Patient First Research Ltd ("we", "our", or "us") is committed to protecting your personal information and maintaining your trust. This Privacy Policy explains how we collect, use, store, and share your information when you engage with our services, including joining our research panel, taking part in studies, or communicating with our team. We are registered with the Information Commissioner’s Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and international privacy frameworks where applicable. We also align with ISO 27001-level data security principles. As an active member of the British Healthcare Business Intelligence Association (BHBIA) and the European Pharmaceutical Market Research Association (EphMRA), we adhere to their professional standards and ethical guidelines for responsible research conduct, data integrity, and participant confidentiality.
Company name: Patient First Research Ltd Company number: 16530806 Data Protection Lead: Nicholas Wain, CEO Contact email: enquiries@patientfirstresearch.org Phone: +44 (0)1603 555 205
We conduct healthcare research to improve understanding of patient experiences and support better healthcare outcomes. We manage a secure patient panel and match individuals to relevant research opportunities on behalf of trusted healthcare, charity, and industry partners. All of our research activities follow the ethical frameworks established by the BHBIA and EphMRA. These guidelines ensure participant confidentiality, informed consent, transparency, and responsible data handling throughout every stage of the research process. We never sell your data, and we do not use your information for marketing or promotional communications.
We collect both 'voluntarily provided' and 'automatically collected' data to ensure transparency and security. Voluntarily provided data includes information you actively share with us, while automatically collected data (such as IP addresses, cookies, and device identifiers) helps us detect fraud and maintain platform integrity. We collect only the information necessary for legitimate research purposes, including: - Health information (such as diagnosed conditions and treatment experience) - Contact details (name, email address, phone number) - Demographics (e.g., age, gender, region) - Payment information (to issue participation rewards via bank transfer) - Consent records and identity verification details - Technical information such as IP address, device identifiers, and browser information (for security and fraud prevention) All data is provided voluntarily and used only with your explicit consent.
We use your personal data to: - Match you to relevant research opportunities - Administer participation in research studies - Provide payments or charity donations for completed research - Generate anonymised or pseudonymised insights for clients (e.g., research sponsors), ensuring no individual participant can be identified in any client-facing deliverables - Maintain accurate consent and compliance records - Ensure data integrity and prevent fraud or duplicate participation We process payment information securely to fulfil incentive transfers through FCA approved UK and EU payment processors and maintain these records for seven years for audit and tax purposes.
We do not use your data for marketing or unrelated promotional activities.
Anonymised, Aggregated & Synthetic Data Use To support healthcare research, platform improvement, fraud prevention, quality assurance, feasibility analysis, and research methodology development, Patient First Research Ltd may create and use anonymised, aggregated, pseudonymised, statistically transformed, or synthetic datasets derived from broader research participation patterns. This may include: statistical analysis and modelling; trend analysis and forecasting; AI-assisted analytical processes; fraud prevention and quality assurance systems; synthetic data generation; and the development of privacy-enhancing research technologies.
Synthetic data refers to artificially generated datasets designed to reflect broader statistical patterns and trends within research data, without identifying individual participants. These datasets are designed to minimise the risk of identifying individuals and are not used to make automated healthcare decisions about participants. We do not sell identifiable personal information, and we do not use synthetic or transformed datasets to attempt to re-identify individuals.
Any such activities will continue to operate in accordance with: UK GDPR, the Data Protection Act 2018, ICO guidance, and applicable healthcare market research ethical frameworks, including BHBIA, EphMRA, and MRS standards.
We may share limited personal information with trusted service providers to support our operations. These include: - Custom built in-house platform– for research study administration and survey management - Twilio – for research study email and SMS communication - Cloud storage provider (such as Dropbox, Google Workspace, AWS or OneDrive) – for secure hosting, file storage and backup Revolut (An FCA approved UK regulated bank) – for secure incentive payments and bank transfers - GBG – for identity verification and fraud prevention. You can review GBG’s Privacy policy here. - Verisoul - for behavioural fraud detection and duplicate prevention. You can review Verisoul’s Privacy policy here.
Some providers may process data outside the UK/EU, including the United States where applicable. Where this occurs, we ensure compliance through the use of Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) to guarantee equivalent safeguards.
All processors operate under strict contracts and Data Processing Agreements (DPAs) and must maintain ISO 27001-level security or equivalent.
Your information is stored securely within the UK and EU. We use encryption (in transit and at rest), multi-factor authentication, and access controls to protect your data from unauthorised access, loss, or misuse. Only authorised staff and partners who need the data to perform their duties can access it.
We retain personal data only for as long as necessary to fulfil research or legal obligations. For example: - Payment and accounting data: retained for 7 years (for legal/tax purposes) - Consent forms and research participation records: retained for up to 10 years where required for audit, client verification, and in line with industry standards (including BHBIA and EphMRA guidelines) - Anonymised data: may be retained indefinitely for statistical or research purposes
If Patient First Research Ltd is ever acquired, merged, or undergoes a restructuring, any personal data held may be transferred to the successor entity under the same lawful basis and protections. This ensures data continuity and compliance with applicable privacy regulations, while maintaining transparency and safeguarding participant information.
Data Minimisation & Privacy Protection: Where anonymised, aggregated, statistical, or synthetic datasets are created, we implement reasonable technical and organisational safeguards designed to reduce the risk of re-identification, misuse, unauthorised access, or disclosure. We regularly review our processes and data handling practices to support ongoing privacy, confidentiality, and ethical research standards.
Under UK GDPR (and equivalent EU and international laws), you have the right to: - Access the personal data we hold about you - Request correction of inaccurate data - Withdraw consent or request deletion of your data - Restrict or object to certain processing - Receive a copy of your data in a portable format - Request restriction of processing or object to automated decision-making or profiling - Lodge a complaint with the ICO or relevant data protection authority To exercise any of these rights, please contact us at enquiries@patientfirstresearch.org. We aim to respond within 48 hours.
Our website uses cookies to improve functionality and user experience. Cookies help us understand how visitors use the site and enable features such as secure login or remembering preferences. We also use security and analytics cookies (such as Google Analytics) to detect fraud and optimise performance. You can manage or disable cookies through your browser settings at any time. A detailed Cookie Policy is available on our website.
We rely on the following lawful bases under UK GDPR: - Consent: when you voluntarily provide health or personal data to join our panel or participate in studies (Article 9(2)(a) for special category data). - Contractual necessity: when processing is required to administer your participation in research studies and to process payments. - Legitimate interests: for securely managing, improving, and auditing research operations, including fraud prevention, platform security, and data quality assurance.
If you have concerns about how we handle your data, please contact our Data Protection Lead: Data Protection Lead Nicholas Wain, CEO Patient First Research Ltd Email: enquiries@patientfirstresearch.org Phone: +44 (0)1603 555 205 You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or, if you are based in the EU, your national Data Protection Authority.
We may occasionally update this Privacy Policy to reflect changes in our services or legal requirements. If we make significant updates, we will notify you directly via email or upon next login. The latest version will always be available on our website and marked with the effective date above. Patient First Research Ltd Advancing Care Through Research — Connecting Patients, Charities, and Researchers.
This website use cookies to help you have a superior and more relevant browsing experience on the website.
