Privacy policy for the processing of personal data relating to test subjects or researchers/contact persons.

1. Introduction

1.1 This privacy policy ("Privacy Policy") applies to Trialtree.com. Trialtree is owned by and operated by ForskningNU ApS ("we", "us" or "our"; the Privacy Policy applies when we process personal data about you as a test subject or researcher/contact person).

1.2 We are the data controller for the processing of the personal data set out in the Privacy Policy and are therefore responsible for ensuring that your personal data is processed in accordance with applicable data protection legislation.

1.3 Each individual research project is independently the data controller for the processing of the personal data it collects and processes outside Trialtree's platform in relation to the test subject. This is typically anchored in a region, a university, or a private company. Trialtree does not have access to this personal data.

1.4 In the Privacy Policy, we inform you of your rights and of how we process and protect your personal data. If you have any questions about our processing of your personal data, you are always welcome to contact us:

Trialtree, owned by Forskningnu ApS CVR no. 42285005 Fruebjergvej 3 2100 København Ø Email: info@trialtree.com

2. Definitions

2.1 "applicable data protection legislation" refers to the General Data Protection Regulation (Regulation no. 2016/679), supplemented and implemented by Act no. 502 of 23 May 2018 (the Data Protection Act) and related national legislation, as well as Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (the ePrivacy Directive) and national implementations thereof.

2.2 "personal data" means any information relating to a natural person who can be directly or indirectly identified by an identifier such as a name, address, phone number, or email address.

2.3 "processing" means any activity carried out on personal data, such as collection, organisation, storage, deletion, or disclosure.

2.4 Trialtree is the data controller and therefore determines the purposes and means of processing, naturally within the framework of consent and existing legislation.

3. Use of personal data

3.1 We collect and process the personal data you provide to us when you (a) register for our test subject database (b) subscribe to our newsletter. Our processing covers ordinary personal data only, and below you can see which personal data we process, as well as the purpose and legal basis for doing so:

Information about test subjects
Personal dataPurposeLegal basis
Registration for the database: - First name - Email address - Phone number - Postcode - Gender - Year of birth - The health information you choose to provide/enter yourself.Purpose 1: Registration for the test subject database. Purpose 2: Being contacted about new research projects for which you are in the target group.Consent given by the data subject pursuant to Article 6(1)(a) of the GDPR.
- First name - Email addressPurpose: Sending emails with news relevant to the user.Consent given by the data subject pursuant to Article 6(1)(a) of the GDPR.
Information about actual participation in a research projectPurpose 1: Invoicing for services to the research project Purpose 2: Service provision to both the test subject and the researcherThe legal basis is legitimate interest (with regard to correct financial settlement between Trialtree and the research project)
Information about researchers and contact persons
Personal dataPurposeLegal basis
- Name - Contact details (address and email address) - Place of work- Communication and invoicingThe legal basis is our legitimate interest in being able to fulfil our agreement with the Customer (Article 6(1)(f) of the GDPR) and being able to invoice the Customer (Article 6(1)(c) of the GDPR).

4. Cookies

4.1 We collect and process information about your behaviour on our website in order to analyse the use of our website and optimise the user experience. You can read more in our cookie policy in the cookie policy section. The processing is based on our legitimate interest (Article 6(1)(f) of the GDPR).

5. Disclosure

5.1 Disclosure of information about you will only take place in compliance with applicable data protection legislation. In each individual case, we will assess whether the disclosure requires your explicit consent, or whether the disclosure can take place on another legal basis.

5.1.1 If we have, with your prior consent, disclosed your personal data to a research project, that research project becomes the independent data controller for the processing of your personal data. The research project is also the data controller for the personal data that arises from your participation in the research project. We do not have access to such personal data. In many cases, a research project will be anchored in either 1) a hospital setting, 2) a university setting, or 3) private funding, for example through a pharmaceutical company, and the formal data controller will therefore be the relevant region, university, or company.

5.2 If we transfer your personal data to countries outside the EU/EEA, we will always ensure that the necessary safeguards for protecting your personal data are in place. This means we ensure that: • The European Commission has assessed that the third country/third party established in the third country provides an adequate level of protection of personal data, • Standard data protection clauses adopted by the European Commission have been agreed between us and the relevant recipient/third party of your personal data, • The relevant recipient/third party has implemented approved Binding Corporate Rules A number of our IT suppliers are data processors for us and process data solely on our instructions. They therefore do not have the right to decide for themselves what your personal data is to be used for, and we retain control over the data. We have concluded data processing agreements with our data processors that ensure the data processor's level of protection of your personal data is appropriate. We carry out periodic monitoring to ensure that the data processor meets the agreed requirements. When determining the frequency and content of such monitoring, we draw on guidance material from Datatilsynet.

5.2.1 We have currently entered into agreements with the following suppliers within the EU: Brevo: • Supplier of system for sending automated emails. Terms and conditions can be found here - https://www.sendinblue.com/legal/termsofuse/. Dinero: • Accounting software. Terms can be found here - https://dinero.dk/sikkerhed/dinero-betingelser/. NextJS (Vercel): • Frontend development PostgreSQL (PostgreSQL Global Development Group): • Database. Swagger (OpenAPI initiative): • Code documentation.

5.2.2 We have currently entered into agreements with the following suppliers outside the EU: Microsoft Inc • Microsoft Office 365: Supplier of the office suite. Terms and conditions can be found here - https://www.microsoft.com/en/servicesagreement/. • LinkedIn: Company profile on LinkedIn. Terms and conditions can be found here - https://www.linkedin.com/legal/user-agreement/. Google Inc: • Google Analytics: Website statistics. Terms and conditions can be found here - https://business.safety.google/adsprocessorterms/. • YouTube: Company profile on YouTube. Terms and conditions can be found here - https://business.safety.google/adsprocessorterms/. Facebook Inc: • Marketing of our products and projects. Terms and conditions can be found here - https://www.facebook.com/terms/. LinkedIn: • Marketing of our products and projects. Terms and conditions can be found here - https://www.linkedin.com/legal/privacy-policy/. Bubble.io: • Supplier of system for web design and platform maintenance. Terms and conditions can be found here - https://bubble.io/terms/. Twilio SendGrid: • Supplier of system for sending automated emails. Terms and conditions can be found here - https://www.twilio.com/legal/tos/. Fathom analytics: • Website statistics. Terms and conditions can be found here - https://usefathom.com/terms/. Tailwind (Tailwind Labs): • Frontend development. AWS (Amazon): • Infrastructure. Segment (Segment.io): • Analytics.

6. Responding to legal requests and preventing harm

6.1 We may access, retain, and share your personal data in order to respond to a legal request (such as search warrants, court orders, summonses, or similar), or if it is necessary to detect, prevent, or address fraud or other unlawful activity, to protect ourselves, you, or other test subjects, researchers/contact persons, including as part of an investigation.

7. Security and protection

7.1 We have established and maintain appropriate organisational and technical measures to ensure that your personal data is not accidentally or unlawfully deleted, degraded, or lost, and that it does not come to the knowledge of unauthorised third parties or is otherwise misused or used in a manner inconsistent with applicable data protection legislation.

7.1.1 In the event of such security breaches, notification will be made to Datatilsynet in accordance with the applicable rules. For more information about our IT security, please contact us.

8. Storage of personal data

8.1 We store your data for as long as we have your consent to do so, but for a maximum of 5 years after the most recent consent was given.

8.2 If you unsubscribe from the test subject database, we will delete all information associated with your account.

8.3 If you unsubscribe from the test subject database but are at the same time registered for a research project, we will retain the necessary data until your participation in the project is complete. After that, all information will be deleted.

9. Your rights

9.1 Your rights with regard to personal data are described below. To exercise your rights, you can contact us using the contact details in section 1.3.

9.2 You have — subject to the limitations of the law — certain rights, including the right of access to your personal data, the right to have inaccurate data corrected, the right to have data deleted, the right to restrict processing, the right to data portability, and the right to object to the processing of your personal data, including in relation to automated individual decision-making (profiling).

9.3 If all or part of our processing is based on your consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent prior to the withdrawal.

9.4 If you wish to complain about our processing of your personal data, you may do so to Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, email: dt@datatilsynet.dk.

10. Notification of changes to this privacy policy

10.1 If we make changes to the Privacy Policy, we will notify you. If the changes require your consent, we will give you an additional, separate notification under the relevant circumstances and request your consent in accordance with applicable data protection legislation.

10.1.1 In the event of editorial changes, we reserve the right to refrain from informing all our users of the changes.

11. Cookie policy

11.1 This website uses cookies. We use cookies to improve your user experience on trialtree.com. We use our own cookies and share them with third parties in order to show users relevant adverts. You can always opt in or out of cookies in our privacy policy, which will appear on all our pages. A cookie is a small file that is stored in your browser in order to recognise your computer on return visits. Cookies cannot contain harmful code such as viruses. The law states that we may store cookies on your device if they are strictly necessary for the website to function. For all other types of cookies, we must obtain your consent. Our website uses different types of cookies. Some cookies are used to gather statistics on how the website is used by users. Additionally, cookies are shared with third parties in order to show you relevant adverts. You can opt in or out of non-necessary cookies at any time. Your consent applies to the following domains: trialtree.com The cookie declaration was last updated on 10/09/25 by CookieYes:

Logo

Trialtree connects research with the public.

CVR: 42285005

Follow us on

From Forskningnu.dk to Trialtree.com

Read more about the transition, and how it will make your research experience much better.

© 2026 Trialtree