Follow us on
RAND Europe is an independent not-for-profit research institute based in Cambridge, Brussels and Hague whose mission is to help improve policy and decision making through evidence-based research. Our mission is realised by undertaking objective, balanced, and relevant research and analysis.
RAND Europe’s Corporate Privacy Statement which gives an overview of RAND Europe’s practices regarding its collection and use of personal data can be viewed at: https://www.rand.org/randeurope/privacy.html.
RAND Europe is committed to protecting your privacy when we use your personal data. Where the data identifies a person, RAND Europe researchers and anyone working with RAND Europe must comply with the data protection legislation – EU & UK General Data Protection Regulation (EU & UK GDPR) and the Data Protection Act 2018 (DPA).
This Privacy Notice document explains how we process personal data on this project:
This project is an engagement programme to explore views on using genomic information in adults who do not have a known genetic condition. Our part of the work will focus on exploring healthcare professionals’ views. The aim is to learn what healthcare professionals feel would be acceptable and appropriate in healthcare settings, and what support/guidance healthcare professionals might need. In this stage of the work, we are working with Thiscovery to collect data using an online survey. Genomics England will be the Data Controller for this project, RAND Europe are the Data Processors, and Thiscovery are Data Sub-processors under UK GDPR and the Data Protection Act 2018.
Rand Europe's role in this project is as follows:
If either as a Controller or Processor, RAND Europe commissions a Sub Processor, please give details.
Data will be collected from a minimum of 250 people using the survey. We expect to collect data from a maximum of 1500 people, but will not be capping responses received within the time the survey is open.
It is our legitimate interest as detailed in Article 6(1)(f) of the UKGDPR to obtain and retain information on your name, contact information, function (i.e. organisational affiliation and role), as this is necessary to facilitate contact with you and it would be reasonable to anticipate that you expect this.
As your personal details will not be linked to your responses and the findings will be presented in summarised/aggregated form, we have assessed that such use does not affect your rights or freedoms.
The processing of special category data will be based on Article 9 (2)(j) - Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
Personal data will be collected through the online survey where we will request name and contact information (email), job/role, age, ethnicity, and gender.
We are collecting personal data to understand the views of healthcare professionals on the use of genetic information in their role and to facilitate scheduling and running of online workshops with healthcare professionals. Personal data is processed by us to ensure that our research represents the views of a broad cross-section of the HCP population in terms of age, gender, ethnicity and to understand whether/how views differ between HCPs from different backgrounds and with different experience. Information collected during the survey is critical to the conduct of this project as personal opinions of participants provide valuable and nuanced data on the exploration of views on using genomic testing in adults who do not have a known genetic condition. Survey responses will be analysed as part of this project. Aggregate and summarised findings from the survey will be included in outputs from this project, including reports and presentations.
Personal data (name and contact details) will be shared from Thiscovery, the sub-processor, with RAND Europe as part of the survey. Other data will be shared with RAND Europe only in deidentified form. Deidentified data may be shared by RAND Europe with other project partners and Genomics England. Project outputs will be shared with the client (Genomics England) and will be publicly available. Project outputs, including reports and presentations, will not contain personal data and findings will be presented such that they are not attributable to individual interviewees.
RAND Europe will process all personal data in accordance with the Data Protection Act 2018 and EU & UK GDPR 2016 requirements.
RAND Europe has implemented a company wide Information Security Management System (ISMS). RAND Europe is accredited for ISO 27001 certification, Cyber Essentials Plus and is NHS DSP Toolkit compliant. We have a senior management team that supports the continuous review and improvement of the company ISMS.
Data will be held on a server located in RAND Europe’s Cambridge, UK office. Backups taken for disaster recovery purposes will be encrypted and stored in a secure site within the UK.
The research team at RAND Europe has put appropriate security measures in place to keep personal data secure and to prevent any unauthorised access to or use of them. Also, by default, the research team is only granted access to information on a need-to-know basis, not excessive and with all appropriate safeguards in place to ensure the security of your information.
All personal and sensitive data will be deleted within 12 months of project completion (June 2026). Anonymised research data will be stored in line with RAND Europe’s data retention policy.
No.
RAND Europe operates in accordance with the Data Protection Act 2018 and EU & UK GDPR 2016 requirements. You are provided with certain rights that you may have the right to exercise through us. In summary, under the UK GDPR those rights are:
It is important to understand that the extent to which these rights apply to research will vary and that in some circumstances rights may be restricted. If it is considered necessary to refuse to comply with any of your individual rights, you will be informed of the decision within one month. It should also be noted that we can only implement your rights during the period upon which we hold personal identifiable data about you. Once the data has been irreversibly anonymised and becomes part of the research data set it will not be possible to access your personal data.
If you have any questions about the survey or the study, you can get in touch by:
If you wish to exercise any of these rights, or complain about the use of your personal data, please contact the RAND Europe Data Protection Officer:
Please quote the project reference number and project title “Ref: Genomics Engagement Programme (025013.000)” in any correspondence so that we can promptly and correctly associate your request with this study.
Where you request information from us, we will need to confirm your identity to ensure the security of your data. We will endeavour to respond within 30 days, but our response time may vary depending on the complexity of your request/complaint. A fee will not normally be charged unless a request is considered to be without basis, repetitive or excessive. Where we request a fee, it shall always be reasonable.
For independent advice about data protection or to lodge a complaint about how we have handled your personal data, you can contact the Information Commissioner’s Office. You can:
To find out how Thiscovery protects your data, please see their Privacy Notice.