We, PeakData AG, are pleased about your visit to our website and your interest in our products and services. We take the protection of your personal data and their confidential treatment seriously.
Your personal data will be processed in accordance with the legal provisions of the data protection laws of Switzerland and the European Union, in particular the General Data Protection Regulation (hereinafter “GDPR”).
With this Data Protection Policy we would like to inform you about the processing of your personal data and about your rights as a data subject in the context of the processing of your personal data by us. The terms used, such as “personal data” or their “processing” correspond to the definitions in Art. 4 GDPR.
1. Controller, Data Protection Officer and Representative
The controller responsible for data processing is:
CH – 6300 Zug
You can contact our data protection officer, Tom McNamara, using the following contact details:
Our EU Representative is Kimura Ltd.
We would like to point out that our company is based in Switzerland and that data processing also takes place in Switzerland. For Switzerland, the European Commission has taken a so-called adequacy decision within the meaning of Art. 45 para. 3 GDPR.
2. Subject of data protection
The subject of data protection is personal data. This is all information relating to an identified or identifiable natural person (so-called data subject).
3. Data processing when you visit our website
The use of our website is generally possible without registration and without you providing us personal data. However, even if you use our website in this way for purely informational purposes, personal data may be collected and processed automatically. In the following you will find an overview of the type, scope, purposes and legal basis of such data processing via our website.
a. Provision of our website
When your terminal device accesses our website, the following data is automatically recorded and processed by us using server log files. This includes date and time of access, duration of the visit, content of the request (specific page), type of terminal device, operating system used and its interface, language and version of the browser software, access status/HTTP status code, the functions you use, amount of data sent, type of event, referrer URL, domain name, IP address.
We process this data on the basis of our legitimate interests in the sense of Art. 6 para. 1 letter f) GDPR, namely for the provision and display of the website, for securing and maintaining technical operations, for the purpose of identifying and eliminating faults and for security reasons (e.g. to clarify cases of abuse or fraud). When you visit our website, this data is processed automatically. Without this provision you cannot use our website. We do not use this data for the purpose of drawing conclusions about your identity.
The collected data is usually deleted after 30 days, unless we need it longer for the above mentioned purposes in exceptional cases. In such a case we delete the data immediately after the purpose has been fulfilled.
If you provide us with personal data by e-mail or via a contact form, this is always done on a voluntary basis. Your data will be processed by us for the purpose of handling your contact request and its processing in accordance with Art. 6 para. 1 lit. b) GDPR (for the performance of a contract) and, if necessary, will also be passed on to third parties in this context. We will delete the data you have provided as soon as the purpose of the collection is no longer applicable, provided that no new legal basis intervenes (e.g. further processing of the data is necessary to fulfil a concluded contract) and there are no legal storage obligations.
If you register for a newsletter, we store your e-mail address as well as automatically your IP address and the times of registration and confirmation. In this way we can prove that you have actually registered and, if necessary, detect any misuse of your e-mail address. We process your data for this based on Art. 6 para. 1 sentence 1 lit. a) GDPR (consent).
You will find an unsubscribe link in every issue of our newsletter with which you can withdraw your consent to receive the newsletter.
If you are already using our services as our customer , we will send you a newsletter with updates for you on our products and services in regular intervals to the e-mail address we have on file, as long as you have not objected to its use. The objection can be made without incurring any costs other than the transmission costs according to the basic rates.
We base this form of data processing on Art. 6 para. 1 sentence 1 lit. f) GDPR (legitimate interests). We will only inform you about new features in our services and similar services within the scope of our products and services. If you do not wish to receive such a newsletter, you can contact us at any time or you can cancel your subscription (unsubscribe from the newsletter) directly in the newsletter itself by clicking on the link provided in the newsletter.
6. Data processing for Platform Services
If you decide to make use of our services, you must register on our respective platform. We collect the following data from our customers during the registration process:
When logging in to our platform, we store the current IP address of the user and the last log-in.
Furthermore, we record the interactions of our registered customers which are carried out within the framework of platform use. These include:
We process this data on the basis of our contractual relationships within the meaning of Art. 6 para. 1 lit. b) GDPR and our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR to ensure and maintain technical operations, for the purpose of identifying and eliminating faults and for security reasons (e.g. to clarify cases of abuse or fraud).
Data processing on data subjects from publicly available sources
For our platform services we also collect personal data on data subjects from publicly available sources in particular public websites.
The data we collect include for Healthcare Professionals:
for Healthcare institutions:
We primarily process this personal data to match professionals to the queries of our platform customers. This matching decision is based on our pattern recognition algorithms. Information on a data subject appears only if the profile of the data subject matches the fields of specialization our customer is interested in. Our processing of data is based on legitimate interests Art. 6 para 1 lit. f GDPR. Informing the Healthcare Professionals of this data processing would involve a disproportionate effort. Instead, as a healthcare professional, you have the right to object to this processing of your personal data at any time and the right to exercise all other data subjects rights available and described in Section 9 of this Data Protection Policy.
Our platform customers (i.e. primarily healthcare companies) use the personal data concerning Healthcare Professionals and Healthcare Institutions collected from publicly available sources to discover potential customers, to contact the representatives in charge of (potential) customers and to keep track of (potential) customers.
7. Recipients of personal data and data transfers abroad
We will give our platform customers (i.e. primarily diagnostics companies) access to the personal data concerning Healthcare Professionals and Healthcare Institutions collected from publicly available sources in order for them to discover potential customers, to contact the representatives in charge of (potential) customers and to keep track of (potential) customers, as described and in line with the purposes of the data processing set out in Section 6 of this Data Protection Policy, we provide third parties access to your personal data, in particular, the following categories of recipients may be concerned:
Certain Recipients may be within Switzerland but they may be located in any country worldwide. If we transfer data to a country without adequate legal data protection, we ensure an appropriate level of protection as legally required by way of using appropriate contracts or we rely on the statutory exceptions of consent, performance of contracts, the establishment, exercise or enforcement of legal claims or published personal data.
8. Storage limitation
We process your personal data in line with our retention schedule, or until:
We assure to respect your objection insofar as no longer processing or storage is required for the fulfillment of a contractual relationship with us or according to mandatory law provisions (e.g. within the scope of commercial and tax law retention obligations), in which case we will only delete your data after these obligations have expired.
For more information about how long we store your data, please contact firstname.lastname@example.org
9. Data subjects rights
As a person affected by the data processing, you have numerous rights at your disposal. In detail, the following rights are entitled to the extent that the legal requirements are met:
Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims. If exercising certain rights will incur costs on you, we will notify you thereof in advance. Please further note that the exercise of these rights may be in conflict with your contractual obligations and this may result in consequences such as premature contract termination or involve costs. If this is the case, we will inform you in advance unless it has already been contractually agreed upon.
In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents where your identity is not evident otherwise or can be verified in another way). In order to assert these rights, please contact us at the addresses provided in Section 1 above.
From time to time it may be necessary to adapt the content of this Data Protection Policy. We therefore reserve the right to change these at any time without prior notice. The current version published on our website shall apply. If the Data Protection Policy is part of an agreement with you, we will notify you by e-mail or other appropriate means in case of an amendment.