Neureka App Privacy Policy

​​​​​The University has compiled processing records, in accordance with Article 30 GDPR requirements. If You require further detail please contact (Principal Investigator; gillancl@tcd.ie) and/or Anna Hanlon (Research Manager; akhanlon@tcd.ie)  

​

How we securely store your personal data: 

Personal data will be stored confidentially and securely as required by  Trinity College Information Systems Security Policy and Data Protection Policy. The University is committed to ensuring that the processing of Your data safeguarded by appropriate technical and organisational security measures relevant to the processing in accordance with Article 32 GDPR requirements. 

When we store your personal data on our systems, the data will be stored either on University premises or on secure IT platforms within the European External Area (“EEA”) which are under binding contract to the University, to keep Your data safe.  

If any Service provider uses any third party which is external to the EEA, we ensure that they are subject to Chapter V GDPR requirements.  

Specifically, the University has put in place the following security measures in relation to Your data: 

• Data are encrypted in transit and at rest (TLS/SSL, AES-256). 

• Data are stored on secure EU-based servers (Heroku & MongoDB Atlas), reviewed by TCD IT Services. 

• Role-based access controls, two-factor authentication, IP restrictions. 

• Smartphone sensor data is stored separately with additional safeguards (ring-fenced collections, limited access). 

• Audit logs track all access and activity. 

• Data downloaded by participants is password-protected and sent only to the registered email account.  

 

Details of third parties with whom We share personal data and/or anonymised data  

The App will only share Your data with third parties where necessary for the purposes of processing outlined in this Privacy Statement. 

 In accordance with Article 28 GDPR, when We share Your data with third parties who provide a Service to the University, the University will ensure that the data is processed according to specific instructions and that the same standards of confidentiality and security are maintained. 

The following table details the third-party service providers  with whom Your personal data is shared together with the purposes for the sharing: 

​

Heroku (SalesForce) 

Neureka servers run on Heroku (Mongo DB) servers located in the EU 

The following table details

 

Third party Collaborators  

Collaborating Universities: For specific studies, only as joint controllers, subject to ethics & Data Sharing Agreements, and dual consent process (i.e. You will consent to this specific study) 

 

The following details Third parties with whom We share anonymised data :

 

Open Science Framework (OSF) 

To facilitate broader research in the area of brain health. Note: We will never share smartphone sensor data via this modality. 

 

How Long We retain Your Data 

We keep research data indefinitely so We can study changes in brain health over time. To make sure the retention of research data is still necessary, We review our research datasets regularly (at least once a year).  

The safe and secure retention of data is an important part of scientific research that insures We reduce waste in science and improve openness and transparency. 

 

Your rights under data protection law  

You have the following rights over the way We process Your personal data unless Your request would impact on research integrity (for example if research is about to be published or if data has already been used prior to a request for erasure, such data cannot be erased but no further usage will take place):

​

Right of Access  

You have the right to request a copy of the personal data which is processed by the App and to exercise that right easily and at reasonable intervals.  

 You can download all data that You have submitted through the app by tapping "Settings"->”Data Protection”->"Download my data".  A password will be required to do this to ensure Your privacy and security, and data will be sent to Your personal email address provided at the time of sign up.   

​

Withdrawal 

You can withdraw from the App by deleting it or turning off the sharing of data in the App, without affecting how You use the App  

​

Rectification 

You have the right to request that  inaccuracies in personal data that We hold about You are rectified. 

​

Erasure  

You have the right to request  Your personal data be deleted. You can erase all the data that You have ever submitted by clicking on the “Settings”->"Data Protection" section in the App and selecting “Erase my data”. You will receive an email once Your data has been erased by the research team. The only time We won’t be able to delete Your data in its entirety if We have already published it in aggregate form or shared it openly prior to this request.  

​

Object 

You have the right to object to the University processing Your personal data if You believe the processing to be disproportionate or unfair to You. 

Restriction  

You have the right to restrict the processing of Your personal data if:  

• You are contesting the accuracy of the personal data. 

• The personal data was processed unlawfully. 

• You need to prevent the erasure of the personal data in order to comply with legal obligations. 

• You have objected to the processing of the personal data and wish to restrict the processing until a legal basis for continued processing has been verified. 

​

Further information 

If You have any queries relating to the processing of Your personal data for the purposes outlined above or You wish to make a request in relation to Your rights You can contact a member of the Service staff at: Claire Gillan (Principal Investigator; gillancl@tcd.ie) and/or Anna Hanlon (Research Manager; akhanlon@tcd.ie)  

​

If You wish to discuss Your rights or make a complaint, You can contact the Trinity College Data Protection Officer: 

Email: dataprotection@tcd.ie  

Post: 

Data Protection Officer 

Secretary’s Office, 

Trinity College Dublin, 

Dublin 2, 

Ireland. 

 

For further information please see the Trinity College Data Subject Rights Requests Procedure. 

Oifigeach Cosanta Sonraí 

Oifig an Rúnaí, 

Coláiste na Tríonóide, Baile Átha Cliath, 

Baile Átha Cliath 2, 

Éire. 

If You are not satisfied with the information we have provided to You in relation to the processing of Your personal data or You are dissatisfied with how Trinity College is processing Your data You can make a complaint to the Data Protection Commissioner at: https://forms.dataprotection.ie/contact. 

​

Glossary / Definitions 

• Personal data: Any information relating to an identified or identifiable natural person (‘data subject’). 

• Processing: Any operation or set of operations performed on personal data. Processing includes storing, collecting, retrieving, using, combining, erasing and destroying personal data, and can involve automated or manual operations. 

• Data subject: Someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

• Data controller: An organisation, such as Trinity College, which determines the purposes and means of the processing of personal data.