Participant Privacy Policy

This Privacy Policy explains how Junipr Research collects, processes, stores, shares, and protects personal data, including special category data, in the context of clinical trials, research activities, and related processing operations. It applies to all personal data collected from individuals through websites, online forms, research surveys, email, telephone, mobile applications, physician referrals, and any other channel used to provide personal information to Junipr Research. Depending on the activity, Junipr Research may act as a data controller, a data processor, or a joint controller. All processing is conducted in accordance with the GDPR and supported by lawful, transparent, and secure data protection practices, including the appropriate use of explicit consent where required.

Junipr Research collects personal data only when relevant and necessary for the purpose for which it was provided. Individuals may submit data directly through forms, surveys, email, or communication with Junipr Research personnel, or indirectly through clinical investigators, healthcare professionals, or referring institutions. The types of personal data collected may include identification details such as name, date of birth, gender, and contact information; information submitted through questionnaires, consent forms, or online platforms; medical history, diagnostic information, and data required to assess eligibility for clinical trials; and lifestyle, demographic, or behavioural information where relevant. When personal data is obtained indirectly, Junipr Research provides all information required under GDPR Articles 13 and 14 within applicable timeframes unless an exemption under Article 14(5) applies.

All data collection activities are supported by a consent record provided by the data subject or, where applicable, by a legally authorised representative. Consent is obtained in accordance with GDPR requirements, meaning it is freely given, specific, informed, and unambiguous. Consent is documented in a durable and verifiable form. Individuals may withdraw consent at any time by contacting Junipr Research using the details provided in this policy. Withdrawal does not affect the lawfulness of processing performed before the withdrawal, and processing may continue where another lawful basis applies. Junipr Research processes special category data, including health data, only where necessary and strictly in accordance with Article 9 GDPR.

Processing of personal and special category data by Junipr Research relies on one or more lawful bases under the GDPR. For personal data, these may include consent, contractual necessity, compliance with legal obligations, or legitimate interests pursued by Junipr Research or a third party, provided such interests do not override the rights and freedoms of the data subject. The precise lawful basis applicable to each processing activity is specified in relevant study documentation or participant materials.

Special category data is processed strictly under Article 9 GDPR. Junipr Research relies on explicit consent under Article 9(2)(a); processing in the public interest in the area of public health under Article 9(2)(i); or processing necessary for scientific or research purposes under Article 9(2)(j), supported by the safeguards required by Article 89 GDPR.

Junipr Research does not knowingly collect personal data from individuals under the age of 18 without verified parental or guardian consent. Where personal data from minors is required, Junipr Research ensures appropriate authorisation from a parent or legal guardian, provides age-appropriate information materials, and implements enhanced safeguards to protect the rights and privacy of minors. If Junipr Research becomes aware that personal data from a minor has been collected without proper consent, the data is deleted unless retention is legally required.

Junipr Research processes personal data for specific, explicit, and legitimate purposes. These include identifying and assessing eligibility for participation in clinical trials; managing recruitment, enrolment, and communications with participants; conducting scientific research and validating study outcomes; complying with legal, regulatory, and ethical obligations; responding to inquiries, surveys, and requests submitted by individuals; and improving systems, services, and participant experience. Personal data is not processed for purposes incompatible with the purposes for which it was originally collected.

When processing personal data for scientific or research purposes, Junipr Research applies the safeguards required by Article 89 GDPR. These include limiting data collection to what is necessary for the research purpose; applying pseudonymisation or coding to identifiable data wherever feasible; restricting access to identifiable information to authorised personnel only; implementing technical and organisational controls that prevent unauthorised re-identification; and ensuring that identifiable data is retained only for the duration necessary to fulfil regulatory or scientific obligations.

Junipr Research may disclose personal data or special category data when necessary and lawful. Recipients may include study sponsors, contract research organisations, clinical investigators, healthcare professionals involved in the study, regulatory or supervisory authorities, or technology providers supporting secure data processing and storage. The role of each party receiving data, whether controller, joint controller, or processor, is clearly established. All disclosures are governed by written agreements ensuring confidentiality, data security, and compliance with GDPR obligations.

Junipr Research implements appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or loss. These measures include restricting access to authorised personnel, securing data transmission channels, protecting storage environments through appropriate safeguards, and ensuring that third-party service providers maintain equivalent security standards.

Junipr Research retains personal data and special category data only for as long as necessary to fulfil the purposes for which it was collected, or to meet legal, regulatory, and contractual obligations. Retention typically follows a period of fifteen years or as required by applicable clinical trial regulations, national laws, or ethical guidelines. After the retention period expires, personal data is securely deleted or permanently anonymised.

Under the GDPR, individuals have the right to access their personal data, request correction of inaccurate or incomplete information, request deletion of personal data under permitted circumstances, restrict processing where applicable, request transfer of personal data in a structured format, object to processing based on legitimate interests, and withdraw consent at any time without affecting prior lawful processing. Requests to exercise these rights may be submitted using the contact details provided below. Junipr Research responds within the timeframes required under GDPR.

Junipr Research may transfer personal data to recipients located outside the European Economic Area when necessary for research activities, regulatory submissions, technology services, or collaboration with study partners. All such transfers are carried out in accordance with Chapter V GDPR and rely on appropriate safeguards, including adequacy decisions issued by the European Commission, Standard Contractual Clauses adopted under Article 46 GDPR, or other lawful transfer mechanisms. Where required, Junipr Research conducts transfer risk assessments and implements supplementary measures to ensure that personal data remains adequately protected.

Data Protection Officer

Junipr Research

Pachtersweg 150C

1500 Halle, Belgium

Email: dpo@juniprresearch.com

Individuals who believe their data has been processed unlawfully have the right to lodge a complaint with the Belgian Data Protection Authority. Information and contact details are available on the website of the Gegevensbeschermingsautoriteit.

Junipr Research periodically reviews and updates this Privacy Policy to reflect legal, regulatory, or operational changes. Material updates may be communicated directly to affected individuals where appropriate.

By providing your details and submitting any participant form in this website, you confirm that you have read and understood Junipr Research’s Privacy Policy and that you provide your explicit consent for Junipr Research (“Junipr Research”) to collect, store, and process your personal data, including health-related and other special category data, for the purposes described in that policy.

You understand that your data may be collected through various channels, including website and/or online forms, surveys, email, or via your physician, and that it may be used to assess your eligibility for participation in clinical trials, manage recruitment and study communications, conduct scientific research, ensure regulatory compliance, and improve Junipr Research’s and partners' services.

Your consent is the legal basis for processing your data where required under Article 6 and Article 9 of the General Data Protection Regulation (GDPR). You acknowledge that Junipr Research may share your data with authorised parties where necessary, including clinical investigators, study sponsors, research partners, and regulatory authorities, but only in accordance with GDPR and under appropriate safeguards and strictly for the purposes you provide you consent for.

You also understand that:

• You may withdraw your consent at any time by contacting Junipr Research at dpo@juniprresearch.com.
• Withdrawing consent will not affect the lawfulness of processing carried out before the withdrawal.
• You have rights under GDPR, including the right to access your data, request corrections, restrict or object to processing, request deletion, and request data portability.

If you believe your data is being processed unlawfully, you have the right to lodge a complaint with the Belgian Data Protection Authority.