RSP Systems A/S
DK 5260 Odense S
+45 7199 2818
What personal data do we collect and for which purposes?
We collect personal data about you when you visit our website, sign up for our newsletter, when you contact- or request information from us, when you apply for a job, or when you participate in our focus groups or clinical trials.
Our purpose for collecting your personal data is to verify your identity, deliver our newsletter, or other services you may have requested, as well as to improve, test and develop our website and our devices. We also collect your personal data during recruiting processes and where it is required or permitted by law for us to do so.
When you visit our website, we may collect personal data such as information about your behaviour on our site and other relevant contact information for us to respond to any request that you may make through the use of our website.
Through the collection of such information, we can detect how visitors use our website, which allows us to ensure that we provide the best service possible through the website.
If you apply for a job at our company, we will typically collect the following personal data from you
- Name and, if relevant, current job title,
- Contact information, i.e., phone number, address, e-mail address, and
- CV, education, employment history etc. that you may provide us with
We use personal data to assess your suitability for the position in question.
We store all applications for a maximum period of 4 months after having received these. At the expiration of the 4-month period, we delete the applications. If we wish to store your application for a longer period, we will ask for your written consent.
If a recruitment agency is involved in the recruitment process, it will be clearly stated in the job advertisement that all applications must be sent to them if an interested party wishes to apply. If the decision to engage a recruitment agency is taken at a later stage, all applicants will be informed, and their permission requested before their application is sent to the recruitment. The recruitment agency may store all applications for a maximum of 6 months.
Emails and business cards
When you send an email or give a business card to an employee at RSP Systems, we receive personal data such as your name, job title and email address. As the information is freely given, we consider it a consent for us to process the data due to a balance of interest within two different purposes:
- Business Collaboration: We process this data solely for business collaboration and to document communication. The data may be shared internally if deemed relevant, but only normal personal data and for business collaboration only. Never sensitive data or for different purposes.
- Customer Inquiries: As this data may be sensitive, these emails are never shared, unless anonymized or if specific consent is given.
If the email contains sensitive data e.g., health information, the email is deleted immediately following reply.
When RSP Systems is collaborating or considering collaboration with other companies we administer strictly business-related contact information in a CRM system. In this system we process the names, work titles, work email addresses and work phone numbers of the company representatives in the interest of potential or ongoing collaboration and partnership. The legal basis for our processing is the GDPR, article 6, clause 1f: “legitimate interest”.
Only select employees have access to the CRM system and all information is reviewed annually to ensure due diligence concerning data minimization and accuracy.
Focus Groups and Usability Studies
For the purpose of testing and further developing our device, focus groups and usability studies are performed with voluntary participants.
If you sign up to participate in a focus group or a usability study, we will collect your name, your e-mail address, other relevant contact information and your date of birth.
Personal data collected in connection hereto will exclusively be processed for the purpose of recruiting participants to focus groups and usability studies.
If you sign up to participate in a focus group or a usability study, you will also be asked to provide us with your explicit written consent to the processing of genetic data and data concerning health. You may only participate in a focus group or usability study if such consent is obtained. The consent form contains further information on the usages and retention of the personal data collected.
Who do we share personal data with and where do we transfer data to?
We make use of third-party suppliers for storage and processing of certain data, as well as sharing personal data with recruitment agencies, investigators, newsletter delivery systems and other relevant third parties. The parties in question process data solely under our instructions and contracts for corporations as well as data processor agreements and may not use data for their own purposes.
To fulfil your requests, develop our device and conduct tests and trials, we may need to transfer your personal data outside the jurisdiction in which you provide it and thus also to entities countries outside the EU/EEA. All such entities are certified under a Privacy Shield or have entered into agreements based on the EU standard contractual clauses to ensure that we comply with our legal obligation to have a lawful basis for transferring personal data.
Confidentiality and Security
We will keep your personal data confidential and secure, thus we have implemented appropriate safeguards, policies, and technical measures to protect your personal data.
All employees, consultants, investigators, and partners, who have access to or are
associated with the processing of personal data, are obliged to process all personal data according to the appropriate level of sensitivity and confidentiality.
Complaints and Rights
You have certain rights in relation to the personal data we process about you. You are entitled to
- access your personal data or be provided with a copy thereof,
- rectification of personal data, if it is inaccurate or incomplete,
- erasure of personal data, unless we are required by law to keep it,
- restrict the processing of personal data (under certain circumstances),
- data portability,
- object to the processing of your personal data,
- withdraw your consent, and
- lodge a complaint with the Danish Data Protection Agency or any other relevant supervisory authority.
If you wish to exercise your rights, please contact us at firstname.lastname@example.org
When you participate in a clinical research study, we, and the medical professionals conducting the study, gather personal data about you.
2. What personal data do we collect and for which purpose?
When you participate in clinical research study we, or the medical professionals we have asked to do so, collect and process the personal data necessary for carrying out the study in question.
When conducting a study, we will generally process the following personal data:
- Name, age, height, weight, date of birth and gender.
- Data concerning health,
- i.e. skin type,
- blood glucose levels, cholesterols, and HbA1c level
- a short physical examination (Allens tests)
- diabetes type and medical history (type of diabetes, years since diagnosis, diabetes management including concomitant medication use and medical conditions, diabetic complications (retinopathy, neuropathy, nephropathy), smoking status and skin phototype) and
- if you are female information on whether you are breastfeeding, pregnant or attempting to conceive and whether or not you are using approved contraceptives during the study.
- Genetic and biometric data, i.e., blood sample and spectral data.
- Data concerning ethnicity.
- Educational level.
The personal data will be processed in a pseudonymized form.
The purpose of processing the abovementioned categories of personal data is completing the clinical research study in question and thus testing and developing our medical devices. Information regarding skin type and blood glucose levels will also be processed for the purpose of establishing and maintaining a device calibration model.
Data concerning health, i.e., blood glucose levels, may also be processed for the purpose of anonymously illustrating the use of the device on RSP Systems’ website.
Our legal basis for processing the abovementioned categories of personal data is your explicit consent obtained prior to the initiation of the clinical research study.
3. How long do we process your personal data?
We are bound by legislation that requires us to store, and thus keep processing, your personal data for a total of 10 years after the study has been completed or terminated. Upon the expiry of this 10-year period, we will delete the personal data pertaining to you.
Due to the nature of the purpose, we will process the personal data used for establishing and maintaining the device calibration model for an unlimited period.
Notwithstanding the abovementioned, all genetic and biometric data, i.e., blood samples will be destroyed without undue delay after the sample has been analyzed.
4. Whom do we share your personal data with?
We use investigators (medical professionals at hospitals etc.) to conduct our clinical research studies. These medical professionals will gather and process personal data pertaining to you.
We also make use of third-party suppliers for storage, IT-systems, etc. These third parties process your personal data solely in accordance with our instructions and may not use your personal data for their own purposes.
We have entered into the necessary data processor agreements to ensure that anyone, with whom your personal data is shared, is obligated to safeguard it and keep it confidential, as well as in order to ensure their compliance with the applicable data protection legislation.
To illustrate the use of the device, we may share information about your blood glucose level on our website and thus with visitors on our website. The information will be visible in a purely statistical form and will not be coupled with any other personal data pertaining to you.
Once the clinical research study is completed, the results of the study will be published. The publication of the result will only contain data in a statistical form and on a group level, and the study results are thus not considered personal data since the study results cannot be used to identify you. These study results may thus also be presented at scientific meetings or in the journal.
5. Where do we transfer your personal data to?
To conduct the clinical research trial in question, we may need to transfer your personal data to third-party suppliers not established within the EU/EEA. If, and to the extent we transfer your personal data to such entities outside of the EU/EEA, we are obligated to ensure that the entity in question is sufficiently certified or enter into agreements based on the EU standard contractual clauses to ensure a lawful basis for the transfer of your personal data.
6. How do we protect your personal data?
We are obligated to ensure that any personal data pertaining to you and processed by us is always kept secure and confidential. We have thus implemented appropriate safeguards and policies as well as technical and organizational measures to protect your personal data.
All our employees with access to your personal data are obligated to keep all such personal data confidential.
7. What are your rights?
When we process personal data about you, you have certain rights you may exercise.
You are entitled to access your personal data, just as you are entitled to request that any wrong or incomplete personal data is corrected.
When you agree to take part in a clinical research study, we will use your personal data in the ways needed to conduct and analyze the study. Your rights to access, change or move your personal data are thus limited, as we need to manage your personal data in specific ways for the research to be reliable and accurate.
If you withdraw from the study, or if you revoke your consent, we will keep the personal data that we have already obtained. To safeguard your rights, we will use the minimum of personally identifiable information possible.
If you wish to exercise your rights, please contact us at email@example.com.
If you wish to lodge a complaint on how we have handled your personal data, or if you believe that we are processing your data in a way that is not lawful, you can complain to the Danish Data Protection Agency.