Privacy Notice

Introduction 

This privacy notice provides information on how UK Longitudinal Linkage Collaboration (UK LLC) receives, stores and handles the data provided by partner Longitudinal Population Studies (LPS) that is held in our Trusted Research Environment (TRE); and the data we collect about visitors to our website (https://ukllc.ac.uk), people who sign up to our newsletters, and researchers who apply to access data in our TRE. 

This privacy notice is intended to be clear and does not cover every single way we handle your personal data in detail. We are happy to provide further information on request. You can do this by emailing us at info@ukllc.ac.uk.  

The data in the UK LLC TRE is de-identified, preventing anyone from discovering the identity of any LPS participants. At no point in any process do UK LLC staff or researchers see names, addresses or other identifiers (e.g. NHS ID). All staff and researchers are subject to strict user agreements designed to protect the confidentiality of every single participant. 

UK LLC has processes in place to make sure the data is curated and as well-organised as possible. UK LLC only grants access to this processed data, within the TRE, to UK-based approved researchers in order to conduct research for public good. 

UK LLC works with partner LPS and other data owners, such as the NHS, to protect the confidentiality of all individuals whose data is held in our TRE.  

UK LLC contracts Data Processors to process the personal data of individuals who have volunteered to take part in the LPS that have agreed to join UK LLC, in order to fulfil its statutory functions and to operate effectively. All personal data is processed in accordance with the requirements of the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018 (DPA18).  

UK LLC is committed to handling, storing and using your data properly, lawfully and in an ethical way. 

In this privacy notice we will explain: 

  1. Collaborating LPS and their contact details. 
  2. Where and how your data is stored. 
  3. Who the Data Controller is. 
  4. Which sources your data are linked to. 
  5. The legal basis UK LLC has for LPS and linked data owners providing your data for integration into the UK LLC TRE. 
  6. How the design of the UK LLC ensures the confidentiality of your data. 
  7. Who can access and use data in the UK LLC TRE and for what purposes. 
  8. What to expect if you are a participant in a collaborating LPS. 
  9. The organisations with which your personal identifiers are shared. 
  10. How UK LLC uses data provided by visitors to the UK LLC website, people who contribute to UK LLC communication channels, including signing up to UK LLC newsletters, and researchers who apply to access to work in the TRE.  
  11. How long UK LLC will retain your data. 
  12. How you can withdraw consent for UK LLC to hold your data. 
  13. Your rights. 
  14. Changes to our privacy notice. 

Definitions 

We have defined some of the different categories of data and areas of responsibility for the data that we hold:  

  • Personal data – any information that can identify you directly or indirectly (whether itself or when combined with other data), regardless of the format or media on which the data is stored.  
  • De-identified data – information that has had all identifiers removed and that is controlled to the point where re-identification is no longer reasonably likely.  
  • Processing – any activity relating to your personal data including collection, use, alteration, storage and destruction. 
  • Data Controller – a legal organisation that can choose how to process data and has legal responsibility for the data under their control.  
  • Data Processor – an organisation that processes data under the instruction of a Data Controller; they cannot use the data for any other purpose or in a different way. 
  • LPS data – any data collected by UK LLC partner LPS. This can be from questionnaires, interviews, biological samples you may have given (including genetic data from DNA) or from other sources. 
  • Health data – official records collected by the NHS or other professional organisations that are related to your physical and mental health and wellbeing. This will include records from your GP, hospital records, COVID-19 test and vaccination records, prescription data and specialist mental health care records. It may also include data held by the Office for National Statistics. UK LLC will only access structured and coded data; we do not access the free text (detailed doctors’ notes) in your records. 
  • Administrative data – records generated by government departments as part of everyone’s daily life, such as education, employment, and tax and benefits records. 
  • Environmental data – information about the area in which you live or where you spend time (e.g. near a workplace). This can be information about the environment such as air pollution records, how ‘green’ a place is, weather or noise records. It could also be about neighbourhoods and services, such as the distance from your home to the nearest GP or pharmacy, or what the crime rate is in your neighbourhood.  

1. Collaborating LPS and their contact details 

The list of collaborating LPS on the UK LLC website will be updated as additional LPS join UK LLC: https://ukllc.ac.uk/partner-studies/    

2. Where and how your data is stored 

Your data is stored on secure servers controlled by the University of Bristol and physically located at Swansea University (contracted Data Processor to University of Bristol for UK LLC). Swansea University is a UK leader in providing this type of secure research server in the UK and internationally. The servers are managed to Information Security best practice standards (including ISO 27001, which is the global standard for high quality information security) and are regularly audited by IT and security professionals, the NHS and the UK Statistics Authority. 

3. Who the Data Controller is 

The University of Bristol is the Data Controller for UK LLC. The organisation running the LPS (a University or part of the NHS) remains the owner and Data Controller of the LPS data for all other purposes. UK LLC works closely with the LPS to make sure we process the data in the right way. The terms of this are set out in a legally binding contract between the University of Bristol and the organisation running each LPS.  

The University of Bristol can be contacted at: 
Data Protection Officer 
University of Bristol 
Beacon House 
Queens Road 
Bristol BS8 1QU 
Email: data-protection@bristol.ac.uk 

4. Which sources your data are linked to 

Each individual LPS determines which linkages we are allowed to set up. This is based on any permissions LPS participants have set (e.g. through consent or opt-out). Some LPS request we only conduct spatial analysis to postcode level based on their LPS-level practice. Each individual LPS will provide a permissions file so we can apply these preferences accurately. 

5. The legal basis UK LLC has for LPS and linked data owners providing your data for integration into the UK LLC TRE  

Legal basis for UK LLC 

UK LLC is owned by the University of Bristol. The University of Bristol’s enacting legislation includes a remit and lawful basis to conduct research. The legal basis for UK LLC under the UK GDPR and the DPA18 is: 1) Performance of a task carried out in the public interest (Article 6(1)(e) in the UK GDPR); and, for the use of sensitive personal information, 2) Scientific or historical research purposes or statistical purposes (Article 9(2)(j) in accordance with Article 89(1)).  

Legal basis for flowing LPS data into the UK LLC TRE 

LPS that contribute data to the UK LLC TRE have their own legal basis for collecting, processing and sharing their participants’ data for research purposes. This can generally be found in the privacy notice on each LPS’s website. Each contributing LPS needs to provide evidence to UK LLC that they have a legal basis to access these data and to provide participant identifiers to UK LLC’s Trusted Third Party (NHS Digital Health and Care Wales) for linkage. The legal basis for LPS under UK GDPR and DPA18 will typically be: 1) Performance of a task carried out in the public interest (Article 6(1)(e) in the UK GDPR); and, for the use of sensitive personal information, 2) Scientific or historical research purposes or statistical purposes (Article 9(2)(j) in accordance with Article 89(1)). The LPS meet Common Law Duty of Confidentiality either through explicit consent, or through section 251 consent exemptions under the Health Service (Control of Patient Information) Regulations 2002 within England and Wales (Regulation 5 with support from the Health Research Authority’s Confidentiality Advisory Group), or through undergoing public interest test assessments by the relevant UK devolved authorities.  

Legal basis for flowing linked records into the UK LLC TRE 

A valid legal basis needs to be in place to enable government departments to flow data into the UK LLC TRE for research purposes. This basis varies across departments, between health-related and administrative records, and between the UK’s four nations.  

  • NHS data from England 

The Health and Social Care Act 2012 provides a statutory basis for the sharing of health data in England. The linkage and processing of health data in England and Wales is permitted under the NHS Act 2006. To address Common Law, records can be shared using Control of Patient Information Regulations 2002 (COPI). COPI has been implemented for UK LLC under Regulation 3 (for sharing data relating to the pandemic response) and Regulation 5 (for sharing data using Section 251 support of the NHS Act 2006). While some LPS that contribute data to UK LLC’s TRE only use consent to determine inclusion of participants in the UK LLC TRE, other LPS operate a blended s251/consent model. 

  • NHS data from Northern Ireland 

It is UK LLC’s intention to develop governance approvals to allow linkage to Northern Irish NHS records (Northern Ireland Business Services Organisation) and the flow of these into the UK LLC TRE. This work remains under discussion. 

  • NHS data from Scotland 

UK LLC will submit an application to the Scottish Public Benefit and Privacy Panel (PBPP) to allow linkage to Scottish NHS records and the flow of these into the UK LLC TRE.  

  • NHS data from Wales 

The linkage and processing of health data in England and Wales is permitted under the NHS Act 2006. To address Common Law, records can be shared using Control of Patient Information Regulations 2002 (COPI). NHS Wales flows de-identified data into the Secure Anonymised Information Linkage (SAIL) Databank (based on SeRP UK infrastructure at Swansea University) in such a way that it is not Personal Data whilst in the protective controls of the SAIL Databank and SeRP infrastructure. UK LLC has applied to SAIL Databank’s Information Governance Review Panel (IGRP) to extract data into the UK LLC TRE from SAIL Databank (within the Swansea University/SeRP UK system). This linkage is restricted to LPS participants providing explicit consent due to restrictions in the agreements between NHS Wales and SAIL Databank. 

  • Administrative records (UK-wide) 

The Digital Economy Act 2017 (DEA) section 64 provides an appropriate legal basis for administrative (e.g. education, employment, tax and benefits) linkages and data processing. UK LLC is accredited by UK Statistics Authority as a processor under the DEA. This permits UK LLC to flow administrative data into the UK LLC TRE. 

6. How the design of UK LLC ensures the confidentiality of your data 

The UK LLC TRE only contains data that has had all identifiable information, such as name and address, removed.  

The design of the UK LLC TRE means the risk of any person being identified by approved researchers is minimised to the point where it is not reasonably likely to happen. This works by involving our trusted third party, Digital Health and Care Wales (the NHS authority in Wales that processes NHS data for research purposes) and SeRP UK (a part of Swansea University that provides specialist secure computing infrastructure and systems for researchers using linked records).  

Through this separation principle, the full identifiable datasets remain with the data owners (e.g. contributing LPS, the NHS). Digital Health and Care Wales only sees identifiers and UK LLC only accesses de-identified data. This principle has been used for over a decade in the SAIL Databank and is now used in research and statistical settings across the UK (for example, the Office for National Statistics uses this approach for their research datasets). 

Only UK LLC’s staff (at the University of Bristol) and the IT staff keeping the system safe (at Swansea University) have access to all the de-identified datasets held in UK LLC’s TRE. This is necessary for data management and preparation. 

7. Who can access and use data in the UK LLC TRE and for what purposes

UK LLC welcomes applications from any UK-based researcher. They will need to demonstrate that they will be competent and safe users, that their project is in the public good, is not solely run for profit making purposes, and will meet the requirements of the partner LPS and other data owners.  

If approved, the researcher will define the minimum data needed to conduct their research. A research project is defined as a specific research activity addressing a pre-defined purpose. A project may consist of activities looking at a range of questions, but these must all be listed and related to the project theme. All researchers are assessed against the Five Safes framework

Researchers can work for any type of organisation, including Universities, Government and NHS, Charities and Private Sector companies. However, all users must abide by the usage rules and are bound to these by legal contract. We will only approve applications from researchers from organisations that are capable of high-quality public good research. In practice this means that researchers and their organisations need to commit to conducting ‘bona fide’ research as defined by the Medical Research Council and to be ‘Safe Researchers’ as defined by the Office for National Statistics. This is only possible where research is either the main purpose or a substantial sub-purpose of an organisation. 

LPS approve every application to use linked data from their participants, through their established committees and processes. They have the right to approve or reject applications every time. 

We provide a full list of all approved projects, including the lead researcher, who they are employed by, what purpose they have, which data they are using and any research findings. This is available on our Data Use Register. You can also request this by emailing info@ukllc.ac.uk

8. What to expect if you are a participant in a collaborating LPS

UK LLC does not change the participants’ relationships with the LPS . 

Each LPS remains the owner and Data Controller of the LPS data and has ultimate control of how the data is used in the UK LLC TRE. UK LLC (University of Bristol) controls your data in terms of day-to-day processing and curation, establishing the linkages to routine records and integrating the data and the management of approved researchers. 

UK LLC staff are not able to identify any individual from the data held in the TRE. This means staff cannot confirm if any individual’s data is held in the UK LLC TRE. This also means UK LLC is not able to apply opt-out/objection requests from members of the partner LPS. Only partner LPS can tell their own participants if their data is included. 

LPS only provide data on some of their participants. LPS control which datasets their participants’ data are linked to and all participants have the right to opt-out of UK LLC altogether or to opt out of all linkages, or only specific linkages – all participants’ objections are upheld by UK LLC. 

Where participants change their mind (e.g. tell their LPS they do not want their NHS records used, or they want to withdraw from sharing data with UK LLC), this information is regularly communicated to UK LLC and participants’ data will not be used in future research investigations and new data from linkages will not be collected. Where the data is already being used in research projects it is not possible to delete it, but UK LLC will make sure the data is not used in any new projects.

9. The organisations with which your personal identifiers are shared

Digital Health and Care Wales act as Data Processors tasked by UK LLC to securely distribute identifiers to relevant UK data owners, to encrypt the identifiers into a de-identified list of individuals and to manage the encryption keys. This trusted organisation also removes any participants who withdraw/opt-out, removing their information from any linkages from that point on. These updates are made every three months. This process is critical in allowing the UK LLC TRE to function in a de-identified way. 

In turn Digital Health and Care Wales shares identifiers with: 

  • The UK NHS authorities which share records with researchers (including NHS England in England, Public Health Scotland/eDRIS/National Records of Scotland in Scotland, SAIL databank in Wales, Northern Ireland Health and Social Care Honest Broker Service in Northern Ireland). The NHS authorities use these identifiers to find LPS participants’ records within their databases and to extract relevant information from them, de-identify these extracts and make them available to UK LLC for research purposes. This process does not alter the health record (it only takes a copy) and will not impact on service provision. 
  • The Office for National Statistics will use these identifiers to find LPS participants’ records within their databases and to extract relevant information from them, de-identify these extracts and make them available to UK LLC for research purposes. This process will not alter the underlying record (it will only take a copy) and will not impact on service provision. This process will not be a way in which government departments will find out new information about members of the public. 
  • The University of Leicester receives address data or postcode data only (depending on LPS permissions) in order to link to the precise location of the property/postcode and then map information to the property, such as air pollution, noise data, services and the amount of green space around the property. The University of Leicester does not know which address relates to any person or their involvement in any partner LPS. Randomly selected real UK addresses are added to the list to make sure nothing can be inferred from this process. 

10. How UK LLC uses information provided by visitors to the UK LLC website, people who contribute to UK LLC communication channels, including signing up to UK LLC newsletters, and researchers who apply to access to work in the TRE

  • When you visit our website we collect Google analytics.  
  • When you interact with our social channels we collect social media analytics. 
  • When you sign up to our newsletters, we collect your name, occupation, email address and organisation.  
  • When you apply to access data in the TRE we collect a range of information to enable us to check that you are a bona fide UK-based researcher, to complete the required contracts prior to being permitted access to the TRE and to ensure we are able to support all researchers who use the TRE.  

Your information is securely stored.  

11. How long UK LLC will retain your data

UK LLC will hold the partner LPS data for the indefinite future subject to the relevant data sharing contracts remaining in place. This is appropriate and proportionate because UK LLC is for scientific public good purposes and is specifically designed to support longitudinal research that takes place across very long time frames. UK LLC respects the right of all participants to change their mind about how they participate in their LPS or if they want to withdraw. We implement changes to participants’ wishes every three months. 

UK LLC will hold other data in line with University of Bristol’s Records Management and Retention Policy.  

All data will be securely destroyed in line with University of Bristol’s Information Handling Policy.  

12. How you can withdraw consent for UK LLC to hold your data

LPS participants need to contact their LPS to let them know they wish to withdraw consent for UK LLC to hold their data. The partner LPS will then notify UK LLC with this information and the participant’s data will be withdrawn from all future use by UK LLC. Each partner LPS is responsible for their participants’ consent preferences. 

13. Your rights

UK LLC aims to meet the highest standards when collecting and using personal data. We encourage people to tell us if they think that our collection or use of data is unfair, misleading or inappropriate. UK LLC welcomes any suggestions for improving the way it handles personal data. 

The UK GDPR and the DPA18 provide individuals with rights over how their data are used. UK LLC supports these rights, accepts changes where feasible and will always try to respond to concerns or queries that you may have. However, please note that many of these rights do not apply when the data is being used for research purposes. 

Please visit the University of Bristol website pages on fair processing for further information in relation to your rights: http://www.bristol.ac.uk/secretary/data-protection/gdpr/rights-of-data-subjects/  

If you would like to complain about UK LLC’s handling of your data, contact the University of Bristol’s Data Protection Officer via email at data-protection@bristol.ac.uk    

Or by post to: 

Data Protection Officer 
University of Bristol 
Beacon House 
Queens Road 
Bristol BS8 1QU 

If you remain dissatisfied, it is your right to complain directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: 

Information Commissioner’s Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire SK9 5AF 
ico.org.uk 

14. Changes to our privacy notice

Please note that UK LLC (University of Bristol) may change this notice by updating this page. This notice is Version 3 and was updated on 30th November 2023. 

To read the previous version of this privacy notice, please click here

UK Longitudinal Linkage Collaboration 
University of Bristol 
Room G.08 
Canynge Hall 
39 Whatley Road 
Bristol BS8 2PS 
Email: info@ukllc.ac.uk  

UK LLC is run by the Universities of Bristol and Edinburgh, in collaboration with UCL, SeRP UK, Swansea University and University of Leicester. It originated as part of the COVID-19 Longitudinal Health and Wellbeing National Core Study. This work is funded by UK Research and Innovation, the Economic and Social Research Council and Medical Research Council.

UK LLC uses data provided by LPS participants and patients collected through longitudinal studies, or as part of their care and support.