Last revised on: 15.02.2021
NALA.care GmbH (“we” or “NALA”) is the company that controls the processing of your personal data on the NALA website at https://www.Nala.care (the “Site”) and through the NALA app (the “App”).
NALA respects your right to privacy and data protection and will always use personal information in a fair and trustworthy manner. We operate our Site and our App in accordance with applicable laws and with generally accepted principles governing data protection.
Personal Data we may collect, use and process
When you visit the Site, the following data will automatically be collected and stored on our servers:
- the name of your Internet Service Provider,
- your IP address,
- the browser you use,
- the operating system on the device used to access our Site,
- the website that you were using to reach us,
- the websites that you visit while you are with us,
- any search terms you have been using to find our Site,
- information on actions taken on our Site,
- language preferences,
- physical location,
- dates and times of Site visits.
With the exception of the IP address, these data are not personal information, but collecting them may allow conclusions to be drawn about visitors to the Site. We use these data for system administration, security, backup, technical support and for statistical purposes.
We will collect, store and process the following kinds of personal information when you voluntarily provide us with them (both on the app and on the website):
- contact information (name, postal address, email address, phone number);
- username and password to access our online services, including your account on the App;
- date of birth;
- location and location-based data (e.g., temperature and humidity);
- payment information (such as payment card or bank account number, card expiry date, and billing address);
- content you provide (for example, photos or videos); and
- information about your health (provided you have explicitly consented to provide it).
How we use personal data
Each time we collect personal information from you, we will first inform you how it will be used. We will use, store and process your personal information only for legitimate purposes. If you do not have an account with us, these purposes may include:
- providing you with information you have requested; and
- helping you to use the Site and the App.
We will not use or process your personal information for any purpose that you have not agreed to in your declaration of consent or through your actions on the Site or the App (e.g. by opening an account, registering for product information, placing an order and providing customer details).
If you open an account on the App, we will use and process your personal information to the extent necessary to:
- create and manage your account;
- manage your orders and invoices;
- offer and provide guidance to you for the management of atopic dermatitis;
- communicate with you about, and administer your participation in, surveys, events, programs, webinars, service information, newsletters, promotions and other offers;
- enable you to see content on our Site and in the App, such as training materials and videos;
- enable you to communicate with other users of the App and with medical experts via our secure messaging system;
- offer you the opportunity to participate in surveys and sponsored brand challenges run by our partners;
- respond to your enquiries and requests;
- provide support for services purchased by you;
- process claims we receive in connection with our services;
- operate, evaluate and improve our business (including developing new products and services; enhancing and improving our services; managing our communications; analysing our products; performing data analytics; and performing accounting, auditing, billing reconciliation and collection activities and other internal functions);
- perform data analysis and processing (including market and consumer research, trend analysis, financial analysis, anonymisation, encryption and tokenization of personal information);
- protect against, identify and prevent fraud and other criminal activity, claims and other liabilities; and
- comply with and enforce legal requirements, relevant industry standards and our policies.
We may use third party web analytics services on this Site, including Google Analytics, Hotjar and UXCam. The providers of these services use technologies including cookies, web server logs and web beacons to help us analyse how visitors use our website. The information we collect in this way is disclosed to the service providers, who use the information to evaluate use of the Site. To learn more about Google Analytics and how to opt out, please visit www.google.com/analytics/learn/privacy.html.
If we wish to use your personal information in other ways we will first obtain your consent.
Because the purpose of the App is to help you manage skin conditions, we will ask you for information about your skin condition or that of the person whose skin condition you are helping to manage. This kind of health information is a special category of personal data. We collect this information (a) for the purpose of providing you with the services described in the App and (b) to enable the App to learn about the management of skin conditions so that we can provide users with better advice. Unless we are required by law to do so, or you instruct us to do so (for example, with your doctor), we will never share your health information with a third party. We take the utmost care in the way we process health information.
Before you provide health information for these purposes, we will ask for your explicit consent.
We understand that you may be using the App to manage a child’s skin condition. The App is not, however, intended for use by children. Please do not allow children access to your account on the App, even if you are using the App for managing the child’s skin condition.
With your consent, we may collect information about your activities on the Site and the App, for use in providing you with advertising about products and services tailored to your individual interests.
We use Google Display Advertising (such as Remarketing with Google Analytics, Google Display Network Impression Reporting, DoubleClick Campaign Manager integration, and Google Analytics Demographics and Interest Reporting) to (1) show you our ads on other websites based on your prior visits to our Site, and (2) better understand our ad impressions and use of ad services. In connection with the Google Analytics Demographics and Interest Reporting service, we may use data from Google’s interest-based advertising or third-party audience data (such as age, gender and interests) with Google Analytics to understand and improve our marketing campaigns and Site content.
Some of our online advertising takes place through Google Display Advertising. As part of this program, we use Google Analytics features such as Retargeting. In connection with that feature and others offered by ad networks, we and the operators of ad networks, including Google, may use third-party cookies (such as the DoubleClick cookie) – and in some cases first-party cookies (such as the Google Analytics cookie) – to inform, optimize and serve ads across the Internet based on a user’s past visits to our Site.
Sharing of Personal Information
We do not sell or otherwise disclose or share personal information we collect and hold about you, except as described here.
To the extent that you have provided consent and as permitted by applicable law we may share your personal information with:
- Service providers who perform services on our behalf based on our instructions. We do not authorise these service providers to use or disclose any personal information except as necessary to perform services on our behalf and/or to comply with legal requirements. Examples of these service providers include businesses that process credit card payments, fulfil orders, and provide web hosting, training, event and marketing services. We have signed data processing agreements with these service providers which require them to keep that information in confidence, provide adequate security measures, and to refrain from using the information for any other purpose, in compliance with the European Union’s General Data Protection Regulation (GDPR).
If we need to disclose your personal information to any other third parties we will do so only if we first have your consent. The only exception to the above is where we are required to disclose your data to law enforcement authorities, when we believe disclosure is necessary to prevent physical harm or financial loss, and/or in connection with an investigation of suspected or actual fraudulent or other illegal activity.
We also reserve the right to transfer personal information we have about you if we sell or transfer all or a portion of our business or assets to a third party.
From time to time, we work with manufacturers of eczema / atopic dermatitis products to provide them with information to help them improve their products. When we do this, we do not provide personal information to these manufacturers, but we may provide them with anonymized, aggregated data.
This includes taking technical and organisational measures to ensure compliance, as well as the use of standard contractual clauses in our agreements with our data processors.
You have the right to
(i) access personal information we hold about you and obtain a copy of that information (art. 15 GDPR),
(ii) update or correct inaccuracies in that information (art. 16 GDPR),
(iii) object to our use of your personal information (art. 18 GDPR),
(iv) request deletion of your personal information from our database (art. 17 GDPR),
(v) complain to a data protection authority about our processing of your data (art. 15.1.(f) GDPR),
(vi) request that we return your personal information to you or to a third party name by you (art. 20 GDPR).
To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to personal information.
Links To Other Websites
Our Site and the App may provide links to websites operated by third parties. We are not responsible for the content or the privacy practices of websites operated by third parties.
How To Contact Us
By email, to [email protected]
By post, to NALA.care GmbH, c/o Impact Hub, Spitalgasse 28, 3011 Bern, Switzerland.
By telephone: +41 78 680 84 87
Our data protection officer is Spencer Cabildo.
The competent health authority that oversees NALA is Swissmedic, and the competent data protection authority is the Federal Office for Data Protection.
|Analytics cookie||__utma||This cookie keeps track of the number of times a visitor has been to the site, when their first visit was, and when their last visit occurred.|
|Analytics cookie||__utmb __utmc||The B and C cookies are brothers, working together to calculate how long a visit takes. __utmb takes a timestamp of the exact moment in time when a visitor enters a site, while __utmc takes a timestamp of the exact moment in time when a visitor leaves a site.|
|Analytics cookie||__utmt||This cookie \is used to throttle the request rate for the service – limiting the collection of data on high traffic sites.
The main purpose of this cookie is to analyse performance of the website
|Analytics cookie||__utmz||This cookie keeps track of where the visitor came from, what search engine you used, what link you clicked on, what keyword you used, and where they were in the world when you accessed a website.|
|Analytics cookie||_ga||This cookie is set to distinguish unique users by assigning a randomly generated number as a client identifier. This is used to calculate visitor, session and campaign data for the websites analytics reports|
|Analytics cookie||__gat||This cookie is used to throttle the request rate – limiting the collection of data on high traffic sites|
For additional information about cookies, we recommend that you visit allaboutcookies.org.