BEEMED | GENERAL PRIVACY NOTICE
At BeeMed SA (we, our or BeeMed) we are committed to the privacy and confidentiality of the personal data of our users.
In this document, the term personal data refers to personally identifiable information about you, such as your name, date of birth, e-mail address, phone number, or postal address as well as any personal information that you have chosen to add to your profile page. It also includes online identifiers such as your IP address and URLs
This privacy notice (General Privacy Notice) describes our policies and practices with regards to personal data and sets out how we collect, use and share your personal data.
This privacy notice applies to all our activities, including the digital solutions accessible at www.beemed.com, app.beemed.com, wiki.beemed.com, the mobile applications “BeeMed” and BeeMed Events” available on both the IOS App Store and Android Playstore, (the Solutions), and the services we provide in this context (together with the provision of the Solutions, our Services), which are listed without limitation in section 13 of this General Privacy Notice (Service-Specific Information).
We may have additional privacy notices (the Additional Privacy Notices) which apply in addition or instead of this General Privacy Notice in specific situations or for specific Services, in which case the terms of such Additional Privacy Notices will prevail over those of this General Privacy Notice.
By using our Services, or otherwise providing us your information, you expressly acknowledge that we may process your personal data in accordance with this General Privacy Notice.
The following is a summary of (but not a replacement for) this General Privacy Notice:
3. Who is responsible for the processing of your personal data
BeeMed SA, rue Charles-Monnard 6, 1003 Lausanne, Switzerland, is responsible for the processing, as controller, of your personal data. You will find our contact details below in section 11.
As further detailed in this General Privacy Notice, we may process your personal data if it is provided to us by another user. This General Privacy Notice does not govern how other users use your personal information. Please read the section What about the information shared by our users? for additional information in this respect. We may also process personal data as data processor for our customers, as specified in section 13 (Services-Specific Information).
4. How we collect your personal data
We collect the personal data you provide us.
We collect the personal data that you provide to us when interacting with us and/or using our Services, for example when you use our Solutions, place an order or communicate with us when you create and/or manage your account, apply for a fellowship or for a job, publish an article, a case, a post in the newsfeed, or through web forms you fill
It is only mandatory that you complete the data fields identified as such. If one or more mandatory data fields are not completed, we will not be able to provide access to our Services. You are not required to complete the optional data fields in order to access our Services. These fields may be completed at any time through your account settings.
Additional Information on what information we collect from you:
Certain personal data are also collected in an automated manner.
We also automatically collect personal data, including by means of cookies and other active elements, as further described in this General Privacy Notice.
You may define certain authorizations relating to the automatic collection of your personal data when you configure your device or your internet browser according to available functionalities. You may also define certain settings for the automated collection of your personal data through the cookies setting plugin available on the Solutions. For more detailed information, please see the cookie section below (section 11).
Some information about you may also be provided to us by our users or third parties
We may collect certain information about you if this is provided to us by one of our users. Such information may comprise anything that is included in the user content that are uploaded by our users.
We require each of these users to have lawful rights to collect, use, and share your information before providing any information to us. We also require them to only share health information in an anonymized or pseudonymized manner (meaning that reasonable measures must be taken to remove any information permitting to identify individuals). You will find more information on this here.
In some circumstances, we may collect personal data about you from our partners, from publicly available websites, from current and former customers and contacts (for instance as referees for our research), and third-party customers and suppliers, to help us expand and better understand our audience and enhance the relevance of our content. For example, in some cases we obtain the contact details of potential contributors to our publications from public websites.
5.How we use your data
We process your personal data in accordance with applicable laws and only if we have a valid legal ground to do so.
We process your personal data in compliance with applicable law, in particular Swiss data protection laws and, to the extent they apply to us, other data protection legislations, such as the EU General Data Protection Regulation (GDPR) or its equivalent in the United Kingdom, manually or automatically using computer tools.
This means that we will only process your information for certain reasons (see Section 7) where we have a legal basis to do so.
Additional Information on the "legal basis"
What about the information shared by our users?
On our Solutions, we offer functionalities that enable users to upload and share content. This General Privacy Notice does not address how our users uses your personal data. If we access your personal data because it was transmitted to us by one of our users, it is our user which is responsible for ensuring that your personal data is collected and transferred to us in accordance with all privacy and data protection laws of all relevant jurisdictions, based on an appropriate legal ground. In that case, we will process your personal data as "data processor", in accordance with our terms of services, or in some cases, as a controller for our legitimate business operations related to providing those Services, as detailed in this General Privacy Notice or any Additional Privacy Notice.
We require our users to only share health data in an anonymized or pseudonymized manner (meaning that reasonable measures must be taken to remove any information permitting to identify individuals). We also require them to only share other personal information if they have a lawful right to do so (for instance with the consent of the concerned individuals).
If you have questions about our legitimate business operations in connection with providing Services to your users, please contact us as described in section 14
Additional Information on profiling and automated decisions
We may process your personal data to create a profile about you and provide you with more relevant information and services (profiling), for instance to show you more relevant information based on prior interactions with our Services.
We, however, do not make decisions exclusively on the basis of an automated processing which have legal effects on the data subjects or affect them significantly (automated individual decision). You may have the right to object to such activities, in accordance with applicable data protection laws (see section 12 below for additional information on your rights).
6.Why we use your data
We process your personal data for the reasons indicated in this Section or in any Additional Privacy Notice.
Where we intend to process your personal data for a purpose other than that for which it was originally collected, we will provide you with information on that other purpose and any relevant further information prior to such processing.
To provide our Services, operate the Solutions and for customer management purposes.
We mainly process your personal data to provide our Services to do so, including for creating and maintaining your user account, interacting with you, and other users (including for allowing other users to view your user's public content), providing you with the requested information and Services, and for related customer management purposes (such as invoicing).
The retention period depends on the reason for your request and its context.
The personal data that we process in this context includes: (i) personal data about individuals with whom we interact, such [as the name, title, position, company name, email and/or postal address and the professional fixed and/or mobile phone number]; (ii) personal data relating to our interactions and the services provided; (iii) any other information provided to us by you, your organization, or third parties.
If you are our direct customer, our basis for processing the data is our Contractual Necessity. In other cases (e.g. if you are a representative of one of our customers), it is our Legitimate Interests in delivering our Services to our customers and ensuring we are paid for our services.
The personal data which we must retain for record-keeping, tax or another legal obligation will, as a rule, be kept for the duration of the contractual relationship and thereafter for a period of 10 years (or such other retention period as applicable). Shorter retention periods apply for personal data which must not be retained for the above reasons.
For our legitimate business interests related to the provision of the Services, including to ensure the security of the Services, improve our Services, as well as for monitoring or statistical purposes.
We may also process your personal data for our legitimate business operations related to providing our Services, which include (i) ensuring that our Services are provided in an efficient and secure way (e.g. through internal analysis of the Services’ stability and security, updates and troubleshooting); (ii) protecting the security of our IT systems, architecture and networks; (iii) benefiting from cost-effective services (e.g. we may opt to use certain services offered by suppliers rather than undertaking the activity ourselves); (iv) improving and developing the Services (including monitoring the use of our Services, and for statistical purposes); and (v) achieving our corporate goals).
You may withdraw your consent, respectively object to such processing activities, at any time.
Additional information on the processing of your personal data for our legitimate business operations:
We process this data to establish a connection with your device over the internet, to identify you when you use the Solutions, control the use of the Solutions and for security purposes
To send you our newsletters and communication product changes and offers.
If you subscribe to our newsletter, we will collect your contact details (name and email address) and use it to provide you with our newsletter. You may unsubscribe from the newsletter service or any type of communication at any time, in which case you will stop receiving our newsletter. We also process the time of registration and your opt-in confirmation based on our legal obligation to demonstrate compliance.
We want you to benefit from our new and existing products and services. For this purpose, if you have previously required services or products from us and have not objected to the corresponding use of your email address, we may contact you by email carefully curated and relevant offers and promotions, exclusive event invitations and feature announcements. You can change your preferences and object to the use of your email address for this purpose at any time by contacting us (see contact detail in section 14).
Legal basis: Legitimate Interest
To provide you with job opportunities within BeeMed.
We may process your personal data to allow you to consult and apply for job opportunities within BeeMed. We will process the personal data you provide. In addition, if you provide us with links to your profile on social media platforms (such as LinkedIn) or with contact information for references, we will assume that we may gather information from these sources.
Any information you submit must be true, complete and not misleading. Should the information provided be inaccurate, incomplete, or misleading, subject to applicable law, this may lead to a rejection of your application during the application process or disciplinary action including immediate dismissal if you have been employed.
We will process your personal data exclusively for assessing your application. Your personal data is retained no longer than the duration of the recruitment process unless required otherwise by applicable laws and regulations.
Legal basis: Contractual Necessity (to take pre-contractual steps at your request)
To comply with our other legal obligations or for other legitimate interests.
We may further process your personal data if we have a legal obligation to do so or for other legitimate interests. This will for instance be the case if we need to disclose certain information to public authorities or retain such information for tax or accounting purposes, or for the establishment, exercise or defense of legal claims.
The personal data that we process for this purpose are those that we collected for one of the purposes indicated elsewhere in this section 6. We retain the personal data for the duration of the legal obligation imposed on us.
7.The circumstances in which we share your personal data with third parties
We will only share your personal data with third parties if this is necessary for the operation of our Services, if there is a legal obligation or permission to do so, or if there is another valid reason to do so.
We store your personal data on servers located in Switzerland. We may also store a copy your personal data near to the geographic location where you reside (e.g. in the U.S. for U.S. users) in order to provide you with a better service.
In principle, we do not transfer your personal data to other countries or make it available there. However, in certain circumstances, in particular in connection with the operations of our subcontractors, your personal data may be made available to recipients located abroad (e.g. SendinBlue is headquartered in France, and Google is headquartered in the U.S, from which locations some data may be available). In such cases, we will ensure that suitable safeguards are in place, in accordance with applicable data protection laws, for instance by relying on standard contractual clauses adopted by the European Commission.
Moreover, the information accessible to the public or to other users on the Solutions may be accessed worldwide.
If you transmit information and data to us, you are expressly deemed to consent to such data transfers. You may request additional information in this regard and obtain a copy of the relevant safeguards upon request by sending a request to the contact address indicated in section 14 below.
9.How long we store your personal data
Your personal data will not be stored longer than necessary. We will erase or anonymize personal data as soon as it is no longer necessary for us to fulfil the purposes set out in section 6 of this General Privacy Notice. This period varies, depending on the type of data concerned and the applicable legal requirements. More information on each type of processing can be found in section 6 above.
Your account information is retained for as long as your account is active. If you suppress your user account, your account information will be deleted or anonymized within 30 days after such event, unless data must be retained for a valid reason (such as evidentiary or tax purposes).
In view of the legal obligations’ incumbent upon us, certain information relating in particular to the contractual relationship must be retained for at least 10 years. More information on each type of processing can be found in section 13 (Service-Specific Information).
We maintain physical, technical and procedural safeguards to keep your personal data secure.
We are committed to the security of your personal data, and have in place physical, administrative and technical measures designed to keep secure your personal data and to prevent unauthorized access to it. We use two-factor authentication whenever possible. We restrict access to your personal data to those persons who need to know it for the purpose described in this General Privacy Notice. In addition, we use standard security protocols and mechanisms to exchange the transmission of sensitive data. When you enter sensitive information on our Solutions, we encrypt it using Transport Layer Security (TLS) technology.
Although we take appropriate steps to protect your personal data, no IT infrastructure is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect.
The internet is a global environment. As a result, by sending information to us electronically, such data may be transferred internationally over the internet depending upon your location. Internet is not a secure environment and this General Privacy Notice applies to our use of your personal data once it is under our control only. Given the inherent nature of the internet, all internet transmissions are done at your own risk.
If we have reasonable reasons to believe that your personal data have been acquired by an unauthorized person, and applicable law requires notification, we will promptly notify you of the breach by email (if we have it) and/or by any other channel of communication (including by posting a notice on the Solutions).
12.Your rights with regard to the processing of your personal data
You have the right to access your personal data we process and may request that they be removed, updated, or rectified.
You may contact us directly to exercise your rights. Unless otherwise provided by law, you have the right to know whether we are processing your personal data, to know the content of such personal data, to verify its accuracy, and to the extent permitted by law, to request that it be supplemented, updated, rectified or erased. You also have the right to ask us to cease any specific processing of personal data that may have been obtained or processed in breach of applicable law, and you have the right to object to any processing of personal data for legitimate reasons.
By accessing your user account (if you have one), you can review, update, correct or delete the personal data available within your user account.
If you request us to delete your personal data from our systems, we will do so unless we need to retain your data for legal or other legitimate reasons. Please note that any information that we have copied may remain in back-up storage for some period of time after your deletion request.
Where we rely on your consent to process your personal data, we will seek your freely given and specific consent by providing you with informed and unambiguous indications relating to your personal data. You may revoke at any time such consent (without such withdrawal affecting the lawfulness of processing made prior to).
The above does not restrict any other rights you might have pursuant to applicable data protection legislation under certain circumstances.
In particular, if the GDPR applies to the processing of your personal data you have the following rights under the GDPR if the respective requirements are met:
Also, if you are a California resident using the Services, the California Consumer Privacy Act (CCPA) may provide you the right to request access to and deletion of your personal data. You may request that we:
In addition, users of the Services who are California residents and under 18 years of age may request and obtain removal of content they posted.
We do not sell user personal data to third parties for the intents and purposes of the CCPA.
To exercise the right to request access to and deletion of your personal data, please see the contact details in section 14 below. We do not discriminate based on the exercise of any privacy rights that you might have under this section and will respond to your request consistent with applicable law].
[All requests must be labeled “California Removal Request” on the email subject line. All requests must provide a description of the content you want removed and information reasonably sufficient to permit us to locate that content. We do not accept California Removal Requests via postal mail, telephone, or facsimile. We are not responsible for notices that are not labeled or sent properly, and we may not be able to respond if you do not provide adequate information. Please note that your request does not ensure complete or comprehensive removal of the material. For example, materials that you have posted may be republished or reposted by another user or third party.]
You will find further details of your rights in sections 5 and 6 and of this General Privacy Notice in connection with each processing activity we perform. If you want to exercise any of your rights, or want additional information about them, please contact us using the contact detailed listed below (see section 14).
You have the right to lodge a complaint with the competent authority.
If you are not satisfied with the way in which we process your personal data, you may lodge a complaint with the competent data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, in addition to the rights described above.
Although this is not required, we recommend that you contact us first, as we might be able to respond to your request directly.
This section of the General Privacy Notice contains the information which is specific to certain Solutions and other Services. It applies in addition to the other sections of this General Privacy Notice.
For now, we have no additional services with specific information not already covered in other sections of this document.
If you believe your personal data has been used in a way that is not consistent with this General Privacy Notice, or if you have any questions or queries regarding the collection or processing of your personal data, please contact our data protection officer at email@example.com
Contact our data UE representative: https://edpb.europa.eu/about-edpb/about-edpb/members_en
15.Updates to this General Privacy Notice
This General Privacy Notice may be subject to amendments. Any changes or additions to the processing of personal data as described in this General Privacy Notice affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you (including by email and/or via the Solutions, e.g. banners, pop-ups or other notification mechanisms). If you do not agree to the changes made, you must stop accessing and/or using the impacted Services.
Last updated: 17 August 2023
Which Cookies we use
Cookies are small files of letters and numbers downloaded on to your computer when you access certain websites. They can serve different purposes. At BeeMed, we only use essential cookies in connection with our Solutions. They are required in order for the Solutions to function properly.
On our website, we may also use the Google Analytics cookies to measure and monitor the traffic and use of the Solutions and their performance.
If you do not want Cookies to be stored on your electronic device, you can configure your internet browser or electronic device to refuse and/or restrict them. Keep in mind, however, that the cookies we use are, essential to the functioning of the Solutions. They may operate differently if you refuse or completely restrict all Cookies.
You can see the help section of your internet browser or electronic device for more specific instructions on how to manage Cookies. The following links may be helpful, or you can use the “Help” option in your browser.
To opt out from and prevent your data from being used by Google Analytics across all websites, check out the following instructions: https://tools.google.com/dlpage/gaoptout
Last updated: 17 August 2023