Privacy Policy – Duchenne Map

Version 2.0 · Effective 1 June 2022

1. Identification and contact details of Data Controller

1.1 Who we are

Welcome to the Duchenne Map, a Platform as a Service (PaaS) (hereafter: “the Duchenne Map”) operated by Stichting Duchenne Data Foundation (hereinafter “DDF” or “We”), with Chamber of Commerce Registration Number 64601188 and principal address at Warmoesdreef 10, 4614 HC, Bergen op Zoom, the Netherlands.

1.2 Our responsibilities

DDF is the data controller and processor (hereinafter, the “Data Controller” and the “Data Processor”) responsible for identifying the purpose and the means of the processing of your personal (health) data in relation with Duchenne Map. DDF will process your personal (health) data for allowing registration and use of Duchenne Map, being the legal basis for this processing, the contractual relationship (disregarding the gratuity of the service) and your consent, when processing health-related data.

We will not share your data with third parties; however, it may be accessed by our service providers where such access is necessary for the provision of the service. You have the right to access, rectify and erase your data, and other rights, as indicated in the Privacy Policy.

1.3 About this Privacy Policy

This Privacy Policy is effective as of 1 June 2022 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide by and be bound by the modified Privacy Policy.

If we make any material changes to this Privacy Policy, we will notify you either through the Email address you have provided us, or by placing a prominent notice on our website.

2. What kind of information does this Privacy Policy provide?

This policy will give you information regarding the Services on:

How we collect your personal data;
Why we collect your personal data;
On what legal basis we collect your personal data;
How long we keep your personal data;
Your privacy rights;
What types of personal data we collect.

3. Definitions

Duchenne Map: A digital platform that aims to connect the DMD patient community to other stakeholders, offer the opportunity to share advice and knowledge, and empower patients and carers to take control of their care.
Registered User: Any Patient, Carrier or Caregiver, Patient Organization, Research Organization, Researcher, Care Center, Healthcare Expert, or Company who registers in the Duchenne Map and uses the Services.
You / Your: Any user who visits the DDF Platform; may also refer to a Registered User.
Services: All services provided to Registered Users in the context of the Duchenne Map based on the user type.
Personal Data: Anything that identifies a living individual, either on its own or when put together with other information. Examples include name, address, telephone number, and national insurance number.
Sensitive Data: Sensitive details about an individual that they would not usually want widely known without their consent. Examples include a person’s physical or mental health record, genetic or biometric data, racial or ethnic origin, sexuality, and political or religious beliefs.
Health Data: Any sensitive data about an individual’s past, current and future health status, tests, treatments and health care service provision, etc., in relation to Duchenne Muscular Dystrophy.
Data Processing: As defined by the General Data Protection Regulation (GDPR), any operation or set of operations performed on personal (health) data, whether or not by automated means — including collection, recording, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure or destruction in the context of the Duchenne Map Services.
Contact Person: The physical person who uses the Services on behalf of and/or in the name of a Registered User other than an individual.

4. Where do we get your information from?

4.1 Directly from you upon registration/validation or while using the Duchenne Map.

4.2 The Organization you are affiliated with: Patient Organization, Research Organization, Care Center, or Company.

5. Why do we collect your Personal Data?

5.1 Upon Registration

5.1.1 Full name and contact info: To know who you are and connect you with other Patients, Patient Organizations, Researchers and Healthcare Experts. You may opt out at any time.

5.1.2 Email address: To verify your account, to send you important emails about relevant topics, and for related newsletter subscription. You may always opt out.

5.1.3 Date of birth (if applicable):

To identify the age/clinical status ratio;
To provide access to the Duchenne Map;
To generate user classifications of common standards.

5.1.4 Address: To identify Registered Users on the map.

5.1.5 Health Data and related Sensitive Information: To deliver the Services and especially to make the best matches and communication channels among Patients, Patient Organizations, Researchers, and Healthcare Experts.

5.2 While you use our services

5.2.1 Login history and usage data. For security and performance optimization.

5.2.2 Communication history. For security, performance optimization, archiving and statistical purposes.

5.2.3 Your messages in our contact center. To keep track of potential issues, provide assistance, respond to your message, and keep a log of communication for security reasons.

6. Why we collect your data (basic grounds of processing)

6.1 To know you better and provide optimized and customized services for maximum convenience and security.

6.2 Archiving purposes that may facilitate you in future queries.

6.3 For communication purposes as allowed by law and your expressed preferences. You may always opt out.

6.4 To verify and validate your information and all information in the Duchenne Map for maximum data accuracy and safety.

7. Why are we allowed to process your personal data (Legal Bases)?

Under the GDPR most of the Data Processing is carried out under the lawful basis of “Public Task” because the processing is necessary for the performance of a task carried out in the Public Interest (GDPR Art. 6(1)(e)). This allows us to process your Personal Information because it is necessary for public health purposes, and for the purposes of preventive medicine.

We may also process Sensitive Data such as your Health Data because it is necessary for the purposes of preventive medicine and medical diagnosis (GDPR Art. 9(2)(h)) and/or for scientific research and statistical purposes (GDPR Art. 9(2)(j)).

8. Our rules for collecting your data

We only use the data to provide the Services with respect to your personal data and the applicable regulation;
The legal base of the Personal Data collected is based either (a) on Consent (linked with the relevant checkboxes in data collection) or (b) on Contract (linked with the use of the site, data entry, and the terms of use);
We meet the GDPR requirements in the country where we provide you with a service via our website or our applications;
We fully explain why we need the data and how we’ll use it (unless we have a legitimate reason not to);
We check and update privacy information on a regular basis (we might also cross-check the data against other databases to make sure it’s correct);
We do not share data with anyone unless we have a legal or legitimate reason, or we have permission from you (or, if you are a child under 16, from your parents);
We will never sell your data.

9. We may share your data with

Google Analytics;
Third parties: In the event we are required to do so, we will ensure that we will seek your consent before sharing your personal information with others. If you are unable to consent for any reason, we will only share personal information where it is clearly in your best interest to do so;
Legal Authorities: In the event we are forced by law or regulations to do so.

10. How long do we keep your data?

10.1 Registration data: Only during the period of your registration.

10.2 Usage data: Only during the period of your registration.

10.3 The criteria used to determine our retention periods include:

As long as the Duchenne Map is operational and as long as you use our Services and hold an account on the Duchenne Map.
Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them).
Whether retention is advisable considering our legal position (such as for statutes of limitations, litigation, or regulatory investigations).
In the event you request to delete your data and any information concerning you before the set retention periods (when applicable), we may not be able to do so for technical, legal, regulatory, or contractual constraints. Your information will be retained to comply with legal and regulatory obligations, as well as for analysis.
We will destroy your personal information as soon as possible and in a non-restorable, non-re-identifiable manner.

11. Exercise rights

11.1 Your rights

Access all personal (health) data you provide to us, in printed or electronic form, free of charge. All your personal (health) data is accessible in your profile. If you want us to send you a copy in electronic form, please send your request to privacy@duchennemap.org. We will send you a confirmation within 5 days and deliver you a copy of your data in electronic form within 30 days.
Obtain rectification of any inaccurate or outdated data, or completion of any incomplete data;
Receive or ask us to provide or transmit your data in a common format;
Delete your personal (health) data, provided we have no legal obligation to do otherwise;
Ask for the restriction of any data processing activities;
Object to certain types of processing, including direct marketing and customer profiling, if applicable;
Submit a complaint to your local Data Protection Authority.

11.2 How to exercise your rights

All rights can be exercised by submitting a written request via email free of charge: privacy@duchennemap.org;
Our designated DPO will respond to your request within thirty (30) calendar days;
We can only identify you via your email address and we can only adhere to your request and provide information if we have Personal (Health) Data about you through you having made contact with us directly and/or you using our site and/or services. We cannot provide, rectify or delete any data that we store on behalf of our users or customers.

12. Complaints about our behaviour

12.1 You have the right to complain if you don’t feel we are living up to our responsibilities when it comes to your data.

12.2 We have an appointed Data Protection Officer (DPO), who takes your complaint very seriously.

Contact our DPO: privacy@duchennemap.org

We will send you a confirmation within 5 days and do our best to resolve the issue within 30 days. If the issue is difficult or requires a lot of work, it may take longer, but we will keep you updated.

12.3 You always have the right to complain to the authorities as well, but because we take privacy matters very seriously, we would really appreciate it if you would talk to us.

12.4 You can complain about:

How your personal data has been processed;
How your request for access to data has been handled;
How your complaint has been handled;
Appeal against any decision made following a complaint.

13. Overseas Transfers of Your Personal Data

Your personal data will be stored on a Cloud Center. Your personal data will not be transferred to countries outside the EU.

References

Article 4(2) and (6) of the GDPR.

Appendix 1: What types of Personal Data we collect

The data we collect depends on the types of Registered Users.

A1.1 Patient, Carrier or Caregiver Data Fields

Registration

Email address, Address.

Permission to be contacted by other patients (checkbox)
Permission to be contacted by Patient Organizations (checkbox)

Patient Data

I am an adult patient, carrier or a caregiver (checkbox), Phone, Birthday, Gender, Address.

Patient Medical Details

Patient First Name, Patient Last Name, Gender, Birthday.

Disease type (checkbox):

Duchenne Patient
Becker Patient
Duchenne Carrier
Becker Carrier

Ambulation status (checkbox):

Ambulatory
Non-ambulatory

Use of ventilation (checkbox).

Mutation type / exon (checkbox / enter a value between 1 and 79):

Small deletion (S)
Small insertion (S)
Point mutation (S)
Large deletion (L)
Large duplication (L)

Corticosteroids (checkbox):

Daily
Every other day
Weekend
Rarely
Used in the past
Never used

A1.2 Patient Organization Data Fields

Registration

Patient Organization Name, Email address, Address.

Account details

Patient Organization Name, Website, Social media profiles, Address, Phone.

Contact Person: First name, Last name, Email address, Title, Phone.

Team Member: First name, Last name, Patient Organization Role (from drop-down, e.g. chair, board member), Email address, Phone.

Number of patients (Duchenne or Becker).

Services provided by the Patient Organization (from drop-down, e.g. social work, psychology).

My Projects

Title
Acronym
Type (from drop-down, e.g. Advocacy/Awareness, Research, Policy)
Start Date, End Date
Status (from drop-down, e.g. Active, Completed, Aborted)
Website URL
Project Manager Contact Details: First Name, Last Name, Email, Phone
Objectives
Partners (checkbox/select from list of validated researchers and healthcare experts; Name; URL)
Results (checkbox/select from added research publications)

My Publications

Title
Category (e.g. Advocacy/Awareness Basic, Research Preclinical, Policy Clinical)
Authors (Author Type: Researcher, Healthcare expert, Other; Researcher selection)
Short Summary, Link to Publication, Journal, Publication Date, Tags

My Clinical Trials

Clinical Trial ID.

Investigational Medicinal Product (IMP)

A1.3 Research Organization Data Fields

Registration

Research Organization Name, Email address, Address.

Account details

Research Organization Name, Address, Phone, Website.

Contact Person: First name, Last name, Email address, Title, Phone.

Affiliated Researcher (select from validated Researchers or open field).

Affiliated Healthcare Expert (select from validated Healthcare Experts or open field).

Add a new Researcher – Account details

First name, Last name, Address, Phone, Title, Website
Research type (checkbox): Basic, Preclinical, Clinical, Therapy, Device, Care, Health Economics, Other (open text)
Interests (from drop-down, e.g. gene replacement, exon skipping)
Specialization (from drop-down, e.g. Biologist, Medical)

My Clinical Trials, My Projects, My Publications, and Investigational Medicinal Product (IMP) — same fields as above.

A1.4 Researcher Data Fields

Registration

Email address, Address.

Account details

First name, Last name, Address, Phone, Title, Website
Research type (checkbox): Basic, Preclinical, Clinical, Therapy, Device, Care, Health Economics, Other (open text)
Interests (from drop-down, e.g. gene replacement, exon skipping)
Specialization (from drop-down, e.g. Biologist, Medical)

Affiliations: Research Organization, Care Center, Patient Organization (each: select from validated list or open field).

My Clinical Trials, My Projects, My Publications, and Investigational Medicinal Product (IMP) — same fields as above.

A1.5 Care Center Data Fields

Registration

Care Center Name, Email address, Address.

Account Details

Care Center Name, Address, Phone, Website.

Contact Person: First name, Last name, Email address, Title, Phone.

Duchenne Care Center Certification (CCDC Certification) (checkbox).

Member of EURO-NMD ERN (checkbox).

Services provided by the Care Center (from drop-down, e.g. Audiology, Cardiology).

Affiliated Healthcare Expert (select from validated list or open field).

Affiliated Researcher (select from validated list or open field).

Add a new Healthcare Expert

First name, Last name, Email address, Title, Address
Specialties (from drop-down, e.g. Audiology, Cardiology)

Number of patients (Duchenne or Becker).

Affiliations: Patient Organization, Research Organization, Care Center (each: select from validated list or open field).

A1.6 Healthcare Expert Data Fields

Registration

Email address, Address.

Account Details

Title, Address, Phone, Website.

Healthcare Experts Specialties (from drop-down, e.g. Cardiologist, Developmental pediatrics).

Affiliations: Care Center, Research Organization, Patient Organization (each: select from validated list or open field).

My Clinical Trials, My Projects, My Publications, and Investigational Medicinal Product (IMP) — same fields as above.

A1.7 Company Data Fields

Registration

Company name, Email address, Address.

Account details

Company name, Address, Phone, Website, social media.

Contact Person: First name, Last name, Email address, Title, Phone, Department (from drop-down, e.g. Access, Advocacy).

Add a new Staff Member

First name, Last name, Email address, Title, Address
Department (from drop-down, e.g. Access, Advocacy)

Add a new affiliated Entity

Type — National, Regional, Headquarters (from drop-down)
Name, Address, Phone, Email, Website
Contact person: First Name, Last Name, Email, Phone, Title

Add a new Staff Member from the Affiliated Entity

First name, Last name, Email address, Title, Address
Department (from drop-down, e.g. Access, Advocacy)

My Clinical Trials, My Projects, My Publications, and Investigational Medicinal Products (IMP) — same fields as above.