Allyfe Privacy Policy

This document (‘Privacy Policy) aims to illustrate the processing operations carried out by Allyfe SRL, in its quality as data controller (‘Allyfe’ or the ‘Company’) under the data protection legislation in force, including in particular the Regulation (EU) 2016/679 (‘GDPR’), by means of the personal data collected in connection and through the website www.allyfe.health (‘Website’).

The information provided herein shall apply to anyone who visits and navigates the Website (the ‘Users’).

The processing of the Users’ personal data will take place in full compliance with the applicable data protection laws.

1. REDIRECT TO OTHER WEBSITES

In case the Company should incorporate links into the Website which allow the Users to connect to third parties’ online platforms, social networks or websites (‘Third party’s pages’), it would assume no direct or indirect responsibility in regards of the processing of personal data which may take place through and/or in connection with any of such Third parties’ pages.

Therefore, the Users who access a Third party’s page from or through the Website must carefully read the relevant applicable privacy policies, in order to understand how their personal data will be processed by such third parties, as autonomous controllers, pursuant to the data protection legislation in force.

2. CATEGORIES OF PERSONAL DATA COLLECTED

A. Traffic data

The computer systems and software procedures used to operate this Website need to acquire (including by means of cookies), during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data may include, by way of example: IP addresses, browser type, operating system, domain name, information on the pages visited by the User within the Website, time of access, time spent on a single page, the internal path analysis and other parameters regarding the User’s operating system and computer environment.

This technical / IT data is collected and processed in aggregated manner only, so that no User can be identified by the Company, for the purpose to ascertain liabilities in case of hypothetical crimes committed within or against the Website, or upon competent authorities’ request. Should this information be used to single-out any data subject, then it will be Allyfe’s duty to comply with applicable requirements and identify the appropriate legal basis for such processing operations.

B. Personal data provided directly from User

The Website incorporates some forms (‘Get in touch’ ‘Contact our team’ and ‘Request a demo’), whereby the User is requested to provide some personal data (precisely, first and last name, country, work e-mail, job title, company name and size and, in case, work phone number) in order to receive (i) any kind of support, a demo of Allyfe’s ProConsent platform, or a dedicated pricing (‘Service Request’), or (ii) upon User’s express consent, relevant information and contents regarding Allyfe’s products and services.

The data provided by the Users in these forms will be processed by the Company to follow-up and fulfil their specific Service Requests, or for sending Allyfe’s own promotional communications.

In any case, the Users will always be free to decide whether or not to share their personal data with the Company, by filling out the forms available on the Website, and to provide their consent for receiving information and contents regarding the Company’s products and services. It should be kept in mind, however, that in case of refusal to provide the data, Allyfe will be likely not in condition to satisfy the Users’ Service Requests. Accordingly, those Users who prefer the Company not to collect their personal data should not send any such request. On the contrary, refusal to provide consent by the User does not prevent or limit in any manner Allyfe from fulfilling any Service Request.

Allyfe will never request/collect particular categories of personal data.

3. PURPOSES AND LEGAL BASES OF THE PROCESSING

The Website is designed with the main goal of providing information regarding Allyfe’s products and services, with particular reference to ProConsent platform.

According to the principles set forth by the GDPR, the Website is set to minimize the collection of personal data, as well as to exclude the processing of any identifiable information in all cases when the purposes described hereunder can be achieved with different means, and/or by anonymous data.

That being said, the Users’ personal data identified above will be processed by Allyfe for the purposes of:

a) allowing the User to navigate the Website and easily enjoy its contents and services, based on the Company’s legitimate interest pursuant to Art. 6.1, (f) of the GDPR;

b) allowing the Company to answer and fulfil the Users’ Service Requests sent through the specific forms available on the Website, pursuant to Art. 6.1, (b) of the GDPR;

c) sending information and contents regarding Allyfe’s products and services via automated means, provided that the User has given his/her specific consent according to Art. 6.1, (a) of the GDPR;

d) complying with obligations provided for by applicable laws and/or to fulfil requests or orders issued by competent authorities, pursuant to Art. 6.1, (c) of the GDPR;

e) establishing, exercising or defending legal claims regarding the Company’s rights, based on its legitimate interest pursuant to Art. 6.1, (f) of the GDPR.

Should the data be collected in the future also for purposes other than those described above, it will be duty of Allyfe, on one hand, to provide adequate information to the Users relating to such new purposes in order to ensure transparency and user awareness and, on the other hand, ascertain that a valid legal basis (such as the data subject’s consent) exists, where needed, to undertake the relevant processing activities.

4. METHODS OF PROCESSING AND DATA SECURITY

The personal data are collected and processed lawfully and fairly, exclusively for the purposes described above and in accordance with the fundamental principles established by the applicable legislation, with special regard to the GDPR.

Processing operations may take place both manually and electronically, in any case under technical and organizational measures that ensure the security and confidentiality of the data, especially in view of preventing or however minimizing the risks of accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to the Users’ personal data.

The processing operations will be carried out, under the direct authority of Allyfe, only by persons who have been duly authorized to access and process the Users’ data in accordance with both the instructions provided by the Company, on a need-to-know basis only, and the applicable data protection laws and regulations.

5. COMMUNICATIONS TO THIRD PARTIES

Except for the case described under c) above, the Users’ personal data will not be shared with third parties.

Should the data be made available by Allyfe to any third-party supplier or partner (such as marketing and communication agencies, service or hosting providers, IT companies or else) in order to enable them to perform specific services connected to or necessary for the fulfilment of the purposes listed above, it will be the responsibility of the Company to appoint such third parties as data processors by virtue of their capacity, experience and reliability and to provide them with specific instructions regarding the needed level of protection and security of the data, according to Art. 28 of the GDPR. The updated list of data processors can be accessed at any time by sending a written request to Allyfe, as specified below.

It remains understood that the Users’ personal data will be communicated to third parties, such as public or judicial authorities, to abide their binding orders and requests, as well as to comply with any applicable legal obligation.

6. DATA RETENTION

Personal data will be kept in a format that allows the identification of the User for no longer than necessary to fulfill the purposes for which the data have been collected.

In more detail, the data provided by the User by means of the specific forms on the Website will be retained:

i. for no longer than expressly required or permitted by applicable legislation, after following up or fulfilling the Users’ Service Requests (e.g. in connection with a litigation with the User, or to enforce or protect one or more Company’s rights, or to comply with orders issued by competent Court or authorities), consistent with the retention periods and statutes of limitations provided for by the laws and regulations in force, also locally;

ii. for promotional and marketing-related purposes, including for sending communications, contents and materials to the User in regards of Allyfe’s product and services, until the User withdraws his/her consent.

As soon as no longer necessary in accordance with the above, the data will be cancelled or made definitively anonymous.

7. TRANSFER OF DATA ABROAD

In case of transfer of the User’s personal data to third parties established outside the European Economic Area, both when acting as autonomous data controllers or as data processors on behalf of Allyfe, it will be the Company’s responsibility to ensure that the relevant transfer abroad is made in accordance with adequate data protection guarantees, as required by the law, e.g. through the adoption of Standard Model Clauses as approved by the European Commission, or other equivalent safeguards.

8. DATA SUBJECTS’ RIGHTS

The Users can at any time exercise their rights in accordance with the applicable data protection legislation, including:

a) accessing their personal data, obtaining evidence – among others – of the purposes pursued by the Company, the categories of data involved, the recipients to whom the data may be disclosed, the applicable storage period, the existence of automated decision-making processes;

b) having incorrect personal data referred to them rectified without delay;

c) having their data erased, unless a specific exemption applies, when such data (i) are no longer necessary in relation to the purposes for which they were collected or otherwise processed; or (ii) have been unlawfully processed; or (iii) have to be erased for compliance with a legal obligation to which the Company is subject;

d) obtaining restrictions to processing operations, when (i) the accuracy of the personal data is contested by the User (solely for the period enabling the Company to verify the accuracy of the personal data); (ii) the processing is unlawful and the User opposes the erasure of his/her personal data and requests the restriction of their use; (iii) Allyfe no longer needs the personal data for the purposes identified above, but they are required by the User for the establishment, exercise or defence of legal claims;

e) requesting portability of the data provided to the Company, receiving them in a structured, commonly used and machine-readable format, also for transmitting such data to another controller, without any hindrance by Allyfe;

f) withdraw the consent provided in relation to those processing which are based on this legal ground (Par. 3, let. c) above), without this may affect in any manner the lawfulness of the processing operations carried out until that moment;

g) lodge a complaint to the competent Supervisory Authorities (link).

To exercise these rights, or for any information and/or clarifications regarding the data processing operations carried out through and in connection with the Website, please write to privacy@allyfe.health.

9. DATA CONTROLLER

The data controller pursuant to the applicable laws is Allyfe SRL, a company duly incorporated under Belgian law, with registered office at Rue des Trois Ponts 40, 1160 Brussels, Belgium.

10. POLICY UPDATING

Allyfe reserves the right to amend and/or integrate this Privacy Policy at its sole discretion over time, in order to comply with new legal provision and/or include new processing operations, or products or services. For this reason, Users are invited to constantly visit and read the contents of this page.

Below is highlighted the date when the last version of this policy has been uploaded.

Last Update: 20 October 2021