“Personal data” refers to any information relating to an identifiable individual or their personal identity.
In subscribing to our Services or filling in a contact form on our Sites, you agree and accept that we may gather, process, store and/or use the submitted personal data under the rules set forth below.
By giving your consent to us, you retain the right to have your personal data rectified and/or to be erased.
To grant you access and to use our Services, CardioMood requests you to provide the following information, some of which may be personal data:
Contact details: We collect your contact information such as first name and last name, business email address and address, job workplace and position, telephone number.
Financial information: We collect data necessary for payment, including for invoicing purposes, such as your billing details and credit card number.
Other: When communicating with CardioMood, CardioMood collects and processes written communications: email and live chat sessions, for improving its Services and quality control, which includes the usage of the collected communications for the handling of claims and fraud detection purposes. Collected communications are kept for a limited amount of time and automatically deleted, unless CardioMood has a legitimate interest to keep such communications for a longer period, including for fraud investigation and legal purposes.
DATA WE COLLECT ON SITES AUTOMATICALLY
When using the Services, CardioMood also collects information automatically, some of which may be personal data. This includes data such as:
User agent (information about the browser type and version)
User subscription status
DATA PROCESSING PURPOSES
We use the information you provide, some of which may be personal and health data, for the following purposes:
A. Registration and account administration: We use the information to register your property and to allow you and CardioMood to administer and manage the Services offered to you.
B. Providing our Services: We use the information, which may include personal data, to provide our Services, facilitate their performance, improve the Services and Sites’ content related to their usage.
С. Analyze the use of Services: We use the information, which may include personal data, to analyze the volume and history of your use of our Services. We use the derivatives of such analyses to conduct monitoring and reporting of your use of our Services to comply with our Terms of Service (‘ToS’).
D. Customer Service: We use the information to provide you customer support and customer success services, such as to: respond to your requests, questions and concerns; provide you with best practices to use the Services; engage in customer success communications when encountering unusual activities in usage of Services.
E. Marketing/Communications: We use the information to provide you with information that you request, to send our newsletter, marketing communications and updates about new products and services or other news or offers which we believe will be of interest to you. Where we use your personal data for direct marketing purposes, such as newsletters and marketing communications on new products and services or other offers which we believe will be of interest to you, we include an unsubscribe link that you can use if you don’t want us to send messages in the future. We may invite you to attend events we believe may be of interest to you. We may also use your personal data to invite you to participate in referral programs.
F. Analytics, improvements and research: We use the information which may include personal data to conduct research and analysis. We may involve a third party to do this on our behalf. We may share or disclose the results of such research, including to third-parties and our affiliates, in anonymous, aggregated form. We also use the information, which may include personal data, to assess the needs of your business, to determine suitable products and to improve our Services and marketing efforts. We may invite you to take part in surveys, such as market research, and to analyze how to improve your experience, and the functionality and quality of our Services.
H. Security, fraud detection and prevention: We use the information, which may include personal data, in order to prevent fraud and other illegal or infringing activities when using our Sites as well as our Services. We also use this information to investigate and detect fraud. CardioMood can use personal data for risk assessment and security purposes, including the authentication of users. For these purposes, personal data may be shared with third parties, such as law enforcement authorities as permitted by applicable law and external advisors.
I. Legal and compliance: In certain cases, CardioMood needs to use the information provided, which may include personal data, to handle and resolve legal disputes or complaints, for regulatory investigations and compliance, to enforce agreement(s) or to comply with lawful requests from law enforcement insofar as it is required by law.
If we use automated means to process personal data which produces legal effects or significantly affects you, we will implement suitable measures to safeguard you rights and freedoms, including the right to obtain human intervention.
In view of purpose A to D, CardioMood relies on the legal basis that the processing of your personal data is necessary for the performance of your agreement with CardioMood. If you do not provide the requested information, CardioMood cannot register your property, allow you to use, administer, and manage the Services, nor can we provide customer service to you.
In view of purposes E to I, CardioMood relies on its legitimate commercial business interest to provide its Services to you, to prevent fraud and to improve its Services. When using personal data to serve our commercial business interest, CardioMood will always balance your rights and interests in the protection of your information against CardioMood’s rights and interests. For purpose I, CardioMood relies also where applicable on compliance with legal obligations (such as lawful law enforcement requests). Where needed under applicable law, CardioMood will obtain your consent prior to processing your personal data for direct marketing purposes.
If you wish to object to the processing set out under D to G and no opt-out mechanism is available to you directly (for instance in your account settings), to the extent applicable, please contact our Data Protection Officer at firstname.lastname@example.org.
We share your information, which may include personal data, with third parties as permitted by law and as described below. We do not sell or rent your personal data.
Service Providers: We share your information with third party service providers to provide our Services, store data and/or maintain the Sites or conduct business on our behalf. These service providers shall process personal data only as instructed by and to provide the services to CardioMood.
Payment Providers and other Financial Institutions: To process payments between you and CardioMood your information, as relevant, is shared with payment providers and other financial institutions.
Compelled Disclosure: When legally required, strictly necessary for the performance of the Services, or to protect our rights, we disclose your information to governmental authorities including law enforcement (subject to a lawful request), or in legal proceedings.
Sharing and Disclosure of Aggregate Data: We may share information in aggregate form and/or in a form which does not enable the recipient of such information to identify you, with third parties, for example for industry and demographic analysis.
In addition, CardioMood can disclose your personal data to third parties, if you (or your account administrator acting on your behalf) requests or authorises disclosure thereof.
INTERNATIONAL DATA TRANSFERS
THIRD PARTY DATA
To provide its Services, CardioMood captures and stores information, which may include personal data, about you and your end-users uploading materials to CardioMood: (1) IP addresses; (2) request headers; (3) data submitted to the API of our Services.
You can recover, modify or delete your data from your CardioMood account at any time through the dedicated procedures provided within its Services.
By using our Services (receiving data from your end-users), you are considered the data controller within the meaning of the GDPR; CardioMood is acting as a data processor. In this capacity, you are responsible in particular for:
Making all the declarations necessary to the relative data protection authority.
Complying with all current regulations in force.
Obtaining the explicit consent of the individuals concerned when collecting their personal data.
Ensuring your authority to use the personal data collected in accordance with the defined end purposes and refraining from any unauthorized use.
When using our Services to receive media from EU citizens, it is your obligation to ensure that your entire data pipeline complies with the GDPR regulations. When using our Services to receive media from citizens of the California state (USA), it is your obligation to ensure that your entire data pipeline complies with the CCPA regulations. This implies you should sign (if applicable) the Data Processing Agreement provided by CardioMood to ensure GDPR / CCPA compliance of data flows between you and the Services. Please, find the Data Processing Agreement here.
Within the framework of its Services, CardioMood attributes the very highest importance to the security and integrity of information and personal data. CardioMood observes reasonable procedures to prevent unauthorised access to, and the misuse of, information including personal data. We use appropriate business systems and procedures to protect and safeguard information including personal data. We also use security and managerial procedures and industry standard technical restrictions for accessing and using the personal data on our servers. Only authorized personnel are permitted to access personal data in the course of their work.
Thus and in accordance with the GDPR and CCPA, CardioMood undertakes to take all pertinent precautions in order to preserve the security of the data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, unauthorised circulation or access, as well as against any other form of unlawful processing or disclosure to unauthorised persons.
To this end, CardioMood implements industry standard security measures to protect personal data from unauthorised disclosure. In using industry recommended methods of encoding, CardioMood takes the measures necessary to protect information connected with payments and credit cards.
CardioMood in no way undertakes to store all your data indefinitely. You can access data so long as you hold an active account with us and for a period that varies depending on the type of data concerned and the subscribed plan, but, in no event no longer than 12 months after the closing of your account. The data may be deleted at any time during active use of your account in accordance with the provisions set forth above.
If you have a question about a specific retention period for certain types of personal data we process about you, please contact our Data Protection Officer at email@example.com.
YOUR CHOICES AND RIGHTS
We want you to be in control of how your personal information is used by us. In accordance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, the European General Data Protection Regulation 2016/679 (GDPR), and the California Consumer Privacy Act (CCPA), you can do this in the following ways:
You can ask us for a copy of the personal information we hold about you.
You have the right to know whether your personal information is sold or disclosed and to whom.
You have the right to say no to the sale of your personal information.
You can inform us of any changes to your personal information, or you can ask us to correct any of the personal information we hold about you. You are also able at any time to modify your personal information by accessing your account settings on our Sites.
In certain situations, you can ask us to erase, block, or restrict the processing of the personal information we hold about you or object to particular ways in which we are using your personal information.
In certain situations, you can also ask us to send the personal information you have given us to a third party.
Where we are using your personal information on the basis of your consent, you are entitled to withdraw that consent at any time subject to applicable law. Moreover, where we process your personal information based on legitimate interest or the public interest, you have the right to object at any time to that use of your personal information subject to applicable law.
We rely on you to ensure that your personal information is complete, accurate, and current. Please do inform us promptly of any changes to or inaccuracies of your personal information by contacting firstname.lastname@example.org. Your applications will be processed within 30 days. We may require your application to be accompanied by a photocopy of proof of identity or authority.
In addition, you have the right to lodge a complaint with the data protection authority in your jurisdiction.
COOKIES AND TRACKING
You can choose to decline acceptance of all cookies, but your ability to browse certain pages of our Sites may be reduced. The cookies used by CardioMood are intended to enable or facilitate communication, to enable the Services requested by users to be supplied, to recognise users when they re-visit the site, to secure payments which users may make, or other preferences necessary for the service requested to be supplied and to enable CardioMood, internally, to carry out analyses on hit rates and browsing experience so as to improve content, to track email open rates, click rates, and bounce-back rates at individual levels.
By default, cookies are not installed automatically (except for those cookies needed to run the CardioMood Sites and Services, and you are informed of their installation by a clickable banner with a text description). In accordance with the regulations that apply, CardioMood will require your authorisation before implanting any other kind of cookie to your local storage. To avoid being bothered by these routine requests for authorisation and to enjoy uninterrupted browsing, you can configure your device to accept CardioMood cookies, or we can remember your refusal or acceptance of certain cookies. By default, browsers accept all cookies.
Any material changes made will be notified to you via our Sites or by email, to the extent possible, three (3) business days at least before any changes come into force.
PRIVACY SHIELD PRINCIPLES
CardioMood complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
In compliance with the Privacy Shield Principles, CardioMood commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact CardioMood at email@example.com or at our mailing address below:
Chemin du Pré-Fleuri 5, 1228 Plan-les-Ouates, Geneva, Switzerland To: CardioMood SA
In the event we are unable to resolve your concern, you may contact EU Data Protection Authorities for EU/EEA Data Subjects and Swiss Federal Data Protection and Information Commissioner for Swiss Data Subjects which provide an independent third-party dispute resolution body. A binding arbitration option may also be available to you in order to address residual complaints not resolved by any other means.
CardioMood has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to complaints concerning data transferred from the EU and Switzerland.
QUESTIONS AND COMPLAINTS
Chemin du Pré-Fleuri 5, 1228 Plan-les-Ouates, Geneva, Switzerland To: CardioMood SA