Who is responsible for my data?
Looking after your privacy and the security of your data is very important to us. Foresight will be responsible for your data and will strictly control who has access to the information you provide us. Any researcher who is granted access will also need to agree to protect your data.
The following sections provide more detail on how your data will be managed.
How will my data be stored?
Your data will be stored and managed securely, in line with data protection laws including the UK General Data Protection Regulation. All the information we collect about you will be encrypted when it is in transit and at rest and stored according to strict security standards.
Your eye scans and health-related data will be de-identified. This means that identifiable data, such as your name, NHS number or address, will be removed from these items and stored securely and separately. Your eye scans and health-related data will be stored in cloud computing services within territories deemed to be adequate by the UK Government, as listed by the Information Commissioner’s Office guidance. Your de-identified eye scans and health-related data could be sent to approved processors outside the UK for analysis, in line with UK General Data Protection Regulation and our Privacy Policy.
Full details of where and how we store your data is available in our Privacy Notice.
Who will have access to my data?
If you decide to join Foresight, we will store the personal identifiable data (such as your name and address) that you provide. A limited number of staff at Foresight will have access to this data so we can maintain contact with you.
Having access to your personal identifiable data also means that we can link your eye scans to health-related records and data from approved partners, including genetic data held by biobanks and data held by the NHS. This helps us build a full picture of your health. To access information about you that is stored by approved partners, we will need to share some of your identifiable data (for example your NHS number, name or date of birth) with them. We will only share what is absolutely necessary to link the data together, and strict controls will be in place to protect your personal data. Before letting researchers see data, we will remove any information that could be used to identify you.
Who has reviewed your research protocol and the way you are protecting my data?
Foresight's full Research Protocol (including even the text on this website) has been reviewed and granted 'Favourable Opinion' by the NHS Health Research Authority's (HRA) Research Ethics Committee - and key information about Foresight's registration is publicly available on HRA's website (REC reference 23/EE/0216).
Foresight Research Ltd. is also registered with the UK Information Commissioner's Office (ICO) (Registration reference ZB585474), the he UK’s independent regulator for data protection and information rights law, responsible for upholding information rights in the public interest.
Registered researchers
Registered researchers conducting studies that only involve data held by Foresight will only be able to access your de-identified data for their research via a highly secure online data storage system.
These secure systems only allow registered researchers to use the de-identified data within them for legitimate research purposes – sometimes conducted by commercial organisations (in which case de-identified data may be made available to commercial recipients). It will never be possible for researchers to download your de-identified data from a secure online data storage system. Some of our charity, academic or industry partners have their own secure data storage systems. They can apply to Foresight to have their systems ‘accredited’. This means that they have strict reviews of their technical, security, operational and data governance processes. If an organisation has an accredited storage system and they have a study approved, they will be able to hold a copy of de-identified Foresight data in their own system to do research. In addition, any researcher or organisation using their own secure data storage system will be reviewed every year to confirm they are still complying with the Foresight terms and conditions.
We will never allow access to your data for anything other than for health research that is for the public good. We will never sell or provide your personal identifiable data for the purposes of advertising or, for example, to insurance companies. Your name and identifiable information will never be used when the findings from any research conducted using Foresight are published and promoted.