NORTHERN IRELAND CANCER REGISTRY PRIVACY NOTICE

The Northern Ireland Cancer Registry (NICR) and Queen’s University Belfast (“we”, “us” and “our”) are committed to protecting your personal data. The notice is addressed to individuals who, following a diagnosis of cancer or a premalignant condition, have been added to the NICR, (“you” and “your”). This Privacy Notice tells you why we need to collect personal information about you, what we will do with it, and how we will look after it. It also tells you about your legal rights in relation to your Personal Data. If you have any questions about this privacy notice, please contact us. Contact details are provided below.

WHO WE ARE

• The NICR is a confidential record of patients diagnosed with cancer in Northern Ireland since 1993. It is held securely and confidentially at the Centre of Public Health, Queen’s University Belfast and is funded by the Public Health Agency (PHA).  The NICR is responsible for the production of Official Statistics on cancer incidence, prevalence and survival in Northern Ireland and provides evidence to help inform decision making about

HOW YOUR PERSONAL DATA IS COLLECTED

• The NICR collects a limited amount of information on everyone in Northern Ireland diagnosed with cancer or a premalignant condition. This includes information about the diagnosis, treatments received and outcomes. We receive information about you, such as your name, address, date of birth, health and care number, etc. This is known as your “Personal Data”. We may also receive some special categories of information (for example details of your ethnic status and religion, as well as health related data). This is known as your “Sensitive Personal Data”. The NICR receives “Personal Data” from a range of sources, namely Health and Social Care (HSC) organisations and other statutory bodies.

HOW WE USE YOUR PERSONAL DATA

• We use your Personal Data and Sensitive Personal Data in the following ways:

• To evaluate trends in cancer incidence, prevalence, survival and mortality in Northern Ireland including the publication of official statistics.
• To undertake and assist audits of cancer treatments, services and outcomes, and recommend improvements in cancer services where appropriate.
• To facilitate planning of cancer services for prevention, diagnosis, cure and care.
• To promote professional and public awareness about cancer.
• To carry out and support public health or clinical research.
• To provide appropriate information on cancer for ad hoc queries.

LEGAL BASIS FOR COLLECTING AND USING YOUR PERSONAL DATA

• We will only use your Personal/Sensitive Personal Data if we have valid reasons for doing so. These reasons are known as our “legal basis for processing”.

The legal basis for NICR to process your Personal Data is known as ‘public task’, (Article 6(1)(e) of the General Data Protection Regulation (GDPR)).  That means we are using personal information to carry out tasks in the public interest. These tasks include making sure the NICR is accurate and monitoring how cancer changes over time to help inform how diagnostic and treatment services are developed and delivered in Northern Ireland.

The NICR processes your Sensitive Personal Data under GDPR Articles 9 (2):

(i) Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care.

(j) Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1).

WHO WE SHARE YOUR DATA WITH

• In line with our Data Protection Policy and Procedures we can share your information, including Personal Data and Sensitive Personal Data for the purposes set out previously. The NICR has very strict governance procedures in place surrounding the sharing of any data it holds.  Each request for access to data is considered on a case by case basis and assessed to see if an anonymised or aggregate dataset is sufficient.

DATA PROCESSING OUTSIDE EUROPE

• In the unlikely event that we are required to transfer your Personal Data and Sensitive Personal Data outside of the European Economic Area, this would strictly follow the Information Commissioner’s Office policy and guidelines.

HOW LONG YOUR INFORMATION WILL BE KEPT

• We will keep your Personal Data and Sensitive Personal Data in line with our legal and regulatory obligations regarding the retention and destruction of data. All information that is gathered by us as part of our daily operations, will only be retained as long as it still serves the purpose for which it was gathered. We will only keep your information if we need it for one of the reasons described above. We place great importance on the security of the Personal Data that we hold, including the use of physical, technological and organisational measures to ensure your information is protected from unauthorised access and against unlawful processing, accidental loss, alteration, disclosure, destruction and damage.

YOUR RIGHTS

The Data Protection Act 2018 provides you with a number of legal rights in relation to your Personal Data, including your right:

• to request access to your Personal Data;
• to request correction of your Personal Data that is wrong or incomplete;
• to request erasure or the restriction of processing of your Personal Data;
• to request the transfer of your Personal Data in a structured; commonly used machine-readable format;
• not to be subject to automated decision making; and
• to withdraw your consent.
  
  If you wish to exercise any of the rights set out above, or require further information about any of the rights, please contact us (details below).
  
  Where we need to collect your Personal Data, whether for the purposes of providing a service you have requested or under the terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to provide the service or perform the contract. We may, therefore, have to cancel the contract or the service we provide to you but we will notify you if this is the case at the time.
  
  There may also be times where we cannot stop using your Personal Data when you ask us to, but we will tell you about this if you make a request.

CONTACTING US

If you have any questions or comments about this privacy notice, the University’s Data Protection Officer can be contacted at:

Data Protection Officer

Registrar’s Office
Lanyon South
Queen’s University Belfast
University Road
BT7 1NN
info.compliance@qub.ac.uk        

COMPLAINTS

You have the right to complain about how we treat your Personal Data and Sensitive Personal Data to the Information Commissioner’s Office (ICO). The ICO can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

CHANGES TO THIS NOTICE

We may update this Privacy Notice from time to time. We will notify you of the changes where we are required by law to do so.