Privacy Notice : We may revise this Privacy Notice from time to time. Any changes we may make to it in the future will be posted on this page. The Notice was last updated on 07/04/2025)

  1. Important information

This Privacy Notice applies to patients, visitors, staff members, recruitment candidates, clinicians/consultants, contractors/agency staff, suppliers and visitors to the Primary Care Research Alliance (& its subsidiaries) website. It sets out your rights under the UK General Data Protection Regulation (also known as the UK-GDPR, alongside the Data Protection Act 2018). This Privacy Notice states how Primary Care Research Alliance collects, uses, retains, and discloses your personal information (information that identifies you and is about you), also known as personal data.

  1. Who we are

Primary Care Research Alliance (also referred to as “we”, “us”, “our” in this Notice) is a leading site management service working across the UK, delivering studies in both NHS and private patient settings. Our purpose is the advancement of health and the relief of patients suffering.

We are incorporated in England and Wales and registered address of Middleton House, Yapton Road po226du . The Data Protection Authority is the Information Commissioners Office (ICO) based in the UK, and our registered number is ZB864081 . To ensure that we process your personal information fairly and lawfully, we are required to inform you about:

  • Why we need your data
  • How it will be used
  • Who it will be shared with
  • What rights you have in relation to the personal data we collect from you.

Within this policy we describe instances where ZB864081 Ltd is the “Data Controller” (the organisation which decides what information we collect and how it is used), and where we direct or commission the processing of data to help deliver better healthcare, or to assist the management of healthcare services. There may be situations where we process personal data on the instructions of another organisation but in those circumstances our use of data would be governed by that organisation. We recognise the importance of protecting personal and confidential information in all that we do, all we direct or commission, and ensure that we meet our legal duties.

  1. What information do we collect about you?

We only collect and use your personal information according to the legal bases defined in the UK-GDPR and for the lawful purposes of administering the business . The legal bases are as follows:

  • Consent – where you have given your specific consent to the processing of your personal data.
  • Performance of a contract – where the processing of your data is necessary for the fulfilment of a contract, e.g., being employed by us
  • Compliance with a legal obligation – processing of your data is necessary by law and we are required to comply.
  • In the vital interest – we may process your personal data in order to protect your vital interests, for example in providing emergency treatment or care should it be required.
  • Public interest – we may process personal data in order to complete a task carried out in the public interest.
  • Legitimate interest – we may process your personal data where we have a legitimate “business” interest in processing that information.

The table below shows the purposes and the associated legal basis under which we process your personal data:

Reason for processing Legal basis for processing

  • Accounting and auditing Compliance with legal regulations
  • Advertising and PR Consent
  • Conducting analysis and research activities Consent
  • Consultancy and advisory services Performance of a Contract
  • Education and training for staff members Legitimate interest – we need to ensure that staff have the correct competency to fulfil their role
  • Employment and Staff Administration Performance of a Contract
  • Healthcare administration and services Performance of a Contract
  • Invitation to meetings and other events Consent
  • Medical records management Compliance with legal regulations that apply to us and our contractual duties
  • Third-party Delivery of Services Performance of a Contract

Please note that should your relationship with Home Wound Care Ltd change, the legal basis under which we hold your data may also change.

  1. What types of personal data do we handle?

We process personal information to enable us to maintain our own accounts, promote our services and to support and manage our employees. We also process personal information about healthcare professionals who deliver services for the alliance. The types of personal information we use:

Type of personal information : Individual group the information may apply to

  • Personal identity – title, name, marital status, date of birth, National Insurance number, NHS number Patients, visitors, staff members, recruitment candidates, clinicians/consultants, suppliers, agency staff/contractors
  • Contact details – addresses, landline telephone & mobile numbers, email address Patients, staff members, recruitment candidates, clinicians/consultants, suppliers.
  • Family details – next of kin names, addresses and telephone numbers, relationships to next of kin  Patients, members of staff, consultants
  • Financial details – such as bank sort code/account number, payment card number Staff members, suppliers, clinicians/consultants, agency staff/contractors
  • Employment details – such as salary, annual leave, pension, benefits, discipline and grievance, payroll, tax information, performance data, occupational health data and security clearance data  Staff members, clinicians/consultants, contractors
  • Education and training such as training records, qualification verification, employment history and CVs  Staff members, clinicians/consultants, recruitment candidates
  • Lifestyle and social circumstances such as questions about smoking, drinking and general lifestyle 
  • Responses to surveys : Patients, staff

   

We also process special categories of information which may include:

  • Racial and ethnic origin
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data
  • Data concerning a person’s sexual orientation
  • Offences (including alleged offences), criminal proceedings, outcomes and sentences
  • Employment tribunal applications
  • Complaints, accidents, and incident details
  • Health data (including morbidity and disability)
  1. How will we use information about you?

Your information is used to ensure the delivery and improvement of our services. . 

For our staff, members, recruitment candidates, contractors/agency staff, consultants and suppliers, your personal data may be used to:

  • Manage our relationship with you
  • Fulfil our duty of care towards staff in the event of a major incident (e.g., in the event of a lockdown, fire)
  • Verify employment history, qualifications, and experience & validate your ‘right to work’
  • Assess suitability for employment during selection process
  • Undertake personal development of employees
  • Deliver payroll for employees
  • Fulfil our duties in respect of national insurance and tax accounting
  • Manage disciplinary and grievance procedures
  • Undertake due diligence and risk assessment of supply chain
  • To communicate with you in the event of a major incident (e.g., in the event of a lockdown, fire)
  • To promote us via our social media platforms on the occasions where we obtained your consent from you to include information about you in our promotions
  • Please contact us for a list of organisations we work with
  1. Sharing Your Information

We may disclose your personal information for a number of reasons (to the extent necessary). This can be due to:

  • Our obligation to comply with current UK legislation
  • Our duty to comply with a court order
  • A contractual commitment to report statutory information
  • You, having provided us with your consent to disclose your information
  • Where we are required to do so by law
  • The sharing of your data will ultimately benefit you as the data subject
  • Our obligation to comply with our regulators

In fulfilling our obligation to provide services (healthcare and other services), we may share your data with the following:

  • Regulators
  • Independent Sector Complaints Adjudication Service
  • Referral services
  • General Practitioners (your Doctor)
  • Specialist consultants (medical and non-medical)
  • Contracted third parties providing services or devices, medical and non-medical
  • Healthcare insurance providers
  • Pathology laboratories
  • Occupational health services (staff)
  • National registries with patients’ consent.
  • Communication service (Text alert)
  • Payroll service
  • Training providers
  1. Marketing Communications

From time to time, we may wish to contact you with information about our products, services, or events that we believe may be of interest to you. You have the right to opt out of receiving such marketing communications at any time. If you no longer wish to receive marketing emails, you can unsubscribe by following the instructions provided in the email or by contacting us directly

  1. Sharing your Information outside of the United Kingdom (UK)

We may from time to time be required to share your information with other service providers who are outside the UK. The sharing of your information with these providers is necessary in order to provide the necessary medical service. The transfer of personal data internationally will be conducted with the appropriate legal mechanisms in place. E.g., an International Data Transfer Agreement or Special Contract Clauses with the appropriate organisations will be in place – if appropriate.

  1. Keeping your data secure
  • We will use technical and organisational measures (TOMS) to safeguard your Data, e.g., access to your account is controlled by a password and a username that is unique and we store your Data on secure servers.
  • Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately.
  • We may also use two-factor authentication if the systems we use require it
  1. How long will we keep your data for?

We will keep your personal information in accordance with our Information Retention Policy and for only as long as is lawfully necessary to conduct our business with you, and/or in accordance with our legal obligations for data retention. (These terms can be found in our Data Retention Schedule) – we also recognise the NHS Records Management Code of Practice.

  1. Your rights

The UK-GDPR provides a number of rights over your data, subject to certain criteria being met. These are:

  • Right of access to your personal information and supplementary information (for example, your medical record). Once we have received your request, we will respond within a calendar month. This information will be sent to you free of charge.
  • Right to rectify/amend your personal information if it is incorrectly recorded. You have the right to question any information we hold about you that you think is wrong, out of date or incomplete. If you do, we will take reasonable steps to check its accuracy and correct it.
  • Right to object and Right to be forgotten You have the right to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information if it is no longer needed for the purpose for which it was collected or otherwise processed. This is known as the ‘right to erasure’ or ‘right to be forgotten’.
  • Right to restrict the use of your personal information if:
    • It is not accurate.
    • It has been used unlawfully, but you do not want us to delete it;
    • It is not relevant anymore, but you want us to keep it for use in legal claims; or
    • You have already asked us to stop using your personal information, but you are waiting for us to assess your request and confirm whether we are permitted to continue using the personal information under data protection law.
  • Right to obtain your personal information in a portable format : You have the right to get copies of your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information to other organisations.

It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period for which we hold it.

  1. Freedom of information

We are not a public authority and are not governed by the Freedom of Information Act.

  1. Links to other websites This Website may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. You are advised to read the privacy policy or statement of other websites prior to using them.
  2. Changes to this policy

We may revise this privacy policy from time to time. Any changes we may make to our privacy policy in the future will be posted on our website (this page). The policy was last updated on 07/04/2025

  1. Contact Us

Questions, comments, and requests regarding this privacy policy are welcomed. Please contact our Data Protection Officer via our contact page on this website.

  1. Your right to complain

If you are not satisfied with our response or the way we are processing your personal information you can contact the Information Commissioner’s Officer (also known as the ICO) at www.ico.org.uk.The ICO is the statutory body which oversees data protection law in the UK.