This page tells you about what Diagram does with personal data, how we protect personal data and the rights you have under privacy legislation.


Diagram is a globally operating independent full service CRO able to support with the development, organisation and execution of clinical scientific research. Diagram was founded in 1996 in the Netherlands. In the past years, Diagram has acquired considerable expertise in supporting cardiovascular research including trials performed in the ambulance (pre-hospital phase) and e-health projects. Diagram’s quality management (NEN-EN-ISO 9001:2015 certified), strongly developed integrated e-health and information management team, data management and statistics team, project management team and international focus, makes them different from other CRO’s.


The purpose of this declaration is to provide a practical elaboration of the terms of the General Data Protection Regulation (GDPR). The declaration applies to the assimilation of personal data of Diagram.

Assimilation of personal data

To comply with legal and business obligations, Diagram collects personal data. This data will be used to facilitate clinical scientific research and to ameliorate the services. Personal data will be, in accordance with this declaration, carefully assimilated and only used for justified purposes. Data will only be assimilated by persons who are obliged by their profession and will handle the data as confidential information.

Duty to inform

The patient will be informed about the purpose of obtaining personal data before the data will be collected. If it is not possible to inform the patient on forehand due to circumstances, this will be done at the first occasion. The patient will be informed about their rights and duties by means of a personal conversation and the Informed Consent.

Clients will be informed about their data protection by means of the privacy statement of Diagram.

Retention period

Personal data of patients will no longer be stored than necessary for the assimilation of the purpose for which the data has been collected. Anonymized personal data will be saved for clinical scientific research.

Diagram will store personal data of clients in order to provide their services and to maintain the relationship with their client. In accordance with legal obligations Diagram will remove personal data if desired.

Security measures

Diagram has taken appropriate technical and organizational security measures to secure data of patients and clients against loss or against any form of infringing assimilation.  These measures guarantee a decent security level based on the risks that the assimilation and the kind of data involves.


Patients and clients have control over their own personal data collected and assimilated by Diagram. Each person involved has the right to:

  • Insight to personal data: on request those involved can gain insight to personal data or receive a digital copy of the saved data (data portability). Diagram can ask for a compensation for providing the digital copy. A written request for gaining insight or receiving a copy can be send to the data protection officer
  • Complement or correct personal data: data can be complemented or corrected by means of a declaration of the person involved concerning the recorded data. Data can be corrected when the assimilated data is incorrect. A written request for completion or correction can be send to the data protection officer. The data protection officer ensures that the request will be accomplished
  • Elimination of personal data: a written request for elimination of personal data can be send to the data protection officer. The data protection officer ensures that the requester will receive a message whether or not the request will be complied. A refusal will be backed up. The data protection officer will eliminate the data, unless it is reasonably acceptable that storage is material investment for someone else or when it is legally required


In case a person involved has a request for insight, completion, correction or elimination of personal data or if a person involved has the opinion that terms of this declaration are not being followed, than he can apply to the data protection officer of Diagram:

Sonja Postma, PhD
F.G. number: FG000964

Dokter Stolteweg 96
8025 AZ Zwolle
T: +31 (0)38 426 2999