Privacy & Cookie Policy


The SAIL Databank is a safe haven for billions of person-based records combined with a complete data linkage and analysis toolset that helps researchers answer important questions for the benefit of society. SAIL is governed by all Swansea University policies and procedures and is monitored under the Major Projects Board reporting framework of Swansea University.

The SAIL Databank is committed to protecting the privacy of all individuals who work with us, and complies with the principles of the EU General Data Protection Regulations and the UK Data Protection Act. We are committed to ensuring that your data is handled properly and any information we hold is stored securely and used in a lawful and ethical way.

This privacy policy explains:

  • what data we collect;
  • on what grounds we hold your personal data;
  • how it is used;
  • who we share it with;
  • how long we hold it, and;
  • where it is stored.

Patients and the Public

The General Data Protection Regulation (GDPR) which came into force on 25th May 2018 applies to person-identifiable data (PID). The NHS Wales Informatics Service (NWIS), in its national role in providing statistical outputs on Welsh healthcare data is authorised to receive and hold PID from health care providers as part of its core business. It also processes non health datasets for research purposes under the provisions of the Digital Economy Act 2017. Acting as a trusted third party for data providers who split their datasets into two parts: PID and content, NWIS receives only the PID elements of the data and SAIL receives only the de-identified content data. Through this separation principle, individual identity is protected from disclosure as only the original data provider sees the full identifiable dataset. For more details of this process, click here.

Once the data are loaded into SAIL, they are linkable via a unique anonymised linking field to other SAIL datasets. All such datasets are similarly de-identified. Only the SAIL core team have access to the breadth of SAIL datasets, and this is necessary for data preparation. Where it may be considered that the provisions of the GDPR apply to the SAIL Databank as a whole because of the breadth of data held, we rely on the provisions for research in the public interest (GDPR Article 6(1)(e) and 9(2)(j)) as our lawful basis for processing.

Data made available to researchers from within SAIL is limited to partial views of datasets which are assessed to ensure that the risk of identity disclosure is minimised. Projects carry out their analysis within a strictly controlled environment which is subject to scrutiny and audit. Following data analysis, a researcher must submit their results to a SAIL data guardian before they can be released for dissemination. These outputs are prohibited from including row-level data, but may consist of tables, charts, coefficients, etc. and are assessed to ensure risks of disclosure are mitigated. From this, providing appropriate control measures are applied at the project-level data made available to researchers are anonymous and outside the scope of the GDPR and other data protection legislation.

Because SAIL Databank holds only de-identified data and is not able to identify individuals, we do not ourselves have the ability to process opt-out requests from members of the public, and we retain the data for long-term use. Anyone wishing to opt out of de-identified data related to them being sent to SAIL or used for other secondary purposes, should make an enquiry to the relevant data provider(s) listed on our website about what options they may provide for allowing individuals to opt out. For primary care records, individuals can opt out by making a request to their GP.

Working with Us

This section relates to the collection, handling and storage of data we obtain from individuals who work with the SAIL Databank, either those directly employed by SAIL or those who work with SAIL data to undertake research projects. It does not relate to the de-identified data held within the SAIL Databank itself. For this, please see the section regarding patients and the public.

For the purposes of collecting, processing and storing data from individuals employed by or working with SAIL, Swansea University is the Data Controller and is committed to protecting the rights of individuals in line with the Data Protection Act 1998 (DPA) and the new General Data Protection Regulation (GDPR).


What data do we collect, on what grounds do we hold it, and how will it be used?

i. SAIL Staff

Individuals directly employed within the Data Science Building at Swansea University, whose role is entirely or partly to support the SAIL Databank core services and infrastructure are considered SAIL staff. Various departments within Swansea University (e.g. Human Resources, Finance) hold personal data on employees. This is collected and held under the individual’s contract of employment, and is used for the purposes of managing the individual’s contract of employment.

ii. Project researchers’ contacts

These are individuals whose work is directly related to using the data held within the SAIL databank, and who provide personal information to SAIL as part of their applications to use SAIL data. This data is initially held under specific, explicit and recorded consent, and later as part of the terms of the contract governing the research project being undertaken with SAIL. The following personal information will be held:

  • Name and job title
  • Email address
  • Curriculum vitae
  • Evidence of Safe Researcher training or equivalent having been completed
  • The name of your organisation, institution or place of work

All data held within the SAIL Databank has been provided by third party Data Owners, who impose a number of information governance conditions on use of their data, to ensure that it is appropriate and in the public interest. Part of these conditions are that individuals given access to the data are named, professional researchers with appropriate skills and training. The personal data we collect and hold from researchers is mainly to satisfy these information governance requirements and to demonstrate continued compliance them to any audit undertaken during or after the project lifecycle. We also use researchers contact details to contact them throughout the life of their project to inform them of their project’s status, report any downtime in access to data and other administrative functions required to allow us to set up and manage their project. Researchers should be aware that if consent to hold personal data is withdrawn, this will result in the individual being unable to continue to access SAIL data, since we will no longer hold sufficient information to demonstrate their compliance with our information governance requirements.


Who do we share your information with?

SAIL staff data is held under performance of employment contract and may be shared within Swansea University in line Human Resources policies and procedures for the purposes of managing the individual’s contract of employment.

Data provided to SAIL by project researchers / contacts as part of their application to use SAIL data is not passed on to any third party. Your data will be used solely to comply with our information governance requirements and for the purpose of set up and management of your research project.


How long will it be held for?

SAIL staff data will be held in line with Swansea University personnel policies and procedures. For more information see click here.

Personal data provided by researchers working with SAIL will be held for the period of their access to SAIL data, then archived for a period of five years (to comply with audit requirements), after which we will delete our records of your data. If for any reason you wish us to retain your information for a different period than five years following conclusion of your project, this can be agreed as part of the project application process.


Where do we store your data?

We are committed to keeping your data secure. Any data you provide to us will be held only on secure servers owned and administered by Swansea University which are subject to suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect.

If you are not currently working with us, and have any questions about security please contact us.

If you are already in discussion with us about a project or have a live project using SAIL data please contact our helpdesk quoting your SAIL project reference number.


Accessing and updating your data

You can update your details, change your mind at any time about how we contact you, how we process your data, or ask us to stop contacting you altogether by contacting our helpdesk.

As stated above please be aware that if you withdraw your consent for us to hold data which you have provided to us, or ask us to stop contacting you we will no longer be able to administer your project and so will withdraw your access to SAIL data.

Our Website

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers. does not actively track you as an individual.

By submitting an enquiry via our contact form you are consenting to your data being held by the SAIL Databank, Swansea University. Your data will be used for the purposes of dealing with your enquiry and sending you relevant information about the SAIL Databank. The SAIL Databank will not pass your details on to any third party. If you wish to remove yourself from the SAIL Databank’s database please email

We use Google Analytics to track the performance of our website and patterns in use. We do not link statistics collected by Google Analytics to personally identifiable information. Find out more on the Google Analytics privacy policy and how to opt out of tracking.

More details about cookies used by Google Analytics are published on the Google website. Cookies and Google Analytics

Google also publishes a browser add-on that will stop cookie information for Google Analytics being stored. Google Analytics opt-out browser add-on


Your Rights

The General Data Protection Regulation (GDPR) strengthens and adds to individuals’ rights that exist under the Data Protection Act and SAIL is committed to supporting these rights.

You have a right to access your personal information, to object to the processing of your personal information, to rectify, to erase, to restrict and to port your personal information. Please visit the University Data Protection webpages for further information in relation to your rights.

Any requests or objections should be made in writing to the University Data Protection Officer:-

University Compliance Officer (FOI/DP)
Vice-Chancellor’s Office
Swansea University
Singleton Park



How you can withdraw consent for us to hold your data

You can change your mind at any time about how we contact you, how we process your information, or ask us to stop contacting you altogether by contacting our helpdesk.

We will be proactive in keeping our records up to date and will aim to action all changes to communication preferences within ten working days.


How to make a complaint

If you are unhappy with the way in which your personal data has been processed you may in the first instance contact the University Data Protection Officer using the contact details above.

If you remain dissatisfied then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: –

Information Commissioner’s Office,
Wycliffe House,
Water Lane,

Changes to the Privacy Policy

Please note that SAIL Databank may change this notice by updating this page.

This notice was last updated on 25/05/2018.