ObvioHealth takes your privacy very seriously and wants you to be familiar with ‎how we collect, use, disclose and retain information in accordance with laws applicable to our organisation.

Please read this Privacy Notice (sometimes called a privacy policy) and any other privacy notice or fair processing notice we may provide on specific occasions carefully, as it is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and request deletion of your information.

This Privacy Notice supplements the other notices and is not intended to override them.

‍

1.     Scope of this Privacy Notice

This Privacy Notice describes our practices in connection ‎with any information that we collect, including through our websites, mobile and cloud based clinical trial applications, any other ObvioHealth application that links to this notice, as well as through HTML-formatted email messages that we may send to ‎you that link to this Privacy Notice.

We may provide you, as required, with a supplementary country-specific privacy notice when you are a participant in a clinical trial using ObvioHealth software.

This Privacy notice applies to the following website: obviohealth.com.

‍

2.     Privacy Law

This Privacy Notice has been generally drafted is in accordance with relevant US legislation and GDPR (EU General Data Protection Regulation) but may also be applied to personal information processing activities globally. The processing activities may be more limited in some jurisdictions due to the restrictions of their laws. For example, the laws of a particular country may limit the types of personal information we can collect or the manner in which we process that personal data. In those instances, we may adjust our internal policies and/or practices to adapt to the requirements of local law.

‍
California residents

To the extent you are subject to the California Consumer Privacy Act, we act as a data processor and process personal data collected accordingly. California’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt in to, or opt out of, this type of sharing.

‍

Privacy Rights of Residents of the European Union, United Kingdom, and Switzerland

We comply with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (together the “DPF”) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. We have also certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

EU, UK, and Swiss data protection law makes a distinction between organizations that process personal data for their own purposes (known as “data controllers”) and organizations that process personal data on behalf of other organizations (known as “data processors”). With regard to your personal data, we are a data controller of information that we collect when you enter your information into the “Contact Us” section of the Website and with respect to any Website Use Data or Device Connectivity and Configuration Data considered to be personal data under the law. Otherwise, we generally serve as a data processor with respect to the personal data we collect through the Website and otherwise through our services.

To exercise any of these rights with respect to personal data collected by us as a data controller, contact us as set forth in the section entitled “Contact Us” below and specify which right you intend to exercise. We will respond to your request within one calendar month. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfil the purposes for which it was collected, and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, ObvioHealth commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
‍

‍Children

Protecting the privacy of minors is especially important to us. For that reason, no part of our website is structured to attract and collect or maintain information at our website from any Visitor that we have actual knowledge is a minor under thirteen (13) years of age. We do not knowingly collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) in a manner that is not permitted by COPPA.

‍

Security

We use appropriate organizational, technical, and administrative measures to protect personal information we process. No data transmission over the Internet or data storage system can be guaranteed to be 100 percent secure. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately of the problem by contacting us in the "Contact Us" section below. All parties have the right to access their personal data at any time. An individual may request that their information on the ObvioHealth LLC website be changed or removed at any time by emailing my-privacy@obviohealth.com. In the case you believe your data privacy has been used outside of what you have consented to, you have the right to contact the relevant supervisory authority or invoke binding arbitration.

‍

International Transfers

Your personal information may be stored and processed in any country where we have facilities or service providers, and by using our Site or providing consent to use (where required by law), you agree to the transfer of information to countries outside of your country of residence, including the United States, which may provide for different data protection rules than in your country. Where we do transfer your personal information to our affiliates or contracted services providers based outside of your country of residence, we ensure, by means such as contracts and personal data transfer agreements, that your personal data is reasonably protected in accordance with applicable privacy laws, regulations or binding codes.

ObvioHealth complies with the EU-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.

ObvioHealth has self-certified to the Department of Commerce that it complies with the principles of the U.S. Data Privacy Framework. In order to protect consumer privacy in the US and EU the Federal Trade Commission has committed to make enforcement of the Framework a high priority and therefore, ObvioHealth and your data are subject to investigatory and enforcement powers of the Federal Trade Commission.

In the case that ObvioHealth comes under the scrutiny of public authorities, ObvioHealth may be required to disclose your personal data in order to meet national security or law enforcement requirements.

‍

Important information and who we are

• ObvioHealth (“we/us/our”) refers to ObvioHealth USA, Inc., a US corporation with its legal address at: 99 Wall Street, #1480, New York, NY 10005.
• Our parent company, ObvioHealth PTE. LTD., is a Singapore entity with its registered address at: 79 Science Park Drive, #06-01, Cintech IV, Singapore 118264.

‍

Our contact details

• Name:  Please contact us via the ObvioHealth Privacy Team:  
• By email: my-privacy@obviohealth.com
• By mail: 99 Wall Street, #1480, New York, NY 10005
• By [Toll-Free] Telephone: (888) 880-1664

‍

Privacy Contacts, DPO, UK and EU Representatives

Data Protection Officer (DPO):

We have appointed GRC Solutions/GRCI Law Limited as our DPO, who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, our privacy practices, or how we handle your personal data, please contact our DPO at dpoaas@grcilaw.com.

‍

EU Representative:

We have appointed IT Governance Europe Ltd to act as our EU representative. If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR) or have any queries in relation to your rights or general privacy matters, please email our representative at eurep@itgovernance.eu.

Please ensure you include our company name in any correspondence you send to our representative.

‍

UK Representative:

ObvioHealth has appointed GRCI Law Limited to act as our UK Representative. If you wish to exercise your rights under the UK General Data Protection Regulation (GDPR) or have any queries in relation to your rights or privacy matters generally, please email our representative at ukrep@grcilaw.com.Please ensure to include our company name in any correspondence you send to our Representative.

‍

3.     What is meant by personal data or personal information?

• Personal data (also referred to as personal information) is information that identifies you as an individual.
• This may include details such as your name, address, bank account details, internet protocol (IP) address, username, or other unique identifiers.
• Certain personal data, known as sensitive or special category data, requires additional protection due to its nature. Examples of sensitive data include information about your health, religious or philosophical beliefs, race, or ethnicity.

‍

4.     Information we collect

The personal information we collect depends on the nature of our relationship with you (e.g., as a client, supplier, site user, or job candidate). Below are examples of the types of personal data we may collect, store, and use:

Identity Data:

Includes your first and last name, date of birth, gender, username or similar identifier, title, photo, maiden name, aliases, ID numbers (e.g., passport, national ID card, driver’s license).

Contact Data:

Includes your email address, current and past physical addresses, telephone numbers, and other communication channels.

Communication Data:

Includes information you voluntarily provide through communication channels, whether online or otherwise.

Employment Data:

Includes details about your employment, such as employer name, employer contact information, manager name and contact details, job title, pay rate, employment dates, and reasons for leaving.

Education and Training Data:

Includes school or institution name and contact details, student ID numbers, qualification details, field of study, attendance dates, and graduation details.

Payment Information:

Includes records of money owed and paid, bank account details for payment, and tax information.

Location Data:

Includes your country of birth, residence, address, and geographic location data collected via devices using satellite, cell tower, or Wi-Fi signals.

Transactional and Client Information:

Includes details about services we provide to you, customer service interactions, and customer relationship management records.

Marketing and Communication Preferences:

Includes your preferences for receiving marketing from us or third parties, as well as your preferred communication channels.

Technical Information:

Includes details such as time zone, IP address, domain name, operating system, browser type, device type, website visit data (e.g., pages visited, date and time of access), and website interaction preferences.

Behavioural Data:

Includes information about your daily habits and moods.

App Usage Data:

Includes tracking and usage data, such as the date and time the app on your device accesses our servers, and information or files downloaded to the app based on your device number.

Candidate Data:

Includes information from your resume, job details, work history, and other relevant job application materials.

‍

5.     Do we collect and use Sensitive Information?

When you participate in an ObvioHealth screening questionnaire to assess whether you are eligible to participate in trials or studies, we collect personal data including health information. Our questionnaires may request health information such as:

• medical conditions
• medication usage
• medical history
• pregnancy status
• information regarding gender, race, or ethnicity

When you participate in a clinical trial or research project, we may collect additional information requested by the sponsor of that clinical trial or project.  This may include:

• additional health information
• demographic information
• photographs
• audio or
• other personal information required for that particular study.  

‍

6.     How does ObvioHealth acquire my personal information

We use different methods to collect data from and about you, including:

Personal Data provided directly by you

• When you use our Services, e.g., when you answer a Questionnaire or register to join the ObvioHealth community.
• When you are participating in a clinical trial or research project, or you are staff for a clinical trial site or project sponsor.
• When you subscribe to any of our marketing channels and/or respond to our marketing campaigns.
• When you apply for a job with us.
• When we receive business cards, emails, and other documents from individuals containing such information.
• When you communicate with us, use our “contact us" features on our website or mobile application, or enter into a contract for our services.

Personal Data Collected through Technical means

• When you visit our website or mobile application depending upon the features you use.
• Cookies and pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), and compile statistics about usage of the Services and response rates as well as general demographic information and aggregated information.
• When you download digital content from our website.

Information we receive from third parties in each case where permissible and in accordance with applicable law

• We may also collect additional identifiable information about you, as required to conduct the clinical trial, either directly or through the sponsor, trial site, or research staff.
• Sometimes we collect your personal information from third parties such as from your insurance or healthcare ‎provider, our joint marketing partners, agencies, marketing agencies, market research companies, our suppliers, contractors, partners or consultants, group companies.

Information we receive from public sources

• ObvioHealth may collect Information about you from publicly available sources, including any social media platforms, public websites, or public agencies.

‍

7.     Why we use your personal information

ObvioHealth only processes (i.e., uses) your personal data when the law allows us to; that is, when we have a lawful basis for processing. We typically use your personal data in accordance with the reason you shared it and to:

• Improve, administer, provide, and maintain our services, websites, mobile applications, and clinical trial services and capabilities.
• Improve our services.
• Monitor the usage of our service.
• Prevent, detect, and address technical issues.
• Keep internal records about our business, customers, suppliers, contractors, partners, and prospects.
• Communicate and respond to inquiries, fulfil requests, and send administrative ‎information, for example, information regarding the Services and changes to our terms, ‎conditions, and policies.‎
• Enroll individuals in clinical trials and research studies.
• Collect data during the conduct of clinical trials and research studies per sponsor requirements.
• Provide support services to members of the ObvioHealth community and the staff of sponsors, trial sites, or other partners that use our website or mobile applications.
• Carry out obligations under our contracts with sponsors, trial sites, or other partners.
• Assist with payment, including billing and participant financial compensation when applicable.
• Better understand the needs of the users of our sites and mobile applications and create content that is relevant to the user.
• Help with marketing and market research purposes.
• Use for analytics purposes and to generate statistics, aggregate data, and de-identify data.
• Consider your job application.
• Prevent fraud and investigate potential misconduct.
• Comply with law and legal process.

‍

8.     Children Under the Age Of 18

• In the event that we collect personal data for children under the age of 18 for Clinical Trial purposes, we will provide the children with a child friendly privacy notice and follow applicable requirements for any collected data.

• If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will contact the trial sponsor and follow their instructions for handling the data. If you believe we might have any information from or about a child under 18, please contact us at my-privacy@obviohealth.com.

‍

9.     Our Lawful basis for using your personal information

ObvioHealth only collects and uses your personal data when the law allows us. Most commonly (depending on the country you reside in), we will use your personal information based on the following:

• Where you have consented before the processing.
• Where we need to perform a contract that we are about to enter or have entered with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.

We will only collect, process, and/or use the personal data where we are satisfied that we have an appropriate legal basis to do so.

For more jurisdiction specific information on how we use and process your information see the sections linked below:

• EEA and UK residents
• Switzerland
• Australia

‍

10.     Do I have a choice about the data you collect and use about me?

Yes, you may always choose what personal information (if any) you wish to provide to us.

In cases where you are requested to affirmatively provide information, such as to complete a form, or an application, or a survey on our website, you may decline to do so. Please understand, however, that in some cases certain information is required to complete an application, form, or survey, and if you decline to provide the information requested you may not be able to submit the application or request or to use certain functionalities of our websites or mobile applications.  For example, if you decline to provide information requested on a screening questionnaire you may not be able to participate in clinical trials or research projects for which that information is a necessary consideration.  Similarly, if you are participating in a clinical trial or research project and you decline to provide requested information, you may not be able to continue to participate in the clinical trial or research project.  

If you would like to restrict our placement of cookies on your device, please see the section titled "How can I manage cookies?" in our cookie policy.

If you would prefer not to receive e-mail marketing messages from us, please use the opt-out instructions included in the email message to opt-out of additional communications.

You may be given additional choices in the context of particular preferences, tools, or functions that we make available through our website or mobile applications.

‍

11.     How do you keep my personal data safe?

ObvioHealth put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We will review, monitor, and update these security measures to meet our business needs and, changes in technology and regulatory requirements. In addition, we limit access to your personal information to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we do not have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many Information security risks that exist and take appropriate steps to safeguard your own information.

We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

‍

12.     How long do you keep my personal data?

We will keep your personal information in line with our retention policy and applicable law and for no longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Personal data collected during your participation in a clinical trial or research study supported by ObvioHealth through our website or mobile application will be subject to retention by the sponsor of that clinical trial or research project for the period described in the informed consent for that clinical trial or project, which may differ.  

If you use this site or mobile application, you are responsible for maintaining the confidentiality of any user ID and password or other access credentials that you may be provided. You should notify us immediately if any user ID and password or other access credentials we may issue you are compromised.

‍

13.     Do you disclose my personal data to others?

We do not share, sell or lease personal data about you except as set forth in this Privacy Notice. The specific kind of information we share with third parties will depend on your activities with us and only to the extent as required or permitted by law. We contractually require these third parties to keep that personal data confidential and use it only for the contracted purposes.

Insofar as reasonably necessary for us in managing our business, delivering our services, and for the purposes set out in this Privacy Notice, we may share your personal information with the below parties that help us manage our business and deliver our services:

• Any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries, and our affiliates.
• Third parties we use to help deliver our services or facilitate shipping products or devices to you.
• Reimbursement for participation.
• Other third parties we use to help us run our business, e.g., marketing agencies or website hosts.
• Third parties approved by you, e.g., social media sites you choose to link your account to.

We may also disclose personal data to the Food and Drug Administration, the European Medical Agency, institutional review boards, ethics boards, or other regulators when required to do so in connection with clinical trials or research studies in which you choose to participate.

We may share your personal data in the event that our company or some of our assets are sold or transferred as part of a merger, acquisition or other corporate transaction, or used as security or to the extent we engage in business negotiations with our business partners, the personal data collected on our websites or mobile applications, including this site, may be transferred or shared with third parties as part of that transaction or negotiation.

If we receive a request from law enforcement officials or judicial authorities to provide personal data about individuals, we may provide such information. In matters involving claims of personal or public safety or in litigation where the data is pertinent, we may use or disclose information about you without a court order. 

Please note, in the case of personal data collected during your participation in a clinical trial or research study supported by our website or mobile application, our ability to disclose your personal information is governed by our agreement with the Sponsor and we may disclose information to additional parties as the Sponsor may direct. For example, we may share information with clinical trial or research sites, clinical research organizations working with the Sponsor, or shipping or other partners working with the sponsor.  

We only allow those organisations to handle your personal information if we are satisfied that they take appropriate measures to protect your information. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.

We or the third parties mentioned above occasionally also share personal data with:

• Our and their external auditors, e.g., in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations.
• Our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations.
• Law enforcement agencies, courts, tribunals, and regulatory bodies to comply with our legal and regulatory obligations.
• Other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering, or in the event of our insolvency—usually, information will be anonymised, but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.

‍

14.     Transferring your information overseas

We do business globally and may centralise certain aspects of our information processing activities and data storage in different countries. We may therefore have to share and transfer your personal information from one country to another, or even across multiple jurisdictions. Your personal information may therefore be subject to privacy laws that are different from those in the country where the personal information is collected or those in your country of residence. We may transfer your personal data outside of the United States, to, or within another country to accomplish the purposes of processing.

We will ensure your personal information has an appropriate level of protection and will undertake appropriate due diligence and risk assessments prior to transferring the information. We will ensure the transfer your personal information in line with applicable Data Protection Law. Often, this protection is set out under a contract with the organisation that receives your personal information. You can find more details of the protection given to your information when it is transferred overseas by contacting us.

Where a privacy regulatory authority requires a corresponding privacy regulatory approval before we transfer your Personal Data outside your jurisdiction, we will obtain the approval before transferring your personal data.

‍

15.     Third-party services, websites, and plugins

Please note that this Privacy Notice does not apply to sharing of personal data by third party providers who may collect personal information from you and may share it with us. In these situations, we strongly advise you to review the applicable the third-party provider’s privacy notice before submitting your personal information.

You should be aware that information about your use of our website (including your IP address) may be retained by your ISP (Internet Service Provider), the hosting provider, and any third party that has access to your Internet traffic.

Our websites may contain links to third-party websites and plugins, for instance a social media login plugin. If you choose to use these websites, plugins, or services, you may disclose your information to those third parties.  

We are not responsible for the content or practices of those websites, plugins, or services. The collection use and disclosure of your personal information will be subject to the privacy notices of these third parties and not this Privacy Notice. We urge you to read the privacy and cookie notice of the relevant third parties.

‍

16.     Opting out of Marketing

If you provide us with your contact details (e.g., email address), we may contact you to let you know about the products, services, promotions, and events offered that we think you may be interested in.

You can unsubscribe from our marketing and promotional communications by clicking on the unsubscribe link in the emails you receive from us or by contacting us at my-privacy@obviohealth.com.

You will be removed from the marketing list. However, we may still communicate with you to send you service-related messages necessary for responding to your requests or for other non-marketing purposes.

‍

17.     Cookies and other tracking technologies

Each time you visit our website, we may automatically collect personal information—depending on your consent and jurisdiction. This includes technical details about your device, browsing actions, patterns, and usage data. We use cookies, server logs, and similar technologies such as pixels and tags to remember your preferences, analyze website usage, and tailor our marketing efforts.

Please see more information in our Cookie Notice.

‍

18.     Your rights involving your personal data

ObvioHealth uses your personal data in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR), US data protection legislation, and HIPAA. These privacy laws, along with those in other regions such as Canada, grant you greater control over and access to your personal data.

These rights may include the right:

• To request and obtain a copy of your personal information
• To request rectification and/or erasure
• To restrict processing of your personal information
• Data portability (if applicable)

ObvioHealth does not use automated decision making that has legal consequences or otherwise materially and negatively impacts a data subject.

The application of these and any other privacy rights you may have depends on applicable data protection law and if you would like more information about your specific rights under data protection law in your jurisdiction and how to exercise those rights, please contact us at my-privacy@obviohealth.com.

We may request specific information from you to confirm your identity, verify your rights, and respond to your request, including providing you with any personal data that we hold about you, if applicable.

Applicable law may allow or require us to deny your request, or we may have destroyed, erased, or made your personal data anonymous in accordance with our record retention obligations and practices.

We will consider and act upon any requests in accordance with applicable data protection laws and applicable contracts with relevant data controllers.

‍

19.     Withdrawing Consent

If we rely on your consent to process your personal information, which may be express or implied consent according to the applicable law, you have the right to withdraw consent at any time. You can withdraw your consent by contacting us at my-privacy@obviohealth.com

Please note that this will not affect the lawfulness of the processing before the withdrawal, nor when applicable law allows, will it affect the processing of your personal information on the basis of any other lawful ground other than consent.

‍

20.       Changes to Our Privacy Notice

We may update our privacy notice periodically. If we make material changes, the 'last updated' date will be revised to help you identify updates since your last review. We recommend checking this privacy notice regularly for any changes, as updates become effective upon being posted on this page.

Further information for EEA and UK residents

We are subject to the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR) in relation to goods and services we offer to individuals and our wider operations in the UK and European Economic Area (EEA).

Details about our processing of your personal information

The table below describes the ways we plan to use your Personal Data, and which Lawful Basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.

‍

The lawful basis of processing for sensitive personal data is set out below:

‍

Complaints

You have the right to complain to the Data Protection Authority about our collection and use of your Personal Data.

For more information, please contact your local data protection authority in the European Economic Area (EEA) which can be found here.

For the UK, contact the ICO here.

‍

Exercising your rights

Your rights are associated with our legal basis for processing your data. If you would like to exercise any of these rights or have a query about how we process your personal data, please contact our Data Protection Officer at my-privacy@obviohealth.com.

‍

Further information for Swiss Residents

All processing of Swiss personal data by ObvioHealth is made in compliance with the Swiss data processing principles and the Federal Act on Data Protection of 25 September 2020 (FADP) and its ordinances, i.e., the Ordinance on Data Protection (ODP) and the Ordinance on Data Protection Certification.

ObvioHealth shall not disclose Sensitive personal data may to third parties (in their capacity as controllers) without sufficient justification such as: (i) the data subject’s consent; (ii) any overriding private or public interest; or (iii) a provision of Swiss law requiring or permitting such disclosure.

Swiss privacy law defines sensitive data as:

• Data relating to religious, philosophical, political, or trade union-related views or activities;
• data relating to health, the intimate sphere, or the affiliation to a race or ethnicity;
• genetic data;
• biometric data that uniquely identifies a natural person;
• data relating to administrative and criminal proceedings or sanctions;
• data relating to social assistance measures.

Further information for Australian Residents

ObvioHealth are bound by the Australian Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs).

‍

Personal data choices

You have the choice not to submit personal data to us (other than as may be required by law) although this may reduce your ability to fully participate in all aspects of the ObvioHealth Community, our web sites and mobile applications, or clinical trials or research studies supported by ObvioHealth.   It is not possible to register for participation in the ObvioHealth community or particular clinical trial or research study on an anonymous basis (although your identity may not be shared with the Sponsor).  We will inform you if it is possible in other cases for an interaction to occur on an anonymous basis (for example through required/optional data field designations) and, where it is, it will be optional for you to provide personal information.    

‍

What is personal information?

Personal information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.

‍

Where do you store my personal data?

We store most information about you in computer systems and databases.

We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification, or disclosure.

These processes and systems include:

• the use of identity and access management technologies to control access to systems on which information is processed and stored;
• requiring all employees to comply with internal information security policies and keep information secure;
• requiring all employees to complete training about information security; and
• monitoring and regularly reviewing our practise against our own policies and against industry best practice.

‍

Your rights

You may access or request correction of the personal information that we hold about you by contacting us at my-privacy@obviohealth.com.

There are some circumstances in which we are not required to give you access to your personal information.

There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).

We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate and up to date.

‍

Complaints

If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us at my-privacy@obviohealth.com.

We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.

If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (OAIC) (www.oaic.gov.au) for guidance on alternative courses of action which may be available.

‍

Version 1 | June 4, 2025

‍

‍

‍