Privacy Policy

1. Who is responsible for your personal data?

In this privacy policy, we describe how we collect and process your personal data when:

• you visit our website;
• you use our services and the CARE App;
• you apply for a position with us;
• we receive your personal data for other purposes within the scope of our business activities.

Contact Information

Care Preventive AG
Neuwiesenstrasse 15
CH-8400 Winterthur
[email protected]

2. What personal data do we process?

2.1 When you visit our website

When you visit our website, the server automatically logs general technical information. This data includes, for example, the IP address and operating system of your device, the date and time of your visit, the website you came from, and the type of browser you use to access our website.

If you contact us through the website (e.g., through the booking tool, contact form, or WhatsApp), we process your contact details and other personal data you provide us with, as well as, if applicable, technical data that may accrue during the use of the respective means of communication.

We use cookies and other tracking technologies to ensure the functionality of our website, make it more user-friendly, evaluate the use of our website, collect information for improving our offerings, and for marketing purposes. More information can be found in our Cookie Policy.

We also use social media plugins and embedded media from external platforms such as YouTube, for example to offer you multimedia content. When you access a page on our website where a plugin or embedded media is present, certain technical data is automatically transmitted to the provider of these services. If you have an account with the relevant provider and are logged in, this interaction may also be captured. Please consult the privacy policies of the respective providers for more information about their data collection and processing.

2.2 When you use our services

When you use our services (e.g., book and attend appointments, undergo analyses or treatments, etc.), we process the following personal data about you:

• Identification data (name, ID, etc.);
• Contact details (e.g., email, address, phone number, etc.);
• Health data (for example, information about general health condition and lifestyle, possible medications, etc., as well as test results such as biomarkers, blood pressure, ECG values, etc.);
• Communication content;
• Payment data;
• Other relevant personal data you provide to us;
• Technical data, if the process takes place through our website (including integrated services) or the CARE App (see above, “When you visit our website”, as well as the section directly below this).

Within the CARE App, we process the following personal data:

• Login data;
• Contact details (e.g., email, address, phone number, etc.);
• Health data;
• Communication content;
• Other relevant personal data you provide to us;
• Technical data (in particular, logs, usage data, etc.).

Health data is considered sensitive personal data under data protection laws, subject to a higher level of protection. For this reason, you will find additional information in this privacy policy on how we handle and protect your health data.

2.3 When you apply for a position with us

When you apply for a position with us, we collect and process the necessary personal data to review your application and conduct the application process. This includes, in particular:

• Identification data (name, first name, etc.);
• Contact details (e.g., email, address, phone number, etc.);
• Communication content;
• Information about your professional background and qualifications;
• The content of your application;
• Other data necessary for the review of your application.

You submit most of this data directly to us as part of your application. In addition, we process data from other sources, in particular from references (if you have consented to references being obtained), as well as from publicly accessible sources (e.g. professional social networks, the internet).

2.4 When we receive your personal data for other purposes within the scope of our business activities

In the course of our business activities, we process personal data of other individuals, such as our contacts at business partners, suppliers, and service providers, or persons who are interested in our services. The personal data we process in this context primarily includes identification data, contact details, and communication content, as well as other relevant personal data.

We receive this data either directly from you or from other sources, such as your coworkers, our business partners and other contacts, as well as from publicly available sources (e.g. social networks).

3. For what purposes do we process your personal data?

We process your personal data:

• to prepare, conclude, fulfill, and enforce contracts within the scope of our business activities. This includes contracts related to our services: In this context, we also process your health data, for example, for the preparation, execution, and follow-up of analyses and treatments, for visualizing and contextualizing your health status and test results in the CARE App, and for personalized treatment and other health-related recommendations.
• based on and within the scope of your consent, if applicable. You can revoke your consent at any time.
• to comply with legal obligations (e.g., retention of patient records).
• as part of our interests to communicate with you and third parties (even outside the preparation or conclusion of a contract), to provide the website and the CARE App, to optimize your user experience, to maintain and potentially expand our business relationship with you, to improve, expand, and market our offerings, to ensure IT security and data protection, and to enforce, defend, or avert legal claims.

We may create evaluations and statistics based on your data (including health data) to provide you with personalized treatment and other health-related recommendations, to improve, expand, and market our offerings, and for research purposes. Whenever possible, your personal data will be anonymized or pseudonymized before evaluation.

Based on our interest in informing individuals interested in our offerings about new developments, we can send you marketing information (e.g., via a newsletter). These marketing emails may contain visible or invisible images. When you download these images from the server, we can see whether and when you have opened the email. This allows us to better understand how you use our offerings and customize them for you. You can turn off this feature in your email program. You also have the option to opt out of receiving our marketing emails at any time.

When do we disclose your personal data to third parties?

To fulfill a contract, protect our interests, or comply with legal requirements, it may be necessary for us to disclose your personal data to third parties. This includes, in particular:

• Our IT service providers, lab partners, manufacturers of diagnostic devices we use for analyses, as well as third-party providers in the areas of payment transactions, billing, collection, consulting, sales, and marketing;
• Third parties to whom we transfer our company or parts thereof, or with whom we merge;
• Cases where disclosure is necessary to
  • (i) comply with legal obligations,
  • (ii) ensure IT security and data protection, or
  • (iii) enforce, defend, or avert legal claims.

In this context, we also transfer personal data abroad. In particular, we use IT service providers with data locations in the EU or the EEA. We limit the transfer of personal data outside Switzerland, the EU, and the EEA as far as possible, but it cannot be entirely avoided. If the respective recipient country does not have a level of data protection recognized by Switzerland, we use standard contractual clauses to ensure adequate data protection, where necessary and possible supplemented by additional security measures.

We may share your data (including health data) for research purposes with private or public research institutions (a) with your consent or (b) if you if are not identifiable as the data subject for the research institution (anonymized or pseudonymized data) and do not object to the use of your data for research purposes after having been adequately informed.

Your family doctor or other healthcare provider may be granted access to your data in the CARE app if you so wish.

We do not sell or rent personal data to third parties.

5. Data security

We protect your personal data with appropriate technical and organizational security measures against accidental, unlawful, or unauthorized manipulation, deletion, alteration, access, disclosure, use, or loss. In particular, we have a state-of-the-art IT infrastructure, and our employees only have access to your personal data to the extent necessary or reasonable for the fulfillment of their tasks.

The following measures, in particular, protect your health data in the CARE App and in our patient database:

• Redundant data storage in Frankfurt (DE) and Paris (FR);
• Access restrictions;
• 2-factor authentication;
• Encryption in transit and at rest;
• Server access only via SSH protocol;
• Logging of changes to the data.

6. How long do we retain your personal data?

We store your personal data only for as long as and to the extent necessary for the purposes described or for legal reasons.

For legal reasons, data related to analyses and treatments (patient records) is retained for 20 years. Health data from deactivated CARE App accounts is archived accordingly.

7. What rights do you have in connection with your personal data?

If provided for and subject to the conditions of the applicable data protection laws, you have the following rights in connection with your personal data:

• Right to access your personal data;
• Right to have inaccurate personal data rectified;
• Right to erasure ("right to be forgotten");
• Right to restrict the processing of your personal data;
• Right to data portability (transfer of your personal data to you or a third party);
• Right to object to the processing of your personal data.

Please note that exceptions apply to these rights. In particular, we may be obliged or entitled to further process your personal data to fulfill a contract, to protect our legitimate interests such as enforcing, defending, or averting legal claims, or to comply with legal obligations. In these cases, we can or must reject certain requests or comply with them only to a limited extent.

8. Complaints

If you are not satisfied with how we process your personal data, you have the right to file a complaint with the relevant supervisory authority (Federal Data Protection and Information Commissioner, FDPIC).

Please contact us first before filing a complaint. This way, we can try to resolve your issue directly. The easiest way to contact us is by email at [email protected].

9. Links to other websites

Our website may link to third-party websites that are not operated or controlled by us. We are not responsible for whether and how these third parties comply with data protection regulations.

10. Changes to this privacy policy

We may modify this privacy policy from time to time. New versions become effective for you as soon as we have notified you by publishing them on our website.