Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

Accept all cookies Reject all non-essential cookies Find out more

Data Protection Information

This page explains how data about ASCEND PLUS participants is processed.

If you are considering joining the trial, you should read this page alongside the main Participant Information page.

How was data about me used to invite me to take part in ASCENDPLUS?

After researchers from the University of Oxford were granted permission to carry out the ASCEND PLUS trial, we requested a computer search of your electronic medical record held by NHS Digital. This indicated that you might be able to take part. The study invitation letter was produced, printed and mailed by Paragon Customer Communications Ltd who also handle patient letters for the NHS. Your name, address, and postcode were passed securely to Paragon Customer Communications Ltd who will not use this personal data for any other purpose and will delete the data within 30 days of sending this invitation letter. 

Your details are not disclosed to the ASCEND PLUS team at the University of Oxford unless you send the reply form to them.

If you return the reply form to the ASCEND PLUS team, this includes your name and the details you add, such as your telephone number and e-mail address. The bar code in the reply form contains a unique identifier which the ASCEND PLUS team can use to find out your details from NHS Digital. The ASCEND PLUS team also securely sends this code to NHS Digital who provide your name, address, sex (as registered with the NHS), date of birth, NHS number and GP surgery details.

This process has support from the Health Research Authority (HRA) who followed advice from the Confidentiality Advisory Group (an independent body which provides expert advice on the use of confidential patient information).

You can choose whether the NHS uses your data for research and planning at https://www.nhs.uk/your-nhs-data-matters/.

Who is responsible for my data?

For the conduct of this research, the University of Oxford is the ‘Data Controller’ for this information. This means that the University of Oxford is responsible for looking after your data collected about you for ASCEND PLUS and using it properly. 

how will data about me be collected if I decide to join the study?

As well as the information you provide in the online questionnaires, or telephone or video calls, the study team will receive information about your health from your doctors, health registries and NHS bodies such as NHS Digital. The ASCEND PLUS team will send your name, date of birth, NHS number and postcode to NHS Digital, or another NHS body, who can link this information to individual participants in the study. This could include health data recorded before you joined the study.

You can find out more about the health data about you provided to the study by NHS Digital and other organisations on our website (www.ascend-plus-trial.org).

At any time, you can contact the study team to withdraw permission for the study to get this information about you (see back page for contact details) but we will keep information about you that we already have.

What are my rights?

The University of Oxford is using your personal data for research purposes. It will only use personal data when needed to undertake research that is being carried out in the public interest. This is known under data protection law as our ‘legal basis’ for processing your personal data (General Data Protection Regulation (GDPR) Article 6(1) (e) and Article 9(2) (j)). This means that when you agree to take part in a research study, we will use your data (including your health data) in the ways needed to conduct and analyse the research study.

We need to manage your records in specific ways for the research to be reliable. This means that we won’t be able to let you see or change the data we hold about you. You can find out more about your data rights under GDPR on the study website (www.ascend-plus-trial.org).

how will teh ascend plus team keep my data safe during the study?

We will protect your personal data against unauthorised access, unlawful use, accidental loss, corruption or destruction. We will use technical measures such as encryption (where the data is scrambled and can only be read by someone who has access to the special code) and password protection to protect your data and the systems they are held in. We will also use operational measures to protect the data, for example by ensuring that all staff are trained on data security.

We keep these security measures under review and refer to University of Oxford Security Policies to keep up to date with current good practice.

how long will my data be kept if I join the study?

The University of Oxford may need to keep the information collected about you for at least 25 years after the end of the study, and perhaps longer if required by the law or other research needs to undertake the ASCEND PLUS study. This is so the results of the trial can be checked by healthcare regulators, such as the Medicines and Healthcare products Regulatory Agency (MHRA), if needed.

 ascend plus data 

The ‘end of the study’ is when the last health information is collected about study participants, which may be 20 years after you complete the scheduled treatment period where you are regularly in contact with the study team. Therefore, the University of Oxford may be required to store data about you collected for ASCEND PLUS until 2075 (see figure). 

who has access to my data during the study?

People in the ASCEND PLUS team will only have access to information that identifies you if they need to (for example to discuss any questions you or your doctors have about the study) or to check the data collection process.

The ASCEND PLUS coordinating team includes employees of the University of Oxford and trained NHS research nurses supported by the National Institute for Health Research working on the study.

Representatives from health care and other regulators (for example the MHRA), and from the company funding the research (Novo Nordisk), may need to look at the data about you during an audit or inspection of the ASCEND PLUS trial.

The ASCEND PLUS team may send details (including title, name, address and email) to other organisations so they can send you letters and emails relating to the study, and to post your study medication to you. These organisations will not be able to use your data for any other purpose and will ensure that your data is protected. You can find a list of any organisations who have received your data on the data protection section of the study website.

will data about me be shared during the study?

Personally identifiable data about you will only be shared with authorised third parties needed to run the study (see previous paragraph), NHS organisations and national registries so that the health data about you can be provided to the study, healthcare regulators (such as the MHRA), and other statutory bodies or Novo Nordisk during an audit or inspection.

‘De-personalised’ data (with identifying information, such as your name, removed) about you may be shared with:

  • healthcare regulators, so they can check the study results;
  • other researchers, so they can find out more about diabetes, and otherimportant health conditions;
  • the pharmaceutical company who are producing semaglutide tablets, Novo Nordisk, so they can find out more about the treatment and other treatments for diabetes and other important health conditions.

De-personalised data has had identifying information removed. However, the information is still about an individual person. It might be possible to re-identify the individual if the data is not adequately protected or if it is combined with different sources. De-personalised data is a bit like the blurred photograph below. If you already knew quite a lot about the individual (for example where the photograph was taken and what they were wearing) it might be possible to identify them, but they are not recognisable just from the photo.

De-personalised data about you will only be shared with legal safeguards to protect the data. A list of all organisations who have received de-personalised individual participant data from ASCEND PLUS is maintained on the study website. De- personalised data may be sent outside the UK. A legal contract will ensure that anyone receiving these data must follow our rules about keeping these data safe.

Complaints

If you wish to raise a complaint about how we have handled your personal data, you can contact our Data Protection Officer at data.protection@admin.ox.ac.uk, who will investigate the matter. You also have the right to complain to the Information Commissioner’s Office (ICO) via https://ico.org.uk/concerns/handling/.

ASCEND PLUS Data Protection Information V1.4 22-NOV-2022 IRAS ID: 1004252