Last Updated: 07/02/2025
We may revise this Privacy Notice from time to time. Any changes we may make to our Privacy Notice in the future will be posted on this page.
This Privacy Notice applies to patients, visitors, staff members, recruitment candidates, clinicians/consultants, contractors/agency staff, suppliers and visitors to the Clinical Research Solutions Ltd website. It sets out your rights under the UK General Data Protection Regulation (also known as the UK-GDPR, supplemented by the Data Protection Act 2018).
This Privacy Notice states how Clinical Research Solutions Ltd collects, uses, retains, and discloses your personal information (information that identifies you and is about you), also known as personal data.
Clinical Research Solutions Ltd (also referred to as "we", "us", "our" in this Notice) is a leading private healthcare organisation working across the UK, delivering healthcare research solutions for both NHS and private organisations. Our purpose is the advancement of healthcare through assisting with clinical research. We do this by providing a personal approach to our clients.
We are incorporated in England and Wales with the registered number 15260788 whose registered office is at Middleton House Yapton Road, Middleton-On-Sea, Bognor Regis, England, PO22 6DU.
The Data Protection Authority is the Information Commissioners Office (ICO) based in the UK.
To ensure that we process your personal information fairly and lawfully we are required to inform you about:
Within this policy we describe instances where Clinical Research Solutions Ltd is the "Data Controller" (the organisation which decides what information we collect and how it is used), and where we direct or commission the processing of data to help deliver better healthcare, or to assist the management of healthcare services.
There may be situations where Clinical Research Solutions Ltd processes personal data on the instructions of another organisation (i.e., when Clinical Research Solutions Ltd is acting as a "data processor"), but in those circumstances our use of data would be governed by that organisation.
At Clinical Research Solutions Ltd we recognise the importance of protecting personal and confidential information in all that we do, all we direct or commission, and ensure that we meet our legal duties.
We only collect and use your personal information according to the legal bases defined in the UK-GDPR and for the lawful purposes of administering the business of Clinical Research Solutions Ltd. The legal bases are as follows:
| Reason for Processing | Legal Basis for Processing |
|---|---|
| Accounting and auditing | Compliance with legal regulations |
| Advertising and PR | Consent |
| Conducting analysis and research activities | Consent |
| Consultancy and advisory services | Performance of a Contract |
| Education and training for staff members | Legitimate interest – we need to ensure that staff have the correct competency to fulfil their role |
| Employment and staff administration | Performance of a Contract |
| Healthcare administration and services | Performance of a Contract |
| Invitation to meetings and other events | Consent |
| Medical records management | Compliance with legal regulations that apply to us and our contractual duties |
| Third party delivery of services | Performance of a Contract |
Please note that should your relationship with Clinical Research Solutions Ltd change, the legal basis under which we hold your data may also change.
We process personal information to enable us to support the provision of healthcare services to patients, maintain our own accounts, promote our services and to support and manage our employees. We also process personal information about healthcare professionals who deliver services within Clinical Research Solutions Ltd.
| Type of Personal Information | Individual Group the Information May Apply To |
|---|---|
| Personal identity – title, name, marital status, date of birth, National Insurance number, NHS number | Patients, visitors, staff members, recruitment candidates, clinicians/consultants, suppliers, agency staff/contractors |
| Contact details – addresses, landline telephone & mobile numbers, email address | Patients, staff members, recruitment candidates, clinicians/consultants, suppliers |
| Family details – next of kin names, addresses and telephone numbers, relationships to next of kin | Patients, members of staff, consultants |
| Financial details – such as bank sort code/account number, payment card number | Staff members, suppliers, clinicians/consultants, agency staff/contractors |
| Employment details – such as salary, annual leave, pension, benefits, discipline and grievance, payroll, tax information, performance data, occupational health data and security clearance data | Staff members, clinicians/consultants, contractors |
| Education and training such as training records, qualification verification, employment history and CVs | Staff members, clinicians/consultants, recruitment candidates |
| Health record | Patients |
| Lifestyle and social circumstances such as questions about smoking, drinking and general lifestyle | Patients |
| Responses to surveys | Patients, staff |
We also process special categories of information for patients & staff, which may include:
We process your information for a number of different purposes which are necessary to:
Clinical Research Solutions Ltd is the data controller for our electronic Patient Administration System. This system holds personal details of all patients that have been referred via third party medical organisations (private consultants) and other third-party referrals.
The information held on these systems is used primarily for the purpose of administering healthcare services; it may however be used for other non-health related purposes and shared with statutory bodies/organisations to enable them to fulfil their statutory obligations. We may also use the information within the administration system for statistical analysis to see how the organisation is performing with respect to business targets and objectives and quality of care.
The information will only be shared with other organisations where there is a statutory or contractual obligation to do so, or with the agreement of the Clinical Research Solutions Ltd, Caldicott Guardian and Data Protection Officer.
We may keep your information in a written form or on a computer. Whenever possible all information that identifies you will be removed.
Your personal data may be used to:
We may disclose your personal information for a number of reasons (to the extent necessary). This can be due to:
In fulfilling our obligation to provide services (healthcare and other services) we may share your data with the following:
From time to time, we may wish to contact you with information about our products, services, or events that we believe may be of interest to you. You have the right to opt out of receiving such marketing communications at any time. If you no longer wish to receive marketing emails, you can unsubscribe by following the instructions provided in the email or by contacting us directly.
We may from time to time be required to share your information with other service providers who are outside the UK. The sharing of your information with these providers is necessary in order to provide the necessary medical service. The transfer of personal data internationally will be conducted with the appropriate legal mechanisms in place, such as an International Data Transfer Agreement or Special Contract Clauses or recognised organisations who comply with the US Data Privacy Framework if based in the USA.
We will use technical and organisational measures (TOMS) to safeguard your Data. For example, access to your account is controlled by a password and a username that is unique and we store your Data on secure servers.
Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately.
We may also use two factor authentication if the systems we use require it.
We will keep your personal information in accordance with our Information Retention Policy and for only as long as is lawfully necessary to conduct our business with you, and/or in accordance with our legal obligations for data retention. We also recognise the NHS Records Management Code of Practice.
The UK-GDPR provides a number of rights over your data, subject to certain criteria being met. These are:
Right of access to your personal information and supplementary information (for example your medical record). Once we have received your request, we will respond within a calendar month. This information will be sent to you free of charge.
Right to rectify/amend your personal information if it is incorrectly recorded. You have the right to question any information we hold about you that you think is wrong, out of date or incomplete. If you do, we will take reasonable steps to check its accuracy and correct it.
You have the right to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information if it is no longer needed for the purpose for which it was collected or otherwise processed. This is known as the 'right to erasure' or 'right to be forgotten'.
Right to restrict the use of your personal information if:
You have the right to get copies of your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information to other organisations.
It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period for which we hold it.
Clinical Research Solutions Ltd is not a public authority and is not governed by the Freedom of Information Act.
This Website may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. You are advised to read the privacy policy or statement of other websites prior to using them.
We may revise this privacy policy from time to time. Any changes we may make to our privacy policy in the future will be posted on our website (this page). The policy was last updated on 07/02/2025.
Questions, comments, and requests regarding this privacy policy are welcomed. Please contact our Data Protection Officer via our contact page on this website.
If you are not satisfied with our response or the way we are processing your personal information you can contact the Information Commissioner's Officer (also known as the ICO) at www.ico.org.uk. The ICO is the statutory body which oversees data protection law in the UK.