SET Privacy Notice

How we protect your data

We are committed to ensuring that your information is secure.  We use leading technologies and encryption software to safeguard your data, and maintain strict security standards to prevent any unauthorised access to it.  However, given that transmitting information over the internet cannot be completely secure, we can’t guarantee the security of your data in transit. 

The Sponsor Engagement Tool may contain links to other websites of interest outside the CRNCC.  This privacy policy only applies to our websites, systems and services, and doesn’t cover other websites and services that we may link to.  You should exercise caution and look at the privacy notice applicable to the website/service in question. 

The security of the Sponsor Engagement Tool is managed by the NIHR Information Systems Function, on behalf of the Department of Health and Social Care. This Function has the appropriate technical expertise to protect against unlawful processing and/or accidental loss of information.

The Sponsor Engagement Tool is hosted on the Amazon Web Services platform, a cloud-based software platform which provides for disaster recovery processes across its servers, which are all located within the European Economic Area (EEA). None of the data contained within CPMS  will go outside of the UK or the EEA. The Sponsor Engagement Tool platform is accredited to ISO 27001 security standards. 

We will not sell your personal data.  Except for operational support of the system, where an IT hosting provider may access your details as part of maintenance and support, we will not disclose your personal data to third parties outside of the CRNCC, unless we have your explicit permission, or are required by law to do so. 

We will hold the data for as long as we are providing you services and for as long as you agree to this.  We will retain your data for varying amounts of time depending on the nature of your interactions with The Sponsor Engagement Tool :

• We only store data that is necessary for specific purposes e.g. audit reporting indicating who is responsible for a study and which users made edits to records in The Sponsor Engagement Tool 

• We will not store your data for longer than is necessary

• Your data will be securely deleted when no longer needed for the purpose(s) 

A single sign-on product, the Identity Gateway is used to manage your login credentials for CRNCC services and your registration information and associated cookies held there for authentication purposes. Further information is available on the IDG Privacy Notice pages.

Destruction of Data

• When a disc drive fails or is no longer required for use, this is securely destroyed in accordance with the NHS Code of Practice.

• No paper records are kept of personal confidential data.