| layout | title |
|---|---|
default |
GDPR Compliance |
We process data in accordance with the General Data Protection Regulation (GDPR) for the Thingylabs Performance Initiative, which includes targeted health measures to enhance employee health, focus, and productivity.
The Thingylabs Performance Initiative uses a pseudonymous approach to data collection:
- Participant Codes: You create a unique code (e.g., TL-202311-123) that you use across all surveys
- No Direct Identification: We do not collect names, email addresses, or other directly identifying information
- Linking Data: Your participant code allows us to link your responses across multiple surveys without knowing your identity
- Data Security: All data is stored on encrypted servers in compliance with Article 32 GDPR
- Consent: Participation is voluntary, and your completion of surveys with your participant code constitutes consent under Article 6(1)(a) GDPR
- Legitimate Interest: We improve workplace performance and well-being under Article 6(1)(f) GDPR
- Scientific Research: Data is also processed for scientific research purposes in the field of nutritional and physical health strategies under Article 89 GDPR
- Access: Request access to your data by providing your participant code
- Rectification: Correct inaccurate data by referencing your participant code
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we use your data
- Objection: Object to our processing of your data
- Data Portability: Receive your data in a structured, commonly used format
To exercise any of these rights, please contact [email protected] with your participant code.
- All data is retained for 12 months after the study concludes for analysis purposes
- After this period, the data will either be fully anonymized (by removing participant codes) or deleted
- You may request earlier deletion of your data by contacting us with your participant code
- The study collects information related to health and well-being, which may constitute special category data under Article 9 GDPR
- This processing is permitted based on your explicit consent and for scientific research purposes with appropriate safeguards
- Aggregated, anonymized results may be shared in scientific publications or presentations
- Individual-level pseudonymous data is never shared with third parties
- No data is transferred outside the European Economic Area (EEA)