User Research Privacy Policy

We take your data protection seriously

User Research Privacy Policy

This Privacy Policy applies to the processing of personal data by Dawn Health in connection with its user research projects and activities.


Privacy is important to Dawn Health. We comply with applicable data protection laws, including the European Union General Data Protection Regulation (“GDPR”) when processing your data.


We carry out user research and concept testing of our products and services on a voluntary or incentivised basis. During these activities, we may process your personal data. You will find below information on this processing. Where relevant, additional information may also be provided prior to the specific research activity.



The control of your data 

As a data controller, we are responsible for the processing of your personal data. You will find our contact details below:  

Dawn Health A/S 

CVR-nr: 37683264  

Sundkaj 153 1st floor 

2150 Copenhagen  


Why do we process your data and legal basis

We process your data: 

  • To gather relevant insights that will help us continuously improve our existing and potential services and products. 
  • To create, validate and test new concepts or solutions that will be offered to existing and potential customers or end-users. 
  • To contact you in the context of a user research project or when you agreed to us keeping your contact details in our user research contact list. 


Before data collection for particular research projects, you will be provided with detailed details regarding the context or extent of the research project you're invited to engage in, as outlined in the corresponding consent form or service agreement. 


We process your personal data based on the necessary performance of a contract (Article 6(1)b, GDPR) or your consent (Article 6(1)a, GDPR). As some of our user research is focused on specific disease areas, we will ask you to process your health-related data based on your consent (Article 9(2)a, GDPR). We may also process personal data to comply with a legal obligation to which we are subject (Article 6(1)c, GDPR), such as regulations applying to medical devices. 

Personal data processed

For the purposes listed above, the following personal data may be processed: 

  • Full name 
  • Contact details (Email, Phone number) 
  • Age 
  • Gender 
  • Marital status 
  • CV (e.g., for healthcare provider participants) 
  • Authorisation ID (e.g., for healthcare provider participants) 
  • Job title 
  • Location (e.g, city, of residence states, country) 
  • Health-related data (e.g., disease/disorder/syndrome, medications, treatment) 
  • Skillset (e.g., knowledge of technology, tools used) 
  • Family, relationships or ecosystems (e.g., caregivers of help, participation to organisations supporting patients) 
  • Video recordings 
  • Screen recordings 
  • Photos 
  • Research results (e.g., task results, task observations, answers, personal notes, diary or journal notes) 
  • Email messages 
  • Actions or events of your interactions with our software and applications and 
  • Any data relevant to the specific projects the research that you voluntarily provide us. 

Sharing your information with others

Dawn Health may share your personal data with third parties that help us to do the activities listed above, such as our IT cloud provider or recruiting companies. In some cases, your data may be collected directly by the recruiting companies we work with, and we may engage with your contributions to the project without knowing your identity.


Third parties processing data on our behalf must protect the confidentiality and security of your information and follow instructions provided by us, in accordance with a signed data processing agreement.


Any cross-border transfers of data will only take place under applicable laws.


We may also be required to share your personal data with authorities, such as in the context of a medical device approval. In any case, we will follow the data minimisation principle and prefer to use pseudonymised data where possible.


Finally, we may disclose information that is not considered personal data to third parties, such as aggregated test results. In this case, such information will be shared in an anonymized form, that does not identify you or any other individuals.


Data retention and deletion

Dawn Health will retain your information for as long as necessary to fulfil the purposes described above and to adhere to retention periods as per applicable laws. If a user research project is conducted to support medical device design and development, retention periods specified by relevant medical device regulations may be applicable. 


Upon the conclusion of the retention period, personal data will be either deleted or anonymized. 


If you voluntarily apply to be part of future research studies, we will store your name and contact details on our user research contact list. Your data will be kept for this purpose for as long as you wish to remain in the user research contact list. We will ask you to renew your consent for this purpose every 12 months. You have the right to withdraw from this contact list at any time. 


Unless otherwise specified in the consent form of a specific project, your identifiable personal data will be stored for up to 12 months. After this period, data will be anonymised - or for projects that require longer retention periods, it will be pseudonymized and kept until the end of the legal retention period. In such cases, only a few selected Dawn personnel will retain access to the key information that could enable re-identification.

Your rights

In addition to your right to decide whether you want to be part of our user research study, you have privacy rights under GDPR, which we describe below. Please note that there may be limits on these rights depending on the specific circumstances of the processing activity.


You can obtain information on the personal data which we store and process about you and to the extent you have such right under applicable law, you can get a copy of your personal data in a structured, commonly used, and machine-readable format. You have the right to rectify personal data that you think is inaccurate and, under certain circumstances, to restrict or object to the processing of personal data and delete your personal data. When your information is processed based on your consent, it is voluntary, and you can withdraw it at any time.

Point of contact

If you have any questions, or complaints or want to exercise any of the above rights, please contact us at [email protected]


Data Protection Officer   

Dawn Health’s data protection is solicited by DPO Danmark. You can find DPO Danmark’s contact details below: 


DPO Danmark ApS  

Højbro Plads 10  

DK-1200 Copenhagen K


Please note that you also have the right to complain to the relevant data protection authority: 


Danish Datatilsynet  

Borgergade 28, 5  

DK-1300 Copenhagen K  

Phone number: +45 33 19 32 00  

E-mail address: [email protected]  


Changes to this Privacy Policy

This Privacy Policy is in its Ver. 01. Dawn Health may revise this Privacy Policy at any time, by updating this posting. We recommend that you revisit this page to review and consent to the newest version.