The Medical Research Council Epidemiology Unit (hereafter referred to as ‘the Unit’, ‘we’, ‘us’ or ‘our’) complies with the requirements of the UK General Data Protection Regulation (GDPR) and UK Data Protection Act 2018 with regard to the collection, storage, processing and disclosure of personal information and is committed to upholding the their core Data Protection Principles. All of the legislation is based around the notions of principles, rights and accountability obligations. The legislation is regulated in the UK by the Information Commissioner’s Office (ICO) as well as the courts.

The Medical Research Council Epidemiology Unit is part of the University of Cambridge. The University of Cambridge thereby acts as the controller and responsible for your personal data. The University of Cambridge Privacy Policy page provides provides further details on their responsibilities and your rights under the Act.

If you have any queries or would like more information, please contact us.

You can also contact the University of Cambridge Data Protection Officer at data.protection@admin.cam.ac.uk

Data we may collect about you

For specific services

Personal information collected on this website (for example through subscription to our newsletter epigram or as part of our research studies) will be used only for the purpose stated and such information will be held for as long as necessary to fulfill the stated purpose. Supply of such information implies consent to the Unit retaining and using the information as stated. Personal information will not be sold or transferred to third parties, except with your explicit consent.

For site security and performance

When you visit our website, we use cookies and page-tagging techniques to collect the request made by your browser to the server hosting the website. This includes your IP address, the date and time of connection, the version of the web browser you are using, and the page you ask for. We use this information to ensure the security of our websites and we delete it after a maximum of 3 months. We may need to use and disclose it as necessary in the event of a security concern or incident.

To improve our service to you

When you visit www.mrc-epid.cam.ac.uk/ we use a third party service, Google Analytics 4, which does not log or store individual IP addresses, to collect standard internet log information and record visitor behaviour patterns. We use analytics to find out how visitors use our website and to improve its usability. The data is anonymised before it is stored and before we see or use it for analytics processing. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our site. For information about how Google Analytics uses your personal information, please see http://www.google.com/intl/en/policies/privacy/ and https://support.google.com/analytics/answer/6004245

To remember marketing preferences

Third-party services that we embed on some of our webpages – such as YouTube videos – may set cookies to measure how you use their services and record what advertising you see during your use of their service. This will only happen if you interact with the embedded content.

What you should expect to happen with the information

The use of your personal information in the ways described above is necessary for the legitimate interests of the Unit in operating and improving this website, analysing its use and ensuring its security.

We are committed to respecting the information you trust us with. We do all that we can to keep your data secure. We have established systems and processes to prevent unauthorised access or disclosure of your data – for example, we protect your data using varying levels of encryption. We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible, both while it’s processed and when it’s stored.

We may need to transfer your personal information outside of the United Kingdom in order to provide you with the services and products you require or as necessary for our legitimate interests. Any such transfers are carried out with safeguards in place to ensure the confidentiality and security of your personal information. Transfers are protected either by ‘adequacy regulations’ issued by the UK Government (declaring the recipient country as a ‘safe’ territory for personal data) or by standard contractual clauses issued by the UK Information Commissioner’s Office (which give obligations for the recipient to safeguard the data).

All the personal data you submit is processed by staff at the MRC Epidemiology Unit in the UK. In addition, subject to your specific consent, data may also be shared with research collaborators in other organisations and their relevant data controllers.