Privacy Notice | preventFLU

PRIVACY NOTICE

for using websites, mobile applications or other electronic platforms

The purpose of this Privacy Notice is to inform you about the processing of your personal data in connection with your use of Swixx Biopharma AG electronic platforms, including but not limited to websites and mobile applications owned and/or operated by Swixx BioPharma (hereinafter referred to as the “Electronic Platforms”).

Who is the data controller?

The data controller is Swixx Biopharma AG, a company established and operating under Swiss law, having its registered seat at Neuhofstrasse 5A, CH-6340 Baar, Switzerland, email info@swixxbiopharma.com, UID: CHE-147.465.430 (hereinafter referred to as the “Data Controller”, “SWIXX”, “we”, “us”, or “our”).

What are the purposes and legal grounds for processing your personal data?

In order to grant you access to the Electronic Platforms, we may process the following personal data: your name, surname, email address, specialization, country of work, the hospital, institution or organization where you work, as well as your chosen username and password, based on your consent (GDPR 6.1.a).

If the content of an Electronic Platform is intended for healthcare professionals only, SWIXX may request additional personal data to verify your status as a healthcare professional (e.g. medical license number), pursuant to applicable legal obligation established by a concrete law (GDPR 6.1.c) or based on SWIXX’s legitimate interest (GDPR 6.1.f), which is to ensure that the information provided on the Electronic Platforms and intended for healthcare professionals is restricted to qualified individuals only.

If you do not provide the aforementioned information, SWIXX may not be able to grant you access to the Electronic Platforms.

In addition, SWIXX may process your personal data for the purposes of ensuring the security of the Electronic Platforms and performing statistical analysis, which helps us to understand general usage trends and improve the Electronic Platforms’ content. This may include your username and password, login and logout dates and times, IP address and device information, details of accessed content, and the time spent on activities within the Electronic Platforms. Please note that if you provide ratings or receive scores during activities on the Electronic Platforms, these are aggregated, and we do not see which users provided specific ratings or received scores. Personal data is processed based on SWIXX’s legitimate interest (GDPR 6.1.f), in particular to maintain a secure and properly functioning Electronic Platform, to prevent misuse, and to improve the Platforms through aggregated statistical analysis.

SWIXX may also conduct surveys to collect feedback and assess satisfaction with the Electronic Platforms, based on SWIXX’s legitimate interest (GDPR 6.1.f), i.e. to make improvements to the Electronic Platforms to better reflect user expectations and enhance individual experience when interacting the Electronic Platforms.

The Electronic Platforms may support newsletters or similar functions. We may process your name, surname, specialization, country where you work, hospital / institution / organization where you work, email address, and phone number based on your consent (GDPR 6.1.a) for the purpose of sending newsletters or similar communications.

Please note that if you report an adverse event, quality complaint, or request medical information, details on personal data processing are provided here: https://www.swixxbiopharma.com/en/privacy_notice_pharmacovigilance_medical_information_request_quality_complaints/. For other interactions with SWIXX, information on personal data processing is available at https://www.swixxbiopharma.com/en/privacy_policy/.

What is the data retention period?

We usually retain personal data processed on legal grounds other than consent for up to 10 years, unless a longer or shorter period is required by law. This may be necessary, for example, to meet document-retention obligations or to protect our legal rights.

Personal data processed for the Electronic Platforms’ security and statistical purposes, as described above, is typically retained for no longer than 12 months, unless longer retention is required for legal or security reasons.

Personal data processed on the basis of your consent will be retained until you withdraw your consent, unless SWIXX determines that the purposes have been achieved and deletes your personal data. Notwithstanding withdrawal of consent, SWIXX may be required to retain certain personal data in order to establish, exercise, or defend legal claims in court.

Who are the recipients of your personal data?

SWIXX protects personal data using technical and organizational measures; however, due to the nature of SWIXX’s activities, personal data may be transferred to the following recipients:

• SWIXX related companies, listed at https://www.swixxbiopharma.com/en/countries/;
• SWIXX partners whose products SWIXX distributes, promotes, or represents, listed at https://www.swixxbiopharma.com/partners.htm;
• Consultants, IT providers, and other service providers enabling them to perform their functions.

Taking into account that your personal data might be processed not only within the EU but also in Switzerland and non-EU countries, we inform you that your data will be protected at the same level as in the EU, based on the following safeguards: a) Transfers between Swixx BioPharma affiliates or other entities located in countries recognized by the European Commission as providing adequate protection of personal data (see https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en); b) Transfers to entities located in non-EEA countries without an adequacy decision are based on the European Commission’s Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses; or c) Other applicable safeguards referred to in GDPR Chapter V.

What are your data subject rights?

You, as a data subject, have the following rights regarding the processing of your personal data:

• To be informed about how and why SWIXX uses your personal data (this Privacy Notice serves that purpose);
• To request a copy of the personal data that SWIXX holds about you and details of how it is used;
• To amend or rectify your personal data if any information is incorrect or outdated;
• To data portability;
• To request the erasure of your personal data;
• To request that SWIXX ceases or restricts processing of your personal data;
• To withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (note that SWIXX may still need to retain certain data where required by law);
• To obtain a copy of the appropriate safeguards used for data transfers to third countries or international organizations;
• To lodge a complaint with the supervisory authority in your country of work (see https://www.edpb.europa.eu/about-edpb/about-edpb/members_en) or with the Swiss Federal Data Protection and Information Commissioner (see https://www.edoeb.admin.ch/en).

How can you exercise your rights or get more information?

If you would like to access, review, correct, delete, or port the personal data SWIXX has collected about you, assert a right regarding your personal data, or discuss how SWIXX processes your data, please contact SWIXX at data@swixxbiopharma.com. SWIXX will respond within one calendar month.