CardioTrials respects your privacy and we are committed to protecting your personal data. In this privacy policy we explain how we collect and use your personal information when you use the CardioTrials platform ( www.cardiotrials.org).

CardioTrials is a trading name of Pumping Marvellous Ventures Limited (company number 12790994) and we’re based at Suite 111, Business First Millennium City Park, Millennium City Road, Ribbleton, Preston, United Kingdom, PR2 5BL. We are the data controller for the purposes of the Data Protection Act 2018, the EU General Data Protection Regulation (GDPR) and any other data protection legislation applicable in the UK from time to time.

If you have any questions about your privacy on our website, or our use of your personal data, please contact us.

Please note that links from our website may take you to external websites which are not covered by this policy. We recommend that you check their privacy policies before submitting any personal information to such sites. We will not be responsible for the content, function or information collection policies of these external websites.

What information do we collect about you?

You are not required (by law or by any contract with us) to provide personal information to us. We will only require you to provide personal information to us where it is necessary for us to provide you with a service at your request.

Information you provide when you create your account

Patients

When you create an account as a patient (or update your account at a later date), we may collect the following information from you:

1. Personal Details

• Identity details (title, full name, date of birth and gender)
• Contact details (email, postal address, telephone number)
• Medical number

2. Medical Profile

• Details of your medical conditions, diagnoses and symptoms
• Information about the healthcare services that you use, including your hospital(s) of care and details and dates of hospital admissions
• Results of your medical tests (including, for example, LVEF and NT-proBNP readings in the case of heart failure conditions)
• Information about any medicines and treatments that you take, and details and/or images of your prescriptions
• Information about any medical devices (such as pacemakers) and other medical or healthcare related products that you use
• Details of any other clinical trials that you are involved in

3. Trial Preferences

• The types of clinical trials that you are interested in participating in
• Your reasons or motivations for participating in clinical trials
• How far you are willing to travel to participate in clinical trials

You are required to provide your full name and contact details (email, postal address and phone number for two-factor authentication) in order to create an account, but other personal details are optional. You will be required to select your trial preferences in order for us to suggest suitable clinical trials to you. It is your choice whether to provide any medical or healthcare related information to us but, if you choose not to do so, you may be unable to participate in any clinical trials.

Clinical Trialists, Healthcare Professionals and other users

When you create or update your account on CardioTrials (other than as a patient), including clinical trial chief investigators, project managers, principal investigators and researchers, healthcare professionals, trial sponsors and patient representatives, we may collect the following information from you:

• Identity details (full name and title)
• Contact details (email, postal address, telephone number)
• Your employer and your job title or field of work
• Your professional organisation and registration number
• Your accreditation number (and the accreditation organisation), where applicable

The exact types of information that we may collect vary depending on which type of user you are. We may require you to provide this information in order to create your account or gain access to any information concerning clinical trials registered on CardioTrials.

Information we collect about you on our website

We collect information using cookies and other similar technologies to help distinguish you from other users of our website. These can streamline your online experience by saving you from re-inputting some information and also allow us to make improvements to our website. For more information about how and why we use cookies, please see our Cookie Policy.

Whenever you visit our website we may collect the following information:

• Which pages you view and which links you follow
• Your IP address and general location
• Details of the hardware and software that you are using to access the website
• Any passwords that you use on our website (we never store your password in plain text)

Our website is not intended for children and we do not knowingly collect data relating to children.

Information we collect about you from third parties

In some cases, we may collect information about you from other sources, for example:

• When setting up a clinical trial, chief investigators may provide us with information (names and contact details) about other individuals who will be involved in conducting the trial (such as project managers, principal investigators and researchers)
• Where a representative creates an account on CardioTrials on behalf of another user (such as a patient or healthcare professional), we will collect information about that user from the representative

This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this policy.

How and why do we use your personal information?

We take the protection of your personal data seriously. Below, we have set out how and why we use your information, and what our legal basis is to be able to use your information in each way.

Patients – identifying and applying for clinical trials

Identifying suitable clinical trials for you

We use the information that you provide to us about your medical conditions, symptoms and treatments, and the trial preferences that you select in your account, to identify clinical trials that you may be eligible for and which match your preferences. We will display these trials to you in the CardioTrials platform, so that you can choose to register your interest in participating in those trials.

We rely on your consent to use personal data concerning your health in this way. We will ask you if you wish to give your consent when you first provide this information to us, and you may withdraw your consent at any time (in which case we will stop using your health data in this way).

If you wish to withdraw your consent, you may delete any or all of the health data held in your account (by managing your account within the CardioTrials platform), or you may choose to close your account. If you withdraw your consent for us to hold and use your health data in this way, we will erase this data from our systems.

Registering your interest for a clinical trial

When you register your interest for a clinical trial, the information that you provide in the medical records on your account will be transferred to the chief investigator conducting the clinical trial, in anonymised form. The chief investigator may share this information with the other people and organisations involved in conducting the clinical trial (the Trialists).

This is still your personal data, as we (CardioTrials) can identify that this information relates to you. However, at this stage we do not transfer any information to the Trialists that they could use to identify you (for example, the Trialists will receive the list of symptoms or conditions that you have entered in your account, but they will not receive your name, contact details or other identifying information).

We rely on your explicit consent to transfer this data to the Trialists. Before you register your interest for a clinical trial, we will notify you in the CardioTrials platform of the information that will be transferred to the Trialists, and you will have the opportunity to give your consent to this.

Progressing your application for a clinical trial

After you have registered your interest for a clinical trial, if the Trialists are interested in involving you in the trial, you will receive a notification in the CardioTrials platform that they have requested your full profile information. We will notify you in the CardioTrials platform of the information that will be transferred to the Trialists if you choose to approve this request.

We rely on your explicit consent to transfer this data to the Trialists. If you give your consent, your personal details (and any updates to your medical record since you registered your interest) will be provided to the Trialists. At this stage, they will be able to identify you and your medical record.

Once your full profile information has been provided to the Trialists as above, you will be given the opportunity to choose whether or not you wish the Trialists to retain your personal data in order to consider you for other clinical trials that they may conduct.

The chief investigator of the clinical trial will have control over your personal data

Once your personal data has been transferred to the chief investigator (with your consent), they will become a “controller” of this data. This means that they will determine how and why they use your personal data in connection with the clinical trial, including sharing it with the other Trialists. If you have any questions or concerns about how the Trialists will use your personal data, you should contact the Trialists using the contact details provided in the CardioTrials platform.

All Users – managing your account and providing our services

It is necessary for us to use personal information about you in order to maintain and administer your account on the CardioTrials platform and to provide all of the services and facilities that our platform offers.

We have a legitimate interest in using your personal information in this way, and in some cases it is also necessary in order for us to perform our side of a contract with you (under our Terms of Use or, in the case of chief investigators, our Data Transfer Agreement). We use your information in this context so that we can:

• Provide the services and facilities offered through the CardioTrials platform
• Provide you with information about your account or your contracts with us
• Contact you with notifications relating to your account, such as letting you know when clinical trials are available that match the preferences you select, or informing you about the progression of applications to trials
• Verify your identity (including validating the details you provide when you log in to your account, and in certain cases it may be necessary for us to verify your identity in order to meet our legal obligations or to detect and prevent fraud, money-laundering and other crimes)
• Respond to you when you contact us, and deal with any complaints you may have
• Contact you about any changes that we make to the CardioTrials platform
• Contact you about important changes to our terms or policies
• Administer our website, including troubleshooting problems, analysing statistics, conducting research and tests and keeping the website secure

Telling you about other products or services that we think may be of interest to you

We may use your information to identify and tell you about our services, and news and updates to the CardioTrials platform, that we think may be of interest to you. We will only do this where you have informed us that you would like to receive marketing communications and you may update your preferences at any time by managing your account on the CardioTrials platform or by contacting us.

Whether you choose to receive these communications is up to you, and your choice will not affect your use of the CardioTrials platform.

Improving the CardioTrials platform

We always want to offer the best service and experience that we can. Sometimes this means we may use your information to find ways that we can improve what we do, or how we do it. We have a legitimate interest in dong this and we will only use your information where it is necessary so that we can:

• Review and improve our existing services, and develop new ones
• Review and improve the performance of our systems, processes and staff (including training)
• Improve our web platform to ensure that content is presented in the most effective manner for you and for your computer/device
• Measure and understand the effectiveness of communications that we send to you and others

Protecting you and others from harm

In exceptional circumstances we may use your information where it is necessary to protect your interests, or the interests of others, in accordance with our legal obligations and the pursuit of legitimate interests. This may include in the event of criminality such as identity theft, piracy or fraud.

Change of purpose

We will only use your personal information for the purposes for which we collected it, as set out in this policy, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose we will notify you and we will explain the legal basis which allows us to do so.

Please note that there may be cases where we process your personal information without your knowledge or consent, in compliance with this policy, where this is required or permitted by law.

Who do we share your personal information with?

Patient data is transferred to Clinical Trialists on the patients’ request

One of the primary purposes of the CardioTrials platform is to enable the sharing of patient data with the Trialists conducting clinical trials, subject to the patient giving consent.

Please refer to How and why do we use your personal information? above for a full explanation of how, and at what stages, patient data may be transferred to the Trialists.

Sharing your information within our company and foundation

We share the information that you provide to us with our staff so that we can manage and administer the CardioTrials platform, and provide our services to you.

CardioTrials (Pumping Marvellous Ventures Ltd) is subsidiary of the Pumping Marvellous Foundation (registered charity number 1151848) and we may share the information that you provide to us within our group for administrative purposes.

Sharing your information with third parties

We may share your data with selected third parties. For example, we may share your information with:

• Web hosting providers to host the CardioTrials website, related infrastructure, services and applications
• Contact management systems to send emails, instant messages and SMS messages
• Payment processors, where necessary in order to take payments

There are certain exceptional circumstances in which we may disclose your information to other third parties. This would be where we believe that the disclosure is:

• Required by the law, or in order to comply with judicial proceedings, court orders or legal or regulatory proceedings
• Necessary to protect the safety of our employees, our property or the public
• Necessary for the prevention or detection of crime, including exchanging information with other companies or organisations for the purposes of fraud protection and credit risk reduction
• Proportionate as part of a merger, business or asset sale, in the event that this happens we will share your information with the prospective seller or buyer involved

How long do we keep your personal information?

We will only store your personal information for as long as we need it for the purposes for which it was collected. Where we provide you with any service, we will retain any information you provide to us at least for as long as we continue to provide that service to you.

We will retain the information that you provide to us in connection with your account on the CardioTrials platform for at least as long as your account remains active. If you choose to remove or delete certain information from your account, we will not retain copies of this information.

If you have not used your account for a period of 13 months, it will be deactivated and you will need to contact us if you wish to reactivate your account. We will notify you prior to your account being deactivated, to give you the opportunity to keep your account open. The data associated with your account will be retained at this stage, in case you wish to reactivate your account.

If you have not reactivated your account within 12 months after it being deactivated, your account will be closed and all data associated with it will be deleted from our systems.

If you are a patient, please note that once your personal information has been transferred to the chief investigator (and other Trialists) conducting clinical trials that you have registered interest or applied for, or are participating in, the chief investigator has control over how it uses your personal information. The Trialists may use this information outside the CardioTrials platform. If you remove your personal data from your CardioTrials account, or if your account is closed, this will not prevent the Trialists from continuing to retain and use your personal information in connection with the clinical trials that you are involved in.

How do we protect your personal information?

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.

We try to ensure that all information you provide to us is transferred securely via the website (we recommend that you always check for “https” in the URL and the padlock symbol in your browser, to indicate a secure connection). Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

All information you provide to us is stored on third party (AWS) secure servers in the UK. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

What rights do you have in respect of your personal information?

If you require any further information about your rights as explained below, or if you would like to exercise any of your rights, please contact us.

You have the right to be informed

We have a legal obligation to provide you with concise, transparent, intelligible and easily accessible information about your personal information and our use of it. We have written this policy to comply with this right, but please contact us if you have any questions.

You have the right to access your personal data

You have the right to ask us to confirm whether or not we hold any of your personal information. If we do, you have the right to have a copy of your information and to be informed of the following:

• Why we have been using your information
• What categories of information we were using
• Who we have shared the information with
• How long we envisage holding your information

In order to maintain the security of your information, we will have to verify your identity before we provide you with a copy of the information we hold. The first copy of your information that you request from us will be provided free of charge, if you require further copies we may charge an administrative fee to cover our costs.

You have the right to correct any inaccurate or incomplete personal data

Where you have requested a copy of the information we hold about you, you may notice that there are inaccuracies in the records, or that certain parts are incomplete. If this is the case you can contact us so that we can correct our records. You may change, update and correct most of the information that we hold about you by managing your account in the CardioTrials platform.

You have the right to be forgotten

There may be times where it is no longer necessary for us to hold personal information about you. This could be if:

• The information is no longer needed for the original purpose that we collected it for
• You withdraw your consent for us to use the information (and we have no other legal reason to keep using it)
• You object to us using your information and we have no overriding reason to keep using it
• We have used your information unlawfully
• We are subject to a legal requirement to delete your information

In those situations you have the right to have your personal data deleted. If you believe one of these situations applies to you, please contact us.

You have the right to have your data transferred to you or a third party in a common format

Also known as data portability, you have the right to obtain a copy of your personal data (or have it transferred to another organisation) for your own purposes. This right allows you to move, copy or transfer your personal data more easily from one IT system to another, in a safe and secure way.

If you would like us to transfer a copy of your data to you or another organisation in a structured, commonly use and machine-readable format, please contact us. There is no charge for you exercising this right.

You have the right to object to direct marketing

You can tell us at any time that you would prefer that we do not use your information for direct marketing purposes. If you would not like to receive any direct marketing from us, please contact us or use the links provided in any of our marketing communications. You may also set your contact preferences by managing your account in the CardioTrials platform.

You have the right to object to us using your information for our own legitimate interests

Sometimes, we use your personal information to achieve goals that will help us, you or third parties that we work alongside. These are “legitimate interests”, and we explain in this policy where we rely on a legitimate interest to process your personal information.

We aim to always ensure that your rights and information are properly protected. If you believe that the way we are using your data is not justified due to its impact on you or your rights, you have the right to object. Unless we have a compelling reason to continue, we will stop using your personal data for these purposes.

You have the right to restrict how we use your personal data

You have the right to ask us to stop using your personal data in any way other than simply keeping a copy of it. This right is available where:

• You have informed us that the information we hold about you is inaccurate, and we have not yet been able to verify this
• You have objected to us using your information for our own legitimate interests and we are in the process of considering your objection
• We have used your information in an unlawful way, but you do not want us to delete your data
• We no longer need to use the information, but you need it for a legal claim

You have rights related to automated-decision making and profiling

Any automated decision-making or profiling we undertake is solely for the purpose of tailoring the information which we provide to you. We will not use automated decision-making or profiling to make any decisions which will have a legal effect upon you or otherwise significantly affect you, and you have the right not to be subject to such decisions. If you have any concerns or questions about this right, please contact us.

Changes to our Privacy Policy

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.

This version was last updated on 18th September 2020 and historic versions can be obtained by contacting us.

Complaints

If you wish to make a complaint about our collection or use of your personal data, please contact us in the first instance so that we may seek to resolve your complaint.

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the statutory body which oversees data protection law in the UK. Please visit the ICO website if you wish to lodge a complaint with the ICO.

Contact Us

Our Data Protection Officer is Jonathan Evans, who can be contacted on the details below.
Post:
Suite 111, Business First Millennium City Park, Millennium City Road, Ribbleton, Preston, United Kingdom, PR2 5BL
Email:
contact@cardiotrials.org
Website:
www.cardiotrials.org