Data Protection Notice for Participants

Simply put...

  On May 25, 2018 the General Data Protection Regulation (GDPR) came into effect, creating a new legal framework for data protection in Germany and the European Union. Because we are an EU-based company, we are bound to follow GDPR, even when we are operating outside of the European Union.

Data protection is a matter of trust and your trust matters to us, thus, protecting your privacy is very important to us. We want to let you know how we at Use-Lab handle your personal data, so that you feel secure working with us today and any time you might participate in one of our studies in the future.

1. What information do we collect and why?

We collect the information you share with us, for example, by phone or via a contact form.

To discuss participation

We have to speak with you and ask questions to find out if you are interested in participating in a particular study and if you meet the requirements for participation in that study.

In most cases, we will contact you by phone, but we may also contact you by e-mail. This means we will need your phone number and your e-mail address. When we get in touch with you, we will ask questions specific to the study we are recruiting for. In this context we may collect further personal data, like your age, gender, handedness, information about any possible vision or hearing impairments, as well as information about your job and your experience with particular medical products and associated health information.

This information is important for us during the screening process for a given study, because all of these factors can influence how a person interacts with a medical device.

Examples: A scalpel for lefthanded users can only be tested by persons who are lefthanded, so we have to ask you what your dominant hand is. Or consider a walker: This device is primarily for persons who require support when walking. Thus, we have to ask you about any difficulties you might have walking.

Appointments, transportation and overnight stays

Sometimes we have projects for which participants must travel a significant time or even stay a few days. In these cases, we can support you to make travel arrangements by taxi, train, plane and, of course, support you to book hotel stays. So that we can arrange for your travel, we have to share some personal data with the respective transportation agency (e.g., taxi company or airline) and hotel so that they can identify you, for example, by name.

2. Who is responsible for processing your data?

Responsible organization

Use-Lab GmbH

Represented by the managing director Torsten Gruchmann

Am Campus 2

48565 Steinfurt

Tel: +49 (0) 2551 962 483

Fax: +49 (0) 2551 962 635

E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

We have an ext. data protection officer. His contact information is:

Nils Möllers

Keyed GmbH

Tel: +49 (02505) 63 9797

Fax: +49 (02505) 63 9777

E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

3. What is the legal basis?

We only process your personal data for the purposes described in this notice (participation or potential participation in a usability study).

We process personal data in accordance with the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

  1. Based on your consent (Art. 6 para. 1 lit. a) GDPR)
  2. To fulfil contractual obligations (Art. 6 para. 1 lit. b) DSGVO)
  3. Within the framework of legitimate interests (Art. 6 para. 1 lit. f) GDPR)

4. Who receives your data?

We will not share your personal data with our client (medical product manufacturer) without anonymizing it. If, for example, a manufacturer needs to prove that fifteen lefthanded persons participated in a study, we will document this in the report but without any additional data with which you could be identified.

Otherwise, your personal data will only be given to those who require it in order for us to fulfill our contractual and legal obligations. External processors (Art. 28 DSGVO) whom we have engaged may also receive your Data for the purposes given. These include, for example, IT service providers.

We may only disclose information about you if we are legally required to do so, if you have given your consent, or if we are authorized to.

5. How long will we store your data?

We will only store your data as long as it is necessary for the purposes described above or as long as legal statutes require us to.

Use-Lab GmbH must take into account the retention periods of the Medical Devices Ordinance, as the clients are subject to this ordinance. In detail, manufacturers are subject to at least the following retention periods:

"Manufacturers shall keep at the disposal of the competent authorities the technical documentation, the EU declaration of conformity and, where appropriate, a copy of relevant certificates issued in accordance with Article 56, including any amendments and supplements, for at least ten years after the last product covered by the EU declaration of conformity has been placed on the market. In the case of implantable products, this period shall be at least 15 years from the date on which the last product was placed on the market", Article 10 para. 8 MDR (Medical Device Directive).

6. What are your data protection rights?

You have the following rights:

  1. Right to access (Art. 15 GDPR)
  2. Right to rectification (Art. 16 GDPR)
  3. Right to erasure (Art. 17 GDPR)
  4. Right to restrict processing (Art. 18 GDPR)
  5. Right to data portability (Art. 20 GDPR)
  6. Right to object (Art. 21 GDPR)

*The full description of the rights of data subjects can be found at:

For better understandability, we have included more detailed explanations of the rights to erasure and to object:


Your personal data may be erased, as long as no statutes of limitation or other legal reasons stand in the way and the data are no longer required for the reason associated with them being stored in the first place.

Right to object

Furthermore, you may always rescind your consent for us to use your personal data to contact you about participating in new studies or request that we block your data set altogether.

We take protecting your data very seriously, so feel free to get in touch with us if you have any questions. In this case, please contact our data protection officer.

You may also contact the data privacy regulatory authority (right to lodge a complaint in accordance with Art. 77 GDPR i. V. m. § 19 BDSG).

Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of your personal data is in breach of the DPA. With regard to the right of information and the right of deletion, the restrictions pursuant to Sections 34 and 35 BDSG apply.

The supervisory authority with which the complaint was lodged will inform the complainant of the status and the results of the complaint, including the possibility of a legal remedy in accordance with Article 78 GDPR. They may also contact the competent data protection supervisory authority (right of appeal under Article 77 GDPR in conjunction with Article 19 BDSG):

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Cavalry tr. 2-4

40213 Düsseldorf

Telefon: +49 (0) 211/38424-0

Fax: +49 (0) 211/38424-10

E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.