Version 1.1 2nd November 2021


Privacy statement

The Privacy Notice is for this website and outlines the privacy of Users. The DSRU regards the privacy and security of data and information very seriously. The Notice sets out the different areas where User privacy is concerned and outlines the obligations and requirements of the users, the website and website owners and the way the website processes, stores and protects User data.

What is the aim of this research?

The aim of this research study is to gain insight into adverse events that can occur after vaccination with a coronavirus vaccine.

Information will be gathered on:

  • The specific coronavirus vaccine received
  • The medical history of those vaccinated with a coronavirus vaccine
  • Reported adverse events after vaccination (expected and unexpected)
  • Course of reported adverse events
  • Treatment of reported adverse events
  • Recovery from reported adverse events
  • Impact of reported adverse events

What data is collected?

The personal information requested are processed in a proper and careful manner, according to the General Data Protection Regulation. This is also done according to the DATA PROCESSING AGREEMENT of the University Medical Centre Utrecht. Personal information is used to register a participant for the study. By doing so every participant can only participate in the same study once and double registrations can be avoided. Personal information will partially be used for study purposes. Results of the research study will be used in an article or other publications. These publications only show research results, and it will not be possible to identify each specific person who participates.

The following personal information will be processed in this study:

  • Email address
  • Sex
  • Date of birth
  • Postcode

Medical information such as:

  • Medical history
  • Use of medicines
  • Adverse events experienced after vaccination and related treatment

Description of automated data collection

All data collected on the reporting form is automatically processed and stored in the database of University Medical Centre Utrecht. This is a shielded database; only authorised staff members of the Drug Safety Research Unit have access to personal information submitted by UK participants to this database. Authorised staff members of the University Medical Centre Utrecht will have access to pseudonymised data from UK participants.

Data sharing with third parties

Reported adverse events collected in this study will be pseudonymised and shared with the Medicines and Healthcare products Regulatory Agency (MHRA), the European Medicines Agency (EMA), the World Health Organization (WHO) and the manufacturer of the suspect vaccine (MAH). The aim of this is to ensure vaccine safety on both the national and international level. If it becomes evident that unexpected adverse events or an unexpected course of expected adverse events are being reported, this information will be shared with the MHRA.

Similar studies will be running in a number of other European countries. The data on administered vaccines and the reported adverse events in the different countries will be compared and analysed. The aim is to give insight into the reported adverse events on a national and international level. This data cannot be traced back to one specific person.

Right to access, correction and erasure

At any time, study participants can make a request to withdraw their consent or to access, correct or erase their personal data. Requests can be sent by email to DSRU will follow up your request within four weeks.

Retention periods of personal information and research data

The email address used to register for this study will be retained for 1 year after ending this study. After this period, personal contact information will be deleted. The research data will be retained for 15 years after this study ends. An analysis will be done after 15 years to determine whether the research data is still relevant for pharmacovigilance purposes. If this is not the case, University Medical Centre Utrecht will destroy the research data.


University Medical Centre Utrecht has undertaken technical security measures to protect personal data. All data collected via the research study website is secured by a Transport Layer Security (TLS) certificate. This secures the connection between your computer and the website and ensures that all data is shielded during transport and cannot be read by third parties. You can check this in the browser bar, which shows that the website address begins with https://

After registration via this website, an activation link will be sent to the email address used for registration. This activation link is valid for 48 hours. If this activation link has not been used within 7 days, the registration will be deleted. Personal information and passwords will be encrypted and saved in the database.

Additional security measures

The IP address of the reporter will be checked whether it has been blacklisted in real-time. The IP address will not be saved in a database or transferred. If the IP address being used to send a report is found on a blacklist, the reporter will be requested to do a captcha test. This is a check to determine whether the reporter is a human user.

An invisible field has been built into the reporting form. As soon as this field is filled, a captcha test will be shown. This is done to deter possible bots. If more than ten forms are filled in within 5 minutes from the same IP address, this ‘reporter’ will also be shown a captcha test.

How is the data protected?

The DSRU has Information Security Policies and Procedures to protect and secure the personal data from being accidentally or maliciously lost or destroyed, altered, disclosed, or used for unauthorised purposes or accessed by unauthorised personnel. The DSRU has security measures in place to ensure that only authorised personnel have access to the data.

When the data is shared with third parties, the DSRU require all third parties to have appropriate technical and organisational security measures in place to assure the data is protected and secured in accordance with current data protection legislation. The data will only be used by third parties for specified purposes and in accordance with written instructions.

The DSRU will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and the applicant of any suspected breach in accordance with current data protection legislation.

Use of cookies

A cookie is a small file that is sent by web servers to your browser and is stored on the hard drive of your computer. These cookies help improve the website’s usability and your experience when you visit our website. University Medical Centre Utrecht uses functional and analytical cookies on its website. Functional cookies (cookies that are necessary to make the website operate) and analytical cookies, that have little or no impact on privacy, are always placed when you visit our website. The purpose of a functional cookie is to save the current scroll position. This expires after a session. Saving the current scroll position makes it possible to continue a questionnaire at the same page the next time you log in.


Do you have any questions related to this privacy statement? Contact us at the Drug Safety Research Unit via phone 02380 408600 or via email

Any general questions on DSRU Information Security or regarding an individual’s rights under current Data Protection legislation can be directed to:
Shayne Freemantle, Head of Data Management, DSRU, Bursledon Hall, Blundell Lane, Southampton SO31 1AA. Tel: 02380 408600. Email:

DSRU’s nominated Data Protection Officer is:
Mark James (Mojou Ltd), Barn E, Manor Farm Donnington, Chichester West Sussex, PO20 7PL Tel: 07443 577577 or 0203 8897777. Email:

The collected data are processed by:
Drug Safety Research Unit,
Bursledon Hall, Blundell Lane,
Southampton, SO31 1AA, U.K.
Telephone: 02380 408600
Pseudonymised data are processed by:
University Medical Centre Utrecht
Heidelberglaan 100, 3584 CX Utrecht