Market Research Participant Privacy Policy

The information you provide Trinity/us will be used to help us determine your eligibility to participate in primary market research/carry out primary market research on behalf of our client[s]. We will inform you of the identity of our client[s] once this will no longer bias our study if you live within the EEA. This may involve the collection of your health data if you are a patient and may cover other sensitive pieces of information such as your ethnicity or sexual activity if this is relevant to this research. Please confirm that you consent to our processing of your information for these purposes. You can withdraw this consent at any time. To find out more about how we and our clients use your data, or about your rights, you can review our full Research Participant Privacy.

What does this policy cover?

Key points

  • We use your personal data to determine your eligibility to participate in our primary market research studies and, where you are accepted on to a study, to carry out research processing.  
  • We work as a controller with our ultimate client in carrying out our research – we will identify this client to you at a later stage study if you live within the EEA, in order to ensure our research is unbiased. Before providing information to our client, we ensure that we have anonymised the data you provide to the fullest extent possible. You will never be contacted by our ultimate client, but they may be invited to listen to study calls or view research via video streaming or be given an audio or video recording or transcript of a call – you will be informed before this takes place, and we take every possible precaution to ensure you remain anonymous.
  • We may instruct another market research organization to assist us in carrying out our market research, particularly where this involves work in a non-English speaking country. This researcher will also be a controller for this data processing, and more details of how they handle your data can be confirmed in their privacy policy.
  • As our research engagements typically require us to screen individuals to ensure they belong to a relevant patient group, we will necessarily need to collect certain health data for these purposes. We may also need to collect other special category information where this is relevant to our research, such as details of your ethnicity or sexual activity. We do this with your consent, which you may withdraw at any time.
  • We also use your data where we need to comply with legal obligations.  We may share data with our service providers and advisors for these purposes.  

What information do we collect from you?  

We collect and process personal data about you where you submit responses to screening questions or participate in research studies we conduct for our clients. We process the information you provide to us.  Where you are a patient or caregiver this will typically involve information about your (or your care receiver’s) health, the impact of this on your personal life, and certain details of your home life that may be relevant to determine eligibility for research studies – such as information about whether you have children, your or your care receiver’s ethnicity,  age and nationality and your availability for further research. If you are a HCP, we will typically collect information about your role, background, and practice.

What information do we receive from third parties?

Sometimes, we receive information about you from third parties. In particular, we may instruct another market research organisation to assist us in carrying out our market research, particularly where this involves work in a non-English speaking country. This organisation will also be a controller for this data processing, and more details of how they handle your data can be confirmed in their privacy policy.  

We may use the information you provide us to validate your identity using checks against publicly available information.

We may also obtain your information from paid recruiters – these recruiters will provide us with your contact details, other information you may have provided them to confirm your eligibility (which could include health, ethnicity or sexual activity data as appropriate) and details of any consent you may have given to pass this information to us. If you are a HCP, your information may be given to us by another HCP of your acquaintance, by our clients or be procured from publicly available lists.

How do we use this information, and what is the legal basis for this use?  

We process this personal data for the following purposes:

  • As needed to conduct our business and pursue our (and our client’s) legitimate interests, in particular, protecting our legitimate business interests and legal rights. This includes, but is not limited to, use in connection with legal claims, compliance, regulatory, auditing, investigative and disciplinary purposes (including disclosure of such information in connection with legal process or litigation) and other ethics and compliance reporting requirements.   
  • To enter into and administer any contract associated with our research activities, including any payments made to you for your participation in our research, involving use of payment details and social security numbers as required;   

With your consent:

  • recruiting appropriate individuals for primary market research, including verifying the identity of respondents;
  • contacting and carrying out primary market research, and creating de-identified market research products for our ultimate client
  • in the case of our client, they carry out primary market research and evaluate its results – you will never be contacted by our ultimate client unless you have reported an adverse event, but they may be invited to listen to study calls or be given audio recordings or transcripts of call (you will be informed before this takes place, and we take every possible precaution to ensure you remain anonymous); and
  • where we have separately obtained your consent, for any other purpose as described in that consent
  • For purposes which are required by law – for example, our client may contact you where you report an adverse event.

Relying on our legitimate interests

We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, as described above. You can obtain information on this by contacting us using the details set out later in this notice.

Withdrawing consent  

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above.  

Who will we share this data with, where and when?

We will share information with our partner market research organisations where this is necessary to carry out research in your country or territory – particularly where this involves work in a non-English speaking country. As explained above, details of how they handle your data can be confirmed in their privacy policy.  

We will share information with our ultimate client, although we attempt to anonymise this to the fullest extent possible. You will never be contacted by our ultimate client unless it is in relation to suspected adverse events, and you have given your consent to be contacted.  You will be informed of their identity once there is no further risk of bias study if you live within the EEA.

We share personal data with government authorities and/or law enforcement officials if this is needed for the purposes above, if mandated by law or if required for the protection of our legitimate interests, in compliance with applicable laws.

We also share personal data with service providers, who process it on our behalf for the purposes above. In particular, we use third party providers for audio transcription, payment processing and audio modification.

Where you are located in the European Economic Area, Trinity or our partner market research organisations may transfer your information to countries outside your own country and outside the European Economic Area, including to countries which do not benefit from a European Commission adequacy decision because they do not have equivalent data protection legislation. When transferring your information across national boundaries, our research partners or Trinity makes use of appropriate measures to protect your data where required.   

What rights do you have?

You may be able to ask us for a copy of your personal data; to correct it, erase it or restrict (stop any active) processing of your personal data; and to ask us to transfer some of this information to other organisations in a structured, machine readable format.

In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement)

These rights may be limited in some situations, for example if fulfilling your request would reveal personal data about another person, where this would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the GDPR and in applicable national legislation. We will inform you of relevant exemptions when responding to any request you make.

Where we require personal data to comply with legal obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to meet obligations placed on us.  In all other cases, provision of requested personal data is optional

We hope that we can satisfy any queries you may have about the way we process your data.  To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us using the details set out below. If you have unresolved concerns, you have the right to complain to a data protection authority where you live, work, or where you believe a breach may have occurred.  

How do I get in touch with you?

You can get in touch at _compliance@trinitypartners.com or by writing to Compliance Officer Trinity,  230 Third Ave, Waltham, MA 02451.

How long will you retain my data?

We retain information relating to studies for up to 2 years. We make every reasonable effort to ensure that your data is not identifiable once included in aggregated information delivered to our client. Should your data be unidentifiable in these aggregated datasets, we retain this information for 10 years.  The likelihood of your reidentification is low given the efforts taken to anonymise data.

We will hold your information in relation to payments we make to you for up to 10 years. Where you make a complaint or otherwise correspond with us outside of our study, we will hold your information as long as necessary to deal with your correspondence and then within our records for up to 10 years.