint with the Information Commissioner (telephone: 0303 123 1113).