Em conformidade com as disposições do Regulamento (UE) 2016/679 do Parlamento Europeu e do Conselho, de 27 de Abril de 2016, relativo à protecção das pessoas singulares no que diz respeito ao tratamento de dados pessoais e à livre circulação desses dados e que revoga a Directiva 95/46/CE (adiante designado por "Directiva 95/46/CE") "GDPR"), with the provisions of the Organic Law 3/2018 of 5 December 2018 on the Protection of Personal Data and guarantee of digital rights (hereinafter referred to as "LOPD"), as well as the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018 ("DPA 2018"), we proceed to inform you:
1. TRIALING dice
Contact data of the data controller:
- Company name: TRIALING HEALTH, S.L.
- TAX IDENTIFICATION NUMBER: B-06838700.
- Postal address: Carrer de la Diputació 48, 08015 Barcelona
- E-mail: rgpd@trialing.org
Contact information for United Kingdom:
- Nome da empresa: TRIALING, LTD. (hereinafter referred to as "TRIALING").
- Non-UK company number: 12300224.
- Postal address: York Eco Business Centre (Office 12) Amy Johnson Way, Clifton Moor, York, England, YO30 4AG.
- E-mail: rgpd@trialing.org
2. Purpose of the processing of personal data
The user is informed that the personal data obtained from our website https://www.trialing.org and our application "Trialing" available for iOS and Android (hereinafter and jointly, the "Platform") will be processed in accordance with the following purposes:
- Technical management of the platform to increase awareness of TRIALING services. And to develop and test new products and features, monitor performance indicators such as total number of visitors, traffic and demographic data patterns.
- ~ Data collected: IP address, date and time of access, order content, access status/Status Code/HTTP/volume of data transferred, clickstream, navigation and browsing patterns, browser, language definitions, software operating system version and browser surface, device type, application version, the numerical identification of the mobile device user, as well as the actions taken.
- ~ Basis of processing: The basis for processing your personal data derives from the fact that such processing is necessary to provide you with the Platform functionalities you request (art. 6(1)(b) of the GDPR). If your data were not processed, you would not be able to access these functionalities. With respect to product development and performance monitoring, the basis for processing is legitimate interest (Art. 6(1)(f) GDPR).
- Cookies: You can find additional information about why we use cookies and how you can manage them in our Cookies Policy.
- Bug tracking and performance monitoring of the platform: TRIALING sends detected bugs to an external bug tracking tool called Sentry (sentinela.io). This allows us to quickly react to bugs that users are encountering without the need for bug reports.
- ~ Data collected: Device model, type, app version, OS, OS, OS root, user ID (attributed by sentinel), accessibility options enabled on phone, language, time zone, number of processors, device architecture, battery level, boot time, brand, battery status (to charge or not), linkage, available space, free memory, app language, device model, orientation, temperature parameters, battery temperature.
- ~ Basis of processing: The basis for processing is legitimate interest (Art. 6(1)(f) GDPR).
- Detect, prevent and combat fraud and other illegal activities.
- ~ Data collected: Data strictly necessary.
- ~ Basis of processing: The basis for processing your personal data is legitimate interest (Art. 6(1)(f) GDPR) or legal obligation, if applicable (Art. 6(1)(c) GDPR).
- Contact forms: If you contact TRIALING through the contact form on the Platform, we will receive your name and email address, as well as any other information you have included in the message. These data are only transmitted by e-mail and are not stored on the Platform. TRIALING will use these data only for the purposes for which you entrusted them to us.
- ~ Data collected: Name and surname, e-mail address
- ~ Basis of processing: The basis for processing your personal data derives from your consent (Art. 6(1)(a) GDPR). If you do not provide this information, you will not be able to submit this form.
- To register you as a user of the service offered by TRIALING and give you access to the Platform.
- ~ Data collected: e-mail address, keyword, name, last name, first name, last name, last name, member number, phone number, city of work, hospital, specialty.
- ~ Basis of processing: The basis for processing your personal data derives from the fact that such processing is necessary to provide you with the functionality of the Platform that you request (art. 6(1)(b) of the GDPR). If you do not provide such data, you will not have access to the functionality.
- To manage your profile as a user of the referred Platform in the following terms:
- Use of the search engine: Based on the answers provided through the decision tree (data related to an anonymous or randomly inserted case), we provide information on the clinical studies that show the greatest affinity with the case provided, and the hospitals that carry out the studies.
- Referral request: If the data entered in the Platform reveals a study of interest to the medical professional, he/she can consult the main details of the study (start date, expected end date, phase, sponsor, number of participants, etc.). If he/she believes that participation in the study may be appropriate for a patient, the professional can use the "Refer" function on the Platform. By clicking on this button, the user agrees to have his/her professional e-mail address shared with the study directors to facilitate further contact. After the referral request, the Platform sends internally to Trialing, through the Slack tool, the professional e-mail, name and surname of the user, so that we can perform internally, a correct monitoring of the referral. In the same way, the platform will generate a tracking code so that the user can anonymously monitor the status of the referenced case. By default, the status will be "On hold". The tracking code can be substituted by a pseudonym, but in some cases it can be filled with personal data related to the patient.
- PDM test request: If the medical professional is interested in requesting a PDM test (Molecular Diagnostic Platform) through the platform, he/she can consult the main details about it offered by the Trial's collaborators that provide this service. If you are interested in requesting the PDM test for your patient, the medical professional can use the "Request" function activated in the corresponding tab of the platform. By clicking on this button, the user accepts that his/her e-mail address will be shared with those responsible for the tests, in order to facilitate subsequent contact. Together with the user's e-mail address, the description of the patient's medical history and the current disease that the health professional made will be shared, always anonymously, since it should not contain personal data that identify or could identify a person.
- After the routing request, the Platform sends to Trialing an internal message, through the Slack tool, the professional e-mail, name and surname of the user, so that we can make a correct follow-up of the order internally.
- ~ Partilha de dados: Nome, nome, apelido, centro médico, número de registro, endereço de correio electrónico.
- ~ Basis of processing: The basis for processing is the consent of the person concerned (Art. 6.1.a) GDPR). If you do not provide this data, your application will not be processed.
- As soon as the person(s) designated as the contact person(s) for the clinical trial has received through the Platform an e-mail or SMS with the e-mail address of the health professional making a routing request, you can contact them to provide more information about the study or to exchange further considerations about the appropriateness of the trial for a patient. Remember that after using the "REFER" function of the Platform, you may be contacted by the directors of the clinical trial for which you requested a referral. Note that this phase takes place through external means and TRIALING does not maintain any control and is not responsible for the information exchanged on this site. The medical professionals are obliged to comply with the applicable laws on professional secrecy and protection of personal data and exempt TRIALING from any responsibility resulting from possible violations in this area.
- Contact of the PDM test collaborator - medical professional: Once the person(s) designated as PDM test contact person(s) have received through the Platform an e-mail with the e-mail address of the health professional making a PDM test request, he/she may contact him/her to provide more information about the PDM test or to exchange further considerations about the suitability of the test for a patient. The user accepts that, after using the "REQUEST" function of the Platform, he/she can be contacted by the responsible/collaborators of the PDM test to which he/she requested the routing. Note that this phase takes place through external means to TRIALING, so TRIALING does not maintain any control and is not responsible for the information exchanged. The medical professionals are obliged to comply with the applicable laws regarding professional secrecy and protection of personal data, and TRIALING is exempt from any responsibility resulting from possible violations in this area.
- Accompaniment of the acceptance/rejection of the routing: discussions between medical professionals and directors of clinical trials outside TRIALING conclude in the acceptance by any patient to participate in any medical trial, the visible status next to the code of accompaniment of the case can change to "Oil" or "Refused", depending on the result of the pre-selection made at the place of the clinical trial.
- Contact Whatsapp Business: WhatsApp business can use WhatsApp business as an information communication channel with the users of the service, for its management.
- ~ Partilha de dados: Nome, nome, apelido, centro médico, número de registro, número de telefone, endereço de correio electrónico.
- ~ Basis of processing: The basis for processing is the consent of the person concerned (Art. 6.1.a) GDPR).
- Notifications regarding clinical trials published on the platform: In order to show you relevant alerts and updates within our Android and iOS apps, we may send you push notifications or informational emails. You can disable these notifications by opting out of receiving emails or disabling push notifications in your user profile on the platform.
- ~ Data used: Name, last name, e-mail address.
- ~ Basis of processing: The basis for the processing is the legitimate interest (Art. 6.1.f) GDPR).
The personal data obtained through any of the channels of the Platform will be part of the Registry of Processing Activities (RAT) owned by TRIALING. This will be updated periodically, in accordance with the provisions of the RGPD. Users are informed of the possibility of withdrawing their consent in case it has been granted for a specific purpose, without affecting the legality of the previous processing based on the consent before its withdrawal.
For clarification purposes, TRIALING states that no personal data of patients is collected through the Platform, since the information entered by users on the platform for the purpose of locating medical studies does not directly identify them, nor does TRIALING have the means, resources, technology or motivation to establish relationships between this information and the identified individuals.
3. Data retention period
TRIALING will retain your personal data for as long as your account is active (i.e., until you opt out); as necessary to provide you with the services or for the purposes described in this privacy policy or at the time of collection. TRIALING may retain your personal data for as long as necessary to comply with our legal obligations, resolve disputes or as otherwise permitted by law.
When you request the cancellation of your account, we will delete or anonymize all your personal data in accordance with the requirements of applicable law, so that they cannot be reconstructed or associated with the customer.
4. Data recipients
As a general rule, your personal data will not be disclosed to third parties, except for legal obligations or for the defense of our legal interests.
As an exception to the above, they may be recipients of personal data from our Platform:
- The organizations behind our third-party cookies, as set forth in our Cookie Policy.
- Firebase: We use Firebase as a platform for the development of our application.
- Sentry: Our platform uses Sentry for fault communication.
- Slack: Our platform uses Slack as an internal communication tool for Trial to monitor routing requests.
- Google Analytics: Our platform uses Google Analytics, an analytics service provided by Google Ireland Ltd. The Google Analytics definitions have been modified by us for measurement-only functionality, unless you have been granted separate consent for other advertising functionality. Google Analytics uses a specific form of cookie, which is stored on your device and allows an analysis of your use of our website/app. The cookies defined by Google Analytics for measurement are first-party cookies, which means that the cookie values of the data subjects will be different for each client (i.e., there is no single Google Analytics cookie ID that is used on all sites that use Google Analytics). The information about your use of this Platform generated by the cookie is usually transmitted to a Google server and stored there. Google uses this information on our behalf to analyze your use of this Platform in order to compile reports on Platform activities and to provide additional services related to the use of the Platform and the Internet. The IP address transmitted by your device in the context of Google Analytics is not merged with other Google data. We use Google Analytics to regularly analyze and improve the use of our platform. We may use the statistics obtained to improve our offer and make it more interesting for you as a user. In addition, we obtain information about the functionality of our Platform (for example, to detect navigation problems). In the Google Analytics definitions, we assure that Google receives these data as a processor and, therefore, is not authorized to use these data for its own purposes. Transfer to third countries is possible. As a suitable safeguard, we agree to standard contractual clauses in accordance with Art. 46 GDPR.
- The directors of clinical studies with whom the user (medical professional) chooses to share his/her e-mail address when using the "DERIVE" function offered by the application.
- Clients/third parties (private companies, pharmaceutical companies, Biotech laboratories) with whom we maintain a collaborative/commercial relationship, who offer studies/this PDM, with whom the user (medical professional) decides to share his/her contact data (e-mail) when using the "REQUEST" function offered by the application.
- Our hosting service provider is Amazon Web Services (AWS), and all the information is stored in their servers located in Europe, specifically in Ireland (EU-1 west zone).
In connection with the Platform services, we can share statistical or aggregated data on metrics, clickstream, decision trees, general characteristics of referral orders and any other aggregated data on user activity on the Platform.
In addition, we inform you that, in certain cases, we may provide access to your data to third party companies in their role as data processors to help us to correctly manage our services. In this case, TRIALING will enter into a contract under the provisions of article 28 of the GDPR.
5. International transfers
It is important to note that some of our suppliers may be based in the United States, be affiliated with a U.S. firm, or process data in the United States. For this reason, the information we collect from you may be processed in the United States. Following the decision in case C-311/18 (Schrems II case), the EU's "adequacy" decision under Article 41 of the GDPR was annulled, which means that your data may not receive in that country protection equivalent to that enjoyed under the European General Data Protection Regulation.
In this regard, TRIALING is monitoring the transparency documentation published by the aforementioned companies and is in the process of evaluating the supplementary mechanisms proposed by them. More information will be made available as it becomes available from the companies and the relevant supervisory authorities. However, in order to use these services, we have derogations for specific situations under Article 49 of the GDPR. In particular, to collect and transfer personal data to the EUA we will use: your consent (Art. 49.1.a) or the execution of a contract (49.1.b). We and our agents strive to implement appropriate safeguards to protect the privacy and security of your personal data and to use it only in a manner consistent with your relationship with us and with the practices described in this Privacy Policy.
6. Rights of data subjects
If TRIALING processes your personal data, please remember that you have the possibility to exercise the following rights by contacting us:
- Right of access: you may request information about the personal data we hold about you.
- Right of rectification: you can communicate any change in your personal data.
- Right of shutdown and right to be locked out: you can request the shutdown of your personal data after they have been blocked. Note that you can turn off your account at any time.
- Right to restrict the treatment: this implies the restriction of the treatment of personal data.
- Right to object: If we process your information for our legitimate interests or those of third parties, or in the public interest, you may object and we will stop processing your information, unless such processing is based on compelling legitimate grounds or is required by law.
- Right to portability: You can also request your data by sending us an e-mail to rgpd@trialing.org if you wish and we will send it to you by e-mail or to the address and entity that you provide us.
Note that, in some cases, these rights may be subject to limitations.
In addition, if you have a complaint about the processing of your data, you can file a complaint with the competent authority for data protection.
7. What security measures do we implement to protect your personal data?
TRIALING has adopted the legally required security levels for the protection of personal data and strives to install these means or additional technical measures within its reach to prevent the loss, misuse, alteration, unauthorized access and theft of personal data provided to the organization.
8. Links to other sites or services
TRIALING is not responsible for the practices or practices of the services linked to our application/website or for the information or content provided by them to the user. Please note that when you use a link from our site to another service, our Privacy Policy does not extend to those third party services and the contact you make will be subject to the rules and policies of those third parties.
9. What presence does TRIALING have in social networks?
TRIALING has the following profiles in the main social networks of the Internet (LinkedIn, Twitter).
Acknowledges that it is responsible for the treatment of the data of its users, followers, or people who make comments through them. Likewise, in accordance with the Law on information society services and electronic commerce, it is exonerated from any kind of responsibility derived from the comments made by users and followers in its social networks.
TRIALING can use the profiles described above to inform its users about topics it considers of interest to them.
10. Alterations to the Privacy Policy
TRIALING may, at its sole discretion, modify or update this Privacy Policy, so we encourage you to review this section periodically. If the changes made materially affect the content of this Privacy Policy, the user will be notified.
%201.avif)
