Last updated: August 2022
2. Your Informed consent
Personal Data includes for example your name, date of birth, title, gender, contact details, telephone number, email address, postal address and any other non-public information about you (“Personal Identifiable Information” or “PII”), as well as sensitive personal information about your health, such as biological data, genetic data, biometric data, or data concerning your health (“Personal Health Information” or “PHI”).
3. Personal data we collect
3.a. Personal Identifiable Information
Generally, you can browse our Platforms without revealing who you are and without disclosing any of your Personal Identifiable Information, such as your name, date of birth, title, gender, contact details, telephone number, email address, postal address, to us. However, there may be times when you may disclose Personal Identifiable Information, including to:
- Fill-in forms on the Platforms.
- Report a problem with the Platforms.
- Contact us, in writing, by email or other electronic means.
We may also be required by law to collect certain Personal Identifiable Information as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfillment of these obligations.
3.b. Personal Health Information
We ask for your explicit consent to collect information considered to be sensitive (such as biological data, genetic data, biometric data or information about your health) in order to provide you with the services you have ordered from us.
3.c. Cookies and other connection data
3.d. Data collected from other sources
We may also collect the following categories of Personal Identifiable Information from third parties, such as digital ad agencies, lists from acquired companies, events and conferences, and purchased lists, including without limitation: Name, address, date of birth, gender, phone number, email address, company name, title, and preferences. We may enhance or merge your PII with data obtained from third parties for the same purposes for which we use your PII that you personally provided.
4. Purpose and legal basis of the processing
4.a. Personal Identifiable Information
We will use the Personal Identifiable Information provided by or collect from the User to:
- Perform the services or sales contract between us and the User. At the request of the User, take the steps prior to entering into a contract, such as for example following-up on specific enquiries about our products and services or acquiring preliminary information necessary to the processing of your payment and conclusion of the contract. After the contract is formed, send contract related communications, including without limitation messages such as order confirmation, provide the products or perform the services agreed upon with the User and respond to information, subsequent and contractual requests you may make of Us,
- Comply with our legal obligations or respond to the requests of authorities,
- Protect the vital interests of the User or of another natural person, if needed,
- Perform an action of public interest in some cases, carry out or defend ourselves in legal actions, or when the processing involves Personal Data that is in the public domain,
- Protect our legitimate interests, for example to understand how our Platform is used so that we can continuously improve it or to limit the risks of fraud and other prohibited or illegal activities, since those interests do not conflict with the fundamental rights and freedoms of the User which require the protection of Personal Data. We may analyze Your PII to better understand your needs and how we can improve our Platforms, products and services. For instance, We may use your information to verify that content from the Platforms is presented in the most effective manner for you and for your device, or to allow you to participate in the registration-only features of the Platforms, or
- Exercise Our legal rights where it is necessary, for example to detect, prevent and respond to fraud claims, intellectual property infringement claims, or violations of law or the contract.
The provision of certain Personal Identifiable Information is a mandatory legal or contractual requirement. If the User fails to provide Personal Identifiable Information as listed above, she or he may not be able to use the Platforms, receive information requested about our products and services, or conclude a contract with us.
Subject to the User’s express consent, we may also use Personal Identifiable Information to promote our or third party products and services by sending newsletters, periodic informational/promotional mail or email, and advertising material, to contact you by telephone or any other form of electronic communication, such as e-mails, SMS, MMS, social networks, or to conduct market research, directly or through the services of specialized companies, via interviews, questionnaires, investigations, so that we can continuously improve the content and services we provide to the Users. Please see the article headed “Commercial Communications” below for further information about how you can control these purposes.
4.b. Personal Health Information
We will process sensitive categories of data such as biological data, genetic data, biometric data, or data concerning health, only when the User has given her or his informed consent and entered into a contract with us for the processing of those Personal Health Information in relation to one or more specified purposes agreed with the User.
By ordering products or services on the Platforms which include a biomarker test, you have chosen to use our products and services and have given your informed consent to have your biological sample(s) tested as part of our services.
This information includes but is not limited to: Test results and questionnaires when applicable.
We are allowed or required by law to use your Personal Health Information in order to:
- Perform the services or sales contract between us and the User. Provide you with services, including through and in connection with remote healthcare services furnished via telehealth technologies,.
- Internal operations, which may include the reading your Personal Health Information to review the performance of our staff and for organization planning for future services we will provide, expand, or reduce,
- Comply with our legal obligations or respond to the requests of authorities. Disclose information when we are required by law to do so. This includes reporting information to government agencies that have the legal responsibility to monitor the health care system or when we are required to do so by a court order or other judicial or administrative process,
- Protect the vital interests of the User or of another natural person, if needed,
- Perform an action of public interest in some cases, carry out or defend ourselves in legal actions, or when the processing involves Personal Data that is clearly in the public domain,or
- To perform public health activities, including for reporting certain diseases, births, deaths, and reactions to certain medications. It may also include notifying people who have been exposed to a disease or disclosing your Personal Health Information if necessary to prevent serious harm to the public or to an individual. This disclosure shall only be made to someone who is able to prevent or reduce the threat.
5. Personal Data processing
We limit access to Personal Health Information to employees and external contractors who reasonably need access to it, to provide the products, to perform the services or in order to do their jobs. Employees and external contractors who receive this information have special confidential and security obligations to prevent the misuse of your information for other purposes.
Data processing may also be carried out by third parties that provide specific processing, administrative or instrumental tasks necessary to achieve any of the aforementioned purposes. For example, suppliers, agents or contractors that provide services on our behalf such as website or data hosting, online content, marketing communication, payment gateway, credit card processing, credit checks handling or fraud prevention. Any data processing by third parties is subject to the signature of a data processing agreement with us that requires data processors to comply with security, integrity, and confidentiality obligations.
6. Sharing Personal Data
We may also share Personal Data with any regulator, supervisory or government authority, law enforcement agency, court or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
6.a. Personal Identifiable Information
We may share Personal Identifiable Information with third parties for our operations, our Platforms and the provision of our products and services, including:
- With our agents, contractors, provider, partners, technicians and consultants, insurance companies, website and hosting operators, data processing operators and other third parties in connection with services that these individuals or entities perform for, or with us. These third parties are restricted from using this information in any way other than to provide services for us, or services for the collaboration in which they and are engaged with us,
- As part of an employee health benefit program for the administration of the health benefit program if you have enrolled in such program.
Subject to the User’s specific consent, we may also share Personal Identifiable Information with third parties to promote our or third party products and services by sending newsletters, periodic informational/promotional mail or email, and advertising material, to contact you by telephone or any other form of electronic communication, such as e-mails, SMS, MMS, social networks. Please see the article headed “Commercial Communications” below for further information about how you can control these purposes.
6.b. Specific authorization for release of Personal Health Information
Please note that when we process Personal Health Information in accordance with the contract and purposes agreed between us and the User, we will take special care to protect the confidentiality of such data.
We will not give, sell, rent, loan or otherwise disclose any Personal Health Information linked to your Personal Identifiable Information to any third party, unless permitted or otherwise authorized to do so, as indicated below, or following the User’s specific and informed consent.
In this context, Personal Health Information, will only be disclosed as follows:
- Tests may be reviewed by a licensed physician or health professional (“Health Consultant”) affiliated with a company that we have partnered with to provide review and authorization of testing, review of the laboratory results, and counselling where applicable.
- Within the clinics or health centers of our Affiliates, subject to the User’s specific written request and identity check (please note that we may ask for your passport or identity card).
7. Anonymous data
For avoidance of doubt, we may freely use, retain and share with third parties, Anonymous Data, which are not personal by nature, or data that are aggregated or anonymized. “Anonymous Data” means data that is aggregated, anonymized or that is not associated with or linked to your Personal Data; Anonymous Data does not, by itself, permit the identification of individual persons.
We may use Anonymous Data to analyze requests and usage patterns so that we may enhance the content of our services and improve our Platforms. We reserve the right to use Anonymous Data and other anonymized information, for any purpose and disclose such data to third parties in our sole discretion, including for research purposes. We also may share Anonymous Data and non-Personal Data about Platforms usage with unaffiliated third parties.
We may use Anonymous Data and test results for research studies and publications. We may also use or disclose such information in accordance with legal requirements for any purpose, including for medical and public health activities.
8. International Transfers
Personal Data may be transferred to, stored and processed in countries or territories located in the European Economic Area and Switzerland.
In case we have to transfer Personal Data outside the European Economic Area and Switzerland, we shall ensure that such transfer is based on an adequacy decision from the European Commission, or appropriate safeguards, such assessing and implementing standard data protection clauses adopted by the European Commission or a Supervisory Authority, unless we obtain the User’s explicit and fully informed consent or the transfer is necessary for the conclusion or performance of a contract between us and the User.
9. Retention of Personal Data
We will keep your Personal Data for only as long as is necessary for our purposes or as required by applicable law, and in particular to protect ourselves in the event of a legal claim (for example, information relating to a contract with you will be kept for the lifetime of the contract and up to ten years after). After this period your Personal Data will be deleted or in some cases anonymized. Where we sought your consent to process your personal information and we have no other lawful basis to continue with that processing, if you subsequently withdraw your consent we will delete your personal information.
With respect to Cookies, Beyond Age uses both ‘session cookies’ and ‘permanent cookies’, which can remain on Users computers or mobile devices for different periods of time. The User can enable or delete cookies at any time.
The Platforms may use third parties such as network advertisers and ad exchanges to serve you ads on third party platforms after you leave our Platforms, and we may use third party analytics and other service providers to evaluate and provide us and/or third parties with information about the use of the Platforms and viewing of ads and of our content. Network advertisers are third parties that display advertisements, which are based on your visits to the Platforms and other apps and sites you have visited. Third party ad serving enables us to target advertisements to you for products and services that you might be interested in.
11. Protecting your Personal Data
We want Users to feel confident about using our Platforms, and we are committed to make all reasonable commercial efforts to protect Personal Data we receive or collect through our Platforms and services.
We have put in place technical and organizational physical, electronic, and procedural measures to protect Personal Data against unauthorized or unlawful processing and against accidental loss, damage or destruction.
Please be aware that while we take commercially reasonable steps to safeguard the security of your Personal Data, the transmission of information over the Internet is not completely secure and therefore you do this at your own risk. Once we receive your Personal Data, we will implement commercially reasonable security procedures with the objective of preventing unauthorized access.
We do not have the means to check the identities of people using the Platforms and we will not be liable where your email address is used by someone else to access the Platforms. You are responsible for maintaining the security of your email account. You agree to notify us immediately at the contact information provided below of any unauthorized use of your account of which you become aware.
Financial information and payment data, including credit card numbers, that you provide to us via internet bill payment link is encrypted by using secure socket layer (SSL) encryption technology. This information may be accessed only by our agents and employees who maintain password and position-required access rights, and third-party vendors who support our billing operations.
We reserve the right to take appropriate legal action, including without limitation, referral to law enforcement, for any illegal or unauthorized use of our Platforms. We also reserve the right take any action to prevent the unauthorized use of our intellectual property rights.
We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information. We are not responsible for loss, use or disclosure of Personal Data that occurs, notwithstanding our compliance with applicable laws.
12. Users’ rights
Beyond Age fully recognizes the following rights of each User subject to local applicable law:
- Right to access the User’s Personal Data;
- Right to rectify the User’s Personal Data;
- Right to erase the User’s Personal Data;
- Right to restrict the processing of the User’s Personal Data;
- Right to portability of the User’s Personal Data;
- Right to object the processing of the User’s Personal Data;
- Where personal data are processed for direct marketing purposes, the User shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing, in accordance with the Article headed “Commercial Communications” below.
- Right for the User to lodge a complaint with a supervisory authority.
We encourage you to contact us to update or correct your Personal Data if it changes or if the Personal Data we hold about you is inaccurate.
13. Withdrawal of Consent
Your use of our products and services is voluntary and based on your informed consent. You may choose to withdraw from or to stop the processing of your Personal Data at any time. Such requests should be sent to us by email at email@example.com or in writing at Beyond Age, Buchholzstrasse 51, 8053 Geneva, Switzerland.
Please note that while any changes you make will be reflected in our databases within a reasonable period of time, we may retain your information in the ordinary course of business, for the satisfaction of our legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
14. Commercial communications: How to withdraw?
Where the User has given express consent to the processing of Personal Identifiable Information to receive commercial communications or to take part into market research to improve our products or services, the User may withdraw consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before we receive your withdrawal.
If you wish to withdraw consent to the processing of Personal Identifiable Information for commercial communications or to take part into market research, please send us a written request at the address specified in the Article headed “Contact us” below. We may use email marketing software as a third-party service to control preferences or manage certain email communications. You may also unsubscribe from e-mail marketing communications sent by us at any time by sending a message to the email address mentioned in the Article headed “Contact us” or by clicking on the ‘unsubscribe’ link in any of our marketing e-mails.
Please note that should you request to unsubscribe, you may continue to receive materials for a short period while we are updating commercial communication lists.
15. Children’s Privacy
17. Applicable law
If you have a concern about how we use your Personal Data, as a first step please contact us using the details set out below and we will do our best to resolve your concern. After investigating your concern, we will respond to you in writing within a reasonable time setting out our proposed remedial action. If you think we have processed your Personal Data in a manner which is unlawful or breaches your rights you also have the right to complain to the data protection authority in your place of residence or work, or the jurisdiction in which the processing took place.
18. Contact us
You can also use this address if you wish to request access to the Personal Data we hold about you or to unsubscribe from any further e-mail marketing communications.