Personal data policy

Valid from 2023-02-22

Definition of personal data
Personal data (“data”) includes all information regarding the applicant that Trialy AB (“the company” registers in digital form. Such information includes but is not limited to:
Contact information, such as name, address, phone number and email address.
Sensitive data, such as information regarding health, sexuality, ethnicity, genetic or biometric data
The information can be collected with regards to the criteria for participation for each clinical trial (“study”) that the company are recruiting participants to. Registration of such information only occurs if the applicant clearly consent to the registration.

Collection of data
The company should not, in accordance to this policy, gather more information than is necessary to fulfill its agreement with each customer. All information that the company gathers is preceded by clear consent from the applicant. In accordance to a certain agreement with a customer, the company might forward the information to the customer. If so, this is preceded by clear consent from the applicant.

By sharing the requested data for each study or the Trialy panel, and by checking the consent-boxes in the forms, the applicant agrees that the company registers the data that the applicant has shared, for as long as the study is active or until the applicant withdraws their consent. The applicant also consents to the data being shared with the customer in charge of the study. How Trialy handles personal data is based on consent in accordance with Article 9.2a Regulation 2016/679 of the European Parliament.

Each applicant will obtain a confirmation via email which states whether or not the applicants information match the criteria for the study. In the email, information is not included regarding which study the applicant has applied to. In the email, information regarding this personal data policy as well as contact information to Trialy is included.

Consent withdrawal
In the case of consent withdrawal from the applicant or in the case that the applicant no longer want the company to store the applicant’s personal data, the applicant should inform the company at earliest convenience. The company will then, as soon as possible, and within a month, delete all the personal data from the applicant that the company holds. The applicant will receive confirmation of the data being deleted via email.

Store and edit
Registered data is stored in accordance of the time frame for each study, or for the Trialy panel, until the consent is withdrawn. Access to the data is limited to only the necessary employees within the company. The applicant has the right to demand a statement once a year, free of charge, showing the personal data kept by the company. The applicant can contact the company at any time and demand that wrongful data is edited.

The applicant can also demand that the company deleted all information and withdraw their consent to the study. Such a demand should be done in writing. The applicant has the right to limit access to the personal data if the data is not correct, illegally stored, the company does no longer need the data for the original purpose or if the applicant has objected to participation in the study.

The applicant has the right to receive information about the personal data in a commonly used, structured and readable format. The applicant has the right to object to the data being used for marketing at any point.

When the consent is withdrawn by any party the company should ask whether the applicant would like access to the data that is registered or if the data should be deleted immediately. If the applicant want access to the data, it should be sent without charge and thereafter be deleted completely. If a study includes sensitive personal data, Trialy always demand an approved application from the Swedish ethics review authority.

Personal data incident
Should the system that stores the personal data be the subject of a leak, intrusion or similar (so called ”personal data incident”) the company will, within 72 hours, contact the Swedish Authority for Privacy Protection and send out information about the incident to concerned applicants. The report to the Swedish Authority for Privacy Protection should include information about:
– What type of incident that has occurred
– Which categories of people that might be affected
– How many that are affected
– The consequences of the incident
– The actions taken to prevent negative consequences of the incident

If needed, the personal data will be deleted or moved to prevent further distribution.

If an applicant thinks that the company has handled the personal data in a matter which is in disagreement with the purpose of the gathering or in disagreement with GDPR, the applicant should inform the company immediately. In those cases that a correction is not possible, the applicant has the right to complain to the Swedish Authority for Privacy Protection:

Box 8114
104 20 Stockholm
Telefon: 08-657 61 00

The company assures its goal to follow GDPR and will update this policy in accordance to that policy. Changes in the personal data policy will be informed via social media channels, email or letters. Information might be shared with a third party if demanded by law.
On the company website or in its social media channels there might be links to other websites or companies, this policy does not cover those websites or companies.

Responsibility towards third party
Trialy AB and Trialy AB’s suppliers are not responsible for lack of profit towards our customers.

Responsibility towards the users of our services
Trialy AB is an ad- and recruitment service. Therefore, we take no responsibility for the potential risks that might occur when participating in the studies we market. The people responsible for each study are forced to, before you enter the study, inform you of your free participation and the potential risks connected to the study.

Contact information
Trialy AB, 559120-7872
Contact person: Fanny Ekström
c/o Enkätfabriken AB
Järntorget 3
413 04, Gothenburg, Sweden