Privacy Policy

The International Glaucoma Surgery Registry is committed to protecting your personal data and being transparent about what we do with it. This privacy policy explains how we use and protect any personal information we collect when you use the registry.

Our responsibilities

The International Glaucoma Surgery Registry is registered as a Data Controller under the Data Protection Act 1998.

One of our responsibilities as a data controller is to be transparent in our processing of your personal data and to tell you about the different ways in which we collect and use your personal data. The registry will process your personal data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 and this privacy notice is issued in accordance with the GDPR Articles 13 and 14.

Our contact details and data protection officer

The registry has appointed a Data Protection Officer. Their postal address is:

Data Protection Officer

International Glaucoma Surgery Registry

145 City Road

Old Street

London EC1V 1AW

United Kingdom

What information do we collect?

We collect information about you when you visit our website and when you interact with the registry. We collect information when you voluntarily complete forms, provide feedback, and submit queries. Website usage information is collected using cookies.

The information is needed to fulfil your request or to enable us to provide you with access to the registry. You don’t have to disclose any of this information. However, if you choose to withhold information, we may not be able to provide you with certain services.

We only process data for specified purposes and if it is justified in accordance with data protection law. Under the GDPR, we have a number of lawful reasons that we can use (or ‘process’) your personal information. One of the lawful reasons is called ‘legitimate interests’. In all cases, we balance our legitimate interests against your rights as an individual and make sure we only use personal information in a way or for a purpose that you would reasonably expect in accordance with this Policy and that does not intrude on your privacy.

We currently collect and process the following information if you contact us or sign up to use the registry:

  • personal identifiers and contacts (for example your name, email address, phone number, address, clinic/hospital name)
  • your Internet Protocol (IP) address and details of which version of web browser you used
  • information on how you use the site (using cookies)
  • how you use our emails, for example whether you open them, and which links you click on

We use Google Analytics software to collect information about how you IGSR.org. Google Analytics stores information about:

  • the pages you visit on IGSR.org
  • how long you spend on each IGSR.org page how you got to the site
  • what you click on while you’re visiting the site

We do not collect or store your personal information through Google Analytics so this information cannot be used to identify who you are.

Anonymised data

For users in the European Economic Area (EEA), no patient identifiers are collected. Patient records are anonymised to protect their identity but allow their records to be updated. No data is collected that contains any strong patient identifier such as name, address, postcode, date of birth, or hospital number. The registry allocates a unique number to each patient (REGID). This REGID is used by the user to allocate later data to the same patient file. The registry cannot identify which patient the REGID refers to. As an additional protection, this REGID is further encrypted at the point of collection using a hash key. This additional protection prevents the potential for the REGID from the research database being taken back to the practice and the database being illegally accessed and the REGID cross referenced back to an individual patient.

Why we need your data

We collect data in order to:

  • process your request for access to the registry
  • allow you to access the registry and use it to analyse your procedural outcomes
  • manage your account
  • respond to questions and queries
  • gather feedback to improve our services
  • send email alerts to users who request them
  • monitor use of the site to identify security threats

We collect information through Google Analytics to monitor how you use the site. We do this to help:

  • make sure the site is meeting the needs of its users
  • make improvements, for example improving site navigation
What we do with your data

The data we collect are shared with the European Glaucoma Society.

We will not:

  • share or sell your data with third parties for marketing purposes

We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.

Researchers whose projects have gone through the process of approval, are given, if appropriate, files that contain subsets of records. These records do not contain a REGID, are anonymised, and will not reveal the identity of an individual patient or registry user. When the database is interrogated for information for studies, the results do not contain any records for individual patients. The outputs are in tables and graphs which we refer to as tabular analyses.

How long do we keep your data

We will only retain your personal data for as long as:

  • it is needed for the purposes set out in this document
  • the law requires us to

We will keep your email data until you unsubscribe. We will keep your feedback data for 2 years.

Children’s privacy protection

Our services are not designed for, or intentionally targeted at, children 16 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 16.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.

All personal data is stored in the European Economic Area (EEA). Google Analytics data may be transferred outside the EEA, but this cannot be used to personally identify you.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data – for example, we protect your data using varying levels of encryption.

All staff receive data protection training, and relevant data safeguards and policies are in place. We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.

Your rights

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information.
  • Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact our Data Protection Officer if you wish to make a request.

Use of cookies

We want to make our service easy, useful, reliable, and secure to use. This sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.

These pieces of information are used to improve services for you through, for example:

  • Enabling a service to recognise your device so you don’t have to give the same information several times during one task
  • Recognising that you may already have given a username and password so you don’t need to do it for every web page requested
  • Measuring how many people are using services, so they can be made easier to use and thereʼs enough capacity to ensure they are fast
How to manage cookies

If you wish to restrict or block the cookies which are set by our website, or indeed any other website, you can do this through your browser settings.

You may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers.

Please be aware that restricting cookies may impact on the functionality of our website.

Links to other websites

The International Glaucoma Surgery Registry contains links to other websites. Our privacy policy only applies to our website, so if you click on a link to another website, you should read their privacy policy.

Changes to our privacy policy

We keep our privacy policy under regular review and places any update on this webpage. This privacy policy was last updated on 17 August 2019.

How to complain

If you would like to complain about our handling of your data, you can contact:

Data Protection Officer

International Glaucoma Surgery Registry

145 City Road

Old Street

London EC1V 1AW

United Kingdom

You will receive an acknowledgement from us within five working days of your complaint being received.

If you would like to find out more about your information rights under data protection legislation, including the right to complain to the Information Commissioner’s Office (ICO), you can find more information at the ICO website.