Data Privacy

Last revised on: 15.02.2021

NALA.care GmbH (“we” or “NALA”) is the company that controls the processing of your personal data on the NALA website at https://www.Nala.care (the “Site”) and through the NALA app (the “App”).

We are committed to protecting your personal privacy. This privacy policy explains the kinds of personal information that we collect on the Site and through the App, and how we use and protect it. It also tells you what to do if you do not want your personal information collected when you visit the Site or use the App, and how you can access, correct, delete or object to future use of personal information you have already provided.

General

NALA respects your right to privacy and data protection and will always use personal information in a fair and trustworthy manner.  We operate our Site and our App in accordance with applicable laws and with generally accepted principles governing data protection.

This Privacy Policy applies to information that we collect, hold and process about living individuals.

The following sections of this Privacy Policy describe the types of personal information (“data”) we collect, the purposes for which we use those data, with whom we share them, and your rights with respect to your personal information. We also describe the measures we take to protect the security of the personal information we hold, how to contact us about our privacy practices, and how to exercise your rights.

Personal Data we may collect, use and process

When you visit the Site, the following data will automatically be collected and stored on our servers:

  •  the name of your Internet Service Provider,
  •  your IP address,
  •  the browser you use,
  •  the operating system on the device used to access our Site,
  •  the website that you were using to reach us,
  •  the websites that you visit while you are with us,
  •  any search terms you have been using to find our Site,
  •  information on actions taken on our Site,
  •  language preferences,
  •  physical location,
  •  dates and times of Site visits.

With the exception of the IP address, these data are not personal information, but collecting them may allow conclusions to be drawn about visitors to the Site. We use these data for system administration, security, backup, technical support and for statistical purposes.

We will collect, store and process the following kinds of personal information when you voluntarily provide us with them (both on the app and on the website):

  • contact information (name, postal address, email address, phone number);
  • username and password to access our online services, including your account on the App;
  • date of birth;
  • gender;
  • location and location-based data (e.g., temperature and humidity);
  • payment information (such as payment card or bank account number, card expiry date, and billing address);
  • content you provide (for example, photos or videos); and
  • information about your health (provided you have explicitly consented to provide it).

When you visit the Site or use the App, we may use Cookies and web beacons. For further information on the use of Cookies and similar technologies, please refer to our Cookie Statement.

How we use personal data

Each time we collect personal information from you, we will first inform you how it will be used.  We will use, store and process your personal information only for legitimate purposes.  If you do not have an account with us, these purposes may include:

  • providing you with information you have requested; and
  • helping you to use the Site and the App.

We will not use or process your personal information for any purpose that you have not agreed to in your declaration of consent or through your actions on the Site or the App (e.g. by opening an account, registering for product information, placing an order and providing customer details).

If you open an account on the App, we will use and process your personal information to the extent necessary to:

  • create and manage your account;
  • manage your orders and invoices;
  • offer and provide guidance to you for the management of atopic dermatitis;
  • communicate with you about, and administer your participation in, surveys, events, programs, webinars, service information, newsletters, promotions and other offers;
  • enable you to see content on our Site and in the App, such as training materials and videos;
  • enable you to communicate with other users of the App and with medical experts via our secure messaging system;
  • offer you the opportunity to participate in surveys and sponsored brand challenges run by our partners;
  • respond to your enquiries and requests;
  • provide support for services purchased by you;
  • process claims we receive in connection with our services;
  • operate, evaluate and improve our business (including developing new products and services; enhancing and improving our services; managing our communications; analysing our products; performing data analytics; and performing accounting, auditing, billing reconciliation and collection activities and other internal functions);
  • perform data analysis and processing (including market and consumer research, trend analysis, financial analysis, anonymisation, encryption and tokenization of personal information);
  • protect against, identify and prevent fraud and other criminal activity, claims and other liabilities; and
  • comply with and enforce legal requirements, relevant industry standards and our policies.

In addition, we use information collected online through cookies, web beacons and other automated means for purposes such as (i) customising our users’ visits to our Site, (ii) delivering content (including advertising) tailored to our users’ interests and the manner in which our users browse our Site, and (iii) managing our business. For further information on the use of Cookies and similar means, please refer to our Cookie Statement (see below).

We may use third party web analytics services on this Site, including Google Analytics, Hotjar and UXCam. The providers of these services use technologies including cookies, web server logs and web beacons to help us analyse how visitors use our website. The information we collect in this way is disclosed to the service providers, who use the information to evaluate use of the Site. To learn more about Google Analytics and how to opt out, please visit www.google.com/analytics/learn/privacy.html.

If we wish to use your personal information in other ways we will first obtain your consent.

Health Information

Because the purpose of the App is to help you manage skin conditions, we will ask you for information about your skin condition or that of the person whose skin condition you are helping to manage.  This kind of health information is a special category of personal data.  We collect this information (a) for the purpose of providing you with the services described in the App and (b) to enable the App to learn about the management of skin conditions so that we can provide users with better advice. Unless we are required by law to do so, or you instruct us to do so (for example, with your doctor), we will never share your health information with a third party.  We take the utmost care in the way we process health information.

Before you provide health information for these purposes, we will ask for your explicit consent.

Children

We understand that you may be using the App to manage a child’s skin condition.  The App is not, however, intended for use by children. Please do not allow children access to your account on the App, even if you are using the App for managing the child’s skin condition.

Online Tracking

With your consent, we may collect information about your activities on the Site and the App, for use in providing you with advertising about products and services tailored to your individual interests.

We use Google Display Advertising (such as Remarketing with Google Analytics, Google Display Network Impression Reporting, DoubleClick Campaign Manager integration, and Google Analytics Demographics and Interest Reporting) to (1) show you our ads on other websites based on your prior visits to our Site, and (2) better understand our ad impressions and use of ad services. In connection with the Google Analytics Demographics and Interest Reporting service, we may use data from Google’s interest-based advertising or third-party audience data (such as age, gender and interests) with Google Analytics to understand and improve our marketing campaigns and Site content.

Some of our online advertising takes place through Google Display Advertising. As part of this program, we use Google Analytics features such as Retargeting. In connection with that feature and others offered by ad networks, we and the operators of ad networks, including Google, may use third-party cookies (such as the DoubleClick cookie) – and in some cases first-party cookies (such as the Google Analytics cookie) – to inform, optimize and serve ads across the Internet based on a user’s past visits to our Site.

You can visit Google’s website to opt out of Google AdWords remarketing service and Google Analytics for Display Advertising. Our Site is not designed to respond to “do not track” signals received from browsers. For further information on the use of Cookies and similar means, please refer to our Cookie Statement (see below).

Sharing of Personal Information

We do not sell or otherwise disclose or share personal information we collect and hold about you, except as described here.

To the extent that you have provided consent and as permitted by applicable law we may share your personal information with:

  • Our affiliates and subsidiaries for the purposes described in Section 3 of this Privacy Policy.
  • Service providers who perform services on our behalf based on our instructions. We do not authorise these service providers to use or disclose any personal information except as necessary to perform services on our behalf and/or to comply with legal requirements. Examples of these service providers include businesses that process credit card payments, fulfil orders, and provide web hosting, training, event and marketing services.  We have signed data processing agreements with these service providers which require them to keep that information in confidence, provide adequate security measures, and to refrain from using the information for any other purpose, in compliance with the European Union’s General Data Protection Regulation (GDPR).

If we need to disclose your personal information to any other third parties we will do so only if we first have your consent. The only exception to the above is where we are required to disclose your data to law enforcement authorities, when we believe disclosure is necessary to prevent physical harm or financial loss, and/or in connection with an investigation of suspected or actual fraudulent or other illegal activity.

We also reserve the right to transfer personal information we have about you if we sell or transfer all or a portion of our business or assets to a third party.

From time to time, we work with manufacturers of eczema / atopic dermatitis products to provide them with information to help them improve their products. When we do this, we do not provide personal information to these manufacturers, but we may provide them with anonymized, aggregated data.

Data Transfers

We may transfer personal data we collect and hold about you to recipients in countries other than the country in which the information was originally collected.  Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your personal data to other countries, we will protect that information as described in this Privacy Policy. If we transfer personal data to recipients outside the European Union (“EU”) or Switzerland, we will comply with the applicable legal requirements providing adequate protection for the transfer of personal data to recipients in countries outside of the EU or Switzerland, and make sure they provide the same level of data protection as provided within the EU or Switzerland.

This includes taking technical and organisational measures to ensure compliance, as well as the use of standard contractual clauses in our agreements with our data processors.

Your Rights 

You have the right to
(i) access personal information we hold about you and obtain a copy of that information (art. 15 GDPR),
(ii) update or correct inaccuracies in that information (art. 16 GDPR),
(iii) object to our use of your personal information (art. 18 GDPR),
(iv) request deletion of your personal information from our database (art. 17 GDPR),
(v) complain to a data protection authority about our processing of your data (art. 15.1.(f) GDPR),
(vi) request that we return your personal information to you or to a third party name by you (art. 20 GDPR).

To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to personal information.

Links To Other Websites

Our Site and the App may provide links to websites operated by third parties. We are not responsible for the content or the privacy practices of websites operated by third parties.

Updates to our Privacy Policy

This Privacy Policy may be updated periodically.  We will post a prominent notice on the Site and send you an email to notify you of changes to our Privacy Policy and we indicate, at the top of the Privacy Policy, when it was most recently updated.

  How To Contact Us

If you have any questions or comments about this Privacy Policy, or if you would like us to update information we have about you or your preferences, to exercise your rights of access, rectification, blocking, or deletion, or to object to the processing of your personal data, please contact us in any of the following ways:

By email, to [email protected]

By post, to NALA.care GmbH, c/o Impact Hub, Spitalgasse 28, 3011 Bern, Switzerland.

By telephone: +41 78 680 84 87

Our data protection officer is Spencer Cabildo.

The competent health authority that oversees NALA is Swissmedic, and the competent data protection authority is the Federal Office for Data Protection.

 

********************

Cookie Statement

This website uses cookies for the following purposes:

 

Cookie type Name Purpose
Analytics cookie __utma This cookie keeps track of the number of times a visitor has been to the site, when their first visit was, and when their last visit occurred.
Analytics cookie __utmb __utmc The B and C cookies are brothers, working together to calculate how long a visit takes. __utmb takes a timestamp of the exact moment in time when a visitor enters a site, while __utmc takes a timestamp of the exact moment in time when a visitor leaves a site.
Analytics cookie __utmt This cookie \is used to throttle the request rate for the service – limiting the collection of data on high traffic sites.
The main purpose of this cookie is to analyse performance of the website
Analytics cookie __utmz  This cookie keeps track of where the visitor came from, what search engine you used, what link you clicked on, what keyword you used, and where they were in the world when you accessed a website.
Analytics cookie _ga This cookie is set to distinguish unique users by assigning a randomly generated number as a client identifier. This is used to calculate visitor, session and campaign data for the websites analytics reports
Analytics cookie __gat This cookie is used to throttle the request rate – limiting the collection of data on high traffic sites

 

If you accept cookies, the web server supplying the webpage or managing files included in the webpage may store cookies on the device you are using when you look at the Site.  Another way of storing cookies is through JavaScript code contained or referenced in that page.

Each time you request a new page, the web server can receive the values of the cookies it previously set and return the page with content relating to these values; in other words, the cookies will be used to avoid repeating the entry of information you already provided.  JavaScript code can also read a cookie belonging to its domain and perform an action according to the instructions in the cookie.

For additional information about cookies, we recommend that you visit allaboutcookies.org.