This policy also outlines the ways in which we, at Cochrane UK, protect the data we collect from you in relation to activities and services we deliver.
Cochrane UK ("Cochrane UK", "we", "us") is committed to protecting the privacy and security of those whose personal data we process. We acknowledge the need to protect personal data that is collected by or disclosed to us and to manage it in accordance with the Data Protection Act 2018 and EU General Data Protection Regulation 2016/679 (GDPR).
Please read this policy carefully to understand how we collect and use (process) your personal data during and after your relationship with us, in accordance with applicable Data Protection Laws.
We will review this Privacy Statement regularly to comply with our legal obligations. We will notify you of any important changes, but please check back for updates at any time.
Cochrane UK is funded by the UK Government through the National Institute for Health and Care Research (NIHR). Cochrane UK is a regional centre within Cochrane, supporting Cochrane activities in the UK. Cochrane is a global independent network of researchers, professionals, patients, carers, and people interested in health. Cochrane’s work is recognized as representing an international gold standard for high-quality, trusted information.
As a data controller, we have legal obligations to ensure that we only use your data in a fair, transparent and secure manner. If you have any questions regarding this privacy notice, our use of your data or wish to exercise any of your legal rights under data protection law, please contact firstname.lastname@example.org
When do we collect your personal data?
We collect personal data when you interact with Cochrane UK. We make it clear when and why your data is being collected. In most cases, the personal data that we process will be provided by you. This includes details provided when:
- Accessing websites we administrate (including uk.cochrane.org; Evidently Cochrane; Students 4 Best Evidence)
- Filling in a form on our website
- Signing up for a newsletter
- Attending an event we organise (for example, training or conferences)
What data do we collect?
The information below relates to the Cochrane UK website: uk.cochrane.org (which is owned by Cochrane) as well as any Cochrane UK activities.
Please see our separate Privacy Policies for Evidently Cochrane and Students 4 Best Evidence. We also have separate Privacy Policies for events we run in collaboration with Cochrane. For example, the 2023 Cochrane Colloquium.
On the Cochrane UK website, and for any Cochrane UK activities, we collect the minimum personal data required:
- Visitors to Cochrane websites, including uk.cochrane.org
- Cochrane UK event participants and visitors to our office
- Cochrane UK newsletters
- Cochrane UK online Review Author training
- Cochrane UK webinars
- We collect details including basic personal data. This may include your name, email address, geographic location, and affiliations. Cochrane UK uses Zoom or Teams to host online training events and meetings. By attending webinars or meetings on these platforms you are agreeing to their respective Privacy Policies. We may use other third parties (and data processors) such as Slido and MentiMeter, for example, to facilitate Questions and Answers during online sessions, as well as for the purpose of seeking feedback, such as SurveyMonkey. Please note that participation is optional and voluntary. By participating you are agreeing to their respective Privacy Policies.
The accuracy of your information is very important to us. If you would like us to update your personal information, please get in touch with us at email@example.com
How do we use your personal data?
We use your personal data to give you the information or services you ask for. We can also use your personal data for administrative purposes, to let you know about Cochrane UK activities. We will only use your data within Cochrane UK for the purposes for which it was obtained. We do not use automated decision-making processes. We will only use your personal data when the law allows us to. This is likely to be limited to the following examples:
- To provide the services that you have requested. For example, to enrol you to attend training or an event we have organised
- For our own internal record keeping where there is either a legal requirement for us to do so or where it is in our legitimate interest
- To send you newsletters and other communications promoting our work where you have consented to this or where it is necessary
Disclosure: Do we share your personal data?
Cochrane UK will not share or sell your personal data with any third party for marketing purposes and you will not receive offers from other companies or organizations as a result of giving your details to us. We do not share your personal data with third parties unless we have your consent or are required to do so by law.
We may pass your information to third-party service providers and other associated organizations for the purposes of completing tasks and providing services to you on our behalf. When using third-party service providers we only disclose the personal data that is necessary to deliver the service. Where relevant, Cochrane has contracts in place that require them to keep your information secure and prohibits them from using your data for their own purposes. All contractors are subject to a duty of confidentiality. Third parties (and data processors) may include: the CRM provider for Cochrane websites (including the Cochrane UK website); web hosting company; and email marketing platform (Mailchimp).
How do we protect your personal data?
We take appropriate measures to ensure that we keep your data secure. Cochrane undertakes regular IT security and data protection auditing to ensure their systems (including the Cochrane UK website) meet the expectations of the law and those of our clients. All Cochrane UK staff undertake annual, mandatory training in Information Governance and Data Security.
Transfers of data outside of the EEA
We may transfer your personal information to third-party data processors who are based in countries outside the European Economic Area (EEA). We use some US-based companies that provide IT and communications services such as Mailchimp and SurveyMonkey. We only use US-based organizations that have signed up to the EU Contractual Clauses scheme. We will not transfer your information to any processors based in other countries outside the EEA unless there is a European Commission adequacy decision for the specific country to which the data is transferred, or where we can be certain that there are adequate safeguards provided for your information and individual rights standards that meet the GDPR requirements.
How long do we keep your personal data?
We will retain your personal data as long as necessary to provide the services which you have requested, or where we have another legitimate and lawful reason to do so. These data will be stored securely. We may need to retain some information to comply with our legal obligations such as financial and accounting records. In most cases, we will delete your data 7 years after your last transaction with us.
What are your rights in relation to your personal data?
- Ask us to correct your personal data if the information is inaccurate, out of date or incomplete.
- Ask us to provide a copy of the data we hold about you.
- Withdraw your consent at any time, if we have asked for your consent to process certain data. You can also ask us to stop processing the data if we have no other legitimate reason for doing so.
- Ask us to delete the data we hold about you.
To exercise any of these rights or if you have any questions about our Privacy Notice please contact firstname.lastname@example.org
While we hope to be able to resolve any concerns you have about the way that we are processing your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been processed in a way that does not comply with the GDPR or you have any wider concerns about our compliance with data protection law. You can do so by calling the ICO helpline on +44 303 123 1113 or via their website.
Cookies are small files of letters and numbers that we store on your browser or the hard drive of your computer. We use the necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it, but we won't set these optional cookies unless you enable them.
Our websites ask you to consent before we place cookies on your machine. You can always change your cookie preferences at any time by clicking on the ‘Cookies settings’ link in the footer of every page. Alternatively, most web browsers allow some control of most cookies through the browser settings. Please refer to the help information contained in your browser or search the internet for ‘How to disable cookies’.
We keep our privacy notices under regular review. This notice was last updated on 31 March 2023.