Privacy Notice

Data protection notice for scientific research. EU Data Protection Regulation (EU 2016/679), art. 12, 13, and 14

1. The Controller

University of Oulu, Address: Pentti Kaiterankatu 1, 90570 Oulu, Finland

2. Contact Details for this Research

Name: Simo Hosio
Address: University of Oulu, Pentti Kaiterankatu 1, 90570 Oulu
Email: simo.hosio@oulu.fi

3. Purpose of the processing of personal data

The purpose of the processing of personal data is for scientific research. The study solicits contributions and assessments from members of the academic community regarding Parkinson's disease self-care techniques.

The survey is conducted Answerbot3000 software, an online application owned by the Crowd Computing Research Group at the University of Oulu.

Participation in the study is voluntary, and subjects are informed in advance about matters related to participation in the study and the processing of the material. We also tell respondents the project home page where they can follow the progress of the study, and that they have the opportunity to ask the research team for more information about the study.

4. Parties to the collaborative study and division of responsibilities

The survey is carried out by the Crowd Computing research group at the University of Oulu.

All requests related to this investigation (including requests for the exercise of the data subject's rights referred to in Chapter III of the Data Protection Regulation) shall be addressed to the director responsible for the investigation:

Name: Simo Hosio
Email: simo.hosio@oulu.fi

5. The director responsible for the research group running the study

Research group: Crowd Computing
Group Leader: Associate Professor Simo Hosio
Email: simo.hosio@oulu.fi

6. Name, nature and duration of the study

Title of the study: Real-life Assessment of Crowdsourced Health Recommendations: A Study on Parkinson’s Disease

One-time study

Duration of the investigation (how long the personal data will be processed):
15.12.2020–undefined; We will collect data until thus far unspecified time, depending on the success of data collection

7. Legal basis for the processing of personal data

Legal basis for the processing of personal data:

EU General Data Protection Regulation, Article 6 (1) and Section 4 of the Data Protection Act:
- Consent of the data subject
- Compliance with the data subject's legal obligation

Instruments:
- Scientific or historical or statistical research

8. Sensitive personal data (data belonging to specific categories of personal data and criminal data)

The study does not deal with sensitive personal data

The investigation does not deal with information on a criminal conviction or offense

9. Information content of the research register

The personal data collected are gender, birth year, are they working or not, education level, duration and symptoms of the Parkinson's disease. In addition, the Parkinson’s Disease Activities of Daily Living Scale and Modified Hoehn Yarn scale are filled. We ask for email in a separate form if the partipant opts to be informed of and invited to other phases of the study, hosted on a different form service offered by the University of Oulu. In addition to background information, the survey asks users to assess existing Parkinson's disease self-care techniques and also to contribute new ones. None of this is personally identifiable data.

10. Sources of personal data

To invite the participants, the study is promoted in social media, especially in Parkinson's disease associations and forums. The personal data we have about respondents is provided by the respondents themselves in the questionnaire (e.g. gender and birth year).

11. Transfer or disclosure of personal data outside the research team

Data will not be transferred outside the study group during the study. The anonymized material will be stored at the AnswerBot3000 database (ab3000.net).

12. Transfer of personal data outside the EU / EEA

Data collected is not transferred to a third country or to any organization outside the EU or the EEA

13. Automated decision making

No automatic decisions are made.

14. Registry Security Principles

Privacy is taken care of. Respondents' email addresses (only given for informing of later phases of the stydy) and responses are not combined at any stage of the survey (and in fact, cannot be combined as they are collected separately without storing e.g. timestamps, IP addresses or any such information that could be theoretically used to connect the data).

Processing of direct identification data:
Direct identification data is not collected.

Data protection in data transfers:
Data transfer encryption: The material is handled anonymously at all stages. In this study, responses are not associated with data tags at any stage.
Data encryption: The material is stored behind strong credentials (password-protected). Further, the material is only available to project leader.

15. Processing of personal data after the end of the investigation

The research register is archived without identification data

Where the material will be archived and for how long:
After the implementation of the study in 2020-2021, the survey material will be archived for research and development purposes.

16. Data subject's rights and possible limitation

We will offer the parcipants a chance to delete their data through a randomly assigned identifier that they will have to store during the data collection period.

Subject to data protection law, the data subject has:

• Right to inspect data (right to access personal data)
  • The data subject has the right to know whether or not his or her personal data are being processed and what personal data about him or her has been stored.

• Right to rectification
  • The data subject has the right to request that incorrect, inaccurate or incomplete personal data concerning him or her be corrected or supplemented without undue delay. In addition, the person has the right to demand that unnecessary personal data be deleted.

• Right to delete data
  • In exceptional cases, the data subject has the right to have his or her personal data completely deleted from the controller's registers (right to be forgotten).

• Right to restrict processing
  • The data subject has the right, in certain situations, to request that the processing of his or her personal data be limited until his or her data has been duly checked and corrected or supplemented.

• Of opposition
  • In certain situations, a person has the right at any time, based on his or her personal, special situation, to oppose the processing of his or her personal data.

• The right to transfer data from one system to another
  • In certain situations, the data subject has the right to obtain personal data concerning him which he has provided to the controller, in a structured, commonly used and machine-readable form, and the right to transfer the data to another controller.

Reasons for restriction: During the data collection, the respondent has the right not to participate in the survey. Due to the unanonymized data collection procedure we use, we are unable to identify a respondent's data without sufficient information about the particulars of the data since their responses will be stored in the system anonymously. Therefore, the data of an individual defendant cannot be ascertained from him or her at a later stage.

• Right to appeal to the supervisory authority
  • The data subject has the right to lodge a complaint, in particular with the supervisory authority at the University of Oulu, if he or she considers that the processing of personal data violates the general EU data protection regulation (EU) 2016/679. The data subject also has the right to use administrative appeals as well as other legal remedies.

Contact:

Associate professor Simo Hosio
Email: simo.hosio@oulu.fi

Requests for the exercise of the data subject's rights shall follow the data request process of the controller.