Introduction
Lifelines is a prospective population cohort that collects a comprehensive set of health data, including biological samples, from 160.000 volunteering participants with the purpose to make these data and samples available to people who will use them to generate scientific insights into healthy ageing. Lifelines acts as controller for all personal data that are processed (e.g. collected, stored, shared and analysed) for this purpose and protects these personal data in compliance with the General Data Protection Regulation (GDPR) and the GDPR Implementation Act.
The privacy statement below describes how Lifelines processes and protects the personal professional contact data from users (researchers, data analysts etc.) that (want to) work with Lifelines cohort data and samples for scientific purposes.
A second privacy statement (see here) describes (in Dutch) how Lifelines processes and protects the sensitive personal health data and biomaterial collected from participants.
Data Controller
Lifelines (formally: Medische Biobank Noord-Nederland B.V.) has its office at the Ceintuurbaan Noord 180, 9301 NZ in Roden, the Netherlands. We are registered at the Dutch Chamber of Commerce under number 59133708.
Nature of the processed personal data
Lifelines processes the following personal data from people (‘users’) interested in working with Lifelines data and samples for scientific purposes:
- First and last name
- Affiliation and degree
- Work address
- E-mail and phone number (work-related, unless user prefers otherwise)
- Source of initial contact (see below)
- Nature of interest in using Lifelines data and/or samples
- Role in project(s) using Lifelines data and/or samples
Legal basis for processing
Lifelines processes the personal data from (potential) users on the legal basis of ‘legitimate interests’ or ‘informed consent’.
The processing of personal professional contact- and affiliation data of users is necessary in order to pursue the common goal of using the Lifelines data and samples to generate scientific knowledge. To ensure the adequacy of the ‘legitimate interests’ basis, we only process personal data from users derived from the following sources:
- incoming requests from users via phone calls, e-mails, webforms (contact forms, application interest forms)
- the Lifelines LinkedIn page and other social media (e.g. new followers and personal messages to a Lifelines account or the account of a Lifelines employee)
- responses to Lifelines-initiated online marketing campaigns
- personal meetings in a professional context (e.g. lectures, conferences, workshops, roadshows)
- professional websites from researchers or research groups publicly displaying a scientific interest in population cohort/biobank-related research
- personal referrals from other users in our contact list
- Lifelines always asks for permission before a user is added to a mailing list for research-related newsletters or white papers, and will immediately respond to any request to unsubscribe.
- Lifelines also asks for permission to collect cookies from first-time visitors to our website aimed at researchers (www.lifelines-biobank.com), for more information see our cookie statement.
Recipients of personal data
Lifelines processes personal data from users in various software systems:
- Microsoft Teams and other office software (calls, chats, e-mails, documents, presentations);
- Salesforce CRM (registration of leads, opportunities, projects and contacts, including e-mails and documents);
- LinQhost webhosting (contact forms, application interest forms)
The providers of these systems act as processors for the personal data from users. We have signed appropriate data processing agreements and arranged adequate technical and organizational data protection measures with each of these parties.
Data retention
Lifelines stores the personal data from users for the entire duration of the Lifelines study. When Lifelines no longer makes data and/or samples available to any users, all personal data from users will be securely archived and will no longer be actively processed.
Subject rights
Researchers can make use of their rights as described in GDPR (Article 15-22) by sending us a request via e-mail (research@lifelines.nl). Please state the nature of your request clearly in the e-mail subject and in the body of the e-mail. Examples are:
- Right of access: you have the right to request access to your personal data that are being processed by Lifelines. Lifelines will respond to your request within 4 weeks.
- Right of rectification: you have the right to request a rectification of your personal data that are being processed by Lifelines, when they are incorrect.
- Right to be forgotten: you have the right to request the erasure of your personal data that are being processed by Lifelines. We will respond and adhere to such a request within the legally determined time frame.
Contact
You can use the e-mail address research@lifelines.nl to submit a request concerning your GDPR rights as a subject
- You can e-mail us at research@lifelines.nl or privacy@lifelines.nl (Lifelines Privacy Officer) for any comments, questions, suggestions or complaints regarding your privacy and personal data protection by Lifelines
- Our data protection officer is mr. Marie-José Bonthuis (m.j.bonthuis@lifelines.nl)
- You can submit a formal complaint about Lifelines’ privacy policy, personal data protection measures, and implementation of the GDPR to the Dutch Data Protection Authority via their website (Autoriteit Persoonsgegevens).