Privacy policy for the processing of personal data concerning test subjects or researchers/contact persons.

1. Introduction

1.1 This privacy policy (“Privacy Policy”) applies to Trialtree.com. Trialtree is owned by and operated by ForskningNU ApS (“we”, “us” or “our”; the Privacy Policy applies when we process personal data about you, as a test subject or researcher/contact person).

1.2 We are the data controller for the processing of the personal data set out in the Privacy Policy and are therefore responsible for ensuring that your personal data is processed in accordance with applicable data protection legislation at all times.

1.3 Each individual research project is an independent data controller for the processing of personal data that it collects and processes outside of the Trialtree platform, in relation to the test subject. This is typically anchored in a region, a university, or a private company. Trialtree does not have access to this personal data.

1.4 In the Privacy Policy, we inform you of your rights and how we process and protect your personal data. If you have any questions regarding our processing of your personal data, you are always welcome to contact us:

Trialtree, ejet af Forskningnu ApS CVR-nr. 42285005 Fruebjergvej 3 2100 København Ø E-mail: info@trialtree.com

2. Definitions

2.1 “applicable data protection legislation” refers to the General Data Protection Regulation (Regulation No. 2016/679), supplemented and implemented by Act No. 502 of 23 May 2018 (the Data Protection Act) and related national legislation, as well as the Directive of the European Parliament and of the Council 2002/58/EC of 12 July 2002 on the processing of personal data and the protection of privacy in the electronic communications sector (the E-Privacy Directive) and national implementations thereof.

2.2 “personal data” means any form of information about a natural person who can be directly or indirectly identified by an identifier such as a name, address, telephone number, or email address.

2.3 “processing” means any activity to which personal data is subjected, such as collection, organisation, storage, deletion, or disclosure.

2.4 Trialtree is the data controller and therefore determines the purposes and means of processing, naturally within the framework of consent and applicable legislation.

3. Use of personal data

3.1 We collect and process the personal data you provide to us when you (a) register with our test subject database or (b) subscribe to our newsletter. Our processing covers only ordinary personal data, and below you can see which personal data we process, as well as the purpose and legal basis for doing so:

Information about test subjects
Personal dataPurposeLegal basis
Registration in database: - First name - Email address - Phone number - Postal code - Gender - Year of birth - The health information you choose to provide/enter.Purpose 1: Registration in the test subject database. Purpose 2: To be contacted about new research projects where you are in the target group.Consent given by the data subject pursuant to Article 6(1)(a) of the General Data Protection Regulation.
- First name - Email addressPurpose: To send emails with news relevant to the user.Consent given by the data subject pursuant to Article 6(1)(a) of the General Data Protection Regulation.
Information about researchers and contact persons
Personal dataPurposeLegal basis
- Name - Contact information (address and email address) - Place of work- Communication and invoicingThe legal basis is our legitimate interest in fulfilling our agreement with the Customer (Article 6(1)(f) of the General Data Protection Regulation) as well as our ability to invoice the Customer (Article 6(1)(c) of the General Data Protection Regulation).

4. Cookies

4.1 We collect and process information about your behaviour on our website in order to analyse the use of our website and optimise the user experience. You can read more in our cookie policy in the cookie policy section. The processing is based on our legitimate interest (Article 6(1)(f) of the General Data Protection Regulation).

5. Disclosure

5.1 Disclosure of information about you will only take place in compliance with applicable data protection legislation. In each individual case, we will assess whether the disclosure requires your explicit consent or whether it can take place on another legal basis.

5.1.1 If, with your prior consent, we have disclosed your personal data to a research project, that research project becomes an independent data controller for the processing of your personal data. The research project is also the data controller for personal data arising from your participation in the research project. We do not have access to such personal data. In many cases, a research project will be anchored in either 1) a hospital setting, 2) a university setting, or 3) private funding, for example through a pharmaceutical company, and the data controller will formally be the relevant region, university, or company.

5.2 If we transfer your personal data to countries outside the EU/EEA, we will always ensure that the necessary safeguards for protecting your personal data are in place. This means we ensure that: • The European Commission has assessed that the third country/the third party established in the third country has an adequate level of protection for personal data, • Standard data protection clauses adopted by the European Commission have been entered into between us and the relevant recipient/third party receiving your personal data, • The relevant recipient/third party has implemented approved binding corporate rules (Binding Corporate Rules) A number of our IT suppliers are data processors for us and process data solely on our instructions. They therefore do not have the right to determine for themselves what your personal data is to be used for, and we retain control of the data. We have entered into data processing agreements with our data processors, which ensure that the data processor’s level of protection for your personal data is adequate. We conduct periodic audits to ensure that the data processor meets the agreed standards. When determining the frequency and content of such audits, we draw on guidance material from the Danish Data Protection Agency.

5.2.1 We currently have agreements with the following suppliers within the EU: Brevo: • Provider of a system for sending automated emails. Terms can be found here - https://www.sendinblue.com/legal/termsofuse/. Dinero: • Accounting software. Terms can be found here - https://dinero.dk/sikkerhed/dinero-betingelser/. NextJS (Vercel): • Frontend development PostgreSQL (PostgreSQL Global Development Group): • Database. Swagger (OpenAPI initiative): • Code documentation.

5.2.2 We currently have agreements with the following suppliers outside the EU: Microsoft Inc • Microsoft Office 365: Provider of the office suite. Terms can be found here - https://www.microsoft.com/en/servicesagreement/. • LinkedIn: Company profile on LinkedIn. Terms can be found here - https://www.linkedin.com/legal/user-agreement/. Google Inc: • Google Analytics: Website statistics. Terms can be found here - https://business.safety.google/adsprocessorterms/. • YouTube: Company profile on YouTube. Terms can be found here - https://business.safety.google/adsprocessorterms/. Facebook Inc: • Marketing of our products and projects. Terms can be found here - https://www.facebook.com/terms/. LinkedIn: • Marketing of our products and projects. Terms can be found here - https://www.linkedin.com/legal/privacy-policy/. Bubble.io: • Provider of a system for web design and platform maintenance. Terms can be found here - https://bubble.io/terms/. Twilio SendGrid: • Provider of a system for sending automated emails. Terms can be found here - https://www.twilio.com/legal/tos/. Fathom analytics: • Website statistics. Terms can be found here - https://usefathom.com/terms/. Tailwind (Tailwind Labs): • Frontend development. AWS (Amazon): • Infrastructure. Segment (Segment.io): • Analytics.

6. Responding to legal requests and prevention of harm

6.1 We may access, preserve, and share your personal data in response to a legal request (such as search warrants, court orders, summons, or similar), or where necessary to detect, prevent, or prosecute fraud or other unlawful activity, protect ourselves, you, or other test subjects, researchers/contact persons, including as part of an investigation.

7. Security and protection

7.1 We have established and maintain appropriate organisational and technical measures to ensure that your personal data is not accidentally or unlawfully deleted, impaired, or lost, and that it does not come to the knowledge of unauthorised third parties or otherwise be misused or used in a manner inconsistent with applicable data protection legislation.

7.1.1 In the event of such a security breach, notification will be made to the Danish Data Protection Agency in accordance with the relevant rules. For more information about our IT security, please contact us.

8. Retention of personal data

8.1 We retain your data for as long as we have your consent to do so, up to a maximum of 5 years from the most recent consent given.

8.2 If you unsubscribe from the test subject database, we will delete all information associated with your user account.

8.3 If you unsubscribe from the test subject database but are simultaneously enrolled in a research project, we will retain the necessary data until your participation in the project is complete. After that, all information will be deleted.

9. Your rights

9.1 Your rights with regard to personal data are described below. To exercise your rights, you can contact us using the contact details in section 1.3.

9.2 Subject to the limitations of applicable law, you have certain rights, including the right to access your personal data, the right to have inaccurate data corrected, the right to have data deleted, the right to restrict processing, the right to data portability, and the right to object to the processing of your personal data, including in relation to automated individual decision-making (profiling).

9.3 If all or part of our processing is based on your consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.

9.4 If you wish to complain about our processing of your personal data, you may do so to the Danish Data Protection Agency, Carl Jacobsens Vej 35, 2500 Valby, email: dt@datatilsynet.dk.

10. Notice of changes to this privacy policy

10.1 If we make changes to the Privacy Policy, we will notify you. If the changes require your consent, we will provide you with a further, separate notice regarding the circumstances thereof and request your consent in accordance with applicable data protection legislation.

10.1.1 In the case of editorial changes, we reserve the right to refrain from notifying all of our users of the changes.

11. Cookie policy

11.1 This website uses cookies. We use cookies to improve your user experience on trialtree.com. We use our own cookies and share them with third parties in order to show the user relevant advertisements. You can always opt in and out of cookies in our privacy policy, which will appear on all of our pages. A cookie is a small file that is saved in your browser in order to recognise your computer on return visits. Cookies cannot contain harmful code such as viruses. The law states that we may store cookies on your device if they are strictly necessary for the website to function. For all other types of cookies, we must obtain your consent. Our website uses different types of cookies. Some cookies are used to generate statistics on how the website is used by the user. In addition, cookies are shared with third parties in order to show you relevant advertisements. You can opt in and out of non-essential cookies at any time. Your consent applies to the following domains: trialtree.com The cookie declaration was last updated on 10/09/25 by CookieYes:

TrialTree Logo

Trialtree connects research with the public.

CVR: 42285005

Follow us on

From Forskningnu.dk to Trialtree.com

Read more about the transition, and how it will make your research experience much better.

Create project