INNODIA Program participant Privacy Policy

INNODIA’s privacy policy contains information about the processing of your personal data (hereon’’ data’’) in the context of your participation in the INNODIA Protocol/Program. INNODIA is committed to protecting your privacy. This Privacy Policy outlines the types of personal information INNODIA collects, how it is used, and the steps taken to safeguard your information.

For INNODIA's other data processing activities, we apply a customized privacy policy. Users will receive a dedicated link to access to the relevant policy depending on data treatment. These policies will be stored in a hidden section of the INNODIA website.

WHAT IS INNODIA?

INNODIA is an international non-profit organization (iVZW). INNODIA is the interface between those who want to develop new disease modifying therapies and those who have the expertise and tools to do so. INNODIA catalyses, in a comprehensive and efficient way, entities that have often different incentives but who want to address the same unmet medical need: the lack of definitive cures for type 1 diabetes.

Innodia iVZW

Address: Herestraat 49, Onderwijs en Navorsing 1bis, box 902, 3000 Leuven

Email: privacy@innodia.org

Company Number: BE 0792.991.133

INNODIA PROGRAM

The INNODIA program is defined in terms of 2 modules:

Module 1 - THE INNODIA DETECT

INNODIA Family & Friends Early-Stage T1D Detection Protocol

  • IAb TESTING for a high-risk population (i.e.; relatives of people with symptomatic T1D) to detect at risk (1 IAb) and pre-symptomatic T1D individuals (2+IAb’s)

Module 2 – THE INNODIA MONITOR

INNODIA presymptomatic T1D monitoring guidance and data collection

  • Monitoring guidance and collection of data of pre-symptomatic T1D people Participants may provide data for one or both modules, depending on the outcome of initial autoantibody testing.

CONSENT

Consent will be obtained before any procedures are undertaken related to the INNODIA Program. Each participant, or his/her legally acceptable representative, will be fully informed about the nature and objectives of the INNODIA Program and possible risks associated with their participation.

You have the right to withdraw from the INNODIA Program at any time without any consequences.

TYPE OF DATA INNODIA PROCESSES

INNODIA will collect and process the following types of data from you:

Personal data:

  • Site of recruitment
  • Personal identification number assigned to data subject
  • Month and Year of birth
  • Gender (where provided)
  • Date of consent
  • Relationship (family or friend) with T1D
  • Height
  • Weight
  • BMI
  • Visit date and type
  • CV and role of the involved personnel

Special categories of Personal Data

The following special category data will be collected and processed

Data concerning health

  • Adverse Events during the visit
  • T1D autoantibody results
  • OGTT values (if applicable)
  • Hb1Ac (if applicable)
  • Random glycemia values (if applicable)
  • CGM data (if applicable)
  • Additional tests conducted by site that they are willing to share (e.g HLA, autoimmune,

genetic testing)

Personal data revealing racial or ethnic origin

  • Ethnicity
  • The data will be collected through hospital visits relating to INNODIA DETECT and/or INNODIA

MONITOR and medical notes.

COOKIES

This website uses:

  • strictly necessary technical cookies;
  • strictly necessary functional cookies;
  • a privacy-friendly analysis tool.

Strictly necessary technical cookies are necessary for the website to function correctly, and you cannot refuse them.

Strictly necessary functional cookies are strictly necessary to provide a service you have (explicitly) requested. You cannot refuse these cookies if you want to browse INNODIA website, but they are only placed after a choice has been made regarding the placing of cookies.

INNODIA only uses the data included in its cookie policy for analytics purposes if you have given your consent to the use of its analytics tool.

Read INNODIA policy on cookies.

HOW INNODIA USES YOUR INFORMATION

All data collected through the INNODIA Program on presymptomatic T1D individuals will be centralized in a secure directory. As the sponsor of the program, INNODIA serves as the data controller under general data protection (GDPR) regulations.

With your consent, information relating to your risk of T1D will be captured in the INNODIA directory. The clinical team will enter your ethnicity, gender, partial date of birth and date at consent into the INNODIA directory and you will then be assigned a unique ID number. This ID number will be used to code all your data. Only your clinical team will be able to link your personal information to this ID number; everyone else will just see a unique ID number. This process is called pseudonymisation.

INNODIA will not have access to your name and contact details. These will not be shared outside the hospital where you joined unless, in the unlikely event that there are concerns about the conduct of the INNODIA Program, the hospital deems it necessary for your medical records to be reviewed by individuals appointed by the sponsor (INNODIA), regulatory authorities or hospital where you are taking part.

Data collected by INNODIA will be used to

  • Identify individuals at risk or with pre-symptomatic Type 1 diabetes.
  • Provide individuals with the opportunity to participate in clinical trials that advance the development of curative therapies (ongoing or upcoming), and to facilitate access to approved therapies as theybecome available.

The results of the INNODIA Program, when available, may be published in peer-reviewed medical journals and used for medical presentations and conferences. INNODIA will write our reports in a way that it will no be possible to identify you or your child from any of the data produced.

DATA SECURITY

INNODIA takes all appropriate security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security audits.

OTHERS WITH WHOM YOUR DATA ARE (CAN BE) SHARED

INNODIA will only share your data to third parties in the following circumstances:

  • INNODIA is using a third party purely to process data on our behalf and INNODIA has set a data processing agreement with that third party that fulfils legal obligations in relation to the use of third party data processors (e.g. INNODIA processors who are responsible for ICT infrastructure); or
  • INNODIA is required by law to share your data;
  • You have provided your explicit consent to INNODIA to share data with a third party. Any share data will be pseudonymized to prevent identification of individual participants.

DATA RETENTION

The INNODIA Program is a long-term initiative that has the goal to facilitate the development of national Early-Stage T1D testing and monitoring in all EU countries. Therefore, the exact duration of the program at this stage is unknown. It is anticipated that the following data will be kept for a minimum of 5 years after the completion of INNODIA

  • The identifiable data collected during consent
  • The pseudonymised data in the database after the end of INNODIA

INNODIA takes the principles of data minimisation and removal seriously and has internal policies in place to ensure that only the minimum amount of data for the associated purpose is required; INNODIA deletes, anonymises or pseudonymises that data promptly, once it is no longer needed.

YOUR RIGHTS

Depending on the processing and the legal basis, there are several possibilities available to you to keep control over your data, which include the following:

  • Where data processing is based on consent, you may revoke this consent at any time, and we will make it as easy as possible for you to do this (for example by putting ‘unsubscribe’ links at the bottom of all our newsletter emails).
  • You have the right to ask for rectification and/or deletion of your information.
  • You have the right to access your information.
  • You have the right to object to the processing of your data
  • You have the right to limit the processing of your data
  • You have the right to have your data deleted

A full summary of your legal rights over your data can be found on the website of the Belgian Data Protection Authority. Please note that relying on some of these rights, such as the right to delete your data, will make it impossible for us to keep you informed of potential trials and studies that may be of benefit or interest to you. However, where possible INNODIA will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible.

CHANGES TO THIS POLICY

INNODIA reserves the right to update or modify this Privacy Policy from time to time and will publish the most updated version on its website. If a modification meaningfully reduces your rights, INNODIA notifies those people whose data shared with INNODIA will be affected.

CONTACT INNODIA

If you have any questions or concerns about this INNODIA Privacy Policy or data practices, please contact INNODIA at privacy@innodia.org.

If necessary to process your request, we may ask you to identify yourself with e.g. a copy of the front of your identity card.

DISPUTES

If you feel that INNODIA has not handled your request or complaint well enough and that your rights have been violated, you can contact the Belgian Data Protection Authority (former Privacy Commission, www.gegevensbeschermingsautoriteit.be) and file a complaint there.

This policy and INNODIA operations are governed by Belgian law. To the extent permitted by applicable law, the Courts and Tribunals of Leuven shall have jurisdiction in case of dispute.

Version of this Privacy Policy 01: 23/01/2025