Privacy Policy

Last Updated: March 2026

1. Introduction

This website provides publicly available metadata relating to radiotherapy clinical trials. We are committed to protecting the privacy and security of users.

2. Data Controller

The operator of this website acts as the Data Controller for any limited personal data processed through the operation and security of this platform.

3. Personal Data We Process

This website does not collect or store patient-identifiable health data. We do not collect medical records, treatment information, or clinical submissions.

Limited personal data may be processed for security, administrative, and service improvement purposes, including:

• Administrator usernames
• IP addresses associated with login attempts
• Security log entries
• Session identifiers (essential authentication cookies)
• Page view counts
• Unique visitor counts
• Basic browser or device metadata for statistical reporting

4. Usage Data & Analytics

We collect limited usage data to understand how the website is used, monitor performance, and improve reliability.

Page views and unique visitor counts may be calculated using IP-based deduplication or similar technical methods. This information is used solely for internal reporting, performance monitoring, and security analysis.

We do not use usage data for advertising, profiling, behavioural tracking, or cross-site monitoring.

5. Legal Basis for Processing

Processing is carried out under Article 6(1)(f) UK GDPR – Legitimate Interests – for the purposes of:

• Ensuring system security
• Preventing unauthorised access
• Monitoring service performance
• Improving platform functionality

6. Cookies

This website uses essential cookies only. These are strictly necessary for:

• User authentication (admin access)
• Session management
• Security protection mechanisms (including CSRF protection)

No marketing, advertising, or third-party tracking cookies are used.

7. Data Retention

Security-related logs, login attempt records, and aggregated usage data are retained only for as long as necessary to detect, investigate, and prevent misuse or maintain system performance.

8. Data Sharing

We do not sell, trade, or commercially distribute personal data. Technical data may be processed by our hosting provider solely as part of infrastructure delivery.

9. International Transfers

Hosting services are provided within the European Economic Area. No international data transfers are carried out outside applicable data protection frameworks.

10. Security Measures

We implement appropriate technical and organisational measures including:

• HTTPS encryption
• Role-based access control
• CSRF protection
• Server-side validation
• Session hardening
• Restricted configuration storage
• Audit logging of administrative actions

11. Your Rights

Under UK GDPR, you have the right to:

• Request access to personal data
• Request correction of inaccurate data
• Request erasure where applicable
• Lodge a complaint with the Information Commissioner’s Office (ICO)

12. Contact

For privacy enquiries, please contact: privacy@yourdomain.uk