Privacy policy for customers and participants

 

In this privacy policy, we inform you how we, SalutaCoach AG, collect and process your personal data as a customer or participant in connection with our health coaching sessions (“coaching sessions“), including the use of our health coaching platform. The health coaching platform is available to you at https://app.salutacoach.ch/ or via app. Our privacy policy for the general use of our website can be found here.

Your privacy is important to us. Accordingly, we endeavor to process your personal data in accordance with the applicable data protection law, namely the Swiss Federal Act on Data Protection (“FADP”) and the EU General Data Protection Regulation (“GDPR“).

We collect personal data directly from you. We may also receive individual personal data from your employer, e.g. if they (co-)finance the coaching sessions, or from other contractual partners such as healthcare facilities. If certain personal data is not provided, this may be associated with restrictions, for example in that we may not be able to contact you, carry out our coaching sessions or provide you with our health coaching platform.

If you provide us with personal data about other persons (e.g. about your relatives or employees), we assume that this data is correct. By disclosing such data to us, you confirm that you are authorized to disclose this data to us and that you have informed the data subjects of this privacy policy.

1. responsibility for data processing

SalutaCoach AG is responsible for data processing. If you have any data protection concerns, you can send them to the following address:

SalutaCoach AG
Aeschenplatz 6
4052 Basel

Phone: 0800 190 190
E-mail: info@salutacoach.ch
Contact form: […]

Persons from the European Economic Area can also contact our representative:

Data Protection Representative Limited (trading DataRep), 77 Camden Street Lower Dublin, D02 XE80, Ireland, Registered in Ireland (number 616588)
You can find out more about contacting us here.

2. categories of personal data, processing purposes and legal bases

2.1 Digital services

When you use our digital services, which we offer you via browser or app via our health coaching platform, we may process personal data about you, including registration data and usage data (as defined below) as well as coaching data and contract data (in accordance with sections 2.2 and 2.3), collectively referred to as“service data“.

Categories of personal data: When you register for our digital services, you must open an account or create a login, for which we require information such as first name, last name, user name, password and e-mail address. This may also include other information that we require from you in order to provide you with the Services, e.g. address, telephone number, date of birth, gender, nationality, language, profession, time zone, customer history, etc. (“Registration Data”). (“Registration Data“). In addition, when you use our services, we may process transaction information (date, currency, payer and payee details) and record emails, text messages, social media messages and other communications between you and us. We may also analyze your use of our Services to get to know you better and tailor our Services to you by collecting data about your behavior and preferences (“Usage Data“).

Processing purposes: In general, we use service data to provide you with our digital services and to comply with applicable legal requirements and our internal regulations. We may also process service data to document the provision of our services, for training purposes, for quality assurance, to improve our services and processes and for market research and product development.

Legal bases: Within the scope of the GDPR, data processing is carried out for the conclusion or performance of a coaching-related contract with you (Art. 6 para. 1 lit. b GDPR), to safeguard our legitimate interests (as described above under “Processing purposes”; Art. 6 para. 1 lit. f GDPR) and/or based on your consent, where such consent is required (Art. 6 para. 1 lit. a GDPR).

2.2 Coaching

If you take advantage of coaching from us or our coaches, we may process personal data about you in connection with this (“coaching data“).

Categories of personal data: Coaching data may include service data and contract data (as described in sections 2.1 and 2.3) as well as other information relating to coaching, including in particular health-related data. Depending on the coaching, we may work on

• Movement data such as activity type, duration, intensity, geo data incl. GPS data, steps, heart rate, speed/tempo, power, temperature, calories burned and consumed, etc;
• Nutritional data such as food allergies, favorite foods, disliked foods, logged meals and food, calories consumed and burned, etc;
• Biometric data such as weight, height, waist-to-hip ratio (WHR), sleep data, resting heart rate, heart rate variability, respiration rate, muscle percentage, percentage body fat, water content, blood values;
• Other health data used to record progress, such as heart rate, body weight, body mass index (BMI), waist-to-hip ratio (WHR), height, sleep or stress data, resting heart rate, etc.
• other data relevant to the coaching in question, including data generated during communication between you and the coaches (e.g. via telephone, video call and chat or text messages), availability for a consultation, appointments for coaching sessions, general physical and mental condition, optimization needs, medication, health check-ups, medical histories, analyses, etc.

Processing purposes: We use coaching data for the purposes of coaching, i.e. to carry out a health analysis, develop individual solutions and support you in achieving your goals (e.g. with regard to exercise, nutrition and mental health), establish or change habits and increase your well-being. We also process coaching data to enable communication between you and the coaches. We also process coaching data in order to document the coaching in the digital coaching journal and offer you recommendations.

Legal bases: Within the scope of the GDPR, data processing is carried out for the conclusion or performance of a coaching-related contract with you (Art. 6 para. 1 lit. b GDPR), to safeguard our legitimate interests (as described above under “Processing purposes”; Art. 6 para. 1 lit. f GDPR) and/or based on your consent, where such consent is required (Art. 6 para. 1 lit. a GDPR).

2.3 Contract

If we negotiate or conclude and execute a contract with you, we may process personal data about you in connection with this (“contract data“). We may also receive certain contract data from third parties and, where permitted, share it with them, for example if you take out a subscription through one of our business partners or if they (namely your employer) provide the financing or if you claim benefits from an insurance company.

Categories of personal data: Contract data may include registration data and usage data (as described in section 2.1) as well as other information relating to the contract and the services agreed therein.

Processing purposes: We use contract data for the preparation, conclusion, performance and administration of our contractual relationships, including for inquiries that may arise in this context. Processing may also be necessary to comply with legal requirements and internal regulations. We may retain the data to document our communication with you, for training purposes, for quality assurance and for follow-up requests.

Legal bases: Within the scope of the GDPR, data processing is carried out for the conclusion or performance of a coaching-related contract with you (Art. 6 para. 1 lit. b GDPR), to fulfill a legal obligation to which we are subject (Art. 6 para. 1 lit. c GDPR), to safeguard our legitimate interests (as described above under “Processing purposes”; Art. 6 para. 1 lit. f GDPR) and/or based on your consent, where such consent is required (Art. 6 para. 1 lit. a GDPR).

2.4 Marketing

We may process personal data for marketing purposes and to maintain customer relationships, in particular for sending newsletters, specialist articles and links (collectively referred to as“marketing data“).

Categories of personal data: Marketing data includes, in particular, contact data (e.g. first name, surname, email address, address, etc.), preferences (e.g. areas of interest) and possibly other data such as service data, coaching data and contract data.

Processing purposes: We process marketing data for marketing and relationship management purposes, e.g. to provide you with personalized recommendations and advertising for our services and products or those of third parties, for example in the form of newsletters, either in person, by e-mail or in another electronic form, by telephone or via another communication channel, provided that you have provided us with the relevant contact details.

Legal bases: Within the scope of application of the GDPR, data processing is carried out to safeguard our legitimate interests (as described above under “Processing purposes”; Art. 6 para. 1 lit. f GDPR) and/or based on your consent, where such consent is required (Art. 6 para. 1 lit. a GDPR).

3. hosting

The data we collect is stored in the Microsoft Azure Cloud, among other places. The databases used for the health coaching platform are hosted entirely in Switzerland. The data remains under our control. Microsoft does not analyze or use the data for purposes other than those agreed. Azure Switzerland fulfills the relevant compliance and data protection certifications.

The transmission of data (e.g. during coaching sessions in a call or chat) is fully end-to-end encrypted. The health coaching platform is secured by multi-factor authentication (MFA). Login data such as passwords are strongly encrypted.

You can find more information here: https://azure.microsoft.com/de-de/explore/trusted-cloud/.

4. disclosure of data to third parties and abroad

Personal data may be used for the purposes set out under para. 2 to the following categories of recipients:

• Hosting providers and other service providers (including providers of communication services);
• Business partners (e.g. booking partners, insurance companies, external coaches) and your employer (limited to certain personal data, e.g. if they finance a subscription for you) and Moodtalk (if you use the Moodtalk platform as a team).
• Advisors and transaction partners (e.g. in mergers, acquisitions or other transactions in which we are involved);
• competent authorities and representatives, insofar as this is necessary to comply with a legal obligation or official request or to establish, exercise or enforce legal claims.

In connection with the above-mentioned disclosures, personal data may be transferred to the following countries or regions:

• European Economic Area;
• […].

If personal data is transferred to a country in which there is no adequate level of data protection under applicable data protection law, we conclude standard contractual clauses with the respective recipient, provided that no other suitable measure exists to protect the data or a statutory exemption provision for the transfer abroad applies.

5. data retention

We process and store your personal data for as long as required for the processing purposes (see section 2), the statutory retention periods and our legitimate interests (e.g. documentation, quality assurance or similar business purposes as well as the assessment, assertion or defense of legal claims). Except in the case of conflicting legal or contractual obligations, we will delete or anonymize your personal data after the retention period has expired.

For example, we may retain certain service data, coaching data and contract data for the duration of the limitation period for contractual claims, calculated from the end of the contractual relationship, if and to the extent that (a) we are not legally obliged to retain this data for longer (e.g. for billing or document retention purposes) or (b) we have no overriding legitimate interest in the longer retention of this data for documentation, quality assurance or similar business purposes or for the assessment, assertion or defense of legal claims.

6. rights of data subjects

As a data subject, you are generally entitled to the following rights, depending on the applicable data protection law:

1. a) Information, i.e. you can request information from us as to whether we process personal data about you, and if so, you can request the disclosure of further information.
2. b) Correction, i.e. you can ask us to correct or complete your personal data if it is incorrect or incomplete.
3. c) Deletion, i.e. you can request the deletion of your personal data. We will comply with a request for erasure unless we are legally obliged to retain the data or have an overriding legitimate interest in retaining this data.
4. d) Objection, i.e. the right to object to the processing of your personal data on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) by stating your particular reasons and specific circumstances on which your objection is based.
5. e) Restriction, i.e. you can ask us to temporarily restrict the processing of your personal data.
6. f) Data portability, i.e. you can request that we make the personal data you have provided to us available to you in electronic form (insofar as this is technically possible).
7. g) Withdrawal of your consent, i.e. you can withdraw your consent if and to the extent that you have previously given your consent for a specific purpose of processing your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent (or any processing based on a legal basis other than your consent) and may result in us no longer being able to provide our services to you.

Certain conditions and exceptions apply to the above-mentioned rights. Depending on the legal situation, we may refuse a request.

To exercise your rights, please contact us using the contact details provided in Section. 1 contact details provided. In order to process your request, we must be able to clearly identify you as the data subject. This may require your assistance.

If you believe that the processing of your personal data violates applicable data protection laws, you can lodge a complaint with the competent data protection authority. The Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, Switzerland, is responsible for SalutaCoach AG(https://www.edoeb.admin.ch). Depending on your place of residence, you can also lodge a complaint with the data protection authority in your place of residence.

7. data security

We have taken appropriate technical and organizational measures to protect your data from loss, manipulation, misuse and unauthorized disclosure or unauthorized access. We generally restrict access to personal data. Regarding hosting, see also para. 3.

8. changes to this privacy policy

This privacy policy is not part of any contract with you and may be amended by us at any time. The version published on our website is the currently valid version.

Last update: 11/23; 06/24