Data Privacy Notice
In compliance with GDPR (General Data Protection Regulation)
Why we have the information provided when taking a test.
Data is collected via the online website and consent forms that we in GFCT and our partner groups use when individuals have a test. The vast majority of the time, this is at one of the organised events facilitated by ourselves or one of our partner groups, such as PCaSO. The individual cannot have a blood sample taken for a test unless they have opened an online account and completed the consent form by answering all the questions, we can then proceed.
This data is then used for creating the blood form and gives permission for the laboratory to carry out the testing procedure. The information is held on a database owned by GFCT and reconciling this information with the results from the designated laboratory that have processed the blood sample and created a PSA result. From the amalgamated information we then inform the gentleman with an online result or a letter (Green, Amber or Red depending on the PSA result and agreed thresholds) or a letter is sent to the individual using the contact information provided. Some of the other information provided may be used to decide whether a different letter (green, amber or red) may be sent. For example, certain medications identified as being used by the individual when inputting their information on line can impact the PSA result and therefore potentially go over a threshold, rendering a different result being received.
What we do with that information
The information is held on a secure server.
Statistics are updated by summarising the event data, not using any of the personal data (e.g. Total numbers of red, amber and green letters for the event).
The red and amber forms are kept as reference when a letter is sent enquiring whether the individual had followed up an abnormal PSA result with their GP (After 6 months for a red letter and 12 months for an amber letter).
Why we keep the information
The information we add to the GFCT database facilitates the sending and retrieval of the result letters and is the legal ground as our legitimate interest to be able to provide this service. This information on the database is kept indefinitely as reference, should the individual have another test with us (Unless we have a request from the individual in writing to remove their personal data).
It is encrypted and kept securely on a server.
Other parts of the service we provide include:
- Providing an 'amber alert' result – If an individual has had a test processed with us before, when the latest test results are added the test results history is referenced to identify if a current green letter threshold may be exceeded in the future based on the trends of an increase in the PSA score. This amber letter identifies the list of previous test results and recommends the individual to have another test to see if the upward trend continues as it may suggest an amber letter in the near future.
- If an individual has a red result and has had a test processed by us before, an information sheet listing all the previous test results is also available on retrieval or can be sent with the red letter. This result is advised to be shown to their GP when they next have an appointment. The online results can also be provided to their GP, using their user name and password to their own PSA on line account.
- An individual may enquire of their history of results at any time, which can be accessed directly from their account. Or alternatively once confirmation is received of the person's details.
- As described previously, a follow up communication is sent to any person receiving a red or amber letter enquiring as to how they have got on with any discussions with their GP and treatments. This is informal and uses the person's name, address, test result and where they had the test from the database. If the person responds (Of which there is no obligation) then the statistics are updated to reflect any treatments the person has advised they are undertaking without identifying the person e.g. a total number of how many who are on Active Surveillance for example.
The database information on the tests may be collectively used for statistical analysis. This data never uses any personal data (e.g. just the test result and age, not relating to name, dob, address or other means). Any data that is forwarded for research purposes is de-personalised e.g. no contact or personal references in the data. This may mean for example numbers of high results in ethnic cohorts.
This data will not be transferred out of the UK and EU.
Contact details from the database may be used to contact individuals to indicate an upcoming testing event in their area or inform them of the work of the charity. This could be via emails based on location and will always have the facility to 'unsubscribe' i.e. to not have their emails used for this purpose again.
The GFCT charity will not provide this personal information to any third party agencies and will also not use personal information to directly contact individuals for any fund-raising or marketing purposes.