Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

Accept all cookies Reject all non-essential cookies Find out more

Privacy Notice for ORION-4 UK participants

Who is responsible for my personal data?

The University of Oxford is the sole "data controller" for the information collected about participants. This means that the University of Oxford is responsible for looking after your information and using it properly.

The study is co-sponsored by the University of Oxford and Novartis Pharmaceutical Corporation (who are providing the ORION-4 study medication, and are responsible for regulatory submissions).

What personal data is collected about me in ORION-4?

Participants in ORION-4 attend regular study visits. During these visits, health and other information about you is recorded on a secure computer system. As well as the information you provide during these study visits, information may be requested from your usual doctors or other sources.

For UK participants, the coordinating centre in Oxford will ask for information about your health from National Data Custodians such as NHS England (previously called NHS Digital), the electronic Data Research and Innovation Service (eDRIS), which is a part of Public Health Scotland, and the SAIL Databank at the University of Swansea. The ORION-4 team sends information such as your name, date of birth, NHS number (or CHI number in Scotland) and postcode to the Data Custodians who can link this information to individual participants in the study.

The following is a list of the types of personal information we may hold about you (including data collected during the trial visits, and through data linkage to electronic health records). This information contains special category data concerning your health:

  • Your name, address, NHS number/CHI number, date of birth, GP, and sex
  • Results from tests done on the blood samples you provided during the study
  • Other information related to your health that you provided at visits during the study
  • Your medical conditions
  • Dates and causes of death
  • Information about hospital admissions and emergency care
  • Information about cancers
  • Information about prescriptions
  • Information about scans you may have had at your hospital

This could include data recorded before you joined the study.

Information is requested from national Data Custodians which can include:

Data about diagnoses and treatments recorded in primary care may also be requested. At any time you can contact the study team to withdraw permission for the study to get this information.

Will my information be kept secure?

We protect your personal data against unauthorised access, unlawful use, accidental loss, corruption, and destruction.

We use technical measures such as encryption and password protection to protect your data and the systems in which they are held.

We also use operational measures to protect the data, for example by limiting the number of people who have access to the databases in which your data is held. And, whenever possible, your personal identifiers (name, date of birth, sex, NHS number or CHI number in Scotland, address, and postcode) will be removed and replaced by a unique trial ID number. Your data is treated in the strictest confidence and is used solely for academic research purposes. No individuals will be identified in any publications arising from this work.

We keep these security measures under review and refer to University of Oxford security policies to keep up to date with current best practice.

Blood samples are sent to a laboratory at the University of Oxford for analysis. They are identified by a unique number linked in the computer to other study information. In the laboratory they are not linked to your name or anything else which could identify you. 

Who has access to my personal data? 

Personal data that directly identifies you (such as your name, address, and date of birth) can be accessed by study staff at your local ORION-4 site.

Personal data which directly identifies you (such as name, address and date of birth) can be accessed by the ORION-4 coordinating team at the University of Oxford. The only people in the ORION-4 coordinating team who will have access to your personal data will be people who need to contact you (for example to rearrange a study clinic appointment or discuss any questions you have about the study). The people who analyse the information will not be able to identify you.

Nurse monitoring staff from the University of Oxford coordinating centre may occasionally ask permission to be present during a clinic visit to make sure the study procedures are being followed.

Relevant sections of your medical notes, and information collected about you during the study, may be looked at, in confidence, by authorised individuals from a local study site, the University of Oxford, Novartis Pharmaceutical Corporation, and regulatory authorities to check that the study is being carried out correctly.

The ORION-4 team at NorthWest eHealth are able to access details of people taking part in ORION-4 at local General Practices in Manchester so they can help with enquiries about appointments and questions about the trial.

National Data Custodians such as NHS England, SAIL and eDRIS will receive information about you as part of the ORION-4 team’s request to link study participants to national electronic health records.

To securely send letters to UK ORION-4 participants and their doctors, the University of Oxford may share participant details with Paragon Customer Communications Ltd who will not use this personal data for any other purpose and will delete the data once the letters have been sent out.

At the end of the study the University of Oxford is contracted to share derived data (i.e. data that you cannot be identified from) with the following collaborators:

  • Novartis Pharmaceutical Corporation for the purposes of conducting regulatory activities and monitoring drug safety. Novarits may also use the data for purposes such as developing new treatments.
  • TIMI Study Group for the purposes of education and research. The TIMI Study group are an academic organisation based at Brigham and Women’s Hospital, Harvard Medical School, Boston, USA.

Derived data (i.e. data that you cannot be identified from) may also be shared with other organisations for the purpose of research and education.

How long is my personal data held by the ORION-4 team? 

The University of Oxford is required to keep the information collected about you for at least 25 years after the "end of the study" and perhaps longer if required by the law or other research needs. The "end of the study" is when the last health information is collected about study participants. This may be many years after the end of the scheduled treatment period when everyone stops the study injections and the main results are analysed.  

What are my data rights? 

The University of Oxford is using your personal data for research purposes, it will only process personal data as necessary to undertake research that is being carried out in the public interest. This is known under data protection law as our “legal basis” for processing your personal data.

 

If you withdraw from the study, we will keep the information about you that we have already obtained. You have the right to ask us to remove, change or delete data we hold about you for the purposes of the study. We might not always be able to do this if it means we cannot use your data to do the research. If so, we will tell you why we cannot do this.

If you would like to find out more about the use of confidential data in research, the HRA has developed a general information leaflet which is available at: https://www.hra.nhs.uk/planning-and-improving-research/policies-standards-legislation/data-protection-and-information-governance/gdpr-guidance/templates/template-wording-for-generic-information-document/

Changes to this Privacy Notice

We reserve the right to update this privacy notice at any time.

Complaints

If you wish to raise a complaint about how we have handled your personal data, you can contact the University of Oxford Data Protection Officer (data.protection@admin.ox.ac.uk), who will investigate the matter. If you are not satisfied with our response or believe we are processing your personal data in a way that is not lawful you can complain to the Information Commissioner’s Office (ICO) by visiting their website at https://ico.org.uk/make-a-complaint/ or by calling their helpline on 0303 123 1113.

contact us

ORION-4, Clinical Trial Service Unit (CTSU), Richard Doll Building, University of Oxford, Roosevelt Drive, OXFORD, OX3 7LF, United Kingdom

UK phone: 0800 585 323 E-mail: orion4@ndph.ox.ac.uk

 

Version 1.3 20-Feb-2026