On the TNO website (opens in a new tab) one can find the TNO Privacy Statement (opens in a new tab) that explains exactly how TNO handles personal data in general.
The DIAMONDS Privacy Notice (this page) tells you about what TNO's DIAMONDS platform specifically does with personal data, how TNO's DIAMONDS platform protects personal data and how you can exercise the rights you have under privacy legislation.
What are personal data?
Personal data means any information that is traceable to you as a person. This ranges from contact information (name, address, email) to information about for example your health.
More information and definitions about personal data and privacy legislation can be found on the website of the Dutch Data Protection Authority (the Dutch DPA) (opens in a new tab) and in article 4 of the EU-AVG (opens in a new tab) .
When and why does TNO's DIAMONDS platform use your personal data?
When you visit the unrestricted webpages of TNO's DIAMONDS platform, no personal data is used and no cookies are used. These unrestricted webpages are all webpages that start with "https://diamonds.tno.nl" and do not require you to login or register.
When you fill in our registration form to obtain a DIAMONDS account (at https://diamonds.tno.nl/register), we will capture the information that you submit through that registration form. That information is stored in our database in an encrypted format so that you will be able to login in the future, but your information is not readable without the encryption key. To determine that you are indeed a person and not a malicious bot trying to register fake accounts, we make use of the widely used reCAPTCHA v2 service. Note that this tracking cookie only occurs on the registration form itself and not on any other DIAMONDS page. By completing the registration form (and actively acknowledging the terms and conditions) you give consent to us to create an account and process and store the provided personal data as part of your account.
When you visit the restricted webpages of TNO's DIAMONDS platform, your credentials are checked in encrypted state in order to determine which parts of TNO's DIAMONDS platform you are allowed to access. These restricted webpages are all webpages that start with "https://diamonds.tno.nl" and that require you to be logged in. On the restricted webpages we use functional cookies purely to keep you logged in.
When TNO's DIAMONDS platform captures any personal data (besides the information provided at registration) this is always done based on your consent. When you participate in research conducted by TNO that uses TNO's DIAMONDS platform you will always be asked explicitly for your consent. TNO's DIAMONDS platform might also be used by external partners that request TNO to process personal data on their behalf. In such situations, a Data Processing Agreement (verwerkersovereenkomst) between that partner and TNO will be in place and that external partner will have requested for your consent as well.
You always have the right to withdraw your consent. However, when you withdraw your consent this does not affect the lawfulness of the use of your personal data based on your consent before your withdrawal.
How long does TNO's DIAMONDS platform keep your personal data?
TNO's DIAMONDS platform does not keep your personal data any longer than is necessary for the purpose for which it is being held. When TNO completes a study that involves use of your data because you were a participant, your data will be deleted once they are no longer needed for archiving purposes. By this we mean that for an extended period it needs to be possible to substantiate the results of the study by referring to the underlying data. The retention period may differ for each study (often 10 years), but will always be mentioned in the "informed consent" form that you sign before the start of the study.
How does TNO's DIAMONDS platform secure your personal data?
TNO attaches great importance to ensuring that personal data provided by you are handled and kept secure with the greatest possible care. In order to optimally protect your personal data against loss, theft, unauthorized access or misuse, TNO takes the correct technical and organisational measures to keep your personal data secure, which includes the use of the latest security technology. In terms of organisation, TNO has arranged for research data to be accessible exclusively for employees involved in the research in question. In addition, TNO's DIAMONDS platform will protect the personal data by always giving them a pseudonym or rendering them anonymous, if possible. Data that have been given a pseudonym can no longer be traced directly to you as a participant without the use of additional information that will always be kept separate. Data that have been rendered anonymous can never be traced to you.
Does TNO's DIAMONDS platform give personal data to other organisations?
TNO 's DIAMONDS platform adheres to the principle that it does not share your personal data with others nor use it for a purpose that was not intended at the time of collection, unless this is clearly stated in the "informed consent" form. However, there are exceptions whereby TNO is required to give personal data to others. These are always exceptional circumstances, such as legal proceedings or crime prevention.
Does TNO’s DIAMONDS platform use automated decision techniques or profiling?
The pseudonymized research data is sometimes enriched with algorithms that run on the DIAMONDS platform. These algorithms either automatically generate a personal advice for the benefit of the research participant and/or generate a result at group level (anonymously) for the benefit of the research objectives of the study. The outcomes of the algorithms are only used within the context of the study for which the participant has provided consent. Unless explicitly stated on the consent form, no automated decision making with legal or similarly significant personal effects will take place.
What are your privacy rights concerning TNO's DIAMONDS platform?
Under the prevailing privacy legislation you have various rights you can exercise to keep control of the personal data an organisation collects about you and uses.
If you wish to exercise your privacy rights you can send a request to firstname.lastname@example.org or follow the instructions mentioned in the TNO Privacy Statement (opens in a new tab) . You can also lodge a complaint with the Data Protection Officer of TNO regarding the use of your personal data in the DIAMONDS platform. In addition you can also lodge a complaint with the Dutch Data Protection Authority.
This privacy statement may be changed at any time by TNO without prior announcement. Changes come into effect as soon as they are published on this website.