Participant Privacy Notice

Last updated on 22 September 2023.

Provided as required by the UK Data Protection Act 2018 and General Data Protection Regulation (UK-GDPR). Please take time to read the following information carefully before deciding whether you wish to take part. If there is anything that is not clear or if you would like more information, feel free to contact us.

Data Controller

Edinburgh Napier University.

Purposes for data collection/processing

The aim of the Digital Health for Heart Health PSP is to identify the unanswered questions about the use of digital technology in the prevention and management of heart conditions and heart disease from a patient, carer, and clinical perspectives.

Legal Basis/es for data collection/processing

Art 6(1) (e), performance of a task in the public interest/exercise of official duty vested in the Controller by Statutory Instrument No. 557 (S76) of 1993 as amended, e.g., for education and research purposes.

Where sensitive personal data is being processed the additional bases from Article 9 is:

Art 9(2)(j) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

Please note that we are not relying on consent as a basis for processing under the GDPR, and our legal basis for processing is therefore distinct from the research ethics-related use of consent in this study. 

What type/classes/fields of information are collected?

Two online surveys will be used to collect uncertainties (text responses), regarding the use of digital technology in the management of cardiovascular disease (e.g. are health apps able to monitor X condition).

Personal Information from anonymous participants: current country of residency, current cardiovascular health and or relation to cardiovascular health, gender, race, age and urban/rural classification will be collected as part of the survey. This information is collected to ensure the project is reaching underserved groups. This information will not be analysed after data collection.

Email address and telephone number will be taken from survey participants who agree to participate in a priority setting group workshop later in the project.

Who is the information being collected from?

From participants filling out the survey.

How is the information being collected?

The information is being collected through two surveys on this website.

Is personal data shared externally?


How secure is the information?

For services provided locally by Edinburgh Napier University Information Services, information is stored on servers located in secure University datacentres. These datacentres are resilient and feature access controls, environmental monitoring, backup power supplies and redundant hardware. Information on these servers is backed up regularly. The University has various data protection and information security policies and procedures to ensure that appropriate organisational and technical measures are in place to protect the privacy or your personal data.

The University makes use of a number of third party, including “cloud”, services for information storage and processing. Through procurement and contract management procedures the University ensures that these services have appropriate organisational and technical measures to comply with data protection legislation. Edinburgh Napier University is cyber essentials accredited.

How long is the information kept for?

All hard copies of surveys will be securely destroyed once electronic versions have been created (within a maximum of 1 month from date of collection).

At the end of the research, anonymised data will be kept securely for ten years and then will be destroyed as per Edinburgh Napier University guidance on the safe disposal of confidential waste. All electronic files containing data will be deleted from the secure university server where the data is held.

Personal data will not be stored for longer than needed (up to a maximum of  1 year). Personal data storage, retention and destruction will comply with UK GDPR regulations.

Will the data be used for any automated decision making?


Is information transferred to a third country? (Outside the EEA and not included in the adequate countries list.)


Who is organising and funding the study?

This project has been organised by Edinburgh Napier University. It is being funded by Edinburgh Napier University and Robert Gordon University.

Information on subject rights and data protection queries:

This information is provided to supplement the University’s main Privacy Notices and it is recommended that appropriate notices are reviewed to provide full information about how the University processes personal data.

You can access all the University’s privacy notices using the following link:

You have a number of rights available to you with regards to what personal data of yours is held by the University and how it is processed – to find out more about your rights, how to make a request and who to contact if you have any further queries about Data Protection please see the information online using the following URL: