Patient First Research Ltd ("we", "our", or "us") is committed to protecting your personal information and maintaining your trust. This Privacy Policy explains how we collect, use, store, and share your information when you engage with our services, including joining our research panel, taking part in studies, or communicating with our team. We are registered with the Information Commissioner’s Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and international privacy frameworks where applicable. We also align with ISO 27001-level data security principles. As an active member of the British Healthcare Business Intelligence Association (BHBIA) and the European Pharmaceutical Market Research Association (EphMRA), we adhere to their professional standards and ethical guidelines for responsible research conduct, data integrity, and participant confidentiality.
Company name: Patient First Research Ltd Company number: 16530806 Data Protection Officer (DPO): Nicholas Wain, CEO Contact email: enquiries@patientfirstresearch.org Phone: +44 (0)1603 555 205
We conduct healthcare research to improve understanding of patient experiences and support better healthcare outcomes. We manage a secure patient panel and match individuals to relevant research opportunities on behalf of trusted healthcare, charity, and industry partners. All of our research activities follow the ethical frameworks established by the BHBIA and EphMRA. These guidelines ensure participant confidentiality, informed consent, transparency, and responsible data handling throughout every stage of the research process. We never sell your data, and we do not use your information for marketing or promotional communications.
We collect both 'voluntarily provided' and 'automatically collected' data to ensure transparency and security. Voluntarily provided data includes information you actively share with us, while automatically collected data (such as IP addresses, cookies, and device identifiers) helps us detect fraud and maintain platform integrity. We collect only the information necessary for legitimate research purposes, including: - Health information (such as diagnosed conditions and treatment experience) - Contact details (name, email address, phone number) - Demographics (e.g., age, gender, region) - Payment information (to issue participation rewards via bank transfer) - Consent records and identity verification details - Technical information such as IP address, device identifiers, and browser information (for security and fraud prevention) All data is provided voluntarily and used only with your explicit consent.
We use your personal data to: - Match you to relevant research opportunities - Administer participation in research studies - Provide payments or charity donations for completed research - Generate anonymised or pseudonymised insights for clients (e.g., research sponsors), ensuring no individual participant can be identified in any client-facing deliverables - Maintain accurate consent and compliance records - Ensure data integrity and prevent fraud or duplicate participation We process payment information securely to fulfil incentive transfers through approved UK and EU payment processors and maintain these records for seven years for audit and tax purposes. We do not use your data for marketing or unrelated promotional activities.
We may share limited personal information with trusted service providers to support our operations. These include: - Zoho CRM – for secure management of client/panellist data - Q One Tech – for research study administration and survey management - Twilio – for research study communication - Cloud storage providers (such as Dropbox, Google Workspace, or OneDrive) – for secure file storage and backup - Research Defender and Yoti – to verify your identity and prevent fraud Some providers may process data outside the UK/EU. Where this occurs, we ensure compliance through the use of Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) to guarantee equivalent safeguards. All processors operate under strict contracts and Data Processing Agreements (DPAs) and must maintain ISO 27001-level security or equivalent.
Your information is stored securely within the UK and EU. We use encryption (in transit and at rest), multi-factor authentication, and access controls to protect your data from unauthorised access, loss, or misuse. Only authorised staff and partners who need the data to perform their duties can access it. We retain personal data only for as long as necessary to fulfil research or legal obligations. For example: - Payment and accounting data: retained for 7 years (for legal/tax purposes) - Consent forms and research participation records: retained for up to 10 years where required for audit or verification - Anonymised data: may be retained indefinitely for statistical or research purposes If Patient First Research Ltd is ever acquired, merged, or undergoes a restructuring, any personal data held may be transferred to the successor entity under the same lawful basis and protections. This ensures data continuity and compliance with applicable privacy regulations, while maintaining transparency and safeguarding participant information.
Under UK GDPR (and equivalent EU and international laws), you have the right to: - Access the personal data we hold about you - Request correction of inaccurate data - Withdraw consent or request deletion of your data - Restrict or object to certain processing - Receive a copy of your data in a portable format - Request restriction of processing or object to automated decision-making or profiling - Lodge a complaint with the ICO or relevant data protection authority To exercise any of these rights, please contact us at enquiries@patientfirstresearch.org. We aim to respond within 48 hours.
Our website uses cookies to improve functionality and user experience. Cookies help us understand how visitors use the site and enable features such as secure login or remembering preferences. We also use security and analytics cookies (such as Google Analytics) to detect fraud and optimise performance. You can manage or disable cookies through your browser settings at any time. A detailed Cookie Policy is available on our website.
We rely on the following lawful bases under UK GDPR: - Consent: when you voluntarily provide health or personal data to join our panel or participate in studies (Article 9(2)(a) for special category data). - Contractual necessity: when processing is required to deliver research participation or payments. - Legitimate interests: for securely managing, improving, and auditing research operations.
If you have concerns about how we handle your data, please contact our DPO: Data Protection Officer Nicholas Wain, CEO Patient First Research Ltd Email: enquiries@patientfirstresearch.org Phone: +44 (0)1603 555 205 You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or, if you are based in the EU, your national Data Protection Authority.
We may occasionally update this Privacy Policy to reflect changes in our services or legal requirements. If we make significant updates, we will notify you directly via email or upon next login. The latest version will always be available on our website and marked with the effective date above. Patient First Research Ltd Advancing Care Through Research — Connecting Patients, Charities, and Researchers.
This website use cookies to help you have a superior and more relevant browsing experience on the website.
