Privacy Policy
Personal data (usually referred to just as "data" below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.
Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the "GDPR"), "processing" refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.
The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.
Our privacy policy is structured as follows:
I. Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing
IV. Third party providers
I. Information about us as controllers of your data
The party responsible for this website (the "controller") for purposes of data protection law is:
Kyan Health AG
Falkenstrasse 4
CH-8008 Zürich
E-Mail: hello@kyanhealth.com
Commercial register: CHE-267.518.768
The EU representative and Co-Controller is:
Kyan Health GmbH, Linienstr. 214, 10119 Berlin
You can contact the EU representative at the following email address: privacy@kyanhealth.com.
We have appointed a Data Protection Officer (DPO) in accordance with Article 37 of the General Data Protection Regulation (GDPR).
If you have any questions about how we process your personal data or wish to exercise your rights under the GDPR, you can contact our DPO at:
TechGDPR DPC GmbH
Willy-Brandt-Platz 2
12529 Berlin-Schönefeld
Germany
Email: kyanhealth.dpo@techgdpr.com
II. The rights of users and data subjects
With regard to the data processing to be described in more detail below, users and data subjects have the right
-
to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
-
to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
-
to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
-
to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
-
to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).
In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.
Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller's future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.
Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.
To exercise your data subject rights, you can contact us at [hello@kyanhealth.com] or contact our DPO at the email address listed above.
If you are of the opinion that the processing of personal data concerning you by us is unlawful or that we are violating data protection law for other reasons, you can complain to the supervisory authorities responsible for us:
Federal Data Protection and Information Commissioner
Feldeggweg 1
CH–3003 Bern
Switzerland
Tel.: +41 58 462 43 95
Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
Tel.: +49 30 13889-0
Fax: +49 30 2155050
E-mail: mailbox@datenschutz-berlin.de
III. Information about the data processing
Server data
For technical reasons, the following data sent by your internet browser to us or to our server provider will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.
The data thus collected will be temporarily stored, but not in association with any other of your data.
The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.
The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.
Cookies
a) Session cookies
We use cookies on our website. Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your browser, location data, or IP address.
This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function.
The legal basis for such processing is Art. 6 Para. 1 lit. b) GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships.
If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 Para. 1 lit. f) GDPR.
When you close your browser, these session cookies are deleted.
b) Third-party cookies
If necessary, our website may also use cookies from companies with whom we cooperate for the purpose of advertising, analyzing, or improving the features of our website.
Please refer to the following information for details, in particular for the legal basis and purpose of such third-party collection and processing of data collected through cookies.
c) Disabling cookies
You can refuse the use of cookies by changing the settings on your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support. Browser settings cannot prevent so-called flash cookies from being set. Instead, you will need to change the setting of your Flash player. The steps and measures required for this also depend on the Flash player you are using. If you have any questions, please use the help function or consult the documentation for your Flash player or contact its maker for support.
If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.
View the cookie consent, data retention table including timings here:
Cookie Name Service Provider Category Purpose Storage Period Risk Level Domain Source
XSRF-TOKEN Wix Essential Fraud detection for website calls 24 hours Low www.kyanhealth.com Cookie Table tab
bSession Wix Essential System effectiveness and load balancing Session Low www.kyanhealth.com Cookie Table tab
hs Wix Essential Security cookie for site stability 24 hours Low www.kyanhealth.com Cookie Table tab
server-session-bind Wix Essential API protection 24 hours Low www.kyanhealth.com Cookie Table tab
svSession Wix Functional Security, stability, and core site function 180 days Moderate www.kyanhealth.com Cookie Table tab
ssr-caching Wix Essential Server-side rendering optimization Session Low www.kyanhealth.com Cookie Table tab
li_gc LinkedIn Functional Stores cookie consent preferences 180 days Moderate www.kyanhealth.com Cookie Table tab
lidc LinkedIn Functional Load balancing functionality 24 hours Moderate www.kyanhealth.com Cookie Table tab
_cf_bm Cloudflare (via G2) Functional Bot filtering and request validation Session Moderate www.kyanhealth.com Cookie Table tab
_cf_bm Cloudflare (via HubSpot) Functional Bot filtering and request validation Session Low www.kyanhealth.com Cookie Table tab
_cfuvid HubSpot Functional Bot prevention and rate limiting 24 hours Low www.kyanhealth.com Cookie Table tab
_cfuvid Cloudflare (via hsforms) Functional Bot prevention and rate limiting 24 hours Low www.kyanhealth.com Cookie Table tab
_ga Google Analytics Analytics Stores and counts pageviews 180 days Moderate www.kyanhealth.com Cookie Table tab
_ga_* Google Analytics Analytics Stores and counts pageviews 180 days High www.kyanhealth.com Cookie Table tab
_hssc HubSpot Analytics Stores anonymized statistics Session Low www.kyanhealth.com Cookie Table tab
_hssrc HubSpot Analytics Stores a unique session ID 24 hours Low www.kyanhealth.com Cookie Table tab
_hstc HubSpot Analytics Stores time of visit 180 days Low www.kyanhealth.com Cookie Table tab
hubspotutk HubSpot Analytics Stores and tracks visitor identity 180 days Low www.kyanhealth.com Cookie Table tab
MUID Microsoft / Bing Marketing Stores and tracks visits across websites 180 days High www.kyanhealth.com Cookie Table tab
test_cookie DoubleClick (Google) Marketing Checks if browser supports cookies Session Low www.kyanhealth.com Cookie Table tab
_gcl_au Google AdSense Marketing Stores and tracks conversions 90 days Moderate www.kyanhealth.com Cookie Table tab
_uetsid Bing Ads Marketing Tracks visits across websites 24 hours Low www.kyanhealth.com Cookie Table tab
_uetvid Bing Ads Marketing Tracks visits across websites 180 days Low www.kyanhealth.com Cookie Table tab
bcookie LinkedIn Marketing Stores browser details for targeting 180 days High www.kyanhealth.com Cookie Table tab
mp_*_mixpanel Mixpanel Analytics Tracks user behavior: clicks, page views, session duration, retention funnels 364 days High care.kyanhealth.com Cookie Table tab
_GRECAPTCHA Google reCAPTCHA Essential Bot detection during form submissions 182 days Low care.kyanhealth.com Cookie Table tab
uc_settings Usercentrics Essential Stores cookie consent settings and category preferences 12 months Low Both domains External Services tab
uc_user_interaction Usercentrics Essential Records that the user has interacted with the consent banner 12 months Low Both domains External Services tab
_cs_id Contentsquare Analytics Anonymous visitor identifier for behavior analysis 13 months Moderate www.kyanhealth.com External Services tab
_cs_s Contentsquare Analytics Tracks current session for UX analysis 30 minutes Moderate www.kyanhealth.com External Services tab
vuid Vimeo Marketing Tracks video playback data and user preferences for embedded videos 2 years Moderate www.kyanhealth.com External Services tab
VISITOR_INFO1_LIVE YouTube Marketing Estimates user bandwidth on pages with YouTube embeds; supports ad personalization 180 days Moderate www.kyanhealth.com External Services tab
YSC YouTube Functional Tracks views of embedded YouTube videos within a session Session Low www.kyanhealth.com External Services tab
ph_*_posthog PostHog Analytics Product analytics: user identification, session recordings, feature flags 365 days Moderate care.kyanhealth.com External Services tab
_branch_session Branch.io Marketing Tracks deep-link attribution between web and mobile app Session Moderate care.kyanhealth.com External Services tab
_calendly_session Calendly Functional Maintains booking flow state during demo scheduling 21 days Low www.kyanhealth.com External Services tab
Customer account/registration
If you create a customer account with us via our website, we will use the data you entered during registration (e.g. your name, your address, or your email address) exclusively for services leading up to your potential placement of an order or entering some other contractual relationship with us, to fulfill such orders or contracts, and to provide customer care (e.g. to provide you with an overview of your previous orders or to be able to offer you a wish list function). We also store your IP address and the date and time of your registration. This data will not be transferred to third parties.
During the registration process, your consent will be obtained for this processing of your data, with reference made to this privacy policy. The data collected by us will be used exclusively to provide your customer account.
If you give your consent to this processing, Art. 6 Para. 1 lit. a) GDPR is the legal basis for this processing.
If the opening of the customer account is also intended to lead to the initiation of a contractual relationship with us or to fulfill an existing contract with us, the legal basis for this processing is also Art. 6 Para. 1 lit. b) GDPR.
You may revoke your prior consent to the processing of your personal data at any time under Art. 7 Para. 3
Newsletter
If you register for our free newsletter, the data requested from you for this purpose, i.e. your email address and, optionally, your name and address, will be sent to us. We also store the IP address of your computer and the date and time of your registration. During the registration process, we will obtain your consent to receive this newsletter and the type of content it will offer, with reference made to this privacy policy. The data collected will be used exclusively to send the newsletter and will not be passed on to third parties.
The legal basis for this is your consent in accordance with Art. 6 Para. 1 lit. a) GDPR.
You may revoke your prior consent to receive this newsletter under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each newsletter.
Contact form
If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.
The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR: the processing is necessary in order to take steps at the request of the data subject prior to entering into a contract or legitimate business interest with Kyan Health AG.
Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.
Demo booking & information request
You have the choice to obtain informational documents, schedule a presentation of our offer, and other similar actions on our website. If you choose to use this option, we will gather the information from you in order to send you the requested documents or to conduct the scheduled demo with you. This often entails facts like your email address and contact information, and in the event of scheduling a demo, also details about your firm and your phone number.
We process this information so that we can give you the service you've asked for, such as sending you the desired information by email or, in the case of scheduling a demo, conducting the demo online on the day we've set together. The aforementioned processing is authorized by Art. 6 Paragraph 1 Paragraph 1 Lit. b) GDPR: processing in the context of a pre-contractual or quasi-contractual relationship with the data subject.
Meeting & Webinar Participation
If you want to engage directly with us (for example, on our website) in a (digital) event, webinar, or other similar activity that we may be organizing in collaboration with third parties (for example, cooperation partners/partner companies), you may register in advance. In order to participate and get an email confirming your registration, we process the information you supply in the relevant registration form (name, email address, company, etc.). The aforementioned processing is authorized by Art. 6 Paragraph 1 Paragraph 1 Lit. B of the GDPR: processing is necessary for the performance of a contract-like relationship with the data subject.
IV. Third party providers
SECTION IV — THIRD-PARTY PROVIDERS, INTERNATIONAL DATA TRANSFERS AND SAFEGUARDS
This section lists the third parties that process personal data on our behalf or to whom personal data is transferred when you use our website kyanhealth.com or our care platform care.kyanhealth.com. For each provider we set out: (a) whether personal data leaves the European Union, (b) the country of transfer, and (c) the safeguard relied upon.
1. HOSTING AND INFRASTRUCTURE
Wix.com (website hosting — kyanhealth.com)
We use the website-building system provided by Wix.com Ltd., Nemal Tel Aviv St 40, Tel Aviv-Yafo 6350671, Israel ("Wix") for the purpose of hosting and displaying the marketing website kyanhealth.com on our behalf. Personal data collected via our website is processed on Wix servers.
As part of the hosting service, data may also be transferred to Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, CA 94158, USA, for further processing on our behalf.
International transfers. Data transferred to Wix in Israel is covered by the European Commission adequacy decision for Israel under Art. 45 GDPR. Data transferred to Wix Inc. in the United States is governed by the EU Standard Contractual Clauses (SCCs) of the European Commission, together with additional technical and organisational safeguards.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract for hosting services) and Art. 6(1)(f) GDPR (legitimate interest in operating a stable, secure website).
Amazon Web Services (hosting — care.kyanhealth.com)
The care platform care.kyanhealth.com is hosted on Amazon Web Services. The contracting entity for European customers is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg ("AWS").
International transfers. Kyan Health stores production data in AWS regions located within the European Union. Limited operational support data may be accessed by AWS personnel in the United States. For any such access, AWS relies on the EU-US Data Privacy Framework and on the EU Standard Contractual Clauses (Module 2 / Module 3) as alternative safeguards.
Legal basis: Art. 6(1)(b) GDPR (performance of the service contract with the user) and Art. 6(1)(f) GDPR (legitimate interest in operating reliable, secure infrastructure).
Netlify (static hosting / CDN)
Parts of the care platform are served via Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA. Netlify provides static-site hosting and edge content delivery.
International transfers. Data is transferred to the United States and to Netlify edge locations worldwide. Netlify is certified under the EU-US Data Privacy Framework. Where data is transferred outside DPF coverage, Netlify additionally relies on the EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in delivering the platform reliably and at low latency).
Firebase / Google Cloud (backend services)
The care platform uses Firebase and Google Cloud Platform services for authentication, data storage, push notifications and supporting infrastructure. The European service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
International transfers. Personal data is primarily processed in Google Cloud regions located within the European Union. Where transfers to Google LLC in the United States occur, Google relies on the EU-US Data Privacy Framework and, additionally, on the EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(b) GDPR (performance of the service contract) and Art. 6(1)(f) GDPR (legitimate interest in operating the platform).
2. CONSENT, SECURITY AND ERROR MONITORING
Usercentrics (consent management platform)
We use Usercentrics, a consent management platform from Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, to display the cookie consent banner on our website and to record visitor consent decisions. Usercentrics sets cookies (uc_settings, uc_user_interaction) that store the user's selected preferences and the timestamp of consent.
International transfers. Usercentrics is established in Germany and processes consent data on servers located within the European Union. No transfer to a third country takes place under the standard configuration.
Legal basis: Art. 6(1)(c) GDPR (compliance with the legal obligation to obtain and document consent under Art. 7 GDPR and §25 TTDSG) and Art. 6(1)(f) GDPR (legitimate interest in being able to demonstrate consent).
Google reCAPTCHA
We use Google reCAPTCHA on forms in the care platform to distinguish human users from automated bots. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA analyses signals such as IP address, mouse movements and the duration of the form interaction in the background and may set the cookie _GRECAPTCHA. The user is not required to take any action.
International transfers. Data is transferred to Google LLC in the United States. Google is certified under the EU-US Data Privacy Framework and additionally relies on the EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protecting our forms and infrastructure from abuse and spam).
Sentry (application error monitoring)
We use Sentry to monitor errors and performance issues in our applications. The provider is Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA.
Sentry receives technical telemetry such as error stack traces, browser and device characteristics, and limited contextual data when errors occur. This data is used solely to detect, diagnose and fix software defects.
International transfers. Data is transferred to the United States. Sentry is certified under the EU-US Data Privacy Framework and additionally relies on the EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in maintaining the security, stability and quality of our applications).
3. CONTENT DELIVERY AND EMBEDDED MEDIA
Cloudflare and jsDelivr (content delivery network)
To improve loading speed and security, parts of our website resources are delivered through Cloudflare's content delivery network. The provider is Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Cloudflare may set the cookies _cf_bm and _cfuvid to identify automated traffic and protect our site from abuse. The same CDN underlies third-party services we use (HubSpot, hsforms, jsDelivr).
International transfers. Cloudflare operates a global edge network. Cloudflare is certified under the EU-US Data Privacy Framework and additionally relies on the EU Standard Contractual Clauses for transfers to its US entity.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the security, stability and performance of our website).
Google Fonts
Our website uses web fonts. These fonts are served locally from our hosting environment by Wix. According to Wix, no IP data is transmitted to Google's servers in the United States when these fonts are loaded.
International transfers. Under the local-hosting configuration provided by Wix, no transfer to Google in the United States occurs in connection with web-font delivery. If a third-party page element bypasses the Wix configuration, fallback transfers to Google would be covered by the EU-US Data Privacy Framework and the EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a uniform and accessible visual presentation of our website).
Vimeo (embedded video)
We embed videos hosted on Vimeo on parts of our website. The provider is Vimeo, Inc., 555 West 18th Street, New York, NY 10011, USA. When a page containing an embedded Vimeo video is loaded after the user gives consent, a connection to Vimeo's servers is established. Vimeo receives information about which page was visited and the user's IP address. Vimeo may set the cookie vuid to track playback preferences.
International transfers. Data is transferred to Vimeo's servers in the United States. The transfer is based on the EU Standard Contractual Clauses of the European Commission, together with the additional safeguards described in Vimeo's privacy policy.
Legal basis: Art. 6(1)(a) GDPR (consent obtained via the cookie banner). Consent can be revoked at any time via the consent management settings.
YouTube (embedded video)
In addition to the static graphic links to our YouTube profile described above, individual pages of our website embed YouTube videos directly. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When a page containing an embedded YouTube video loads after consent, a connection to YouTube servers is established. YouTube may set cookies (including VISITOR_INFO1_LIVE and YSC) and receives information about which page was visited and the user's IP address. If the user is logged into a Google account, the visit can be associated with that account.
International transfers. Data is transferred to Google LLC in the United States. Google is certified under the EU-US Data Privacy Framework and additionally relies on the EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(a) GDPR (consent obtained via the cookie banner). Consent can be revoked at any time.
4. ANALYTICS AND USER-BEHAVIOUR TOOLS
Contentsquare (UX analytics)
We use Contentsquare to analyse how visitors interact with our website (mouse movements, clicks, scroll behaviour, navigation paths) in order to identify usability issues and optimise the user experience. The European provider is Contentsquare SAS, 7 rue de Madrid, 75008 Paris, France. The US affiliates Content Square, Inc. and Clicktale Inc. may also process data on behalf of the Contentsquare group. Contentsquare may set the cookies _cs_id (visitor identifier) and _cs_s (session).
International transfers. EU customer data is by default stored on EU servers. Where personal data is transferred to the US Contentsquare entities, those entities are certified under the EU-US Data Privacy Framework and additionally rely on the EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(a) GDPR (consent obtained via the cookie banner). Consent can be revoked at any time.
Mixpanel (product analytics — care.kyanhealth.com)
In the care platform, we use Mixpanel for product analytics (clicks, page views, session duration, retention funnels). The provider is Mixpanel, Inc., One Front Street, 28th Floor, San Francisco, CA 94111, USA. Mixpanel may set the cookie mp_*_mixpanel.
International transfers. Mixpanel offers an EU Data Residency Program with data stored in the Google Cloud europe-west4 region in the Netherlands. Where data is processed in the United States, Mixpanel is certified under the EU-US Data Privacy Framework and additionally relies on the EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(a) GDPR (consent obtained via the cookie banner). Consent can be revoked at any time.
PostHog (product analytics — care.kyanhealth.com)
In the care platform, we additionally use PostHog for product analytics, session recording and feature flagging. The provider is PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA. PostHog may set cookies of the form ph_*_posthog.
International transfers. PostHog offers PostHog Cloud EU, hosted on AWS in the eu-central-1 region in Frankfurt, Germany, where personal data does not leave the European Union. For PostHog Cloud US, transfers to the United States rely on the EU-US Data Privacy Framework and the EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(a) GDPR (consent obtained via the cookie banner). Consent can be revoked at any time.
5. MOBILE ATTRIBUTION, SEARCH AND APP DISTRIBUTION
Branch.io (mobile attribution and deep linking)
To support deep linking between our website and the Kyan Health mobile app, and to attribute installs to marketing campaigns, we use Branch. The provider is Branch Metrics, Inc., 1400 Seaport Boulevard, Building B, Redwood City, CA 94063, USA. Branch may set a session identifier (_branch_session).
International transfers. Data is transferred to the United States. Branch relies on the EU Standard Contractual Clauses of the European Commission, together with additional safeguards described in its Data Processing Addendum.
Legal basis: Art. 6(1)(a) GDPR (consent obtained via the cookie banner) for marketing-related processing; Art. 6(1)(f) GDPR (legitimate interest) for technical deep-link routing.
Algolia (search functionality)
We use Algolia to power search functionality in the care platform (including counsellor search). The provider is Algolia, Inc., 3790 El Camino Real #518, Palo Alto, CA 94306, USA, with European operations through Algolia SAS (Paris, France).
International transfers. EU customer data is processed by default in EU regions. Where data is transferred to the United States, Algolia relies on the EU Standard Contractual Clauses of the European Commission and on the EU-US Data Privacy Framework where applicable.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract for the search functionality requested by the user) and Art. 6(1)(f) GDPR (legitimate interest in providing fast, relevant search results).
Google Play (app distribution)
Our mobile app is distributed via the Google Play Store, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Play logs app-related data (downloads, updates, crash reports) according to its own privacy policy.
International transfers. Where Google Play data is transferred to Google LLC in the United States, the transfer is covered by the EU-US Data Privacy Framework and additionally by the EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(b) GDPR (performance of the service contract with the user) and Art. 6(1)(f) GDPR (legitimate interest in distributing the app via established app stores).
6. ADVERTISING AND CONVERSION TRACKING
Google Ads / DoubleClick (conversion tracking)
In addition to Google AdSense (described above), we use Google Ads conversion tracking and the underlying DoubleClick infrastructure to measure the performance of our advertising campaigns and to display retargeting ads. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google may set the test_cookie cookie to verify cookie support.
International transfers. Data is transferred to Google LLC in the United States. Google is certified under the EU-US Data Privacy Framework and additionally relies on the EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(a) GDPR (consent obtained via the cookie banner). Consent can be revoked at any time.
Microsoft Advertising (Bing Ads)
We use Microsoft Advertising (formerly Bing Ads) to measure the performance of campaigns on the Microsoft / Bing search network. The European provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Microsoft may set the cookies MUID, _uetsid and _uetvid to track conversions across visits.
International transfers. Data is transferred to Microsoft Corporation in the United States. Microsoft is certified under the EU-US Data Privacy Framework and additionally relies on the EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(a) GDPR (consent obtained via the cookie banner). Consent can be revoked at any time.
Google Syndication
Google Syndication is the infrastructure through which Google Ads and Google AdSense ads are served. As such, it is part of the same Google services described under "Google Ads / DoubleClick" and "Google AdSense" and inherits the same legal entity, transfer mechanisms and legal basis. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
International transfers. Data is transferred to Google LLC in the United States. Google is certified under the EU-US Data Privacy Framework and additionally relies on the EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(a) GDPR (consent obtained via the cookie banner).