Data Protection Policy

We, PeakData AG, are pleased about your visit to our website and your interest in our products and services. We take the protection of your personal data and their confidential treatment seriously.

Your personal data will be processed in accordance with the legal provisions of the data protection laws of Switzerland and the European Union, in particular the General Data Protection Regulation (hereinafter “GDPR”).

With this Data Protection Policy we would like to inform you about the processing of your personal data and about your rights as a data subject in the context of the processing of your personal data by us. The terms used, such as “personal data” or their “processing” correspond to the definitions in Art. 4 GDPR.

1. Controller,  Data Protection Officer and Representative

The controller responsible for data processing is:

PeakData AG

Gutsch 11,

CH – 6319 Allenwinden

You can contact our data protection officer, Tom McNamara, using the following contact details:

privacy@peakdata.ch

Our EU Representative is Kimura Ltd.

We would like to point out that our company is based in Switzerland and that data processing also takes place in Switzerland. For Switzerland, the European Commission has taken a so-called adequacy decision within the meaning of Art. 45 para. 3 GDPR.

2. Subject of data protection

The subject of data protection is personal data. This is all information relating to an identified or identifiable natural person (so-called data subject).

3. Data processing when you visit our website

The use of our website is generally possible without registration and without you providing us personal data. However, even if you use our website in this way for purely informational purposes, personal data may be collected and processed automatically. In the following you will find an overview of the type, scope, purposes and legal basis of such data processing via our website.

a. Provision of our website

When your terminal device accesses our website, the following data is automatically recorded and processed by us using server log files. This includes date and time of access, duration of the visit, content of the request (specific page), type of terminal device, operating system used and its interface, language and version of the browser software, access status/HTTP status code, the functions you use, amount of data sent, type of event, referrer URL, domain name, IP address.

We process this data on the basis of our legitimate interests in the sense of Art. 6 para. 1 letter f) GDPR, namely for the provision and display of the website, for securing and maintaining technical operations, for the purpose of identifying and eliminating faults and for security reasons (e.g. to clarify cases of abuse or fraud). When you visit our website, this data is processed automatically. Without this provision you cannot use our website. We do not use this data for the purpose of drawing conclusions about your identity.

The collected data is usually deleted after 30 days, unless we need it longer for the above mentioned purposes in exceptional cases. In such a case we delete the data immediately after the purpose has been fulfilled.

b. Cookies

So-called cookies, i.e. small text files, can be stored on your end device when you visit our website in order to offer you a comprehensive range of functions, to make use more convenient and to be able to optimise our offers. If you do not wish cookies to be used, you can prevent cookies from being stored on your device by making the appropriate settings in your Internet browser, or you can use special options for objection. Please note that the functionality and range of functions of our website may be limited by this. For further information about our use of cookies, please see our cookies policy (link)

4. Contact

If you provide us with personal data by e-mail or via a contact form, this is always done on a voluntary basis. Your data will be processed by us for the purpose of handling your contact request and its processing in accordance with Art. 6 para. 1 lit. b) GDPR (for the performance of a contract) and, if necessary, will also be passed on to third parties in this context. We will delete the data you have provided as soon as the purpose of the collection is no longer applicable, provided that no new legal basis intervenes (e.g. further processing of the data is necessary to fulfil a concluded contract) and there are no legal storage obligations.

5. Newsletter

If you register for a newsletter, we store your e-mail address as well as automatically your IP address and the times of registration and confirmation. In this way we can prove that you have actually registered and, if necessary, detect any misuse of your e-mail address. We process your data for this based on Art. 6 para. 1 sentence 1 lit. a) GDPR (consent).

You will find an unsubscribe link in every issue of our newsletter with which you can withdraw your consent to receive the newsletter.

If you are already using our services as our customer , we will send you a newsletter with updates for you on our products and services in regular intervals to the e-mail address we have on file, as long as you have not objected to its use. The objection can be made without incurring any costs other than the transmission costs according to the basic rates.

We base this form of data processing on Art. 6 para. 1 sentence 1 lit. f) GDPR (legitimate interests). We will only inform you about new features in our services and similar services within the scope of our products and services. If you do not wish to receive such a newsletter, you can contact us at any time or you can cancel your subscription (unsubscribe from the newsletter) directly in the newsletter itself by clicking on the link provided in the newsletter.

6. Data processing for Platform Services

If you decide to make use of our services, you must register on our respective platform. We collect the following data from our customers during the registration process:

  • work email address
  • First name, last name
  • Optional avatar or photo

When logging in to our platform, we store the current IP address of the user and the last log-in.

Furthermore, we record the interactions of our registered customers which are carried out within the framework of platform use. These include:

  • Access of profiles of institutions
  • Access of profiles of professionals
  • Access to information on the website
  • Setting of filters by the user

We process this data on the basis of our contractual relationships within the meaning of Art. 6 para. 1 lit. b) GDPR and our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR to ensure and maintain technical  operations, for the purpose of identifying and eliminating faults and for security reasons (e.g. to clarify cases of abuse or fraud).

Data processing on data subjects from publicly available sources

For our platform services we also collect personal data on data subjects from publicly available sources in particular public websites.

The data we collect include for Healthcare Professionals:

  • Name of Healthcare professional (including titles)
  • Professional Contact details
  • Professional Status (institution for which the healthcare professional is working/ed, working title, field of specialization)
  • Research Papers published by the Healthcare professional and all information relevant to the publications
  • Clinical trials associated with the Healthcare professional and all information relevant to the clinical trials
  • Medical associations associated with the Healthcare professional
  • Conferences and scientific events in which the Healthcare professional participated
  • Grants and funding associated with the Healthcare professional

for Healthcare institutions:

  • Name of the institution
  • Field of specialisations of the Healthcare Institutions
  • Names of Relevant Healthcare Professionals
  • Contact details for the Healthcare Institution
  • Clinical trials associated with institution
  • Publications associated with institution
  • Specializations, services and equipment of the institution

We primarily process this personal data to match professionals to the queries of our platform customers. This matching decision is based on our pattern recognition algorithms. Information on a data subject appears only if the profile of the data subject matches the fields of specialization our customer is interested in. Our processing of data is based on legitimate interests Art. 6 para 1 lit. f GDPR.  Informing the Healthcare Professionals of this data processing would involve a disproportionate effort. Instead, as a healthcare professional, you have the right to object to this processing of your personal data at any time and the right to exercise all other data subjects rights available and described in Section 9 of this Data Protection Policy.

Our platform customers (i.e. primarily healthcare companies) use the personal data concerning Healthcare Professionals and Healthcare Institutions collected from publicly available sources to discover potential customers, to contact the representatives in charge of (potential) customers and to keep track of (potential) customers.

7. Recipients of personal data and data transfers abroad

We will give our platform customers (i.e. primarily diagnostics companies) access to the personal data concerning Healthcare Professionals and Healthcare Institutions collected from publicly available sources in order for them to discover potential customers, to contact the representatives in charge of (potential) customers and to keep track of (potential) customers, as described and in line with the purposes of the data processing set out in Section 6 of this Data Protection Policy, we provide third parties access to your personal data, in particular, the following categories of recipients may be concerned:

  • our subcontractors, service providers (e.g. for technical infrastructure and maintenance of our website), in order for them to process data for us;
  • platform customers;
  • domestic and foreign authorities or courts;
  • the public, including users of our websites and social media;
  • other parties in possible or pending legal proceedings;

together Recipients.

Certain Recipients may be within Switzerland but they may be located in any country worldwide. If we transfer data to a country without adequate legal data protection, we ensure an appropriate level of protection as legally required by way of using appropriate contracts or we rely on the statutory exceptions of consent, performance of contracts, the establishment, exercise or enforcement of legal claims or published personal data.

8. Storage limitation

We process your personal data in line with our retention schedule, or until:

  • We become aware that the stored data do no longer fulfil the purpose, for which they were collected;
  • we become aware that the stored data are no longer correct because your professional data have changed; or
  • You have requested deletion.

We assure to respect your objection insofar as no longer processing or storage is required for the fulfillment of a contractual relationship with us or according to mandatory law provisions (e.g. within the scope of commercial and tax law retention obligations), in which case we will only delete your data after these obligations have expired.

For more information about how long we store your data, please contact privacy@peakdata.ch

9. Data subjects rights

As a person affected by the data processing, you have numerous rights at your disposal. In detail, the following rights are entitled to the extent that the legal requirements are met:

  • Right of access to your personal data: You have the right to receive information about the data we have stored about you.
  • Right of correction and deletion: You can demand that we correct incorrect data and delete your data.
  • Restriction of processing: You can demand that we restrict the processing of your data.
  • Data portability: If you have provided us with data on the basis of a contract or consent, you may request that you receive the data provided by you in a structured, common and machine-readable format or that we transfer it to another responsible party.
  • Objection to data processing with legal basis “legitimate interest”: You have the right to object to data processing by us at any time for reasons arising from your particular situation, provided that this is based on the legal basis “legitimate interest”. If you exercise your right of objection, we will stop processing your data unless we can prove that there are compelling reasons for further processing worthy of protection which outweigh your rights.
  • Revocation of consent: If you have given us consent to process your data, you can revoke this consent at any time with effect for the future. The lawfulness of the processing of your data until revocation remains unaffected.
  • Right of complaint to the competent supervisory authority: You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data is contrary to the law. You can contact the data protection authority responsible for your place of residence or your country or the data protection authority responsible for us. A list of European supervisory authorities can be found here

Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims. If exercising certain rights will incur costs on you, we will notify you thereof in advance. Please further note that the exercise of these rights may be in conflict with your contractual obligations and this may result in consequences such as premature contract termination or involve costs. If this is the case, we will inform you in advance unless it has already been contractually agreed upon.

In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents where your identity is not evident otherwise or can be verified in another way). In order to assert these rights, please contact us at the addresses provided in Section 1 above.

10. Version

From time to time it may be necessary to adapt the content of this Data Protection Policy. We therefore reserve the right to change these at any time without prior notice. The current version published on our website shall apply. If the Data Protection Policy is part of an agreement with you, we will notify you by e-mail or other appropriate means in case of an amendment.

Status: 16.9.2020