Access for researchers and medical professionals only.
Explicit Patient Consent to supply their data is a pre-condition of use.
The CanRisk Tool is a computer program that is used to calculate the risks of breast and ovarian cancer in women based on their family history. It is also used to calculate the probability that they are carriers of cancer-associated mutations in the BRCA1, BRCA2, PALB2, CHEK2, ATM, RAD51D, RAD51C or BRIP1 gene. It is only for use by medical professionals, strictly within the terms of the Purpose permitted in the Licence Agreement provided on registration (see https://www.canrisk.org/accounts/register/).
This page explains what personal information we gather from you as a researcher/patient medical adviser when you visit the specific website within the University of Cambridge domain called https://canrisk.org.
YOU MUST HAVE YOUR PATIENT'S EXPLICIT CONSENT TO PROVIDE THEIR PERSONAL INFORMATION AS DESCRIBED BELOW.
Users are required to register and create a user account to use the CanRisk Tool and Web services. This page sets out the personal information that we gather when you visit the following Web sites in order to:
The information published here applies to the use of your and your patient's personal information (also known as 'personal data') by the University of Cambridge through the viewing or use of this Web site.
When you visit any of the websites within the University of Cambridge domain, we hold certain information about you for service and security reasons. For more information on this, please see. http://www.cam.ac.uk/about-this-site/privacy-policy.
This Web site asks you to provide information about yourself and others set out below.
When you setup your CanRisk user account using the registration form (https://www.canrisk.org/accounts/register/), we collect the parameters listed in Table 1.
Table 1. Your personal data.
| Parameter |
|---|
| First name |
| Last name |
| E-mail address |
| Job title (Clinical Geneticist, General Practitioner, Genetic Counsellor, Surgeon, Oncologist, Practice Nurse, Other Health Care Professional (please specify)) |
| We ask you to confirm that: “I have personal medical indemnity cover and/or am covered by my employer” |
| Country |
| CanRisk username |
| CanRisk password |
Note to Table 1:
We collect your first name, last name and E-mail address (Table 1) so that we can contact you if there is a technical problem with the software. We will add your E-mail address to the CanRisk mailing list (administered by the University of Cambridge). We do this so that we can inform you when there are any interruptions to service, and when new software is released.
As a security measure, your E-mail address is used to send an E-mail to activate your CanRisk user account. It is also used when we send you a link to reset your password. We sometimes use country data (Table 1) to illustrate how the CanRisk Tool is used worldwide.
In addition, we ask you to specify your own CanRisk username and password (Table 1) so that you can use this information to login to the software after you have setup your CanRisk user account.
Registration data are used to broadly track usage, to ensure that sufficient computer resources are provisioned, and to keep users informed of CanRisk news and services. Registration data are not shared with any 3rd parties. They may be used in the context of providing broad usage details, e.g. number of cancer risk calculations carried out by certain groups (e.g. Clinical Geneticists) to better inform us and funding bodies of the impact of the tool.
Please contact us if you would like your CanRisk user account data to be deleted.
The CanRisk Tool and Web-services (https://www.canrisk.org/canrisk_tool/) are used to estimate theoretical breast and ovarian cancer risks and mutation carrier probabilities on the basis of anonymised pedigree data, risk factors and model parameters that you provide.
To run a risk calculation, you input the risk factor and pedigree datasets (see Tables 2 and 3 below) into your Web browser (e.g. Chrome, FireFox) and they are sent excluding the patient's oophorectomy, mastectomy, day of birth (see table 2) and the name/IDs of all relatives (see table 3) to a University of Cambridge Web server for processing.
The risk factor data listed in Table 2 are collected for the patient (the subject of the risk calculation). Date of birth (Table 2) is mandatory in order to compute risks, but the other parameters are optional.
The CanRisk Tool gathers date of birth (Table 2). However, only the age and year of birth (extracted from this parameter) are submitted to the University of Cambridge server for processing. Similarly, details of oophorectomy and mastectomy (Table 2) are not transmitted to the University of Cambridge server for processing (see * in Table 2).
Table 2. Risk Factor data.| Parameter | |
|---|---|
| Sex | †‡ |
| Country of residence | †‡ |
| Date of birth | †‡* Used to obtain the patient's year of birth and to compute their age that are both transmitted. |
| Height (used to compute patient's BMI) | †‡ |
| Weight (used to compute patient's BMI) | †‡ |
| Daily alcohol intake in grams per day | † |
| Age at menarche | † |
| Age at menopause | † |
| Current use of oral contraception | †‡ |
| Current use of menopause hormone therapy | †‡ |
| Parity | †‡ |
| Sex of each child | †‡ |
| Year of birth of each child (used to compute patient's age at first live birth) | † |
| Mammographic density as measured by BI-RADS | † |
| Endometriosis | ‡ |
| Tubal ligation procedure | ‡ |
| Oophorectomy | * Used to prevent computation of the patient's ovarian cancer risks under these circumstances. |
| Mastectomy | * Used to prevent computation of the patient's breast cancer risks under these circumstances. |
| Polygenic Risk Score (Breast Cancer) | † |
| Polygenic Risk Score (Ovarian Cancer) | ‡ |
† Breast Cancer Risk Factor; ‡ Ovarian Cancer Risk Factor; * patient data not transmitted
When you input a pedigree dataset using the CanRisk Tool, we ask you to specify the parameters listed in Table 3 for all family members (including the patient).
The CanRisk Tool collects the name or ID of each family member (Table 3). However, this parameter is not submitted to the University of Cambridge server for processing.
Table 3. Pedigree data.| Parameter |
|---|
| Name and/or ID of the family member |
| Sex (for the patient, this is obtained from Sex in Table 2) |
| Vital status |
| Age at last follow up |
| Year of birth (for the patient, this is obtained from date of birth in Table 2) |
| Age at first breast cancer diagnosis |
| Age at contralateral breast cancer diagnosis |
| Age at ovarian cancer diagnosis (for females) |
| Age at prostate cancer diagnosis (for males) |
| Age at pancreatic cancer diagnosis |
| ER status of first breast cancer |
| PR status of first breast cancer |
| HER2 status of first breast cancer |
| CK14 status of first breast cancer |
| CK5/6 status of first breast cancer |
| BRCA1 genetic test type and result |
| BRCA2 genetic test type and result |
| PALB2 genetic test type and result |
| CHEK2 genetic test type and result |
| ATM genetic test type and result |
| RAD51D genetic test type and result |
| RAD51C genetic test type and result |
| BRIP1 genetic test type and result |
| Identical twin status |
When you input model parameter data using the CanRisk Tool, we ask you to specify the parameters listed in Table 4.
Table 4. Model parameter data.| Parameter |
|---|
| BRCA1 mutation frequency |
| BRCA2 mutation frequency |
| PALB2 mutation frequency |
| ATM mutation frequency |
| CHEK2 mutation frequency |
| RAD51D mutation frequency |
| RAD51C mutation frequency |
| BRIP1 mutation frequency |
| BRCA1 mutation search sensitivity |
| BRCA2 mutation search sensitivity |
| PALB2 mutation search sensitivity |
| ATM mutation search sensitivity |
| CHEK2 mutation search sensitivity |
| RAD51D mutation search sensitivity |
| RAD51C mutation search sensitivity |
| BRIP1 mutation search sensitivity |
| Country of residence (equivalent to the country of residence specified in Table 2) |
The risk factor data, pedigree data and model parameter data (Tables 2, 3 and 4) are required by the CanRisk tool to:
Technical organisational and security measures are in place to ensure security appropriate to the type of data submitted and processed or stored.
Patient data (see section 4.2 above):
We will hold your personal data (Table 1) until you ask us to delete it so that we can keep in touch as described above (Note to Table 1).
We do not share any data collected from you for the CanRisk Tool with 3rd parties or enrich it (i.e. integrate it with other personal data).
The CanRisk Tool Web site uses HTTPS which is a protocol for securing the communication between your Web browser and the University of Cambridge server. HTTPS connections are encrypted. The CanRisk Web site (https://canrisk.org) automatically redirects you to HTTPS when you access it.
E-mail inquiries and support requests are sent to the CanRisk service desk details of which can be found on the CanRisk website. When sending support requests, data must always be sent in an anonymised format.
The CanRisk Web site (https://canrisk.org) uses cookies. A cookie is a small amount of data (<4Kb) that is sent to your computer or Web-enabled device browser from the University of Cambridge server. Cookies are used in this website to hold information about the user session.
We also use a Content Delivery Network (CDN) jsDelivr to access 3rd party libraries which improve the functionality and responsiveness of the CanRisk Tool. CDNs also reduce latency and provide faster loading of a website.
Table 5 lists some of the cookies used by the CanRisk Web site. As the names, numbers, and purposes of these cookies may change over time, this page may be updated from time to time to reflect those changes.
Table 5. Cookie data.| Cookie | Hostname | Description | Criteria | Duration | Type |
|---|---|---|---|---|---|
| cookieControl | canrisk.org | Used to remember when a user has accepted CanRisk's cookie use notice. | Necessary | 30 days | Cookie |
| cookieControlPrefs | canrisk.org | Array of accepted cookie types e.g. ["preferences"]. | Necessary | 1 year | Cookie |
| canrisk_language | canrisk.org | Remembers language preference. | Necessary | 28 days | Cookie |
| __Secure-csrftoken | canrisk.org | Helps prevent Cross-Site Request Forgery (CSRF) attacks. | Necessary | Persistent for 1 year | Cookie |
| __Secure-sessionid | canrisk.org | Current session identifier. | Necessary | Only if you are logged in to this site. Until the end of the session | Cookie |
You can choose to allow, block, or delete cookies installed on your computer by adjusting the settings of the Web browser you use. Note that doing so might limit your ability to visit certain parts of the website or take advantage of some of our services.
For more information on how to manage cookies in your browser, please see:
Alongside cookies, the CanRisk Web site utilises 'web storage', which means the website loads faster. Web storage parameters (listed in Table 6) are used to enhance the functionality of the CanRisk Tool. Web storage data are not transferred to the University of Cambridge server for processing.
Table 6. Web storage data.| Name | Hostname | Description | Criteria | Duration | Type |
|---|---|---|---|---|---|
| SESSION_LOCALE | canrisk.org | Locale identifier, e.g. en-gb. | Necessary | No expiration date | Local Storage |
| PEDIGREE_pedigree_history* | canrisk.org | This is used to provide a history of family pedigree structures to facilitate editing and specifically used in the undo and redo functionality. | Necessary | Until the end of the session | Session Storage |
| PEDIGREE_pedigree_history_COUNT | canrisk.org | This is a count of the pedigree history stored in PEDIGREE_pedigree_history*. | Necessary | Until the end of the session | Session Storage |
| USERS_HGT_UNITS | canrisk.org | Defines default height units to be imperial. | User Preferences | No expiration date | Local Storage |
| USERS_WGT_UNITS | canrisk.org | Defines default weight units to be imperial. | User Preferences | No expiration date | Local Storage |
| COUNTRY | canrisk.org | Defines default country of residence. | User Preferences | No expiration date | Local Storage |
For more information about how we handle your personal information, and your rights under data protection legislation, please see https://www.information-compliance.admin.cam.ac.uk/data-protection/general-data.