Ellison Oxford Limited Privacy Notice - Research Data

Ellison Oxford Limited hosts a global platform for pathogen analysis and relatedness, using data collated from various sources for research purposes. Although the majority of the data within our Pathogena web portal is anonymised it is possible that some data uploaded by contributors includes patient identifiable information, particularly where there are small populations or unique pathogens are identified.

Ellison Oxford is committed to protecting privacy and respecting rights under data protection laws, and has policies and procedures to protect the privacy, integrity and confidentiality of information and minimise the personal data. The research undertaken by Ellison and its partners and contributors is necessary to protect society and has significant benefits for society as whole. Ellison has steps to ensure that any data processing is incidental, and undertaken in a manner which protects individuals.

The following notice explains how research data is used by Ellison, and the steps we take to mitigate any privacy impacts.

What data do we use and why?

The Pathogena web portal is a repository for data shared by professionals and academics (including doctors or laboratory staff) for research purposes to support the monitoring, identification, tracking and treatment of pathogens. The data may include information about the health condition, diagnosis, treatment, and samples of patients. We use this data to understand and manage pathogens, identify new pathogens, research their behaviour, how they evolve, how to prevent and control them, and what treatment options are available.

Contributing professionals are responsible for ensuring that patient identifiable data and human DNA is removed from datasets prior to uploading into the platform, and for ensuring that individuals have been appropriately informed on the use of their data for research purposes in accordance with their local laws and requirements prior to uploading.

At Ellison, we do not need to have patient identifiable data for our research purposes and take reasonable steps to limit the data to minimise any personal data. To the extent that our platform includes patient identifiable data this is incidental and outside our control. Any incidental data processing undertaken by Ellison through the hosting of the data for pathogen analysis and surveillance is necessary, proportional and conducted in a manner which respects and safeguards the fundamental rights and interests of data subjects.

Information within the Pathogena web portal is only used for our research, and not for other purposes, such as marketing, profiling, or automated decision making. It is accessed by third parties for research and development purposes only.

How do we ensure personal data is protected?

We only use personal data where it is necessary and where we believe that individuals have consented to, or that there is a lawful basis to do so. Contributors are required to obtain appropriate consents or lawful rights for us to use all data which is uploaded to our repository for research. We do not process names, address, or contact details relating to research subjects, but may have information on co-morbidities, location and treatments where this is relevant to the data uploaded into our Pathogena web portal.

We take steps to minimise the amount of personal data that we use for research purposes. Where possible, we use pseudo anonymised data, which means that personal identifiers are replaced with a code or a number that does not directly identify an individual. This code or number can only be linked by the original contributor - all our contributors are responsible for ensuring that the use of data for research is approved and ethical before uploading the data to our Pathogena web portal.

We use appropriate technical and organisational measures to ensure that all the data in the Pathogena web portal (including any incidental personal data) is secure and protected from unauthorised access, use, disclosure, alteration, or loss. We encrypt data during transmission and storage, and we limit access to data to authorised individuals.

Who can access the data in the pathogen portal?

As a global pathogen research project, We collect and share data from academic institutions and researchers around the world. The data we collect may be processed in a different country to its source of origin.

We only share data with trusted partners who have agreed to comply with our conditions on the use and confidentiality of data, and who have signed an appropriate agreement with us, and only where contributors give appropriate permission.

We take reasonable steps to minimise any personal identifiable data, and anonymise our data fields where possible so that the majority of the data that we share does not identify any individual, and the risk to the privacy of individuals is low.

What are your rights and how can you contact us?

To the extent that any data within the Pathogena web portal is personal data, it is solely used for research purposes, and therefore individual rights under the data protection laws are qualified, to ensure the integrity of the research we support. We strive to only use anonymised data to safeguard individual rights and privacy.

If you have any questions or concerns about how we use your data, or if you want to exercise your rights, you can contact us at pathogena.support@eit.org

You should refer all questions over consent and the way your information is used to the organisation contributing the data. You also have the right to lodge a complaint with the data protection authority in your country, if you are not satisfied with how your data is handled.