What personal data do we collect?
The Research app will not collect any personal data. The only piece of data that is going to be collected and stored is;
- Full night audio file(s).
- A unique code generated by PFLH and given to you by the NHS research nurse. The access code is solely provided for validation reasons.
- The production name of the model of your smartphone. This piece of information is needed to determine the sensitivity of the smartphonemicrophones.
How do we obtain the data?
When you download, install and use the Research app.
For how long do we store and process your data?
Data deriving by the Research App will be stored for as long as needed by the research process, which is expected to be at least 10 years due to the cumulative and evolving nature of the research. After 10 years the need for continued retention of the data will be reviewed annually by the Sponsor’s data Manager and when the research need ends, the deletion of the data will be checked and verified by the Sponsor’s Data manager.
Who is processing your data?
The audio data will be processed by the PFLH research team and their research partners. For this research regarding data processing deriving from the Research mobile app, research partner is the University of Sheffield.
Our Research partner will only have access to data required to undertake research and will have access to anonymised data only.
How do we use your data?
- To improve our sleep disorder breathing detection algorithms and consequently our services provided through our Research app and our Sound Sleep app.
- To create new sleep disorder breathing algorithms that will be able to detect apnoeas and hypopnoeas during sleep.
Where is data processing going to take place?
Your data will be stored in Google Firebase servers. The data may be stored in servers based in the US. However, this is compliant with NHS standards as data must only be hosted within the UK-EEA or in the US which is covered by Privacy Shield. You can get more information about NHS and cloud storage here;
Processing of your data by PFLH oand our research partners will be performed in the UK.
Security of your data
At PFLH we take your data and its security very seriously. For storage of your data we are using certified and secure cloud solutions such as Google Firebase which is using standardised protocols for data encryption in transit and at rest. You can get more information regarding Firebase compliance with GDPR here;
All recordings will be treated by PFLH and its research partners confidentially.
Due to the fact that no User ID will be linked to personal identifiable information such as name, surname, age, gender, recordings will not be able to be associated with any individual.
In the unlikely event that during any stage of the data analysis lifecycle is found by PFLH or its research partners that a recording contains any personal identifiable information, the audio file will be deleted from the database and all stakeholders involved in the analysis will be informed to delete the audio file from their databases as well.
Lothian.BRAHMSstudy@nhs.netFor the users recruited by and for PFLH outside the NHS, if you have any queries or doubts related to your data and how they are handled, stored or processed, or you want to withdraw your consent, you can contact Data Protection Officer by email:
When contacting the Data Controller’s Representative or Data Protection Officer at PFLH, you will need to provide information that will help the Data Controller’s Representative or the Data Protection Officer at PFLH to confirm your identity (such as your email and the access code provided to you by the NHS Research nurse or a PFLH employee or Acumen Fieldwork Manager).
Your right as a user
In accordance with the General Data Protection Regulation (GDPR), the Data Protection Act and Privacy of Electronic Communication Regulation, you as a user have the right to access, delete, rectify and move your data.
If you do not want your data to be processed anymore, you as a user have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. It is important to understand that if you, as a user, revoke your consent, your data will be permanently deleted from all the servers that are stored and this action cannot be reversed.
If for any reason after you have raised with the Data Controller’s Representative any concerns regarding your data, you are not satisfied with how your data are stored and processed, you have the right to lodge a complaint with the supervisory authority. In the UK the supervisory authority is the Information Commissioner’s Office.
This policy will be updated from time to time to ensure it remains up to date and reflects how and why we use your data based on new legal requirements.