Data protection and security are important to Lyfegen HealthTech AG (“Lyfegen”, “we” or “us”). Lyfegen is committed to processing your personal data responsibly and in compliance with legal requirements. This Privacy Notice describes how we collect and further process personal data when you visit our website at lyfegen.com or, once registered as a user, use our online apps and services Lyfeapp and/or Lyfevalue (“Online Services”), provided through our platform (collectively referred to as the “Platform”).
The term “personal data” in this Privacy Notice means any information that identifies, or could reasonably be used to identify, a person.
While this Privacy Notice is drafted to be in line with the EU General Data Protection Regulation (“GDPR”) in addition to the Swiss Data Protection Act (“DPA”), this does not mean that our processing of your personal data is subject to the GDPR.
The “controller” of data processing as described in this Privacy Notice (i.e. the responsible person) is Lyfegen HealthTech AG, Aeschenvorstadt 57, 4051 Basel, Switzerland, [email protected]
If you have any questions about this Privacy Notice or about data protection at Lyfegen in general, please write to: [email protected]
We collect your personal data when you use our website, create a new Lyfegen account and subsequently use our Platform, provide us with information via a web form, update information in your Lyfegen account or otherwise interact with us.
b. Personal data we collect and process in order to make our website available
You can visit our website and obtain certain information about our Online Services without telling us who you are. However, the server of our webhosting provider logs and temporarily stores certain technical data.
Such data includes the IP address and operating system of your device, the date and time of access, the URL you visited, the type of browser you use and the geographic region from which you access the website. This is necessary to make the website available to you.
c. Data we collect and process in order to allow you to open and maintain an account on the Platform and use it, in particular for the purposes of implementing value-based agreements
If you create a Lyfegen account or otherwise use our Online Services provided through the Platform, we will collect and process the information you provide to us. In the account registration process, we ask you to provide us with information about you (e.g. your first and last name, email address, telephone number) and, if you are not yourself the user, the company you work for or represent.
Once you have logged in to our Platform, your activities will be logged by our Online Services and such data may be reviewed for security, operational, legal and other legally permitted reasons.
d. Data we collect and process in order to reply to your inquiries and send marketing mails
If you contact us using the contact form or by email, we will collect and process the information you provide to us. This will regularly include personal data such as your first name and last name, email address, and information on your affiliation with a company you work for or represent.
We will use the personal data in order to respond to your inquiry, contact you if we have any questions about your inquiry or follow up on your inquiry.
Further, if you have a Lyfegen account, in order to keep you informed about new developments at Lyfegen or about our Online Services, we will send you our newsletter or other commercial communications by e-mail. If you are not part of our customer base and wish to receive such information, you can subscribe to our mailing list by using the banner “Keep me updated with news” on our website. We will ask you to provide us with your name and email address. After your registration to our mailing list, we will send you an e-mail with a confirmation link. When you click on the corresponding link, we will process the public IP address of the computer from which the link is activated together with the date and time of the click.
You may at any time opt-out from receiving our newsletter. You will find a link at the end of each newsletter and other commercial communications. This will not affect service mails we may send you as a registered user, for instance notifications regarding the use of our Online Services in accordance with the communication preference in your Lyfegen account, service interruptions or changes to this Privacy Notice.
e. Data we collect and process as a processor of our contractual partners
For information and transparency purposes, we inform you that as part of our Online Services, we may collect information about third parties (e.g. patients), including any personal data contained therein, from our contractual partners as part of our contracts with them. In such case, we will be acting as a processor (not a controller) of our contractual partners and will process such information only as instructed by, and on behalf of, the latter.
f. Data we collect for secondary use purposes
We collect personal data and use it for purposes not relating to a specific person, in particular for the purpose of statistics, research, development and benchmarking. In such case, we will ensure that the data is fully anonymized, meaning that all identifying information have been removed from the data so that is it not possible to identify the person behind the data.
We process your personal data as necessary for the purposes set forth in this Privacy Notice, and in accordance with applicable laws.
We primarily collect and process your personal data in order to make the website available, to provide you or your employer with which we have a contract with our Online Services for the purposes of performing such contract, to respond to your inquiries, as well as to comply with our legal obligations.
In addition, in line with applicable law and where appropriate, we may process your personal data and the personal data of third parties (insofar as you provide us with such data) for the following purposes, which are in our (or, as the case may be, any third parties’) legitimate interest, such as:
In certain cases we will ask you for separate consent to process your personal data, for e.g. for certain marketing activities. If you give us such a consent, we will only process your personal data to the appropriate extent. You may withdraw your consent at any time by informing us or by using the functionality provided in individual cases (e.g. unsubscribe link in newsletters). However, your withdrawal will not affect the legality of the data processing carried out prior to the withdrawal, or of processing based on another legal basis.
We have implemented adequate technical and organizational measures, commensurate with the level of known risk, to protect the confidentiality and integrity of your personal data processed. However, Internet- based data transmissions may have security gaps, so absolute protection cannot be guaranteed.
We process and retain your personal data as long as required for the performance of our contractual obligations and compliance with legal obligations or other purposes pursued with the processing, i.e. for the duration of the entire contractual relationship (from the beginning of the contract to its termination) as well as beyond this duration pursuant to legal retention and documentation obligations. Personal data may be retained for the period during which claims can be asserted against Lyfegen (i.e. particularly during statutory limitation periods) or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g. for evidence and documentation purposes).
As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized, as far as possible. In principle, shorter retention periods, of no more than twelve months, apply for operational data (e.g., system logs).
Specifically, personal data related to your user account, including your usage of the Platform, is usually stored for as long as you maintain such account, and usually for five years thereafter. Website log files are usually kept by us for as long as needed.
In connection with the provision of the Platform and our software services, or compliance with our legal obligations, our own legitimate interests and for the other purposes laid out above, it may be necessary for us to share your personal data with our external service providers, other business partners, companies that are affiliated with us, other users of the Platform and public authorities worldwide.
The data sharing may include transfers to companies, authorities or organizations worldwide, including to countries that do not have an adequate level of data protection. In these cases, we will transfer personal data in accordance with the provisions of the DPA or, where applicable, the GDPR, including Standard Contractual Clauses in their available version at the time of use, subject to having put in place additional technical and organizational measures to ensure a level of protection essentially equivalent to that guaranteed by the DPA or the GDPR where the circumstances so require or, where applicable and permitted, on the grounds of the performance of a contract, because it is public content, because we have your consent or because the disclosure is necessary for a legal action or proceeding before a foreign court or other public authority.
In accordance with and as far as provided by the DPA or other applicable law (which may happen to be the GDPR), you have the right to access, rectify and erase of your personal data, the right to restriction of processing or to object to our data processing in addition to the right to receive certain personal data for transfer to another controller (data portability).
Please note, however, that your rights are subject to exceptions or derogations. To the extent permitted by law, we may refuse your request to exercise these rights. We may need to further process and retain your personal data in order to perform a contract with you or your company or organization, to comply with legal obligations or to protect our own legitimate interests or the rights of others. If exercising certain rights incurs costs for you, we will notify you thereof in advance. We have already informed you of the possibility to withdraw consent in Section 3 above.
In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents when your identity is not evident otherwise or cannot be verified in another way). In order to assert these rights, please contact us at the addresses provided in Section 1 above.
In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority, which for the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_en.
This Privacy Notice may be amended at any time without prior notice. The current version published on our Platformshall apply. If the Privacy Notice is part of or related to an agreement with you, we will notify you by e-mail or other appropriate means if there is an amendment.
A cookie is a small text file that is sent to your computer and automatically saved by the web browser on your computer or mobile device, when you visit our Platform. If you revisit our Platform, we may recognize you, even if we do not know your identity. We distinguish between cookies that are absolutely necessary for the technical functions of the Platform and other optional cookies. Optional cookies set by us usually have a lifetime of 24 months.
b. Necessary cookies
Some cookies are absolutely necessary for the functioning of our Platform. They are usually only set in response to an action you have selected and ensure, for example, that you can log in, fill in forms and use contact forms. Since such cookies are absolutely necessary for the functioning of our Platform, they cannot be deactivated. They only exist temporarily for the duration of your visit to our Platform.
c. Functional Cookies
We use functional cookies that primarily serve the user comfort (such as saving language settings, text entries in form fields, etc.). You are free to accept or reject functional cookies. If you do not allow them, you will not be able to use certain functions.
Cookies can at any given moment be removed through your browser. Please verify with your browser provider how to do this.
d. Performance cookies
In order to further improve our Platform and to adjust it to your individual needs, we collect information about how you interact with our Platform by means of so-called performance cookies.
Among other things we use the analysis service “Google Analytics” of Google LL.C. For users in Switzerland and the European Economic Area (EEA) the responsible service provider is Google Ireland Limited. Google Analytics uses its own performance cookies to compile reports on the activities of users on our Platform and to provide us with other services associated with the use of the Platform. In doing so, data such as the duration and frequency of sub-pages called up and the geographical location of access are collected.
We use Google Analytics only with activated IP anonymization. This means that your IP address will be shortened in Switzerland or the EEA. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. Accordingly, Google stores the information collected via performance cookies only in anonymized form and processes it in aggregated form. You can access Google’s privacy policies at https://policies.google.com and deactivate Google Analytics by using the following browser add-on: https://tools.google.com/dlpage/gaoptout
Cookies can at any given moment be removed through your browser. Please verify with your browser provider how to do this.
e. Marketing cookies
Both our advertising partners and we use marketing cookies to deliver personalized and targeted advertising to you inside and outside of our Platform. You are free to accept or reject marketing cookies. If you choose not to accept these cookies, the advertisements you see will be less tailored to you.
Cookies can at any given moment be removed through your browser. Please verify with your browser provider how to do this.
We have integrated components of LinkedIn on our website.
LinkedIn is a web-based social network that enables users with existing business contacts to connect and to make new business contacts. Over 400 million registered people in more than 200 countries use LinkedIn. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.
With each call-up to one of the individual pages of this website on which a LinkedIn component (LinkedIn plug-in) is integrated, your browser is automatically prompted to the download a display of the corresponding LinkedIn plug-in. Further information about the LinkedIn plug-in is available at https://developer.linkedin.com/plugins. The result is that LinkedIn gains knowledge of what page of our website you visit.
If you are logged in at the same time to the LinkedIn website, LinkedIn detects what specific sub-pages of our website you visit. This information is collected through the LinkedIn component and associated with your LinkedIn account. If you click on one of the LinkedIn buttons integrated on our website, then LinkedIn assigns this information to your personal LinkedIn user account and stores the personal data.
LinkedIn receives information via the LinkedIn component when you visit our website if you are logged into LinkedIn at the same time. This occurs regardless of whether you click the LinkedIn button or not. If you wish to prevent the transmission of information to LinkedIn, then you should sign out of LinkedIn using our website.
Twitter is a multilingual, publicly-accessible microblogging service on which users may publish and spread so-called “tweets”, e.g. short messages, which are limited to 280 characters. These short messages are available for everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.
The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States of America.
We have integrated a Twitter component in our website. The purpose of the Twitter component is to allow visitors to tweet content from our website and share that content with their followers and the wider digital world. With each call to a page in the NUDGEIT site, your browser is automatically prompted to download a display of the corresponding Twitter component. Further information about the Twitter buttons is available online (https://developer.twitter.com/en/docs/twitter-for-websites/tweet-button/overview). The Twitter component tells Twitter what pages you visit on our website.
If you are logged in at the same time on Twitter, Twitter learns what pages you visit on our site. This information is collected through the Twitter component and associated with your Twitter account. If you click on one of the Twitter buttons integrated on our website, then Twitter assigns this information to your personal Twitter user account and stores the personal data.
Twitter receives information via the Twitter component that you visited our website, if you are logged in on Twitter at the time. This occurs regardless of whether you click on the Twitter component or not. If such a transmission of information to Twitter is not desirable, then you can prevent this by logging off from their Twitter account before accessing our website. The applicable data protection provisions of Twitter are available online (https://twitter.com/privacy?lang=en).
We have integrated the Google+ button as a component. Google+ is a so-called social network. A social network is a social meeting place on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Google+ allows users of the social network to include the creation of private profiles, upload photos and network through friend requests.
The operating company of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States of America.
With each call-up to one of the individual pages of this website on which a Google+ button has been integrated, your browser automatically downloads a display of the corresponding Google+ button of Google through the respective Google+ button component. During the course of this technical procedure, Google is made aware of what specific sub-page of our website was visited by you. More detailed information about Google+ is available under https://developers.google.com/+/.
If you are logged in at the same time to Google+, Google recognizes with each call-up to our website by you and for the entire duration of your stay on our website, which specific sub-pages of our website were visited by the data subject. This information is collected through the Google+ button and Google matches this with the respective Google+ account associated with you.
If you click on the Google+ button integrated on our website and thus gives a Google+ 1 recommendation, then Google assigns this information to your personal Google+ user account and stores the personal data. Google stores your Google+ 1 recommendation, making it publicly available in accordance with the terms and conditions accepted by you in this regard. Subsequently, a Google+ 1 recommendation given by you on this website together with other personal data, such as the Google+ account name you used and the stored photo, is stored and processed on other Google services, such as search-engine results of the Google search engine, your Google account or in other places, e.g. on Internet pages, or in relation to advertisements. Google is also able to link the visit to this website with other personal data stored on Google. Google further records this personal information with the purpose of improving or optimizing the various Google services.
Through the Google+ button, Google receives information that you visited our website, if at the time of the call-up to our website you are logged in to Google+. This occurs regardless of whether you click or not on the Google+ button.
If you do not wish to transmit personal data to Google, you may prevent such transmission by logging out of his Google+ account before calling up our website.
Further information and the data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/. More references from Google about the Google+ 1 button may be obtained under https://developers.google.com/+/web/buttons-policy.
We have integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States of America.
For web analytics through Google Analytics the controller uses the application “_gat. _anonymizeIp”. By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.
Google Analytics places a cookie on your information technology system. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this website, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on your information technology system will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as your IP address, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of your visits on our website. With each visit to our website, such personal data, including the IP address of the Internet access that you use, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
You may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on your information technology system. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
We use integrated components of Facebook on our website.
Facebook is a social network. A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. The controller for data subjects in the EEA is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
We has integrated a Facebook component into our website. When you visit a page on the site, the Facebook plug-in makes Facebook aware of the visit. You can read an overview of Facebook plug-ins online (https://developers.facebook.com/docs/plugins).
If you are logged in at the same time on Facebook, Facebook detects what pages you visit. This information is collected through the Facebook plug-in. If you click on one of the Facebook buttons integrated into our website, e.g. the “Like” button, or if you submit a comment, Facebook matches this information with your personal Facebook user account and stores the personal data.
Facebook always receives, through the Facebook plug-in, information about your visits to our website if you are logged in at the same time to Facebook during that visit. This occurs regardless of whether you click on the Facebook component or not. If you do not want this data to be sent to Facebook, then you can prevent this by logging off from your Facebook account before you visit our website.
The data protection guideline published by Facebook provides information about the collection, processing and use of personal data by Facebook (https://www.facebook.com/about/privacy). In addition, it explains what setting options Facebook offers to protect your privacy. In addition, different configuration options are made available to stop data transmission to Facebook.