Concept for data protection-compliant data processing in the research project
"Users' preferences and researchers' assessments of mobile app features that support the formation of healthy habits"
in compliance with Art. 5 GDPR
1. Who is conducting the research project?
The research project is conducted as part of a master's thesis at the Research Group Digital Health at the Dresden University of Technology, located at Münchner Platz 3 in 01087 Dresden, Germany.
2. For which explicit and legitimate purposes are the data processed (Art. 5 Abs. 1 lit. b DSGVO)?
The aim of this study is to investigate both users’ preferences and researchers' assessments of mobile app features that support the formation of healthy habits. The results should help to gain a better understanding of important features to consider before developing future habit apps.
3. What are the inclusion and exclusion criteria for the study participants?
Participation is open to individuals who are fluent in English, 18 years or older, and have experience in forming healthy habits, with or without habit apps, or are engaged in habit research. Consequently, individuals who are not fluent in English, 18 years or older, and have no experience in forming healthy habits, or are not engaged in habit research, can not participate in the survey.
4. Which personal data is used?
The subsequent personal data is used in compliance with Art. 5 para. 1 lit. c GDPR (General Data Protection Regulation):
- Demographic data (age, gender, highest level of education, and place of residence)
- Experience in habit formation (information whether an individual is currently forming a habit or has already formed one, habit strength, habit app usage, and frequency of habit app usage) or engagement in habit research
- Preferences or assessments of mobile app features that support the formation of healthy habits
5. What is the legal basis for the processing of personal data?
The processing is carried out according to Art. 6 para. 1 subpar. 1 lit. a and Art. 9 para. 2 lit. a GDPR (General Data Protection Regulation).
6. How is the research project implemented?
For the research object a survey is conducted using the online tool LimeSurvey. By participating, the data policy of LimeSurvey is accepted, which can be found here. Participation in the survey is voluntary.
7. What technical and organizational measures are taken to ensure privacy and data protection in compliance with Art. 5 para. 1 lit. e and f GDPR (General Data Protection Regulation)?
The data is collected anonymously and will only be analysed for the purpose of a master’s thesis, with no sharing of the data with third parties. Only the authors of the survey have access to the data. To obtain the data, password and two-factor authentication is required. Upon the competition of the analysis in April 2024, all data within the online tool LimeSurvey will be deleted.
8. What is the overall assessment of the risk of data processing for the participants?
Considering the measures outlined in point 7, the overall risk of data processing can be assumed to be low.
If you have any questions, you can contact Michaela Loredana Sitzberger at michaela_loredana.sitzberger@mailbox.tu-dresden.de.