At SBAS, we collect, process, and store your Personal Data as you use our Services. Personal Data is information that can reasonably identify you, such as your name, email, or date of birth, or it may be information that can reasonably be linked back to you.
Importantly, we do not collect, process, and store any Data Concerning Health which is not being anonymized and pursuant to which we cannot establish the identification of an individual. By accepting the Terms and Conditions, you have explicitly agreed not to enter into the Tool any Personal Information, so that information entered into the Tool will at all times constitute Anonymized Information.
Anonymized Information: any information that has been anonymized in a manner to result in the information no longer being able to reasonably identify an individual, whether directly or indirectly, and is therefore no longer considered Personal Data.
Data Concerning Health: Personal Data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status, as defined in Article 4 of the GDPR.
FADP: Swiss Federal Act on Data Protection.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Personal Data: information that can be used to identify you, either alone or in combination with other information, as defined in Article 4 of the GDPR.
Services: SBAS' products (including the Tool), software, services, and website (including but not limited to text, graphics, images, and other material and information) as accessed from time to time by the user, regardless if the use is in connection with an account or not.
SBAS: Smart Blood Analytics Swiss SA, whose principal place of business is at Höschgasse 25, CH-8008 Zürich, Switzerland.
Terms and Conditions: SBAS' Terms and Conditions are available on the SBAS website.
Tool: SBAS' tool for the analysis of blood test results by way of advanced machine learning algorithms for medical use.
3. Sign Up Process and Your Engagement with Services
The personal data required to start a Sign-up process is only your email address and date of birth. For successfully creating the SBAS account and using the Tool, additional Personal Data, such as your first and last name, your country of residence, and your medical institution, may be required.
4. What Personal Data Does Smart Blood Analysis collect From You?
The table below describes the Personal Data we collect from you to provide the Services.
|• Email address
|Additional User Information
|• Your first name • Your last name • Date of birth • Your country of residence and/or country of professional occupancy • Your medical institution or company • Your other Personal Data you voluntarily include
|• Payment information such as your billing and shipping address(es), when you purchase a payable Service from SBAS.
|• Information you provide in communications with SBAS.
5. What Information Does SBAS Collect Through Your Use of the Services?
|Computer and Mobile Device Information
|Information from Cookies and similar technologies
|Information from your use of the Services
|Information about your use of the Services, such as when you access your profile and related activities.
6. How does SBAS use your Personal Data?
|Personal Data (generally)
|We use your Personal Data to provide, personalize, improve, update and expand our Services. This includes:
• Authenticating your access to the Tool, and improving SBAS information security;
• Processing your payments for purchased Services;
• Conducting statistical research;
• Provide you the Services;
• Detecting and protecting against error, fraud, or other criminal or malicious activity and enforcing our Terms and Conditions.
|We use your Personal Data to communicate with you about the Services, such as when we:
• Respond to your inquiries to the Services;
• Inform you about activities and results related to your use of the Tool;
• Inform you of product changes or new products and services;
• Provide you with information or request action in response to technical, security, and other operational issues.
7. When Do We Share Your Personal Data and Who are the Recipients?
|People with whom your Personal Data may be shared / Circumstances in which sharing might occur
These processing partners include our:
• Provider of Cloud services (DigitalOcean, New York, NY, USA)
Please note that the above list is not final.
|Legal or Regulatory Process
|We may share your Personal Data if we believe it is reasonably necessary to:
• Comply with valid legal process (e.g., subpoenas, warrants);
• Enforce or apply the SBAS Terms and Conditions;
• Protect the security or integrity of the Services; or
• Protect the rights, property, or safety, of SBAS, our employees or users.
If we are compelled to disclose your Personal Data to law enforcement, we will do our best to provide you with advance notice, unless we are prohibited under the law from doing so.
8. Your Choices and Access to Your Personal Data
Subject to certain exceptions, you have a right to request access to your Personal Data (along with information about the nature, processing, and disclosure of your Personal Data) and to be provided with a copy of the Personal Data you provided to SBAS, as well as to seek to update, delete or correct this information by using the tools on the website or by contacting SBAS.
You also have a right not to provide your Personal Data to us. Exercising this right may result in SBAS not being able to provide you with the full benefits of our Services. Additionally, you have a right to object to processing of your Personal Data, request restriction of processing of Personal Data, and lodge complaints with a competent protection authority regarding processing of your Personal Data by us or on our behalf.
9. What are SBAS retention practices?
Generally, SBAS retains Personal Data on our system until our users inform us of their desire to delete their data or close their accounts. In some cases, we choose to retain usage information (e.g., visits to sites) in a depersonalized or aggregated form. Once aggregated, this information ceases to be personal and will not be subject to SBAS user deletion requests.
10. How can I delete my Personal Data?
You can delete your Personal Data retained by SBAS by contacting us.
Please note that there may be some latency in deleting your Personal Data from our backup systems after it has been deleted from our systems. Also, our partners may retain certain information they receive from us in order to comply with laws or regulations that may require them to do so. SBAS may also retain certain information as reasonably necessary to comply with our legal obligations (including law enforcement requests), resolve disputes, maintain security, prevent fraud and abuse, as well as to comply with tax, payment industry, securities, and clinical, regulatory compliance requirements.
SBAS maintains a comprehensive information security program designed to protect our customers' Personal Data using administrative, physical, and technical safeguards.
The specific security measures used are based on the sensitivity of the Personal Data collected. We have measures in place to protect against inappropriate access, loss, misuse, or alteration of Personal Data under our control. SBAS regularly reviews our security and privacy practices and enhances them as necessary to help ensure the integrity of our systems and your Personal Data.
We use the latest standard security mechanisms while processing and storing Personal Data, and we only partner with security companies that meet and commit to our security standards. While we cannot guarantee that data loss, misuse or alteration will not occur, we use reasonable efforts to prevent this.
It is also important for you to guard against unauthorized access to your Personal Data by maintaining strong passwords and protecting against the unauthorized use of your own computer or device.
12. Data transfer
Your information, including Personal Data, may be transferred to — and stored on — servers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
14. Legal basis under FDAP and GDPR for processing of Personal Data
Where you have consented to data processing, your consent provides the legal basis to process your Personal Data. You have the right to withdraw consent at any time. Please note that your withdrawal of consent to collect and process your Personal Data will not affect the lawfulness of processing your Personal Data based on your consent before you withdrew your consent.
We may also process your Personal Data on the basis of contractual necessity to perform a contract we have with you.
We may also process your Personal Data on the basis of our legitimate interests, including in providing and improving the Services. For example, SBAS has a legitimate interest in understanding your login history so we can assess your interaction with our Services. We use your Personal Data to keep our Services safe and secure and do so as necessary to pursue your and our legitimate interests in ensuring that our Services are secure and to protect against fraud, spam, and abuse.
Where we rely on legitimate interests to process your Personal Data, you have the right to object to such processing. You can use your Privacy Settings to control certain ways in which we process your data. Using the details below, you can also contact us to object to other forms of processing.
15. Identity and Contact Details
SBAS' customers can reach us by submitting questions using email. Contact details can be found by using the “Contact us” button, which can be found on our web page https://www.smartbloodanalytics.com.
In addition, you also have a right to lodge a complaint about how we handle your Personal Data with your relevant regulatory authority in terms of the applicable law that applies to you.
|The European Commission
|Online complaint procedure: https://ec.europa.eu/info/about-european-commission/contact/problems-and-complaints_en
Address: European Commission, Secretary-General
B-1049 Brussels, BELGIUM
|The independent Data Protection Authority per Member State of the European Union
|Website listing all DPA's per member state: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
|The Swiss Federal Data Protection and Information Commissioner, and cantonal and communal data protection commissioners
|Address of the Office of the Federal Data Protection and Information Commissioner FDPIC: Office of the Federal Data Protection and Information Commissioner FDPIC, Feldeggweg 1, CH - 3003 Berne, SWITZERLAND
Fax: +41 (0)58 465 99 96
Website listing cantonal and communal data protection commissioners: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection---switzerland.html
Effective Date: October 21, 2022