Version: October 2019
Switzerland has a high degree of data protection regulation. The fact that your data is stored on servers located in a professionally managed, secure data storage facility in Switzerland means that your information is processed in accordance with Swiss data protection principles. If you access the App/Website from a computer located outside Switzerland, your accessing the App/Website will be considered as your consent to us transferring your data outside Switzerland in order to reach you. If, for any reason, dThx will need to transfer any data to any other country without adequate level of data protection, dThx will procure that appropriate contractual obligations apply ensuring that your data is protected.
Which Data We Collect
1. In order to create or reconfigure an account, you are expected to provide personal data, such as your name, username, password, personal contact details (address, zip code and location and email address), date of birth, gender, details about any of your previous health concerns or clinical issues, details about your family history, especially relating to health concerns or clinical issues, details about your lifestyle and activities (including underlying GPS data), clinical information and similar data (the “Data“) enabling dThx to provide you with the dThx Health Score and various information about your health, including a number of potential health risks based on your clinical background and lifestyle (collectively the “Information“).
How Your Data is Collected
2. We collect Data that you provide to us either directly through the App/Website, or third party devices or apps you connect with your account. We also collect information about your interactions within the App/Website as part of our continuous effort to improve the user experience.
How We Protect and Use Your Data
3. When using the App/Website you consent to the collection, transfer, modification, storage, disclosure and other uses of the Data. Irrespective of the country in which you reside or from where you access to the App/Website, the Data may be used by dThx in Switzerland or any other country of operation.
4. You authorize dThx to de-identify your Data and subsequently to copy, process, use, publicly disclose and distribute the Data in anonymized form for academic and statistical purposes. Such anonymized Data shall no longer be considered as personal data.
5. You authorize dThx to receive, review and store technical data (including crash reports) retrieved from the devices you are using to access the App/Website.
6. We restrict access to the Data to those dThx employees or other parties who need access to such Data in order to provide the services. We maintain appropriate physical, electronic and procedural safeguards to protect your Data, including firewalls, individual passwords and encryption and authentication technology, and take all other necessary and adequate administrative, organizational, technical, personnel and physical measures to safeguard the same against unauthorized or unlawful processing and use, accidental loss or destruction or damage, theft, disclosure or modification and to ensure its integrity. Please note, however, that Data transported over an open network, such as the Internet or email, may be accessible to anybody. We cannot guarantee, and are not responsible for, the confidentiality of any communication or information transmitted via such open networks. When disclosing any Data via an open network, you should consider that it is potentially accessible to others, and consequently, may be collected and used by others without your consent. In particular, while individual data packets are often encrypted, the names of the sender and recipient are not. Even if both the sender and recipient are located in the same country, data may be transmitted via such networks to other countries regularly and without controls, including countries that do not afford the same level of data protection as Switzerland. Your Data and Information may be lost during transmission or may be accessed by unauthorised parties. We do not accept any liability for direct or indirect losses as regards the security of the Data and Information during its transfer via Internet.
8. The concept of the App/Website includes the disclosure of the Data provided by you and accessible via the App/Website to other users or third parties. Please note that all registered users of Thx are displayed with their name and profile picture. For all other data, you control and decide yourself which Data shall be accessible to others. You can change the privacy settings of your account at any time and thereby determine who will be able to see which Data. The types of Data which may be distinguished are the following: Health Score, workouts, pictures (workout, profile and profile background pictures) and achievements gained. Sensitive personal data such as weight or blood pressure, are not accessible to others. The following types of sharing options are available: (i) Public: All users registered on Thx will be able to see the Data, meaning the Health Score, the workouts, pictures and achieved goals. (ii) Groups: If you are part of a corporate health program, you will be allocated to a specific company group, which will contain fellow employees with whom you are friends on Thx, and other employees with whom you are not yet friends on hx. If you select the group option, all group members, friends or not, will be able to see the Data. (iii) Friends: Your friends will be able to see the Data. (iv) None: Only you as the user of your account will be able to see the Data. According to our default settings, all your friends will be able to see all the above-mentioned Data. You can change the privacy settings of your account at any time after your registration. Please note that due to the linking option to other social networks, such as Facebook, your Data may be made available to other persons through your friends.
Cookies and Similar Technologies
Like many websites, we use “cookie” technology to collect additional website usage data and to improve the website, but we do not require cookies for many parts of our services. A cookie is a small data file created by a web server and transferred to and stored on your computer’s persistent memory. The cookies created by the web servers contain data that uniquely identifies you during your use of the website. We use session cookies to better understand how you interact with our services, to monitor aggregate usage by our users and to improve our services. Most Internet browsers automatically accept cookies. However, you have the option of using your browser software to stop accepting cookies or to warn you before accepting a cookie from the websites you visit. However, if you disable or choose not to accept cookies, some of the functionality of the website may be impaired or you may not have access to areas of the website that require this type of identification. When using mobile applications, Data may be stored and processed temporarily on your mobile device. By accessing mobile applications operated by dThx you agree to the transfer and temporary storage of Data.
We use Google Analytics on our public website to help us understand things like how long a visitor stays on our websites, what pages they find most useful and how they navigate through our site. Google Analytics is not used after you have logged into App/Website. To learn more about Google Analytics and how to opt-out visit this Google webpage: https://support.google.com/analytics/answer/6004245
Matomo (formerly Piwik)
We use Matomo, a web analytics tool, locally installed at dThx, to learn how you use our public website and our App/Website. Your data never leaves the dThx datacenter and is treated with the same care as your data which you enter in the App/Website.
Facebook for Developers (formerly Facebook Connect) and Facebook Impressions
For some of our applications we have implemented a simplified login method. We use Facebook for Developers (formerly Facebook Connect) and Facebook Impressions to enable login using your existing Facebook Login.
How Long Your Data is Stored
9. We store your Data for as long as you have an account with dThx. You can delete your account at any time. If you follow the instructions available on the App/Website, your account will be deactivated and then deleted. For up to 30 days it is still possible to recover your account if it was deactivated by mistake. After 30 days, we begin the process of deleting your account permanently from our systems and your account may become non-recoverable. You acknowledge that any content posted by you on the App/Website cannot be recovered after the deletion of your account. We reserve the right to keep Data to the extent we reasonably believe it is necessary to satisfy any applicable law or regulation.
10. You have the right to be informed by us on any processing of your Data and obtain a copy of our Data (right of access). If you are affected by incorrect or incomplete Data, you may request rectification or completion of any relevant data (right to rectification). You may request the deletion of your Data (right to erasure) or a temporary restriction of processing in certain cases (right to restriction of processing). You may object to the processing of your Data (right to object) and you have the right to receive your Data in a structured, commonly used and machine-readable format or have your Data transferred to another data controller if technically feasible (right to data portability).
11. Your rights are subject to limitations necessary (a) to satisfy any applicable law, regulation, legal process or governmental request; (b) in connection with any legal proceedings (including prospective legal proceedings), obtaining legal advice or otherwise establishing exercising or defending legal rights; and (c) for medical purposes undertaken by a health professional or any person who in the circumstances is subject to an equivalent duty of confidentiality.Disclosure of Data
12. We reserve the right to disclose Data to the extent we reasonably believe it is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce the Terms, including investigations of a potential violation thereof, (iii) detect, prevent or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or to (v) protect the rights, property or safety of DThx, its users and the public.Additional Points
13. Please note that dThx uses encryption software that may be subject to export control regulations.
dThx – Digital Therapeutics AG
CH - 8008 Zurich
The data protection officer is located at the same address and can be contacted by mail or sending an email to firstname.lastname@example.org
17. For EU residents a contact in the EU has been established at:
Jérôme GOLASZEWSKI / Group Transformation Program Director
96, avenue Charles de Gaulle
92200 Neuilly-sur-Seine – France