CCC STUDY Diary Data Protection

Welcome to the information page of the electronic diary (eDiary) app “STUDY Diary”, a diary app to record your symptoms during a clinical trial. The access data (Login and password) for the use of the STUDY Diary app will only be available in the context of a participation in a clinical study after the trial participant consents to the collection and use of data. A registration without participating in a clinical study is not possible.
If you are participating in a clinical trial that uses the STUDY Diary app, you will receive a printed version of the Patient Information and Consent for Data Collection and Use for your records. For further information on data processing, please refer to this patient information. The Consent form for the Data Collection and Use that you signed before participating in this study always applies to you. In the following, we would like to demonstrate what data is collected when using the app in the context of a clinical study. The app will not collect and transmit data automatically at any time. The data must be entered by the trial participant into the electronic diary and then be sent by the trial participant. The diary consists of several pages.

What data are collected and processed?

ClinCompetence Cologne GmbH (the owner of the app), does not collect any data that allows your identification (no tracing of the mobile device used, no tracing of the user) or your localisation when you have installed and using this app. In particular, no telephone numbers or e-mail addresses are collected, forwarded or stored. Incoming IP addresses during data transmission are not stored. The collected data will be pseudonymised and coded with the same identification number of the trial participant as other data entry forms and questionnaires used in the clinical study, in order to ensure correct merging and evaluation of the data. All data collected using the STUDY Diary app are necessary without exception and correspond to the paper version of the diary submitted to the responsible ethics committee for evaluation. In addition, the time of the data entry is saved so that the entry of symptoms can be allocated to the respective day. The data collected by the STUDY Diary app and processed by ClinCompetence Cologne GmbH are explained in detail below.

In the STUDY Diary App, they rate their allergy symptoms according to their severity as “absent”, “mild”, “moderate” or “severe”:
·         Nasal symptoms (sneezing, runny nose, itching nose, blocked nose)
·         Eye symptoms (watery eyes, red/itchy eyes)
In addition, you are asked to record whether you have taken any allergy medication (antihistamine tablets, corticosteroid nasal spray or antihistamine eye drops).
You will then be asked to indicate on a visual analogue scale how much your symptoms have affected you today.
Finally, you document your asthma symptoms and medication.

Installation, user account, necessary permissions of the CCC STUDY Diary App on your mobile device

Downloading the STUDY Diary app from the app store or the website: During the download of the STUDY Diary app from the respective app store, no personal data is collected by ClinCompetence Cologne GmbH. The installation of the app does not require any permissions or authorisations. For more information on data collection during downloading, please refer to the privacy policy of your app store at www.apple.com/de/privacy/ or www.google.com/intl/de_de/policies/privacy/. Setting up your personal user account: You will receive your personal login data from your physician/investigator. This consists of a unique patient-ID and password. You cannot create a user account or make changes to the account yourself. Transfer of the eDiary data to ClinCompetence Cologne GmbH: Basically, the entry of data into the eDiary is possible without an active internet connection. However, the STUDY Diary app requires an active internet connection in order to transfer the data entries that are made twice a day. The amount of data transmitted is relatively small.

Memory usage and content: When using this app, data relating to your user account (patient-ID and password) are stored on the memory of your mobile device. This is essential for correct functioning. The eDiary entries twice a day are temporarily stored on your mobile device until they are transferred. After successful transmission, the data entries are automatically deleted from your mobile device. The data entry is transmitted in encrypted form as soon as all the information for the respective time of day has been entered, the “submit” button has been clicked and an active internet connection is available. No further use will take place.

Push messages/reminder alerts: When you start the app for the first time, you will be asked for permission to allow the eDiary app to send you push messages/alerts on your mobile device start screen. The push messages/alerts (at 18:00, 19:00, 21:30 in the evening) will remind you to enter your symptoms into the eDiary if this has not been done at the respective day yet. If you have already made the entry, the notifications will be suppressed. Of course, you have the option to prohibit the push messages/alerts. In this case, you can still use the app. This function can be deactivated and reactivated at any time in the settings of your mobile device.

Uninstalling the App or deleting your user account

Please note that if the participation is (prematurely) terminated, in a study that uses the STUDY Diary app, it is essential that you inform your physician/investigator. Uninstalling the app from your mobile device does not automatically lead to termination of participation. Once your participation in the study has ended, you can of course uninstall the app from your mobile device.
Data security
ClinCompetence Cologne GmbH is aware that the health data collected via the STUDY Diary app is data that requires an increased protection. The data collected from you is protected by technical and organisational measures against loss, destruction, access, modification or distribution by unauthorised persons. To ensure that your data is protected against unauthorised access, security measures are taken when the data is stored on your mobile device, during transmission and for the storage location. The access to your stored data is provided with a separate authentication. The technical administration including the intermediate storage and transmission of data to ClinCompetence Cologne GmbH is carried out by AppCologne GmbH. The following precautions and actions have been taken to ensure that your data is secure: Server locations: All servers used are hosted within the territory of the Federal Republic of Germany.
Backup: The database is backed up daily on external servers.
Data transmission: The data transfer of the STUDY Diary app is encrypted in HTTPS standard to certified servers. No IP addresses are stored. Access to the stored data in the backend: There is a purely administrative access for AppCologne GmbH and a download option for ClinCompetence Cologne GmbH. Both access points can be accessed in encrypted form and are each secured with a user name and password. How is the data stored? The data records are each related to a unique patient-ID, which is not linked to personal data. Following the concept of data frugality, no IP addresses, location information or telephone numbers are stored either.
These security measures are continuously improved in line with technological developments. Despite regular checks, however, complete protection against all dangers (e.g., criminal cyberattacks) is not possible.
If you have any further questions, please contact our data protection officer Alexander Bugl, Eifelstraße 55, 93057 Regensburg E-Mail: ab@buglundkollegen.de

Data security

ClinCompetence Cologne GmbH is aware that the health data collected via the CCC STUDY Diary App is data that requires an increased protection. The data collected from you is protected by technical and organizational measures against loss, destruction, access, modification or distribution by unauthorized persons. To ensure that your data is protected against unauthorized access, security measures are taken when the data is stored on your mobile device, during transmission and at the storage location. The access to your stored data is provided with a separate authentication. The technical administration including the intermediate storage and transmission of data to ClinCompetence Cologne GmbH is carried out by AppCologne GmbH. The following precautions and actions have been taken to ensure that your data is secure:

  • Server locations: All servers used are hosted within the territory of the Federal Republic of Germany.
  • Backup: The database is backed up daily on external servers.
  • Data transmission: The data transfer of the CCC STUDY Diary App is encrypted in HTTPS standard to certified servers. No IP addresses are stored.
  • Access to the stored data in the backend: There is purely administrative access for AppCologne GmbH and a download option for ClinCompetence Cologne GmbH. Both access points can be accessed in encrypted form and are each secured with a username and password.
  • How is the data stored? The data records are each related to a unique patient-ID, which is not linked to personal data. Following the concept of data frugality, no IP addresses, location information or telephone numbers are stored either.

These security measures are continuously improved in line with technological developments. Despite regular checks, however, complete protection against all dangers (e.g., criminal cyberattacks) is not possible.