Latest update : 30.12.2021
HeadToToe mHealth Sàrl (hereafter "the Company", "we", "us" or "our") is committed to protecting the privacy and security of the personal information that is provided to us or collected by us during the course of our business. We store and process personal information in accordance with the Swiss Data Protection Act and the EU General Data Protection Regulation.
1. Who is responsible for your personal information?
The Company - domiciled at 73C, Avenue d’Aïre, 1203 Geneva, Switzerland - is responsible for your personal information provided to us or collected by us during the course of our business.
2. How we collect and use your personal information
We collect and process your personal information as follows:
2.1 Business development and business acceptance
We collect personal information about our clients and users registered by them (notions as defined by the general terms and conditions which can be found on the website www.headtotoe.io).
Regarding the clients, the type of personal information we may collect includes name, surname, contact details (such as your address, email address, bank account details) and interactions with us.
Regarding the users, the type of personal information we may collect is limited to the email address, and interactions with us.
We obtain this information directly from you.
We may use users' information in order to carry out statistical studies, the results of which could be used by HeadToToe in an anonymous manner for the purpose of scientific research and/or scientific publications.
We may use your personal information to maintain and develop our business relationship with you, identify products or services you may be interested in, to pursue certain business development initiatives, send you publications and marketing communications and invite you to events.
You can control the information you receive through our marketing communications. If you no longer wish to receive emails relating to our products, services or events, you can unsubscribe at any time by contacting our client service.
Where we need to collect information required for our engagement and you fail to provide that information when requested, we may not be able to provide our services as requested by you.
2.2 Core business activities of the Company
In the course of our business activities, we collect and process personal information about clients and users registered by them. The type of personal information that we may collect are the same as defined above (see 2.1).
We may use this information to analyse our business or to improve our services and products.
If you or users registered by you fail to provide information that we require when requested, we may not be able to provide our products and services and continue our business relations.
2.3 Use of our Platform
Cookies are small text files that are placed in browser directories on your computer or mobile device when you visit our platform. Our platform uses session cookies and persistent cookies. Session cookies enable you to move from page to page within the platform and any information you enter to be remembered. A session cookie is deleted when you close your browser or after a short time. Persistent cookies allow the platform to remember your preferences and settings when you visit the platform in the future. Persistent cookies expire after a set period of time.
2.4 Other contacts
Further, we collect and process information about you if you offer or provide products or services to us, if we evaluate your products or services, and generally when you request information from us or provide information to us.
3. Our basis for processing your personal information
We will only use your personal information if and to the extent that applicable law allows. We will therefore process your personal information if:
· it is necessary for the performance of a contract with you or the organisation you work for;
· it is necessary in connection with a legal obligation;
· you have given your consent (where necessary) to such use or the organisation you work for has obtained your consent (where necessary) to share your information with us; or
· if we or a third party have a legitimate interest which is not overridden by your interests or your rights and freedoms.
4. How and why we may share your personal information
We may share your personal information collected in the course of core business activities of the Company with third persons (such as advisors, authorities and other persons) in Switzerland, the EU or other countries if required or useful for providing our products and services. Further, we may share your personal information with third persons where:
· you have consented to us doing so (where necessary) or the client you work for has obtained your consent for us to do so (where necessary);
· we are under a legal, regulatory or professional obligation to do so (for example, to comply with anti-money laundering or sanctions requirements); or
· it is necessary in connection with legal proceedings or in order to exercise or defend legal rights.
We use third parties who provide products and services on our behalf and may share your information with them, for example banks, insurance companies or technology suppliers who may have access to your personal information when providing software support.
5. How we protect your personal information
We have put in place appropriate security measures to hold your personal information securely in electronic and physical form, to protect it from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss. Our premises are access controlled and our electronic databases require logins and password authentication.
Our employees and third party service providers who have access to confidential information (including personal information) are subject to confidentiality obligations.
6. How long we keep your personal data
We will retain your personal information for as long as is necessary for the purpose for which it was collected. We will further retain your personal information to comply with legal and regulatory obligations, for as long as claims could be brought against us and for as long as legitimate interest, including data security, requires.
7. Your rights
In relation to the processing of your personal information you have rights that you can exercise under certain circumstances. These rights are to:
· request access to your personal information and certain information in relation to its processing;
· request rectification of your personal information;
· request the erasure of your personal information;
· request that we restrict the processing of your personal information; and
· object to the processing of your personal information.
If you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.
We may refuse to provide access if the relevant data protection legislation or other legislation allows or obliges us to do so, in which case we will provide reasons for our decision as required by the law.
If you would like to exercise these rights, please contact us in writing by email to: firstname.lastname@example.org or by letter to :
HeadToToe mHealth Sàrl, 73C, Avenue d’Aïre, 1203, Geneva, Switzerland.
You will not, in general, have to pay a fee to exercise any of your individual rights. However, we may charge a fee for access to your personal information if the relevant data protection legislation allows us to do so, in which case we will inform you as required by the law.
If you feel we have not handled your query or concern to your satisfaction you can contact the competent data protection authority in Switzerland, the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
HeadToToe mHealth SARL, December 30, 2021.