CardioTrials is a trading name of Pumping Marvellous Ventures Limited (company number 12790994) and we’re based at Suite 111, Business First Millennium City Park, Millennium City Road, Ribbleton, Preston, United Kingdom, PR2 5BL. We are the data controller for the purposes of the Data Protection Act 2018, the EU General Data Protection Regulation (GDPR) and any other data protection legislation applicable in the UK from time to time.
If you have any questions about your privacy on our website, or our use of your personal data, please contact us.
Please note that links from our website may take you to external websites which are not covered by this policy. We recommend that you check their privacy policies before submitting any personal information to such sites. We will not be responsible for the content, function or information collection policies of these external websites.
You are not required (by law or by any contract with us) to provide personal information to us. We will only require you to provide personal information to us where it is necessary for us to provide you with a service at your request.
When you create an account as a patient (or update your account at a later date), we may collect the following information from you:
1. Personal Details
2. Medical Profile
3. Trial Preferences
You are required to provide your full name and contact details (email, postal address and phone number for two-factor authentication) in order to create an account, but other personal details are optional. You will be required to select your trial preferences in order for us to suggest suitable clinical trials to you. It is your choice whether to provide any medical or healthcare related information to us but, if you choose not to do so, you may be unable to participate in any clinical trials.
Clinical Trialists, Healthcare Professionals and other users
When you create or update your account on CardioTrials (other than as a patient), including clinical trial chief investigators, project managers, principal investigators and researchers, healthcare professionals, trial sponsors and patient representatives, we may collect the following information from you:
The exact types of information that we may collect vary depending on which type of user you are. We may require you to provide this information in order to create your account or gain access to any information concerning clinical trials registered on CardioTrials.
Information we collect about you on our website
Whenever you visit our website we may collect the following information:
Our website is not intended for children and we do not knowingly collect data relating to children.
Information we collect about you from third parties
In some cases, we may collect information about you from other sources, for example:
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this policy.
We take the protection of your personal data seriously. Below, we have set out how and why we use your information, and what our legal basis is to be able to use your information in each way.
Patients – identifying and applying for clinical trials
Identifying suitable clinical trials for you
We use the information that you provide to us about your medical conditions, symptoms and treatments, and the trial preferences that you select in your account, to identify clinical trials that you may be eligible for and which match your preferences. We will display these trials to you in the CardioTrials platform, so that you can choose to register your interest in participating in those trials.
We rely on your consent to use personal data concerning your health in this way. We will ask you if you wish to give your consent when you first provide this information to us, and you may withdraw your consent at any time (in which case we will stop using your health data in this way).
If you wish to withdraw your consent, you may delete any or all of the health data held in your account (by managing your account within the CardioTrials platform), or you may choose to close your account. If you withdraw your consent for us to hold and use your health data in this way, we will erase this data from our systems.
Registering your interest for a clinical trial
When you register your interest for a clinical trial, the information that you provide in the medical records on your account will be transferred to the chief investigator conducting the clinical trial, in anonymised form. The chief investigator may share this information with the other people and organisations involved in conducting the clinical trial (the Trialists).
This is still your personal data, as we (CardioTrials) can identify that this information relates to you. However, at this stage we do not transfer any information to the Trialists that they could use to identify you (for example, the Trialists will receive the list of symptoms or conditions that you have entered in your account, but they will not receive your name, contact details or other identifying information).
We rely on your explicit consent to transfer this data to the Trialists. Before you register your interest for a clinical trial, we will notify you in the CardioTrials platform of the information that will be transferred to the Trialists, and you will have the opportunity to give your consent to this.
Progressing your application for a clinical trial
After you have registered your interest for a clinical trial, if the Trialists are interested in involving you in the trial, you will receive a notification in the CardioTrials platform that they have requested your full profile information. We will notify you in the CardioTrials platform of the information that will be transferred to the Trialists if you choose to approve this request.
We rely on your explicit consent to transfer this data to the Trialists. If you give your consent, your personal details (and any updates to your medical record since you registered your interest) will be provided to the Trialists. At this stage, they will be able to identify you and your medical record.
Once your full profile information has been provided to the Trialists as above, you will be given the opportunity to choose whether or not you wish the Trialists to retain your personal data in order to consider you for other clinical trials that they may conduct.
The chief investigator of the clinical trial will have control over your personal data
Once your personal data has been transferred to the chief investigator (with your consent), they will become a “controller” of this data. This means that they will determine how and why they use your personal data in connection with the clinical trial, including sharing it with the other Trialists. If you have any questions or concerns about how the Trialists will use your personal data, you should contact the Trialists using the contact details provided in the CardioTrials platform.
All Users – managing your account and providing our services
It is necessary for us to use personal information about you in order to maintain and administer your account on the CardioTrials platform and to provide all of the services and facilities that our platform offers.
Telling you about other products or services that we think may be of interest to you
We may use your information to identify and tell you about our services, and news and updates to the CardioTrials platform, that we think may be of interest to you. We will only do this where you have informed us that you would like to receive marketing communications and you may update your preferences at any time by managing your account on the CardioTrials platform or by contacting us.
Whether you choose to receive these communications is up to you, and your choice will not affect your use of the CardioTrials platform.
Improving the CardioTrials platform
We always want to offer the best service and experience that we can. Sometimes this means we may use your information to find ways that we can improve what we do, or how we do it. We have a legitimate interest in dong this and we will only use your information where it is necessary so that we can:
Protecting you and others from harm
In exceptional circumstances we may use your information where it is necessary to protect your interests, or the interests of others, in accordance with our legal obligations and the pursuit of legitimate interests. This may include in the event of criminality such as identity theft, piracy or fraud.
Change of purpose
We will only use your personal information for the purposes for which we collected it, as set out in this policy, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose we will notify you and we will explain the legal basis which allows us to do so.
Please note that there may be cases where we process your personal information without your knowledge or consent, in compliance with this policy, where this is required or permitted by law.
Patient data is transferred to Clinical Trialists on the patients’ request
One of the primary purposes of the CardioTrials platform is to enable the sharing of patient data with the Trialists conducting clinical trials, subject to the patient giving consent.
Please refer to How and why do we use your personal information? above for a full explanation of how, and at what stages, patient data may be transferred to the Trialists.
Sharing your information within our company and foundation
We share the information that you provide to us with our staff so that we can manage and administer the CardioTrials platform, and provide our services to you.
CardioTrials (Pumping Marvellous Ventures Limited) is subsidiary of the Pumping Marvellous Foundation (registered charity number 1151848) and we may share the information that you provide to us within our group for administrative purposes.
Sharing your information with third parties
We may share your data with selected third parties. For example, we may share your information with:
There are certain exceptional circumstances in which we may disclose your information to other third parties. This would be where we believe that the disclosure is:
We will only store your personal information for as long as we need it for the purposes for which it was collected. Where we provide you with any service, we will retain any information you provide to us at least for as long as we continue to provide that service to you.
We will retain the information that you provide to us in connection with your account on the CardioTrials platform for at least as long as your account remains active. If you choose to remove or delete certain information from your account, we will not retain copies of this information.
If you have not used your account for a period of 13 months, it will be deactivated and you will need to contact us if you wish to reactivate your account. We will notify you prior to your account being deactivated, to give you the opportunity to keep your account open. The data associated with your account will be retained at this stage, in case you wish to reactivate your account.
If you have not reactivated your account within 12 months after it being deactivated, your account will be closed and all data associated with it will be deleted from our systems.
If you are a patient, please note that once your personal information has been transferred to the chief investigator (and other Trialists) conducting clinical trials that you have registered interest or applied for, or are participating in, the chief investigator has control over how it uses your personal information. The Trialists may use this information outside the CardioTrials platform. If you remove your personal data from your CardioTrials account, or if your account is closed, this will not prevent the Trialists from continuing to retain and use your personal information in connection with the clinical trials that you are involved in.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.
We try to ensure that all information you provide to us is transferred securely via the website (we recommend that you always check for “https” in the URL and the padlock symbol in your browser, to indicate a secure connection). Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
All information you provide to us is stored on third party (AWS) secure servers in the UK. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
If you require any further information about your rights as explained below, or if you would like to exercise any of your rights, please contact us.
You have the right to be informed
We have a legal obligation to provide you with concise, transparent, intelligible and easily accessible information about your personal information and our use of it. We have written this policy to comply with this right, but please contact us if you have any questions.
You have the right to access your personal data
You have the right to ask us to confirm whether or not we hold any of your personal information. If we do, you have the right to have a copy of your information and to be informed of the following:
In order to maintain the security of your information, we will have to verify your identity before we provide you with a copy of the information we hold. The first copy of your information that you request from us will be provided free of charge, if you require further copies we may charge an administrative fee to cover our costs.
You have the right to correct any inaccurate or incomplete personal data
Where you have requested a copy of the information we hold about you, you may notice that there are inaccuracies in the records, or that certain parts are incomplete. If this is the case you can contact us so that we can correct our records. You may change, update and correct most of the information that we hold about you by managing your account in the CardioTrials platform.
You have the right to be forgotten
There may be times where it is no longer necessary for us to hold personal information about you. This could be if:
In those situations you have the right to have your personal data deleted. If you believe one of these situations applies to you, please contact us.
You have the right to have your data transferred to you or a third party in a common format
Also known as data portability, you have the right to obtain a copy of your personal data (or have it transferred to another organisation) for your own purposes. This right allows you to move, copy or transfer your personal data more easily from one IT system to another, in a safe and secure way.
If you would like us to transfer a copy of your data to you or another organisation in a structured, commonly use and machine-readable format, please contact us. There is no charge for you exercising this right.
You have the right to object to direct marketing
You can tell us at any time that you would prefer that we do not use your information for direct marketing purposes. If you would not like to receive any direct marketing from us, please contact us or use the links provided in any of our marketing communications. You may also set your contact preferences by managing your account in the CardioTrials platform.
You have the right to object to us using your information for our own legitimate interests
Sometimes, we use your personal information to achieve goals that will help us, you or third parties that we work alongside. These are “legitimate interests”, and we explain in this policy where we rely on a legitimate interest to process your personal information.
We aim to always ensure that your rights and information are properly protected. If you believe that the way we are using your data is not justified due to its impact on you or your rights, you have the right to object. Unless we have a compelling reason to continue, we will stop using your personal data for these purposes.
You have the right to restrict how we use your personal data
You have the right to ask us to stop using your personal data in any way other than simply keeping a copy of it. This right is available where:
You have rights related to automated-decision making and profiling
Any automated decision-making or profiling we undertake is solely for the purpose of tailoring the information which we provide to you. We will not use automated decision-making or profiling to make any decisions which will have a legal effect upon you or otherwise significantly affect you, and you have the right not to be subject to such decisions. If you have any concerns or questions about this right, please contact us.
This version was last updated on 18th September 2020 and historic versions can be obtained by contacting us.
If you wish to make a complaint about our collection or use of your personal data, please contact us in the first instance so that we may seek to resolve your complaint.
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the statutory body which oversees data protection law in the UK. Please visit the contact usICO website if you wish to lodge a complaint with the ICO.
Our Data Protection Officer is Jonathan Evans, who can be contacted on the details below.
Suite 111, Business First Millennium City Park, Millennium City Road, Ribbleton, Preston, United Kingdom, PR2 5BL
Developed with assistance from the Universtiy of Glasgow - Robertson Centre for Biostatistics.
Supported by Vifor Pharma
© 2021 CardioTrials
CardioTrials and its intellectual property is owned by Pumping Marvellous Ventures Ltd, registered in England and Wales, registered company number 12790994 which is a trading
subsidiary of the Pumping Marvellous Foundation, registered in England and Wales, registered company number 08370761, registered with the Charity Commission for England and
Wales, registered charity number 1151848.
Pumping Marvellous Ventures Ltd C/O Pumping Marvellous Foundation, Suite 111, Business First, Millennium City Park, Millennium Road, Preston PR2 5BL
Facebook / Twitter / Instagram / YouTube