Agora Care SA - Data Privacy Policy
Data Privacy Policy
This Privacy Policy describes the privacy practices of Agora Care SA, a Swiss company with head office at route de la Galaise 34, c/o Fondation Genevoise pour l’Innovation Technologique FONGIT, 1228 Plan-les-Ouates (“Agora Care SA”, “we” or “our”) in relation to:
- The IT platform operated on Agora Care SA’s website www.agoracare.ch (the “IT Platform”), which purpose is to allow you, free of charge, to transfer Medical Data as defined in the Sensitive Data Policy to the IT Platform, to store such Medical Data on the servers hosted by Agora Care SA’s subcontractors and to consult them or make them available from said servers to authorized third parties, such as doctors, hospitals, clinics, medical imaging centers, etc. (the “Services”);
- The personal data of the persons who create an account on our IT Platform (the “Users”);
- The personal data of the persons consulting our website www.agoracare.ch (the “Website”); and
- The Website.
This Privacy Policy governs data we collect from our Users as well as from our Website and other online visitors (“you” or “your”), as well as information we automatically collect from your online visits.
For the purposes of this Privacy Policy, “Business Partner” means any subcontractor, vendor, agent or other entity with whom we have an ongoing business relationship to provide products, Services or information.
Consent
By using the Website, the Platform or our Services, you consent to the collection, use and processing of the Data as described here.
What Data do we collect?
You provide Agora Care SA with most of the data we collect either directly or by agreeing (in particular by the signature of the Consent Form) that a third party (e.g. radiology center, physician, etc.) transfers your Medical Data to your account. In addition to the Medical Data collected and processed according to the Sensitive Data Policy, we collect and process Personal Information when you (i) use our Website, Platform or applications, (ii) register for events or webinars, (iii) create and manage your account, (iv) participate in surveys or other activities proposed online, (v) provide a testimonial, (vi) subscribe to our newsletters, emails or other marketing materials, (vii) interact with us on third party social networks (subject to that third party’s terms of use and privacy policies), or (viii) contact us as well as when we analyze your Medical Data as defined in the Sensitive Data Policy.
“Personal Information” means information that will directly or indirectly identify you. Personal Information we collect includes your name, email address, home address, telephone numbers, age, gender, medical record numbers, health plan beneficiary number, preferences, Internet Protocol (“IP”) address, location data, User IDs and passwords.
When this Privacy Policy refers collectively to Personal Information and Medical Data as defined in the Sensitive Data Policy, it will use the term “Data”.
Information we automatically collect
We automatically collect behavioral and usage information about your visits to our Websites, including the pages you view, the links and advertisements you click on, search terms you enter, and other actions you take in connection with the Website, IT Platform and Services. We also collect certain information from the browser you use to come to our Website, such as your IP address, device identifier, location data browser type and language, access times, the Uniform Resource Locator (“URL”) of the website that referred you to our Website and the URL to which you browse away from our site if you click on a link on our site.
When you activate your Agora Care SA’s account, we collect certain information about your device and your account access codes. Some of our products include features that connect to our servers and offer you the ability to update the Services. We keep track of information such as whether the update was successful or not.
How will we use your Data?
We use your Data to:
- Perform the Services;
- Create statistics on an anonymous basis and transfer the results to third parties;
- Better understand our Users and online visitors, including profiling based on interests and interactions with our Website;
- Diagnose problems with our Website, IT Platform and Services, and to administer our Websites and IT Platform;
- Contact you and provide you with information about the Services, our Website and IT platform;
- Facilitate your use of our Website, IT Platform, account and Services including Agora Care SA newsgroups and blogs;
- Customize, analyze and improve our Services, IT Platform and Website (including the content and advertisements on our Website to identify usage trends or determine the effectiveness of our marketing campaigns), technologies, communications and relationship with you;
- Personalize content, create personal profile areas, view protected content and implement your preferences;
- Meet our contractual obligations and enforce our conditions of services, Website terms and separate contracts with you, if any;
- Prevent fraud, software piracy, and other prohibited or illegal activities;
- Protect your security and integrity as well as Agora Care SA’s; or
- Perform other functions or serve other purposes, as disclosed to you at the point of collection, or as required or permitted by law.
Legal basis of processing
Our legal basis for collecting and using your Data as described in this Privacy Policy will depend on the data concerned and the specific context in which we collect it.
In general, we collect and process your Data on one or more of the following basis:
- Your consent, for example where we have obtained your consent to collect/process your Medical Data and to store them into your electronic file or to process your Personal Information for certain activities (such as the use of cookies for online tracking and analysis). You are free to withdraw your consent at any time by contacting compliance@agoracare.ch. If you withdraw your consent, it will not affect the lawfulness of any processing based on your consent before you withdrew it.
- For compliance with a contractual obligation. We will advise you upon collection whether the provision of any of your Data is mandatory and of the possible consequences if you do not provide us with such Data.
- For compliance with Agora Care SA’s legal obligations where other laws require the processing of your Data.
- Agora Care SA legitimate interests which include the provision of this Website and/or relevant Services, and/or the carrying out of marketing and profiling activities, provided always that our legitimate interests are not outweighed by any prejudice or harm your rights and freedoms.
If you have any questions or need more information concerning the legal basis on which we collect your Data, please contact us at compliance@agoracare.ch.
Retention of your Data
We will retain your Data as necessary in connection with the purposes described in this Privacy Policy and/or the Sensitive Data Policy, for as long as your account is active, and in accordance with Agora Care SA’s retention policies and applicable law.
Once you deactivate your account, we will delete your Data within 30 days or keep them but on an anonymous basis. Furthermore, we will also delete your Data if you have not created an account on the IT Platform within three months [to be confirmed] after having signed the Consent Form. Finally, if you withdraw your consent for the processing on certain Data, we will delete them within 30 days or keep them but on an anonymous basis.
How will we store your Data?
Agora Care SA securely stores your (i) Personal Information on servers located in Switzerland and operated by Infomaniak and (ii) Medical Data on servers located in Switzerland and operated by Akenes SA (Exoscale). Since Personal Information may appear on your medical documents, it is possible that Personal Information be stored on both Exoscale’s and Infomaniak’s servers located in Switzerland. Furthermore, Agora Care SA may from time to time store your Personal Information and Medical Data on its computers which are located in the premises operated by Agora Care SA.
Agora Care SA takes all reasonable steps to protect your Data from misuse, interference and loss, as well as unauthorized access, modification or disclosure. The ways we do this include:
- Using encryption when collecting or transferring sensitive information;
- Having in place technical and organizational measures designed to ensure the ongoing integrity, availability and resilience of processing systems and services;
- Limiting physical access to our premises;
- Limiting access to the information we collect about you;
- Ensuring that we have appropriate security safeguards to keep Data secure; and
- Where required by law, destroying or de-identifying Data.
We encourage you to keep any passwords you use confidential and to be careful to avoid “phishing” scams where someone may send you an email that appears to be from Agora Care SA asking for your personal information. However, despite our efforts, no security controls are 100% effective and Agora Care SA cannot ensure or warrant the security of your Data.
How will we share your Data?
We share your Data with Agora Care SA subsidiaries, if any, or Business Partners for the purposes described in this Privacy Policy, in the Consent Form and the Sensitive Data Policy, including (without limitation) to carry out Services you request or to store Data.
We also disclose your Personal Information in connection with law enforcement, fraud prevention or other legal action; as required by law or regulation; if Agora Care SA (or a part of Agora Care SA) is sold or merges with another company or if we sell the Website, IT Platform or business unit or all or a substantial portion of our assets are acquired by another company.
Except as described above, we will not disclose Data to third parties without your consent.
What are your Data protection rights?
By creating an account on the IT Platform, you have the right to remotely access your personal file and to benefit from the Services. Throughout your relationship with Agora Care SA, you remain the sole owner of your Medical Data. You do not, however, have any rights on the IT Platform.
Moreover, you have the following data subject rights. Please note that these rights are not absolute and in certain cases are subject to conditions as specified in applicable law:
- Access: to view or edit your Data that has been stored online in your Agora Care SA’s account, please log on to your account or contact Agora Care SA at compliance@agoracare.ch. You also have the right to request information about how we process your Data and to obtain a copy thereof. We may charge you a fee for this Service;
- Rectification: you have the right to request the rectification of inaccurate Data about you and for any incomplete Data about you to be completed;
- Objection: you have the right to object to the processing of your Data, which is based on our legitimate interests (as described above);
- Erasure: you have the right to request the erasure of your Data (subject to certain conditions);
- Closure of your account: you may close your account at any time. In such a case, we recommend that you transfer the Data in your file to another electronic support. Indeed, once your account has been closed, we will permanently delete any data concerning you that is still in your file or on the IT Platform. Please note, however, that in certain cases, it is possible for Agora Care SA to waive the deletion of data in the cases provided for by law;
- Automated decision-making: you have the right not to have a decision made about you that is based solely on automated processing if that decision produces legal or similarly significant effects concerning you;
- Restriction: you have the right to ask us to restrict our processing of your Data, so that we no longer process that information until the restriction is lifted;
- Portability: you have the right to receive your Data, which you have provided to us, in a structured, commonly used and machine-readable format and to have that information transmitted to another organization under certain conditions.
In addition to the above, you have the right to lodge a complaint with a supervisory authority if you consider that our processing of your Data infringes applicable data protection law, which is in Switzerland the Federal Data Protection and Information Commissioner.
If you have any questions about the type of Data we hold about you or if you wish to make a request and exercise any data subject right, please send a written request to compliance@agoracare.ch or to the postal address provided at the bottom of this Privacy Policy. While we will make reasonable efforts to accommodate your request, we reserve the right to reject such access requests or to impose restrictions or requirements upon such requests if required or permitted by applicable law. In any case, we will answer to you within one month.
Responsibility of Agora Care SA regarding your Data and the Services offered
AGORA CARE SA CANNOT BE HELD RESPONSIBLE FOR ANY INTERRUPTION OF SERVICES, POSSIBLE UNAVAILABILITY OF SERVICES OR SLOWDOWN IN THE USE OF THE PLATFORM. AGORA CARE SA IS NOT ABLE TO GUARANTEE THE CONTINUITY OF SERVICES PERFORMED REMOTELY VIA THE INTERNET, WHICH YOU ACKNOWLEDGE AND AGREE TO. AGORA CARE SA RESERVES THE RIGHT IN CERTAIN CASES OF FORCE MAJEURE (E.G. INTRUSION ON ITS SERVERS, MISUSE OF SERVICES BY USERS, REQUEST FROM AN AUTHORITY, ETC.) TO SUSPEND THE SERVICES AND, IN PARTICULAR, ACCESS TO YOUR FILE.
AGORA CARE SA UNDERTAKES COMMERCIALLY REASONABLE EFFORTS TO ENSURE THE SECURITY OF THE DATA STORED ON THE SERVERS. HOWEVER, IT CANNOT GUARANTEE THAT THE DATA IN THE FILE WILL NOT BE MODIFIED/ALTERED OR THAT THE PLATFORM WILL NOT BE INTRUDED UPON BY A THIRD PARTY (VIRUS, DATA THEFT, ACCOUNT HACKING, ETC.).
AGORA CARE SA SHALL NOT BE LIABLE (WITHIN THE MEANING OF ART. 100 AND 101 OF THE SWISS CODE OF OBLIGATIONS) FOR ANY DAMAGES RESULTING FROM (I) THE USE OF THE IT PLATFORM/SERVICES OR (II) FRAUDULENT INTRUSION BY A THIRD PARTY OR (III) ALTERATION/LOSS OF THE DATA AND (IV) MORE GENERALLY, FOR ANY DIRECT OR INDIRECT DAMAGE, REGARDLESS OF THE CAUSE, ORIGIN, NATURE OR CONSEQUENCES THEREOF. AGORA CARE SA DECLINES ALL RESPONSIBILITY IN THE EVENT OF FAULT ON THE PART OF ITS AUXILIARIES, INCLUDING IN THE EVENT OF GROSS NEGLIGENCE.
Selecting your communication preferences, opting out of marketing and creation of customized profiles about you
You can choose to receive or not to receive marketing communications from Agora Care SA by indicating your preferences. You can click “unsubscribe” in any marketing email communications or newsletters about our Services or you can email us at compliance@agoracare.ch to opt-out of allowing us to create a customized profile about you.
Any marketing by Agora Care SA, or any third parties on behalf of Agora Care SA, will be conducted in accordance with applicable laws and include (where applicable) methods to allow you to express your preferences.
Please allow up to 3 business days for your email preferences to take effect. As some marketing tools are developed in advance, you will sometimes receive marketing communications after we receive your preference request. If you opt out of receiving marketing communications, we may still propose to you to participate in medical studies unless you expressly indicate that we shall also stop such kind of communication.
Cookies
Necessary cookies
The Website uses necessary “cookies” (i.e. text files placed on your computer to collect standard Internet log information and visitor behavior information) to enable you to sign in to our Services. We do not need to ask for your consent in order to use these cookies as without them we would not be able to provide the Services. These cookies are always active on the Website.
Links to third-party websites and services
Please beware that Agora Care SA provides links to other websites, which if you click on them collect data about you. The information practices of those third-party websites linked to the Website are not covered by this Privacy Policy.
Changes to this Privacy Policy
We will occasionally update this Privacy Policy. If we make changes to this Privacy Policy or make any material changes to how we use your Data, we will revise this Privacy Policy to reflect such changes but will not send you a notification of such change and/or a new version of the Privacy Policy. We thus encourage you to periodically review this Privacy Policy to be informed of how we are using and protecting your Data.
Contacting us
If you would like to contact us for any reason regarding our privacy practices, please email us at compliance@agoracare.ch or write to us at the following address:
Agora Care SA c/o Fond. Genevoise pour l’Innovation Technologique FONGIT Route de la Galaise 34 1228 Plan-les-Ouates
Governing law and place of jurisdiction
This Privacy Policy and your relationship with Agora Care SA shall be governed by and construed in accordance with the applicable laws of Switzerland without reference to conflict of laws principles. The courts of Geneva, Switzerland, shall have the exclusive jurisdiction to determine any disputes arising in relation to this Privacy Policy or your relationship with Agora Care SA.
Effective Date: April 9th 2022