Privacy notice

Privacy Information (v1.6, dated 15th November 2023)

About this notice

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event that you have a query or complaint.

The University of Warwick is committed to undertaking research to the highest standards of integrity, and this includes compliance with the relevant data protection legislation: the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018 (DPA).

The UK GDPR governs the way in which organisations use personal data, defined as: any information that relates to an identified or identifiable individual. Under the UK GDPR there are “special categories” of more sensitive personal data which require a higher level of protection.

This privacy notice explains how the University of Warwick will process and use personal data collected from you as part of a research project and your rights under data protection.

Collecting and using your personal data for research

In order to undertake the National Survey into Health Outcomes in the Electricity Supply Industry research project, we have been provided information about you from various sources. Some of this information is your personal data. Under data protection law, where we have processed your personal data which we have obtained from someone other than you, we have to provide you with very specific information about the source of that information, what we do with it and what your rights are.

Who is the Data Controller?

The University of Warwick, Coventry, CV4 7AL is the data controller for the personal data that we process in relation to you.

Processing your personal data

We received the data set from the University of Birmingham which had been collected originally by the University of Leeds in the 1980s.  We are continuing the previous processing in order to conduct the National Survey into Health Outcomes in the Electricity Supply Industry research project.  It involves statistical analyses of causes of death and cancer diagnoses among some 81,600 employees of the former Central Electricity Generating Board (CEGB). All employees had worked in the industry for at least six months with some employment in the period 1973 -1982.  The sole purpose of this study is to identify any association of occupation in the CEGB with increased disease incidence.

The data collected comprises information on month and year of birth (not full date of birth), work histories (CEGB locations, job grades and full dates).  Each individual has a unique identifier which is also held by NHS England.  Periodically NHS England send updates to the University when their records show that a person in the cohort has died or been diagnosed with cancer.  This is so that the study has information on causes and date of death, and site and dates of cancer diagnoses. This pseudonymised data handling means that the University does not have any information on names, addresses, postcodes, National Insurance (NI) numbers or NHS numbers. Similarly, NHS England’s system does not hold any details of job or work history information.  This means it is not possible for either the University of Warwick or NHS England to associate someone’s identity with their diagnoses and work history.

Our legal basis for processing your data

The legal basis under which we will process your personal data for research is called ‘task in the public interest’ (Article 6 of the UK GDPR). In the cases of ‘special category data’, in addition to Article 6, the legal basis is for ‘archiving purposes, scientific or historical research purposes or statistical purposes in the public interest’ (Article 9 of the UK GDPR).  Special category data is that revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. The University will use your information only for the purposes of research.

Sharing of your personal data

Your personal information has already been de-identified.  When sharing or publishing research outcomes we will use aggregated numbers.  The University may sometimes use products or services provided by third parties who carry out a task on our behalf. In such circumstances, the University, as the Data Controller, remains responsible for your personal information and will ensure that appropriate contractual terms and safeguards are in place.

Keeping your personal data secure

The University of Warwick keeps your personal data secure at all times using both physical and technical measures.  The security of your data is of great importance to the University and we therefore have robust procedures in place to protect your data.  Together with security standards and technical measures that ensure your information is stored safely and securely, we also have in place policies and procedures that tell our staff and students how to collect and use your information safely and provide training which ensures our staff and students understand the importance of data protection and how to protect your data.

All research projects involving personal data are scrutinised and approved by a research ethics committee. In addition, the University will carry out data protection impact assessments on high risk projects. The University of Warwick takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident, and also ensures that we have appropriate processes in place to test the effectiveness of our security measures.

In relation to this project, data are stored in a restricted area of the University computer server, that is only accessible to specified members of the study team. 

Retention of your personal data

Your data will be retained for 10 years after the last publication from the project.

Data subject rights

This section gives information about your rights as a data subject where personal identifiable information is held. The data file for this study was made as complete as possible at Birmingham University. No new information on job location or job title during work at the CEGB could be created or acquired. To maximise security of the data set, and to comply with GDPR, all personal identifiers have been removed from the study data set.

Therefore, although the University recognise that under UK GDPR and DPA 2018 data subjects have a right to see what data is held about them, the removal of all personal identifiers means that is impossible. The data is of course much more secure because of that.

Therefore, the next paragraph, which is a standard part of the University of Warwick privacy notice, does not apply, and is included for completeness. 

Under the UK GDPR and DPA 2018 you have a number of important rights free of charge.  You have the right to:

• Be informed of how we collect and use your personal data

• Access your personal data

• Require us to correct any mistakes in the data we hold on you

• Require the erasure of personal data concerning you in certain situations

• Restrict our processing of your personal data in certain circumstances

• Receive your personal data, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations

• Object in certain situations to our continued processing of your personal data or at any time to processing of your personal data for direct marketing; and

• Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.

To exercise any of these rights please contact [email protected]. If a request is made and the request is manifestly unfounded or excessive, the University reserves the right to refuse to comply with the request in these circumstances.

Who to contact and complaints

We hope that our Data Protection Officer (DPO) can resolve any query, concern or complaint you may raise about our use of your personal data on the contact details below:

The DPO can be contacted via email at [email protected] 

Or write to:

The Data Protection Officer

University of Warwick
University House
Kirby Corner Road
CV4 8UW

You also have the right to lodge a complaint with the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

NHS England: National data opt out

As explained earlier, NHS England provide information to the University via a data sharing agreement. NHS England hold the names, NHS numbers, and other identifiers for the UK population generally. You can opt out of NHS England providing the University with cancer registration and cause of death information. The University remain unable to identify you by name. 

If you think you may be part of this cohort and do not want your data to be used in this research, please contact NHS England national data opt out program at National data opt-out - NHS Digital. 

Changes to this privacy notice

This privacy notice is effective from 15th November 2023, and is reviewed when necessary. Any changes will be published here.