Data Protection Policy

We, PeakData GmbH, are pleased about your visit to our website and your interest in our products and services. We take the protection of your personal data and their confidential treatment seriously.

Your personal data will be processed in accordance with the legal provisions of the data protection laws of Switzerland and the European Union, in particular the General Data Protection Regulation (hereinafter “GDPR”) .

With this data protection  policy we would like to inform you about the processing of your personal data and about your rights as a data subject in the context of the processing of your personal data by us. The terms used, such as “personal data” or their “processing” correspond to the definitions in Art. 4 GDPR.

1. Controller

The person responsible for data processing within the meaning of the data protection laws is:

PeakData GmbH
Credit 11,
6319 Allenwinden

privacy@peakdata.ch

We would like to point out that our company is based in Switzerland and that data processing also takes place in Switzerland. For Switzerland, the European Commission has taken a so-called adequacy decision within the meaning of Art. 45 para. 3 GDPR. Our EU representative is:

To be appointed

2. Subject of data protection

The subject of data protection is personal data. This is all information relating to an identified or identifiable natural person (so-called data subject). This includes, for example, information such as name, postal address, e-mail address or telephone number, but also information that necessarily arises during the use of our website, such as information on the beginning, end and extent of use and the transmission of your IP address.

3. Data processing when you visit our website

The use of our website is generally possible without registration and without you providing us personal data. However, even if you use our website in this way for purely informational purposes, personal data may be collected and processed automatically. In the following you will find an overview of the type, scope, purposes and legal basis of such data processing via our website.

a. Provision of our website

When your terminal device accesses our website, the following data is automatically recorded and processed by us using server log files. This includes date and time of access, duration of the visit, content of the request (specific page), type of terminal device, operating system used and its interface, language and version of the browser software, access status/HTTP status code, the functions you use, amount of data sent, type of event, referrer URL, domain name, IP address.

We process this data on the basis of our legitimate interests in the sense of Art. 6 para. 1 letter f) GDPR, namely for the provision and display of the website, for securing and maintaining technical operations, for the purpose of identifying and eliminating faults and for security reasons (e.g. to clarify cases of abuse or fraud). When you visit our website, this data is processed automatically. Without this provision you cannot use our website. We do not use this data for the purpose of drawing conclusions about your identity.

The collected data is usually deleted after 30 days, unless we need it longer for the above mentioned purposes in exceptional cases. In such a case we delete the data immediately after the purpose has been fulfilled.

b. Cookies So-called cookies, i.e. small text files, can be stored on your end device when you visit our website in order to offer you a comprehensive range of functions, to make use more convenient and to be able to optimise our offers. If you do not wish cookies to be used, you can prevent cookies from being stored on your device by making the appropriate settings in your Internet browser, or you can use special options for objection. Please note that the functionality and range of functions of our website may be limited by this. For detailed information on the type, scope, purposes, legal basis and objection possibilities of data processing with cookies, please refer to the descriptions of the individual functions based on the use of cookies.

5. Contact

If you provide us with personal data by e-mail or via a contact form, this is always done on a voluntary basis. Your data will be processed by us for the purpose of handling your contact request and its processing in accordance with Art. 6 para. 1 lit. b) GDPR and, if necessary, will also be passed on to third parties in this context. We will delete the data you have provided as soon as the purpose of the collection is no longer applicable, provided that no new legal basis intervenes (e.g. further processing of the data is necessary to fulfil a concluded contract) and there are no legal storage obligations.

6. Newsletter: If you register for a newsletter, we store your e-mail address as well as automatically your IP address and the times of registration and confirmation. In this way we can prove that you have actually registered and, if necessary, detect any misuse of your e-mail address.

Of course you will find an unsubscribe link in every issue of our newsletter with which you can withdraw your consent to receive the newsletter as a whole.

If your are already using our services as our customer , we will send you a newsletter with updates for you on our products and services in regular intervals to the e-mail address we have on file, as long as you have not objected to its use. The objection can be made without incurring any costs other than the transmission costs according to the basic rates.

We base this form of data processing on Art. 6 para. 1 sentence 1 lit. f) DSGVO. We will only inform you about new features in our services and similar services within the scope of our products and services. If you do not wish to receive such a newsletter, you can contact us at any time or you can cancel your subscription (unsubscribe from the newsletter) directly in the newsletter itself by clicking on the link provided in the newsletter.

7. Platform Services

If you decide to make use of our services, they must register on our respective platform. We collect the following data from our customers during the registration process:

  • work email address
  • First name, last name
  • Optional avatar or photo

When logging in to our platform, we store the current IP address of the user and the last log-in.

Furthermore, we record the interactions of our registered customers which are carried out within the framework of platform use. These include:

  • Access of profiles of institutions
  • Access of profiles of professionals
  • Access to information on the website
  • Setting of filters by the user

We process this data on the basis of our contractual relationships within the meaning of Art. 6 para. 1 lit. b) GDPR and our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR to ensure and maintain technical operations, for the purpose of identifying and eliminating faults and for security reasons (e.g. to clarify cases of abuse or fraud).

Data processing on data subjects from publicly available sources

For our platform services we also collect personal data on data subjects from publicly available sources in particular public websites.

The data we collect include for Healthcare Professionals:

  • Name of Healthcare professional (including titles)
  • Professional Contact details
  • Professional Status (institution for which the healthcare professional is working/ed, working title, field of specialization)
  • Research Papers published by the Healthcare professional and all information relevant to the publications
  • Clinical trials associated with the Healthcare professional and all information relevant to the clinical trials
  • Medical associations associated with the Healthcare professional
  • Conferences and scientific events in which the Healthcare professional participated
  • Grants and funding associated with the Healthcare professional

for Healthcare institutions:

  • Name of the institution
  • Field of specialisations of the Healthcare Institutions
  • Names of Relevant Healthcare Professionals
  • Contact details for the Healthcare Institution
  • Clinical trials associated with institution
  • Publications associated with institution
  • Specializations, services and equipment of the institution

We process this data to match professionals to the queries of our platform customers. This matching decision is based on our pattern recognition algorithms. Information on a data subject appears only if the profile of the data subject matches the fields of specialisation our customer is interested in. Our processing of data is based on Art. 6 para 1 lit. f GDPR.  You have the right to object to this processing of your personal data as described in Section 10 of this Data Protection Information. You also have of course the right to exercise all other data subjects right available to you.

8. Recipients of personal data

We will only transfer your personal data to external third parties if this is necessary to process or handle your request, if another legal permission exists or if we have your consent. External recipients may in particular be service providers that we use to provide services, for example in the areas of technical infrastructure and maintenance of our website and our services. Such contract processors are carefully selected and regularly checked by us. They may use the data exclusively for the purposes specified by us and in accordance with our instructions.

If a data transfer takes place to entities whose registered office or place of business is not located in a member state of the European Union or in another state that is a party to the Agreement on the European Economic Area, we will ensure prior to the transfer that, except in exceptional cases permitted by law, the recipient either has an adequate level of data protection or has your consent to the data transfer.

9. Storage limitation

We store your personal data only as long as it is necessary for the fulfillment of the purposes or – in case of consent – as long as you have not revoked your consent. In the event of an objection, the revocation of consent or the discontinuation of the purpose, we will delete your personal data. Insofar as further processing is permitted or even mandatory according to the relevant legal provisions (e.g. within the scope of commercial and tax law retention obligations), we will only delete your data after these obligations have expired.

10. Data subjects rights

As a person affected by the data processing, you have numerous rights at your disposal. In detail, the following rights are entitled to the extent that the legal requirements are met:

  • Right of access to your personal data: You have the right to receive information about the data we have stored about you.

  • Right of correction and deletion: You can demand that we correct incorrect data and delete your data.

  • Restriction of processing: You can demand that we restrict the processing of your data.

  • Data portability: If you have provided us with data on the basis of a contract or consent, you may request that you receive the data provided by you in a structured, common and machine-readable format or that we transfer it to another responsible party.

  • Objection to data processing with legal basis “legitimate interest”: You have the right to object to data processing by us at any time for reasons arising from your particular situation, provided that this is based on the legal basis “legitimate interest”. If you exercise your right of objection, we will stop processing your data unless we can prove that there are compelling reasons for further processing worthy of protection which outweigh your rights.

  • Revocation of consent: If you have given us consent to process your data, you can revoke this consent at any time with effect for the future. The lawfulness of the processing of your data until revocation remains unaffected.

  • Right of complaint to the competent supervisory authority: You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data is contrary to the law. You can contact the data protection authority responsible for your place of residence or your country or the data protection authority responsible for us.

If you have any questions regarding the processing of your personal data, your rights as a data subject and any consent that may have been granted, you can contact us free of charge. To exercise all your aforementioned rights, please contact privacy@peakdata.ch  or by post at the address given above under point 1. Please make sure that we are able to identify you unambiguously.

11. Version

From time to time it may be necessary to adapt the content of this privacy statement. We therefore reserve the right to change these at any time. We will also publish the amended version of the data protection information here. The version of our data protection information that is current at the time of your visit applies.

Status: 12.03.2020