Go to main content
Tricals - The highway towards a cure

Our Privacy Statement

TRICALS is a non-profit organization, established in the Netherlands, that facilitates collaboration between scientists and healthcare professionals from multiple university medical centres in Europe, specializing in Amyotrophic Lateral Sclerosis (ALS). This collaboration aims to find effective treatments for people living with ALS.

TRICALS (hereinafter “TRICALS,” “we,” “us,” or “our”) acts as the data controller under the General Data Protection Regulation (GDPR) and other applicable data protection laws for the personal data collected and used on this website and for the personal data received in our registry through the website. This means we determine how your personal data is collected and the purposes for which it is used.

At TRICALS, we understand the importance of privacy and we are committed to protecting your personal data with the utmost care. To achieve this, we have implemented appropriate measures to safeguard your information.

This document is regularly reviewed and possibly adjusted. Please note that our website will always reflect the most recent version of the privacy statement.

How to contact TRICALS?

If you have any questions or remarks regarding this Privacy Statement or our privacy practices, please contact us at:

What personal data do we collect and for what purpose? How do we legally process your data?

a) From patients who want to participate in TRICALS Registry, the following personal data is collected:
  • Personal information: First name and surname, gender, date of birth, email address, city and country of residence,
  • Medical information: Diagnosis, whether you have been seen by a neurologist, date of diagnosis, city and country of diagnosis, date of first weakness and its initial location.
  • Contact preferences: Your preferred centre for participation in future clinical trials, and how you heard about TRICALS.

Before your personal data is included in the registry, you will be given comprehensive written information about the registry, including the specific data collected, the potential risks and benefits, and the confidentiality safeguards in place. You will be given the option to provide explicit consent to: (1) TRICALS contacting you about future clinical trials, (2) TRICALS sending you a 10-minute questionnaire regarding your daily functioning and clinical care, and (3) receiving the TRICALS newsletter. Providing this information is voluntary but required for the registry.

In accordance with (Article 9(2)(a) GDPR), we will process your personal data only with your explicit informed consent to participate in the registry. It is important to understand that health data is considered a special category type of personal data under the GDPR and treated as sensitive data by TRICALS. You can also provide separate consent to sign up to the TRICALS Newsletter as per Article 6(1)(a) GDPR.

The Registry follows strict standards, a registration confirmation is sent to info@tricals.org, including the date of registration and last name. Access to this data is limited to specific employees. Personal data is stored in the backend of the TRICALS website and automatically transferred to Castor, a database that is ISO 27001 certified. This certification ensures strict security standards are followed.

The registration form is intended to create a new account in the TRICALS registry. It ensures that suitable individuals are included in the registry, which aims to connect people with Motor Neuron Disease (MND), or Amyotrophic Lateral Sclerosis (ALS) interested in clinical trials with MND centres performing them, thereby supporting new ALS studies with data utilized for scientific research and regulatory purposes only.

b) From users who fill in the contact form to get in touch with a specific ALS Centres, or register for a trial, the following information is collected:
  • First name, surname, date of birth, email address and if the user wishes to participate in a clinical trial.

The information is then shared with the relevant ALS Centre and sent to info@tricals.org Contacting a center directly will not automatic registration in the TRICALS Registry, this is a separate process. Your personal data is processed based on your consent (Article 6(1)(a) GDPR), to respond to your inquiry or provide the requested service. The combination of your name and date of birth allows the ALS Centre to search their database to determine if you meet the initial inclusion criteria for the clinical trial.

You have the right to withdraw your consent at any time. Please note that this will not affect the lawfulness of any processing carried out prior to the withdrawal. To withdraw your consent, you can contact the ALS Centre directly or email info@tricals.org.

c) From users who fill in the contact form on the website, we collect the following personal data:
  • First name, surname, email address and country if the user is a patient.
  • First name, surname, email address, company name and function if the user is a centre.
  • First name, surname, email address, company name and country if the user is a company interested in collaborating with TRICALS.
  • First name, surname, email address, country and topics of interest if the user has questions on TRICALS’ Academy.

We process this personal data based on your consent (Article 6(1)(a) GDPR).  We advise patients to avoid seeking medical advice through this contact form.

In case you submit an inquiry please note that this data can be shared with the TRICALS liaison in the respective country.

d) From TRICALS’ executive board we process the following personal data:
  • First name, surname, picture, academic and professional background, job title and position at TRICALS.
  • Location of the working centre, email address of the centre and phone number.

We process this personal data based on legitimate interests (Article 6(1)(f) GDPR). This processing is necessary to showcase our team members, enhance collaboration, and provide information to stakeholders in a professional context

A Legitimate Interests Assessment (LIA) has been conducted to ensure that the processing is proportionate and that the rights and freedoms of the individuals involved are safeguarded.

e) From TRICALS’ Operational Office, the full-time employees who support the executive board, we process the following personal data:
  • First name, surname, picture, academic and professional background, job title and position at TRICALS.

We process this personal data based on legitimate interests (Article 6(1)(f) GDPR). This processing is necessary to showcase our team members, enhance collaboration between TRICALS and ALS Centres, and provide information to stakeholders in a professional context.

A Legitimate Interests Assessment (LIA) has been conducted to ensure that the processing is proportionate and that the rights and freedoms of the individuals involved are safeguarded.

f) From the specialists in each ALS Centre, we process the following information:
  • First name, surname, email address, picture, academic and professional background, job title, LinkedIn profile, country and name of the centre. The email address, phone number and website of the centrum is linked to each profile.

We process this data under our legitimate interest (Article 6(1)(f) GDPR). It is essential for ALS patients to know the specialists and contact points at each centre. Additionally, processing this data is necessary to facilitate collaboration among centres, with the shared aim of advancing effective treatments for individuals living with ALS. This also enhances communication, ensuring patients are kept informed about new treatments, discoveries, and ongoing research related to ALS. By fostering transparency and collaboration, we strive to support both patients and the broader medical community in the fight against ALS.

A Legitimate Interests Assessment (LIA) has been conducted to ensure that the processing is proportionate and that the rights and freedoms of the individuals involved are safeguarded.

g) From the users who register to TRICALS events/ Masterclasses we process the following personal data relevant to the specific event. This may include:
  • First name, surname, email address, organization, job title, dietary restrictions (sensitive data), and payment details, which are processed securely through our trusted payment provider, Mollie.

We process your personal data based on your consent (Article 6(1)(a) GDPR) to manage registrations, verify eligibility, ensure safety by accommodating dietary restrictions, and handle payments securely. Dietary restriction data is processed with your explicit consent (Article 9(2)(a) GDPR) to comply with GDPR requirements and ensure your safety during our events.

You can withdraw your consent for processing your personal data at any time by contacting us at events@tricals.org.

h) From users who sign up to TRICALS’ newsletters, only the email address is collected.

We process this data based on your consent (Article 6(1)(a) GDPR), to provide updates and event invitations. Newsletters are sent to those who opt in via the TRICALS registry or website. You can withdraw consent anytime using the unsubscribe link in our newsletters or by emailing info@tricals.org.

i) From users who sign up to The International Network for ALS Research and Care (INARC), the following personal data is collected:
  • First name, surname, institution, role function, country and email address.

INARC connects ALS research and care professionals, providing a platform for collaboration. To facilitate communication and event access, we collect personal data from users who sign up. Processing is based on user consent (Article 6(1)(a) GDPR).

How do we collect your data

TRICALS collects personal data through the following methods:

a) Directly from you:

We collect personal data directly from you through several channels, including when you contact us via email at info@tricals.org, operations@tricals.org, events@tricals.org, or inarc@tricals.org when you fill out contact forms on our website, or when you sign up for services such as the TRICALS Register, newsletters, events, or the INARC subscription.

b) Indirectly:

When establishing business arrangements, we may collect and add emails to our mailing list for communication purposes. We also collect data automatically when you visit our website, such as your IP address, browser type, and pages visited. This is done through cookies and other tracking technologies to improve website functionality.

Who has access to your personal data? Data sharing with third parties

TRICALS shares personal data with carefully selected service providers who act as data processors on its behalf. These include:

  • Castor (for managing the Registry),
  • Mollie (for processing event payments for events),
  • Mailchimp (for sending newsletters).

These processors provide data storage, support, and management services and are contractually prohibited from using your personal data for any purpose other than delivering these services to TRICALS.

For users who register for INARC, TRICALS shares personal data with INARC, its sister organization, to facilitate communication and provide access to INARC-related activities. INARC processes this data by its stated purposes and privacy practices.

We do not share your personal data with ALS Centers. However, for research purposes only, authorized representatives of specific Executive Board member institutions may be granted access to the personal data of registered participants from their respective countries. Access is strictly limited to individuals authorized by TRICALS and is subject to confidentiality and data protection agreements. These representatives must use the data exclusively for scientific research in line with TRICALS’ mission and applicable legal and ethical standards.

In certain circumstances, TRICALS may be legally obligated to share personal data with law enforcement or other public authorities. If such disclosure occurs, we will take all reasonable steps to inform you, unless prohibited by law.

International Data Transfers

TRICALS may share personal data with ALS Centres outside the European Economic Area (EEA) to facilitate clinical trials and inquiries. When transferring data internationally, we ensure compliance with GDPR by using safeguards such as Standard Contractual Clauses (SCCs) or relying on countries with an EU adequacy decision.

The personal data of users who sign up to The International Network for ALS Research and Care (INARC) is stored within the European Union. However, it may be accessed by INARC’s board members located outside the European Economic Area (EEA). In such cases, appropriate safeguards are implemented to ensure that the data remains protected under GDPR.

How long do we keep your personal data? Data retention periods

TRICALS will retain personal data for as long as is necessary to fulfil the purpose for which it was collected, in accordance with applicable laws and regulations.

  • Personal data included in the registry will be retained only until consent is withdrawn, unless a longer retention period is mandated by applicable laws.
  • Personal data published on the website, including the personal data of TRICALS’ executive board, operational offices, and specialists at each centre, will be retained only for the duration of their employment in these roles.
  • Personal data submitted via contact forms on our website will be kept for as long as necessary to answer your inquiry or to provide the specific service requested.
  • Personal data provided during event registration will be retained for the duration of the event and any necessary follow-up period, not exceeding 24 months, unless otherwise required by law.
  • Personal data shared when signing up for the TRICALS newsletter will be retained until consent is withdrawn.

In some cases, applicable laws or regulations may require us to retain your data for longer periods. Once the retention period has expired, your data will be securely deleted or anonymized in accordance with data protection regulations.

Security of your personal data

The confidentiality, integrity and availability of your personal data is of great importance to us. That is why TRICALS takes efforts to appropriately protect your personal data from unauthorised access, alteration, disclosure, or destruction. These data protection measures include:

  • Data processing agreements: Agreements with service providers always include specific data protection obligations.
  • Restricted Access: Personal data is only accessible to authorized personnel who need it to perform their job functions. Strong authentication methods, such as multi-factor authentication (MFA), are used to restrict access to sensitive data.
  • Third-Party Vendors Security: When third parties are used to process or store personal data, TRICALS ensures that those vendors comply with GDPR and implement robust technical and organisational measures to protect your personal data.

Rights regarding your personal data

In accordance with EU data protection laws, you have the following rights regarding your personal data:

  • Right to Access: Request access to personal data we hold about you.
  • Right to Rectification: Request correction of any inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data under certain conditions.
  • Right to Restriction of Processing: Request a limitation on the processing of your personal data.
  • Right to Data Portability: Request a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: Object to the processing of your personal data

Should you wish to exercise one of these rights, you can send us an e-mail at info@tricals.org. Your request will be handled within 4 weeks. To ensure the security of your data we may ask you to verify your identity before providing any information. Any information collected for identity verification will be used solely for this purpose and handled securely.

We are committed to addressing your concerns and will respond to those in a timely manner if sent to the same email address. If you’re not satisfied with our response, you can contact your local Data Protection Authority (DPA) or file a complaint with the Dutch Data Protection Authority here (Dutch only).

Last Update April 2025