Data Protection Policy
This policy provides information about the personal data processed by Clariness GmbH, Schillerstr. 44, 22767 Hamburg, Germany when using this website and our services and the purposes this data is used for, when you:
Visit our website and register with us (see section 2 below),
Give your consent for information about current studies (newsletter) (see section 3 below) to be sent to you, or
Apply for a study using the ClinLife portal (see section 4 below).
In addition, information will be provided about your rights with regard to the processing of your data.
We process your data in accordance with the data protection regulations of Regulation (EU) 2016/679 (General Data Protection Regulation) – “GDPR”) in the version valid from 25 May 2018.
Clariness GmbH will hereinafter also be referred to as “ClinLife”.
1. Who is responsible for processing your data?
The controller responsible for processing your personal data in terms of Article 4 (7) GDPR is
Clariness GmbH
Schillerstr. 44
22767 Hamburg, Germany
2. Data protection information for visitors to ClinLife’s websites
2.1 What data is processed when visiting the websites?
Each time ClinLife’s website is accessed ClinLife's servers automatically store information about the accessing system (“server log files”).
This information includes:
IP address (in anonymised form, if applicable)
Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
ClinLife uses this access data to make the website accessible, to recognise and resolve potential technical problems and to prevent abuse of ClinLife’s website and if necessary to track such abuse.
ClinLife also reserves the right to use this access data in anonymised form, i.e. in such a way that the user cannot be identified, for statistical purposes and to improve the website (see section 5 below).
The legal basis for the processing of access data as personal data of the user is Article 6 (1) (f) GDPR. We have a legitimate interest in making the website accessible and improving the services of ClinLife by processing the data of users.
2.2 How is the data provided by the user during registration processed?
Registration is required to use the ClinLife website. In order to register users must provide their email address, first name and surname (“necessary information”). The user provides this information to ClinLife in acknowledgement of this Data Protection Policy. It is not possible to use ClinLife’s website without providing this (necessary) information.
In addition to the necessary information the user may also choose to provide additional information (such as gender, date of birth, postcode, telephone number, areas of interest for studies) (“additional information”).
Data collected during the course of registration (necessary and additional information) is saved by ClinLife in the user’s personal profile and processed in order to identify the user when accessing ClinLife's online services and to personalise the content of services.
The legal basis for the processing of the user's data is Article 6 (1) (f) GDPR. Our legitimate interest is providing web-based services for users.
2.3 What are the consequences of using cookies?
When visiting the website information in the form of a “cookie” will be placed in the browser software on the user's computer. Cookies are small text files with configuration data which are saved on your computer’s hard drive and facilitate your use of the website. The cookies used as session cookies, which are removed from your browser when you log off.
ClinLife uses certain advertising partners who help make the services offered on the Internet and the website more interesting for you. Therefore cookies from our partner companies are saved on your hard drive when you visit the website. These are temporary/permanent cookies which are automatically deleted at a prescribed time (from 1 month to 10 years). Cookies from our partner companies do not contain any personal data. Data is merely collected under a user ID pseudonym. This data is, for example, about which topics you were interested in, whether you have applied to a study, which study indicators were searched for, etc. Here some of our advertising partners also collect information about the websites, such as which sites you visited in advance or which products you were interested in, for example, in order to be able to show you adverts which are best suited to your interests. This pseudonymous data will not be associated with your personal data at any time.
Retargeting
The ClinLife websites use retargeting technologies such as Pixel from Facebook Ireland Limited. We use this technology to make our online presence more interesting for you. This technology enables users of the Internet who are already interested in ClinLife and clinical studies to be targeted with advertising on websites of our partners. We are confident that a mix of a personalised, interest-based advertising is generally more interesting for users of the Internet than advertising which has no such personal basis. This advertising is incorporated into the websites of our partners on the basis of cookie technology and an analysis of previous usage behaviour. This form of advertising is completely anonymous. No personal data is stored and no usage profile will be associated with your personal data.
When you visit one of the pages of our website and have set your browser settings to accept cookies, for us this means that you want to use ClinLife’s products and services and you agree to the use of cookies and other technology as described in our Data Protection Policy.
How do I prevent cookies being stored?
You can specify in your browser settings that you only want to accept cookies if you agree to them. If you only want to accept ClinLife cookies but not the cookies from our service providers and partners, you can select the “Block third party cookies” option in your browser settings.
When using a shared computer set to accept cookies and flash cookies, we recommend you always log off completely when finished.
The legal basis for using cookies is Article 6 (1) (f) GDPR. Our legitimate interest is that as a result of processing the data statistical evaluation can be carried out regarding the use of our website and we are able to optimise our website and online services for users.
Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", i.e. text files which are stored on your computer to help analyse your use of the website. The information generated by the cookie regarding your usage of the website is usually transmitted to Google's server in the USA and stored there. The IP address transmitted by your browser within the scope of Google Analytics will not be linked to other data held by Google. On this website the Google Analytics code has been extended by ”anonymizeIp” code. This guarantees your IP address is masked so that all data collected is anonymous. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there.
Google uses this information on behalf of the operator of this website to evaluate your usage of the website, to compile reports about website activity and to provide the website operator with further services associated with website usage and Internet usage. You can prevent cookies from being stored by selecting the appropriate setting in your browser software; however, we would point out that in this case you may not be able to fully use all the functions of this website.
In addition, you can prevent the collection of data generated by the cookie and related to the usage of the web site (including your IP address) by Google and the processing of such data by Google by downloading and installing the browser plug-in which is available at: https://tools.google.com/dlpage/gaoptout?hl=en-GB. For an alternative to the browser add-on, in particular when using browsers on mobile devices, click on this link to prevent collection by Google Analytics (Patients should be able to opt out of Google Analytics tracking at any time.
After successfully opting out the following message is displayed: You have successfully opted out of Google Analytics tracking.) This places an opt-out cookie in your browser which prevents your data from being collected when you visit this website in the future. The opt-out cookie only works in this browser and for our website and is placed on your device. If you delete your cookies in this browser, you must set up the opt-out cookie again. [Information about integrating the opt-out cookie can be found at: https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable].
We also use Google Analytics to evaluate data from AdWords for statistical purposes. If you wish this can be deactivated in the Ads Personalization Manager (https://adssettings.google.com/anonymous?hl=gb-en).
This website uses demographics reports from Google Analytics in which in your data from interest-based advertising from Google as well as visitor data from third party providers (e.g. age, gender and interests) is used. This data is not linked to a specific person and can be deactivated at any time in the advertising settings.
Further information about Google’s use of data for advertising purposes, settings and permissions can be found on Google's websites: https://www.google.com/intl/de/policies/privacy/partners/ (“How Google uses data when you use our partners' sites or apps”), http://www.google.com/policies/technologies/ads (“Using data for advertising purposes”), http://www.google.de/settings/ads (“Control the information Google uses to show you ads”) and http://www.google.com/ads/preferences/ (“Choose what ads Google shows you”).
Google Analytics is used in accordance with the requirements which the German data protection authorities agreed with Google. Information about the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms & Conditions of Use
http://www.google.com/analytics/learn/privacy.html
Mouseflow
This website uses Mouseflow, a web analysis tool by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. Data is processed for the purpose of analysing this website and its visitors. Data for marketing and optimisation purposes is collected and stored. A pseudonymous user profile may be generated from this data. Cookies may be used for this. The web analysis tool Mouseflow logs randomly selected visits (only with anonymised IP addresses). It tracks mouse movements and mouse clicks with the aim of playing back random individual visits to the website and deriving potential improvements to the website from this. Data collected by Mouseflow will not be used to personally identify the visitors to this website and personal data will not be connected to the anonymous profile without the consent of the data subject, which is to be granted separately. Processing is carried out on the basis of Article 6 (1) (f) GDPR. Our legitimate interest is more direct customer communication and designing the website to better meet users’ requirements. You have the right to object, on grounds relating to your particular situation, at any time to this processing of your personal data on the basis of Article 6 (1) (f) GDPR. You may globally deactivate recording on all websites where Mouseflow is used for the browser you are currently using by clicking on the following link: https://mouseflow.de/opt-out/.
2.4 How can I register with social media and what data is processed as a result?
You can quickly and easily register with ClinLife using your Facebook or Google account.
In order to do so you must already have or set up a Facebook or Google account.
If you want to use this function you will be initially forwarded to Facebook/Google. You will then be asked to sign in with your user name and password. We will not, of course, take note of your log in information. This step will be skipped if you are already signed in to Facebook or Google.
Then you will instruct Facebook/Google which data to transmit to us. Confirm this with the “OK” button. We will create your user account with this transmitted data. No additional permanent link will be formed between your user account and your Facebook/Google account. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and the privacy settings available to protect your privacy can be viewed in the Privacy Policy of Facebook (https://www.facebook.com/about/privacy/) and of Google (https://www.google.com/policies/privacy/).
ClinLife processes the personal data transmitted from the respective providers (Facebook, Google) as part of the user’s registration (see section 2.2 above).
2.5 How long is personal data stored for?
Necessary and additional personal data (see section 2.2) provided as part of registration is erased when the user account is erased, unless a longer period of storage is prescribed by law.
Information about the deletion of cookies can be found in section 2.3.
The legal basis for the erasure of the aforementioned data of the user is Article 6 (1) (f) GDPR. Our legitimate interest arises from the principle of data minimisation as per Article 5 (1) (c) GDPR.
3. Data protection information for subscribers to the ClinLife newsletter
Registered users have the opportunity to subscribe to a newsletter on the ClinLife website which contains information about selected topics and current studies. In order to do so the user must give consent to the processing of their relevant personal data in terms of Article 6 (1) (a) GDPR.
3.1 What happens when a user subscribes to the newsletter?
The double opt-in procedure is used to subscribe to the newsletter. This means that a newsletter is only sent by email when the user has expressly confirmed in advance that they wish to activate the newsletter service. A notification email is then sent to the given email address and the user is asked to click on a link in this email to confirm that they do want to receive the newsletter.
When the newsletter is subscribed to the necessary and additional information (see section 2.2 above) stored in the user profile (email address), personalisation (first name and surname) and any content personalisation (e.g. postcode and areas of interest for studies as stated by the user) is processed to send the newsletter.
The user gives their consent to subscribe to the newsletter in acknowledgement of this Data Protection Policy and the aforementioned processing procedures.
The legal basis for the processing of the user's data is Article 6 (1) (a) GDPR.
3.2 Right to withdraw consent at any time
The user has the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. A corresponding declaration may be made using the link in the newsletter; in addition the user may contact the controller using the contact details in section 8 below. If consent is withdrawn the user will no longer receive the newsletter.
4. Data protection information for users applying for a study
In addition to merely being used for general information about clinical studies, ClinLife's website can also be used by registered users to apply to participate in a study (“applying for a study”). In order to apply for a study express consent must be given to the processing of data connected to the study application (Article 6 (1) (a) GDPR in combination with Article 9 (2) (a) GDPR). Consent must be given for each individual study. If you apply for more than one study consent must be given for each individual study separately.
4.1 What personal data will be collected when applying for a study?
The user is asked to provide personal data when applying for a study to the extent that this data is relevant to the suitability of a user for a specific study. This generally also includes information about the user's health (“special categories of personal data” in terms of Article 9 (1) GDPR). The user provides the corresponding data to ClinLife on the basis of voluntarily given consent and in acknowledgement of this Data Protection Policy. In certain circumstances ClinLife may not be able to provide certain services or not provide them in full without the answers to these questions.
The legal basis for the processing of the user's data is Article 6 (1) (a) GDPR in conjunction with Article 9 (2) (a) GDPR.
4.2 What additional processing procedures are carried out?
The user’s data collected during the course of the application is saved by ClinLife in the user’s personal profile and processed to determine the suitability of the user for the study in question. Furthermore the data is used for ClinLife to communicate with the user as part of the application process. If, in ClinLife's opinion, the user appears to be suitable for the study, the user's data is disclosed to a study centre involved in the study, provided the user has given their express consent to such a disclosure. The disclosed data may be used by the study centre to contact the user. Furthermore the data stored by ClinLife may be augmented by ClinLife with additional information about the status of the application (“status information”). ClinLife will only use this status information to allow the representative of the study centre to contact the user and/or to support the assessment of the user's application or for the purpose of statistical analysis (see section 5 below).
The legal basis for the processing of the user's data is Article 6 (1) (a) GDPR in conjunction with Article 9 (2) (a) GDPR.
4.3 Right to withdraw consent at any time
The user has the right to withdraw their consent to the processing of their personal data to apply for studies at any time with future effect without affecting the lawfulness of processing based on consent before its withdrawal. A corresponding declaration may be sent by email to [email protected] or in writing to Clariness GmbH, Schillerstr. 44, 22767 Hamburg, Germany; in addition the user may contact the controller using the contact details in section 8 below.
The user may also restrict their withdrawal of consent to certain data. The withdrawal of consent (including withdrawal of consent restricted to certain data) may result in the user no longer being able to use certain services (in particular their application to participate in a study may no longer be assessed).
4.4 How long will personal data collected when applying for a study be stored for?
If consent has been withdrawn the data provided by the user (see section 4.1) is erased, unless a longer period of storage is prescribed by law. If the user restricted their withdrawal to certain data only the data affected by the withdrawal of consent will be erased.
If consent is not withdrawn, the data will be processed for the duration stated in the declaration of consent and then erased.
The legal basis for erasure is Article 6 (1) (a) and (f) GDPR. Our legitimate interest results from the principle of data minimisation laid down in Article 5 (1) (c) GDPR.
5. Use of anonymised data
ClinLife anonymises data collected from users and then uses this for statistical evaluation.
The legal basis for processing to anonymise data is Article 6 (1) (f) GDPR. Our legitimate interest results from the principle of data minimisation laid down in Article 5 (1) (c) GDPR and our interest in optimising the inclusion criteria and designing questionnaires for future studies.
6. Disclosure and transfer of personal data to third parties
6.1. ClinLife is entitled to provide users’ data to certain third parties with whom ClinLife collaborates when providing services (e.g. telecommunications service providers). Disclosing data is restricted to the purpose of the collaboration and the third party collaborating with ClinLife is only entitled to use the data to the extent this is required to provide the services.
The legal basis for using transferring data as described above is Article 6 (1) (f) GDPR. Our legitimate interest is improving processes and our services.
6.2. In addition ClinLife may disclose personal data to third parties, if:
6.2.1. The user has expressly consented to this disclosure (e.g. to a study centre that is carrying out a study the user has applied for). The legal grounds for this is Article 6 (1) (a) GDPR.
6.2.2. ClinLife is obligated to disclose and/or transmit data to a third party on the basis of an executable/final judicial or administrative order or if ClinLife is obligated to disclose and/or transmit the data to a third party on the basis of a statutory obligation even without such an order. The legal grounds for this is Article 6 (1) (c) and (f) GDPR. Our legitimate interest is complying with justified claims.
6.2.3. Disclosure and/or transmission is required to stop a misuse of the website or service, in particular breaching the Terms & Conditions of Use, in a legally permissible manner. The legal grounds for this is Article 6 (1) (f) GDPR. Our legitimate interest is detecting and monitoring abusive conduct.
6.3 ClinLife will not disclose user’s data to third parties without the express consent of the user except in those circumstances specifically stated in this Data Protection Policy.
The legal basis for the disclosure of personal data with express consent to do so is Article 6 (1) (a) GDPR.
7. Rights of users
The user has the following rights discussed below. When rights are asserted they will be dealt with promptly and will not result in any disadvantages for the user.
Right of access (Article 15 GDPR): The user may request information from ClinLife regarding the personal data which is being processed, what the source of this data is and for what purpose(s) the data is being processed and, if relevant, what recipients/categories of recipients has the data been transferred to. Requests for information submitted electronically will be answered electronically.
Right to object (Article 21 GDPR): The user may object to the processing of their data on grounds relating to their particular situation, to the extent that the data processing is based on the protection of the legitimate interests of ClinLife or a third party (Article 6 (1) (f) GDPR) as well as in cases where data processing is carried out in the public interest (Article 6 (1) (e) GDPR). If the user objects to the processing of their data ClinLife will no longer process the personal data, unless ClinLife can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user or the processing is carried out for the establishment, exercise or defence of legal claims.
If ClinLife processes personal data to provide tailored information about ClinLife's range of services (hereinafter referred to as “marketing purposes”) the user has the right to object to the processing of their personal data for this purpose at any time. ClinLife may no longer use the personal data of the user for these purposes if the user objects to the processing of their personal data for marketing purposes.
Right to data portability (Article 20 GDPR): The user has the right to receive their personal data that they provided to ClinLife in a structured, commonly used and machine-readable format where the processing of the data is based on the user's consent (Article 6 (1) (a) GDPR) or where the processing is necessary for the performance of a contract entered into with the user or to take steps prior to entering into a contract (Article 6 (1) (b) GDPR).
Right to rectification (Article 16 GDPR): If your personal data is inaccurate or incomplete you have the right to demand its rectification or supplementation. Such rectification triggers ClinLife's obligation to notify all recipients to whom the inaccurate data was disclosed of the rectification, unless this is exceptionally impractical or involves disproportionate expenditure.
Right to erasure (Article 17 GDPR): The user may demand the erasure of their personal data without undue delay, if (i) the purpose of processing no longer applies due to the passage of time or for other reasons, (ii) processing is based on the user’s consent and this has been withdrawn, (iii) the user has objected to processing and further processing ceases as a result of this, or (iv) the legal basis for the processing is absent or has ceased to apply. ClinLife, however, must take into account existing retention obligations and circumstances where erasure would impair interests worthy of protection.
Right to restriction of processing (Article 18 GDPR): The processing of personal data is to be restricted, (i) as long as ClinLife is verifying the accuracy of contested data, (ii) where processing has been unlawful since the beginning but the user opposes the erasure of the data, (iii) where the data is no longer needed for the purposes of processing but is required by the user for the establishment of legal claims and (iv) while the user’s objection to processing is being verified. Where processing has been restricted ClinLife may only process the data (i) with the consent of the user, (ii) for the establishment, exercise or defence of legal claims, or (iii) to protect the rights of another person or for reasons of important public interest.
Right to lodge a complaint (Article 77 GDPR in conjunction with section 19 German Data Protection Act (BDSG)) The user has the right to lodge a complaint with a supervisory authority.
Right to withdraw consent given under data protection law (Article 7 (3) GDPR) The user has the right to withdraw consent given to ClinLife to process their personal data at any time.
8. Controller’s contact information
The controller’s contact information is:
Clariness GmbH
Schillerstraße 44
22767 Hamburg, Germany
Tel. +49 (40) 298 678 00
Fax: +49 (40) 298 678 09
Email: [email protected]
The contact information for the controller’s Data Protection Officer is:
Mein Datenschutzbeauftragter.de
Rudolf‐Diesel‐Straße 10
23617 Stockelsdorf, Germany
Email: [email protected]
The above contact information may be used to assert the rights stated in section 7 above against both the controller and the Data Protection Officer as well as for asking general questions related to data protection and submitting suggestions.
The responsible supervisory authority is the Hamburg Office for Data Protection and Freedom of Information (HmbBfDI). This monitors adherence to data protection law in the private sector in Hamburg. Users may contact the supervisory authority at any time.
Their contact information is:
Free and Hanseatic City of Hamburg
Hamburg Office for Data Protection and Freedom of Information
Prof. Johannes Caspar
Klosterwall 6 (Block C)
20095 Hamburg, Germany
Tel.: 040 / 428 54 – 4040
Fax: 040 / 428 54 – 4000
Email: [email protected]
9. Links to other websites
If the website contains links to other websites this Data Protection Policy does not extend to other providers. ClinLife has no influence over whether the operators of these websites comply with data protection law and therefore also assumes no responsibility for the accuracy, up-to-dateness or completeness of the information provided there.
10. Changes to this Data Protection Policy
ClinLife reserves the right to make changes to this Data Protection Policy in the event of changes in factual or legal circumstances.
11. Service provider and data controller
Clariness GmbH, Schillerstraße 44, 22767 Hamburg, Germany
Commercial Register: HRB 108294, Hamburg Local Court (Amtsgericht)
Board of Management: Michael Stadler
VAT ID number: DE 248331129
As at: May 2018