PRIVACY and COOKIE STATEMENT

Privacy and Cookie statement

This is the privacy and cookie statement of the private companies:

  • General Practitioners Research Institute BV registered with the Chamber of Commerce under number: 72061014;
  • GPRI Research BV registered with the Chamber of Commerce under number: 77663233;
  • GPRI Patient Studies BV registered with the Chamber of Commerce under number: 77663667.

all located at the Prof. E.D. Wiersmastraat 5, 9713 GH in Groningen.

We would like to explain which personal data we collect from you, for what purpose we do this and how we use this data.

Personal data will only be used for the purposes described in this privacy and cookie statement and the processing of your personal data is limited to that data which is necessary for the purposes for which the data is processed. We will take the necessary measures to protect the personal data collected in accordance with current legal requirements.

WHAT IS PERSONAL DATA?

Personal data is data that identifies or can identify individuals. This may include name and address details (name, address and place of residence), financial data and medical data.

WHAT PERSONAL DATA DO WE PROCESS?

In the context of carrying out and/or facilitating clinical and/or medical research, we process the personal data of patients from general practitioners and pharmacists who have given explicit permission for this. The patient can revoke this consent at any time. We only process the data that is necessary for conducting and/or facilitating the research.

You can find an overview of the personal data we process below:

  • Full first and last name
  • Gender
  • Date of birth
  • Address information
  • Email address
  • Phone Number
  • Bank details (where applicable)
  • Social Security Number (BSN)*
  • Other information that is actively provided in, for example, the registration form, e-mail correspondence or by telephone (if applicable)

*In the event you participate in a study for which you receive a financial compensation, the Dutch Tax Office considers this to be income from employment. GPRI is obliged to report this to the Dutch Tax Office. To fulfill this legal obligation GPRI processes your name, date of birth, address and Social Security Number (BSN).

GPRI also processes (special) personal data relevant to the research:

  • (Relevant to the research) medical data;
  • Mental or physical health data
  • Data about height (and weight)
  • Data on race or ethnic origin
  • Body material

WHAT IS THE PURPOSE AND BASIS OF THE PROCESSING?

We may process the personal data you provide for the following purposes:

  • Conducting and/or facilitating clinical and/or medical research;
  • Scheduling appointments and/or examinations;
  • Making (digital) contact prior to and/or during and/or after the examination;
  • Informing (for example via newsletters) about the progress of the research and any changes to the research;
  • Complying with legal obligations, such as the administration, file and retention obligation.

We can process your personal data on the basis of your explicit consent, which you can revoke at any time. We may also process your personal data under certain circumstances on the basis of a necessary processing for scientific research or another legitimate interest.

WHO IS RESPONSIBLE FOR THE PERSONAL DATA? 

General Practitioners Research Institute

Prof. E.D. Wiersmastraat 5

9713 GH Groningen

Chamber of Commerce number: 72061014

WHEN WILL YOU SHARE PERSONAL DATA WITH US?

You may receive information documents from your healthcare provider explaining our various clinical and/or medical studies. These information documents also explain which parties are involved in the research, what we will do with your personal data and who we will share it with if you decide to participate in a study. You can ask questions about this aspect.

Only if you decide to participate in the study and sign the consent form will you share your personal data with us. We will only process your personal data after you have actively given us and/or your healthcare provider permission to share your personal data in the context of facilitating and/or conducting the research.

WHO WILL WE SHARE YOUR PERSONAL DATA WITH?

In principle, we will not pass on your personal data to other parties. If your data is shared with third parties in the context of the conduct of the study, this will be communicated prior to participation in the study. When participating in a study, the study contains specific documentation with whom your personal data will be shared. In the event that your data is shared with a third party, it is because it is necessary for the conduct of the research. We conclude processing agreements with third parties that process your data.

WHERE IS YOUR PERSONAL DATA STORED?

When you participate in a study, your data will be stored within secure environments and kept anonymous or pseudonymised where possible. With all of our partners we have contractual or in processor agreements defining how and where we do this, and under what conditions. We use the following systems which all have a security level in accordance with the applicable privacy legislation, such as the GDPR:

  • Egnyte
  • Smartsheet
  • DocuSign
  • Tribe (CRM)


WHAT ARE YOUR PRIVACY RIGHTS?

If we process your personal data, you have the right to:

  • request access to your personal data
  • request correction or deletion of your personal data;
  • object to the use of your personal data.

You can also make a request to have your personal data transferred. In addition, you sometimes have the right to be ‘forgotten’, that means to have your data amended or to restrict the processing of your personal data. If you want to know which personal data General Practitioners Research Institute processes about you, you can submit a written request for access. Before we can process your request we will ask you to identify yourself in more detail. We will process your request as soon as possible, but no later than 4 weeks.

If it appears that you wish to exercise other rights, you can submit an additional written request.

You can send your written requests to:

General Practitioners Research Institute

Attn: Data Protection Officer

Prof. E.D. Wiersmastraat 5

9713 GH Groningen

If you are dissatisfied with the way in which we handle your privacy rights, you can contact us via: fg@gpri.nl

If you are still not satisfied, you can submit a complaint to the Dutch Data Protection Authority: < https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/privacyrechten/klacht-subenen-bij-de-ap >.

WHAT SECURITY MEASURES ARE BEING PROVIDED?  

We take appropriate measures to prevent misuse, loss, unauthorised access, unwanted disclosure and unauthorised modification of personal data. We have taken the following measures, among others, to protect your personal data:


Technical measures:

  • Handling username and password policies on all systems;
  • Secure access to the database in which the data is kept;
  • Backups of personal data to be able to restore them in the event of physical and/or technical incidents;
  • Up to date software and security, such as system software and virus scan;
  • Using secure communication channels (such as Transport Layer Security (TLS), recognizable by ‘https’ and a padlock in the address bar);
  • Anonymize or pseudonymise personal data where possible;
  • 24-7 service to remotely delete personal data in the event of incidents.

Organisational measures

  • Limited circle of persons who have access to certain personal data;
  • Circle of persons with access to personal data are bound to secrecy;
  • Screen lock when leaving the computer;
  • No use of USB sticks and DVDs or CDs;
  • Destroy old documents properly;
  • Clean desk policy
  • Clear protocols and procedures for handling security incidents in a timely and effective manner;

HOW LONG WILL PERSONAL DATA BE STORED?

We do not store personal data for longer than is necessary for the purpose of the data processing. Based on the Good Clinical Practice guideline, the retention period of (research) data is twenty-five years.

COOKIES

We use functional and technical cookies on this website. A cookie is a small file that is sent along with pages from this website ,and stored by your browser on the hard drive of your computer. The information stored can be sent back to our servers on your next visit. We place functional and technical cookies because they are necessary to enable functionalities of the website.

CAN THIS DOCUMENT STILL BE CHANGED?

General Practitioners Research Institute BV. reserves the right to amend this Privacy Statement. It is advisable to frequently consult this agreement in order to be informed about any possible changes that might be made to it. Where necessary, we will also proactively inform you about changes.

MORE INFORMATION 

If you have any questions or comments about this privacy and cookie statement or otherwise about the way in which we handle privacy and cookies, please contact: info@gpri.nl

 

Version 3 –  31st of January 2023