Research Participants privacy notice
Information you need to know
Liverpool John Moores University (LJMU) deals with all personal information in a responsible manner that respects personal privacy. See further information on the institution.
LJMU is registered as a Data Controller with The Information Commissioner’s Office.
Our Data Protection Officer can be contacted at DPO@ljmu.ac.uk
LJMU takes your privacy very seriously. This privacy notice explains how we use your personal information and your rights regarding that information. The information we hold and process will be used for management and administrative purposes only, to enable us to manage our relationship with you effectively and lawfully whilst you are working with us and after your duties have been completed. Your personal data will be processed in accordance with the Data Protection Act 2018 and the General Data Protection Regulation 2016/679 (GDPR).
We are committed to being transparent about how we collect and use your data and to meeting our data protection obligations.
What information are we collecting?
If you take part in research, some individuals will need to know your name and contact details so that you can be contacted about appointments, or to send you questionnaires etc. Investigators must always make sure that as few people as possible can see this sort of information that can show who you are.
In lots of research, most of the research team will not need to know your name. In these cases, someone will remove your name from the research data and replace it with a code number that is linked to your name. This is called link-coded data, or the technical term is pseudonymised data. For example, your questionnaire or blood sample might be labelled with your linked code number instead of your name. It can be matched up with the rest of the data relating to you by the code number.
In other research, your name will not be required or other information that could show who you are will be removed or categorised. For example, instead of using your date of birth your age may be recorded which would allow data comparison but avoid verification of you as an individual. When there is no information that could show who you are, this is called anonymous data.
All research projects are different and the information we collect will vary. However, investigators will only collect information that is essential for the purpose of the research.
Why are we collecting your data and what is the legal basis for this?
The University will collect and process your personal data for the purpose of research. Data Protection laws allow us to use personal data for research with appropriate safeguards in place. The lawful basis is Article 6(1)(e) – processing that is necessary for the performance of public tasks that are in the public interest and Article 9(2)(j) – processing that is necessary for scientific research purposes.
On rare occasions, we may have asked for your consent to use your personal information for research purposes. If we asked for your consent, you can withdraw this at any time; you should have already been told how to do this but if not, or if you are in doubt, please use the contact details below. Please note that your consent to use your personal information (which we rarely request) is separate from your ethical consent to participate in a particular research study (which we usually request for relevant types of research).
You are not legally or contractually obliged to supply us with your personal information for research purposes.
Who has access to this data?
To communicate our research to the public and the academic community your anonymised data is likely to form part of a research publication or conference presentation or public talk. Where researchers wish to use any information that would identify you, specific consent will be sought.
The privacy of your personal data is paramount and will not be disclosed unless there is a justified purpose for doing so.
Your data may be shared with:
- Immediate project team who are authorised to work on the project and access the information. This may include staff at Liverpool John Moores University or collaborators at other organisations authorised to work on the project.
- Where a student is undertaking the research, the data will be shared with their supervisors
- Third parties who carry out a task on our behalf (e.g. transcription services, data collection, data analysis).
- Our research may be audited and access to the data may be required. The University puts in place safeguards to ensure that audits are conducted in a secure and confidential manner.
- In the case of complaints about a research project authorised university personnel may require access to the data as part of our Research Misconduct Procedure.
How does the university protect your data?
The University takes Data Protection very seriously. The information we collect is stored safely and securely and processed in accordance with GDPR.
For how long does the university keep your data?
Your information will not be kept for longer than is necessary to complete the aims of the research or project and is usually kept in a pseudonymised or anonymised format. Some personal information (including signed records of consent) will be kept for a minimum amount of time as required by the funding requirements, the nature of the study, the requirements of the publisher or our policies and procedures (at least three years from the end of the project).
For some research projects, your de-identified or pseudonymised information will be kept after the project has ended, placed into a data repository/online archive for sharing with other researchers or used in future research. When using research repositories, researchers are often required to upload their supporting or underlying data which may be identifiable or sensitive. The repositories have technical controls in place to ensure that only authorised individuals can access the information.
One of the aims of the General Data Protection Regulation (GDPR) is to empower individuals and give them control over their personal data. The GDPR gives you the following rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erase
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Please note that many of these rights, including the right to access personal information that is held about you, are qualified or do not apply when personal information is processed solely in a research or archival context. This is because fulfilling them might adversely affect the integrity of, and the public benefits arising from, the research study or project.
If you have any questions regarding your rights in this context, please use the contact DPO@ljmu.ac.uk.
Transfers of data outside the UK
Generally, we do not send your personal data outside the UK. However, in some specific cases we may transfer the personal data we collect to countries outside the UK in order to perform our contract with you/or a contract with another organisation that requires your personal data i.e. a collaboration agreement with a university based outside of the UK. Where we do this, we will ensure that your personal information is protected by way of an ‘adequacy regulation’ with the UK or by putting alternative appropriate measures in place to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the UK laws on data protection, for example model contractual clauses, data sharing/data processing agreement and binding corporate rules (where applicable).
If you have any questions about the particular research study you are participating in, please use any contact details you have already been supplied with.
You should contact the Data Protection Officer on DPO@ljmu.ac.uk if:
- you have a query about how your data is used by the University
- you would like to report a data security breach (e.g. if you think your personal data has been lost or disclosed inappropriately)
- you would like to complain about how the University has used your personal data
- You should contact the Research Governance Manager if:
- you have concerns with how the research was undertaken or how you were treated
Our postal address is: Brownlow Hill, Liverpool L3 5UG
Our telephone number is: 0151 2312121
How to complain to the Information Commissioner's Office
You have the right to complain to The Information Commissioner if you believe that our processing of your personal data does not meet our data protection obligations. The Information Commissioner can be contacted:
Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF.
Telephone: 0303 123 1113.
Email: contact can be made by accessing www.ico.org.uk.