PRIVACY AND COOKIE STATEMENT
This is the Privacy and Cookie statement of the private limited companies:
- General Practitioners Research Institute B.V., registered with the Chamber of Commerce under number: 72061014;
- GPRI Research B.V., registered with the Chamber of Commerce under number: 77663233;
- GPRI Patient Studies B.V., registered with the Chamber of Commerce under number: 77663667.
All located at Prof. E.D. Wiersmastraat 5, 9713 GH in Groningen.
The law states that when organizations ask for your personal data, they must explain why and how they use it. We only use your personal data for our work: conducting scientific research. Another word for using is ‘processing’. We protect the personal data you share with us according to legal regulations.
What is personal data? Personal data is information that relates to you, such as your name and address. For example, bank details or health information are also personal data. With this information, people can identify you.
What personal data do we process? GPRI conducts research and needs participants’ personal data for this. We only ask for what is necessary. Personal data we process includes:
- Full first and last name
- Gender
- Date of birth
- Address details
- Email address
- Telephone number
- Bank details (if applicable)
- Citizen Service Number (BSN)*
- Other data actively provided through registration forms, email correspondence, or telephone (if applicable)
* If you participate in a study and receive compensation, the Dutch Tax Authority considers this as income. We must report this to the Dutch Tax Authority. We provide your name, date of birth, address, and Citizen Service Number (BSN). This will be reflected in your tax return.
GPRI may also request special personal data if it is necessary for conducting the research you are participating in, such as:
- (Research-relevant) medical data;
- Data about mental or physical health;
- Data about height and weight;
- Data about race or ethnic origin;
- Body materials.
Why do we process personal data and on what basis? GPRI conducts research and requires participants’ personal data for this purpose. By participating, you give us permission to use your data for research and to contact you. You can withdraw this consent at any time. For each new study, we ask for your data again. If you wish to withdraw your consent, you can contact us. Scientific research follows strict legal regulations. There may be situations where we are required to share the data we have.
When do you share your personal data with us? Your General Practitioner or Pharmacist can provide you with information about each study. This includes what participation means, which organizations are involved, what we do with your data, and with whom we share it. If you have questions after reading, we will be happy to answer them. If you decide to participate in a study, we ask you to confirm this by filling out and signing a form. We then request your data necessary for the study. Sometimes, we also need data from your General Practitioner or Pharmacist. With your consent, we ask them to share this data with us. If you participate in multiple studies, you will notice that the questions vary per study.
With whom do we share your personal data? Before you decide to participate in a study, we provide information about how the study works. This information includes with whom we will share your data. This varies per study. We only share your data if necessary for the study. When we share data with other organizations, we make specific agreements with those organizations. We may also share personal data with processors, such as our IT service providers. To properly conduct our research, we use digital systems to store (personal) data. We only use systems with a security level suitable for scientific research.
Where do we store your data? GPRI stores data securely and according to the rules applicable to scientific research. Your data is securely stored on servers within the European Union (EU). This means that your data remains within Europe and is protected according to European regulations.
What are your rights?
- You can view the data we have about you;
- You can ask us to supplement, change, or delete your data;
- You can object to the use of your data;
- You can ask to transfer your data to another location;
- You can request limited use of your data.
If you want to know what personal data we have about you, you can request access. You can do this in writing or by email. We will then ask you to bring a valid ID. We respond as quickly as possible, but within 4 weeks. If you wish to exercise your other rights, you can submit an additional written request.
You can send written requests to: General Practitioners Research Institute, Attn: Data Protection Officer, Prof. E.D. Wiersmastraat 5, 9713 GH Groningen.
If you are dissatisfied with how we handle your privacy rights, you can contact us via: fg@gpri.nl
If you are still not satisfied, you can file a complaint with the Data Protection Authority: < https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/privacyrechten/klacht-indienen-bij-de-ap >.
What security measures have we taken? We do our best to keep your personal data safe. We ensure that your data is not misused, lost, or shared or altered without permission. What we do to protect your data:
- Use of at least 2FA (two-factor authentication) on all systems;
- Backups of personal data to restore it if necessary;
- Up-to-date software and security, such as system software and antivirus scan;
- Use of secure communication channels (such as Transport Layer Security (TLS), recognizable by ‘https’ and a padlock in the address bar);
- Anonymize or pseudonymize personal data where possible;
- 24/7 service to remotely delete personal data in case of incidents;
- Limited circle of people who have access to certain personal data;
- Circle of people with access to personal data is bound to secrecy;
- Screen lock when leaving the computer;
- No use of USB sticks, DVDs, or CDs;
- Proper destruction of old documents;
- Clean desk policy;
- Clear protocols and procedures for timely and effective handling of security incidents;
- When someone leaves the Institute, their access to systems is revoked.
How long do we keep your data? We do not store personal data longer than necessary. Based on the Good Clinical Practice regulations, we keep (research) data for twenty-five years.
Cookies. We use functional and technical cookies on this website. A cookie is a small file that is sent with pages of this website and stored by your browser on your computer. This information can be sent back to our servers on a subsequent visit. We place functional and technical cookies because they are necessary for the proper functioning of the website. For example, for a form you fill out on our website. Cookies are kept for a maximum of 1 year.
Can this document change? GPRI reserves the right to change this Privacy and Cookie statement. It is advisable to frequently consult this statement to stay informed of changes. If necessary, we will also notify you of the changes.
More information. If you have any questions about this Privacy and Cookie statement or how we handle privacy and cookies, please contact us at: info@gpri.nl
V4 June 20, 2024