Information about GDPR compliance at Anatomy.se.
Last Updated: May 30, 2025
Anatomy.se is committed to compliance with the General Data Protection Regulation (GDPR), which enhances individuals' rights over their personal data. As a platform connecting researchers with study participants and facilitating access to medical resources, we take data protection very seriously. This document outlines how we comply with GDPR requirements and explains your rights as a data subject.
We process personal data on the following legal bases: (1) Consent: When you explicitly agree to the processing of your personal data for specific purposes, such as applying for research studies; (2) Contract: When processing is necessary for the performance of a contract with you (e.g., account creation, product purchases); (3) Legal Obligation: When we need to comply with a legal requirement; (4) Legitimate Interests: When processing is necessary for our legitimate interests, such as preventing fraud or ensuring network security, provided those interests are not overridden by your rights and freedoms; (5) Public Interest: For research and statistical purposes, with appropriate safeguards in place.
For research participation, we may collect health-related data, which is considered a special category of personal data under GDPR. We only process such data with your explicit consent, and additional safeguards are in place to protect this sensitive information. Research data is pseudonymized whenever possible, and strict access controls are implemented to ensure confidentiality.
Under GDPR, you have the following rights regarding your personal data: (1) Right of Access: You can request copies of your personal data; (2) Right to Rectification: You can ask us to correct inaccurate data; (3) Right to Erasure: You can request deletion of your data in certain circumstances; (4) Right to Restrict Processing: You can ask us to limit how we use your data; (5) Right to Data Portability: You can request a machine-readable copy of your data for transfer to another service; (6) Right to Object: You can object to certain types of processing; (7) Rights Related to Automated Decision Making: You have protections against solely automated decisions with legal effects; (8) Right to Withdraw Consent: You can withdraw previously given consent at any time.
To exercise any of your data protection rights, please submit a request by emailing [email protected] or through your account settings. We will respond to all legitimate requests within one month. If your request is complex, we may extend our response time by up to two additional months, but we will notify you if that is the case. There is no fee for exercising your rights, but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions related to this GDPR information page and our privacy practices. If you have questions or concerns about our data processing activities, you can contact our DPO at [email protected] or by mail at: Data Protection Officer, Anatomy.se, Pionjärgatan 12, 58734 Linköping, Sweden.
We conduct Data Protection Impact Assessments (DPIAs) when processing operations may result in a high risk to individuals' rights and freedoms, particularly for new technologies or when processing health-related data for research purposes. These assessments help us identify and minimize data protection risks.
If we transfer your personal data outside the European Economic Area (EEA), we ensure that adequate safeguards are in place. These may include Standard Contractual Clauses approved by the European Commission, Binding Corporate Rules, or other legally approved transfer mechanisms. You can request information about these safeguards by contacting our Data Protection Officer.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, when possible, within 72 hours after becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority. In Sweden, the supervisory authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten). However, we encourage you to contact us first, so we can try to resolve your concerns directly.
The GDPR provides certain derogations for scientific research, allowing for some flexibility while maintaining strong protections. Our research practices incorporate data minimization, pseudonymization where possible, and strong technical and organizational measures to protect your data. All research conducted through our platform must comply with both GDPR and relevant ethical standards for medical research.
