Last updated: November 29, 2023
In this privacy policy, we, Cada Health AG and our affiliated companies ("we", "us"), describe how we collect and process your personal data when:
Contact Information: Cada Health AG Ankerstrasse 53 8004 Zürich [email protected]
2.1 When you visit our website
When you visit our website, the server automatically logs general technical information. This data includes, for example, the IP address and operating system of your device, the date and time of your visit, the website you came from, and the type of browser you use to access our website. If you contact us through our website (e.g., through the booking tool, contact form, email, or any other means of communication made available through the website), download content from our website or sign up for our newsletter, we process your contact details and other personal data you provide us with, as well as, if applicable, technical data that may accrue during the use of the respective means of communication. We use cookies and other tracking technologies to ensure the functionality of our website, to make it more user-friendly, to evaluate the use of our website and to collect information to improve our products and services, and for marketing purposes. For more information see our Cookie Policy. We also use social media plugins and embedded media from external platforms such as YouTube, for example to offer you multimedia content. When you access a page on our website where a plugin or embedded media is present, certain technical data is automatically transmitted to the provider of these services. If you have an account with the relevant provider and are logged in, this interaction may also be captured. Please consult the privacy policies of the respective providers for more information about their data collection and processing.
2.2 When you use our services and our app
When you use our services (e.g., book and attend appointments, visit us for an assessment or treatment, etc.), we process the following personal data about you: Identification data (e.g., name, ID, etc.); Contact details (e.g., email, address, phone number, etc.); Information on your partner (if applicable); Health data (e.g., samples and analysis results, progress of treatment, anamnesis data including gender, age, length of cycle, general health, diseases, previous treatments, etc.); Communication content; Payment data, and, if applicable, data relating to your insurance; Other relevant personal data you provide to us; Technical data, if the process goes through our website (including integrated services) or our app (see above, "When you visit our website", as well as the section directly below this one).
Within our app, we process the following personal data: Logindaten; Login data; Identification data (e.g., name, ID, etc.); Contact details (e.g., email, address, phone number, etc.); Information on your partner (if applicable); Health data; Communication content; Other relevant personal data you provide to us; Technical data (in particular, logs, usage data, etc.).
Health data is considered sensitive personal data under data protection laws, subject to a higher level of protection. In addition, health data we receive and process is protected by professional secrecy obligations. For these reasons, you will find additional information in this privacy policy on how we handle and protect your health data.
2.3 When you apply for a position with us
When you apply for a position with us, we collect and process the necessary personal data to review your application and conduct the application process. This includes, in particular: Identification data (name, first name, etc.); Contact details (e.g., email, address, phone number, etc.); Communication content; Information about your professional background and qualifications; The content of your application; Other data necessary for the review of your application.
You submit most of this data directly to us as part of your application. In addition, we process data from other sources, in particular from references (if you have consented to references being obtained), as well as from publicly accessible sources (e.g., professional social networks, the internet).
2.4. When we receive your personal data for other purposes within the scope of our business activities
During our business activities, we process personal data of other individuals, such as our contacts at business partners, suppliers, and service providers, as well as persons who are interested in our services. The personal data we process in this context primarily includes identification data, contact details, and communication content, as well as other relevant personal data. We receive this data either directly from you or from other sources, such as your coworkers, our business partners and other contacts, as well as from publicly available sources (e.g., social networks).
We process your personal data: to prepare, conclude, fulfill, and enforce contracts within the scope of our business activities. This includes contracts related to our services: in this context, we also process your health data, for example, for the preparation, execution and follow-up of treatments, to visualize and contextualize your analysis results, and to manage your treatment progress in our app. based on and within the scope of your consent, if applicable. You can revoke your consent at any time. to comply with legal obligations (e.g., retention of patient records). as part of our interests to communicate with you and third parties (even outside the preparation or conclusion of a contract), to provide the website and the app, to optimize your user experience, to maintain and potentially expand our business relationship with you, to improve, expand, and market our offerings, to ensure IT security and data protection, and to enforce, defend, or avert legal claims. When you use our services, we may create evaluations and statistics based on your data (incl. health data but excluding biological samples) to provide you with data-driven insights into your fertility and personalized treatment recommendations, for research purposes, and to improve, expand, and market our offerings. Whenever possible, your personal data will be anonymized before evaluation. Based on our interest in informing individuals interested in our offerings about new developments, we can send you marketing information (e.g., via a newsletter). These marketing emails may contain visible or invisible images/pixels. When you download these images from the server, we can see whether and when you have opened the email. This allows us to better understand how you use our offerings and customize them for you. You can turn off this feature in your email program. You also have the option to opt out of receiving our marketing emails at any time.
To fulfill a contract, protect our interests, or comply with legal requirements, it may be necessary for us to disclose your personal data to third parties. This includes, in particular: exchanging personal data between the companies affiliated in our group (parent and sister companies) for the mutual provision of medical and other services; disclosing data to IT service providers, medical service providers (e.g., labs, manufacturers of cloud-enabled analytical devices), as well as third-party providers in the areas of payment transactions, billing, collection, consulting, sales, and marketing; disclosing data to your insurance company if we settle our services through them; disclosing data to third parties to whom we transfer our company or parts thereof, or with whom we merge;
cases where disclosure is necessary to (i) comply with legal obligations, (ii) ensure IT security and data protection, or (iii) enforce, defend, or avert legal claims. In this context, we also transfer personal data abroad. In particular, we use IT service providers with data locations in the EU or the EEA. We limit the transfer of personal data outside Switzerland, the EU, and the EEA as far as possible, but it cannot be entirely avoided. If the respective recipient country does not have a level of data protection recognized by Switzerland, we use standard contractual clauses to ensure adequate data protection, where necessary and possible supplemented by additional security measures. We do not sell or rent personal data to third parties.
We protect your personal data with appropriate technical and organizational security measures against accidental, unlawful, or unauthorized manipulation, deletion, alteration, access, disclosure, use, or loss.
In particular:
We have a state-of-the-art IT infrastructure.
Health data in our patient database is stored encrypted and redundantly in Frankfurt (DE) and Paris (FR);
Our employees only have access to your personal data to the extent necessary or reasonable for the fulfillment of their tasks.
We store your personal data only for as long as and to the extent necessary for the purposes described or for legal reasons. For legal reasons, data related to analyses and treatments (patient records) is retained for 20 years. Health data in deactivated app accounts is archived accordingly.
If provided for and subject to the conditions of the applicable data protection laws, you have the following rights in connection with your personal data:
If you are not satisfied with how we process your personal data, you have the right to file a complaint with the relevant supervisory authority (Federal Data Protection and Information Commissioner, FDPIC). Please contact us first before filing a complaint. This way, we can try to resolve your issue directly. The easiest way to contact us is by email at [email protected].
Our website may link to third-party websites that are not operated or controlled by us. We are not responsible for whether and how these third parties comply with data protection regulations.
We may modify this privacy policy from time to time. New versions become effective for you as soon as we have notified you by publishing them on our website.
Zurich, November 2023