logo

Privacy Policy for Trialtree

Privacy policy for the processing of personal data about test subjects or researchers/contact persons.

1. Introduction

1.1 This privacy policy (“Privacy Policy”) applies to Trialtree.com. Trialtree is owned by and operated by ForskningNU ApS (“we”, “us” or “our”). The Privacy Policy applies when we process personal data about you as a test subject or researcher/contact person.

1.2 We are the data controller for the processing of personal data set out in this Privacy Policy and are therefore responsible for ensuring that your personal data is processed in accordance with applicable data protection legislation.

1.3 Each individual research project is an independent data controller for the processing of personal data it collects and processes outside the Trialtree platform in relation to the test subject. This is typically anchored in a region, a university or a private company. Trialtree does not have access to this personal data.

1.4 In this Privacy Policy, we inform you of your rights and of how we process and protect your personal data. If you have any questions about our processing of your personal data, you are always welcome to contact us:

Trialtree, owned by Forskningnu ApS CVR no. 42285005 Fruebjergvej 3 2100 Copenhagen Ø Email: info@forskningnu.dk

2. Definitions

2.1 “applicable data protection legislation” refers to the General Data Protection Regulation (Regulation No. 2016/679), supplemented and implemented by Act No. 502 of 23 May 2018 (the Data Protection Act) and related national legislation, as well as Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 on the processing of personal data and the protection of privacy in the electronic communications sector (the ePrivacy Directive) and national implementations thereof.

2.2 “personal data” means any information about a natural person who can be directly or indirectly identified by an identifier such as a name, address, telephone number or email address.

2.3 “processing” means any activity to which personal data is subjected, such as collection, organisation, storage, deletion or disclosure.

2.4 Trialtree is the data controller and therefore determines the purposes and means of processing, naturally within the framework of the consent and existing legislation.

3. Use of personal data

3.1 We collect and process the personal data you provide to us when you (a) register for our test subject database (b) subscribe to our newsletter. Our processing covers only ordinary personal data and below you can see which personal data we process, as well as the purpose and legal basis for doing so:

Information about test subjects
Personal dataPurposeLegal basis
Registration in database: - First name - Email address - Phone number - Postal code - Gender - Year of birth - The health information you choose to provide/enter.Purpose 1: Registration in the test subject database. Purpose 2: To be contacted about new research projects for which you are in the target group.Consent given by the data subject pursuant to Article 6(1)(a) of the General Data Protection Regulation.
- First name - Email addressPurpose: To send emails with news relevant to the user.Consent given by the data subject pursuant to Article 6(1)(a) of the General Data Protection Regulation.
Information about researchers and contact persons
Personal dataPurposeLegal basis
- Name - Contact information (address and email address) - Place of work- Communication and invoicingThe legal basis is our legitimate interest in being able to fulfil our agreement with the Customer (Article 6(1)(f) of the GDPR) and being able to invoice the Customer (Article 6(1)(c) of the GDPR).

4. Cookies

4.1 We collect and process information about your behaviour on our website in order to analyse the use of our website and optimise the user experience. You can read more in our cookie policy in the cookie policy section. The processing is based on our legitimate interest (Article 6(1)(f) of the General Data Protection Regulation).

5. Disclosure

5.1 Disclosure of information about you will only take place in compliance with applicable data protection legislation. In each individual case, we will assess whether the disclosure requires your explicit consent or whether it can be carried out on another legal basis.

5.1.1 If, with your prior consent, we have disclosed your personal data to a research project, the research project becomes an independent data controller for the processing of your personal data. The research project is also the data controller for the personal data arising from your participation in the research project. We do not have access to such personal data. In many cases, a research project will be anchored either in 1) a hospital setting, 2) a university setting or 3) privately funded, for example via a pharmaceutical company, and the data controller will formally be the relevant region, university or company.

5.2 If we transfer your personal data to countries outside the EU/EEA, we will always ensure that the necessary security measures to protect your personal data are in place. This means that we ensure that: • The European Commission has assessed that the third country/the third party established in the third country provides an adequate level of protection for personal data, • Standard data protection clauses adopted by the European Commission have been entered into between us and the relevant recipient/third party of your personal data, • The relevant recipient/third party has implemented approved binding corporate rules (Binding Corporate Rules) A number of our IT suppliers are data processors for us and process data solely on our instructions. They therefore do not have the right to decide for themselves what your personal data is to be used for, and we retain control over the information. We have entered into data processing agreements with our data processors to ensure that the data processor's level of protection for your personal data is adequate. We conduct periodic audits to ensure that the data processor meets the agreed standards. When determining the frequency and content, we base our approach on guidance material from the Danish Data Protection Authority.

5.2.1 We have currently entered into agreements with the following providers within the EU: Brevo: • Provider of a system for sending automated emails. Terms and conditions can be found here - https://www.sendinblue.com/legal/termsofuse/. Dinero: • Accounting software. Terms can be found here - https://dinero.dk/sikkerhed/dinero-betingelser/. NextJS (Vercel): • Frontend development PostgreSQL (PostgreSQL Global Development Group): • Database. Swagger (OpenAPI initiative): • Code documentation.

5.2.2 We have currently entered into agreements with the following providers outside the EU: Microsoft Inc • Microsoft Office 365: Provider of the office suite. Terms and conditions can be found here - https://www.microsoft.com/en/servicesagreement/. • LinkedIn: Company profile on LinkedIn. Terms and conditions can be found here - https://www.linkedin.com/legal/user-agreement/. Google Inc: • Google Analytics: Website statistics. Terms and conditions can be found here - https://business.safety.google/adsprocessorterms/. • YouTube: Company profile on YouTube. Terms and conditions can be found here - https://business.safety.google/adsprocessorterms/. Facebook Inc: • Marketing of our products and projects. Terms and conditions can be found here - https://www.facebook.com/terms/. LinkedIn: • Marketing of our products and projects. Terms and conditions can be found here - https://www.linkedin.com/legal/privacy-policy/. Bubble.io: • Provider of a system for web design and platform maintenance. Terms and conditions can be found here - https://bubble.io/terms/. Twilio SendGrid: • Provider of a system for sending automated emails. Terms and conditions can be found here - https://www.twilio.com/legal/tos/. Fathom analytics: • Website statistics. Terms and conditions can be found here - https://usefathom.com/terms/. Tailwind (Tailwind Labs): • Frontend development. AWS (Amazon): • Infrastructure. Segment (Segment.io): • Analytics.

6. Responding to legal requests and preventing harm

6.1 We may access, retain and share your personal data in response to a legal request (such as search warrants, court orders, subpoenas or similar), or if necessary to detect, prevent or address fraud or other illegal activity, to protect ourselves, you or other test subjects, researchers/contact persons, including as part of an investigation.

7. Security and protection

7.1 We have established and maintain appropriate organisational and technical measures to ensure that your personal data is not accidentally or unlawfully deleted, degraded or lost, nor comes to the knowledge of unauthorised third parties or is otherwise misused or used in a manner inconsistent with applicable data protection legislation.

7.1.1 In the event of such security breaches, the supervisory authority will be notified in accordance with the applicable rules. For more information about our IT security, please contact us.

8. Storage of personal data

8.1 We store your information for as long as we have your consent to do so, but for a maximum of 5 years after the most recent consent was given.

8.2 If you withdraw from the test subject database, we will delete all information linked to your account.

8.3 If you withdraw from the test subject database but are simultaneously registered for a research project, we will retain the necessary data until your participation in the project is complete. All information will then be deleted.

9. Your rights

9.1 Your rights with regard to personal data are described below. To exercise your rights, you may contact us using the contact details in section 1.3.

9.2 Subject to the limitations of the law, you have certain rights, including the right of access to your personal data, the right to have incorrect information corrected, the right to have information deleted, the right to restriction of processing, the right to data portability, and the right to object to the processing of personal data, including in relation to automated, individual decision-making (profiling).

9.3 If all or part of our processing is based on your consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

9.4 If you wish to complain about our processing of your personal data, you may do so to the Danish Data Protection Authority, Carl Jacobsens Vej 35, 2500 Valby, email: dt@datatilsynet.dk.

10. Notification of changes to this privacy policy

10.1 If we make changes to the Privacy Policy, we will notify you. If the changes require your consent, we will provide you with additional, separate notice under the applicable circumstances and will request your consent in accordance with applicable data protection legislation.

10.1.1 For editorial changes, we reserve the right to refrain from notifying all our users of the changes.

11. Cookie policy

11.1 This website uses cookies. We use cookies to improve your user experience on trialtree.com. We use our own cookies and share them with third parties for the purpose of showing users relevant advertisements. You can always opt in or out of cookies in our privacy policy, which will appear on all our pages. A cookie is a small file saved in your browser in order to recognise your computer on return visits. Cookies cannot contain harmful code such as viruses. The law states that we may store cookies on your device if they are strictly necessary for the website to function. For all other types of cookies, we must obtain your consent. Our website uses different types of cookies. Some cookies are used to generate statistics on how the website is used by the user. In addition, cookies are shared with third parties for the purpose of showing you relevant advertisements. You can opt in or out of non-essential cookies at any time. Your consent applies to the following domains: trialtree.com The cookie declaration was last updated on 10/09/25 by CookieYes: