Your privacy is important to us and we are committed to protecting it through our compliance with this Policy. The information provided below describes, as required by the EU Regulation 2016/679, how and why WarOnCancer processes your personal data, which you share with us and which we collect when you visit our website (www.waroncancer.com) or use our platform (“the App”, “the Platform”). Personal data means any information which may be used to identify you.
The information provided does not concern other online websites, pages or services that can be accessed via hyperlinks on the above social network platform or website but relate to resources outside the WarOnCancer’s domain. Clicking on those hyperlinks may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies.
Who are we?
War On Cancer is a free to access social media network aiming to support you through your cancer journey. The main functionalities of the app are: connect with others you can relate to; share your story; find clinical trials; and contribute to cancer research.
WarOnCancer AB is responsible for the personal data that you share with us. When we say “WarOnCancer”, “us”, “our” or “we”, this is who we are referring to.
We have appointed a Data Protection Officer, Lisen Arnheim Dahlström with the following email address: email@example.com
Please see the “Contacts” section for our contact details.
When do we collect personal data?
We collect personal data when you:
Create a User Account
When you create a user account for our Platform, we collect the personal data that you provide, such as [contact information].
Use Our Platform
When you use the Platform, we collect information that you share using the Platform as well as how the Platform is accessed and used. If you share special categories of personal data (sensitive personal data) about your health when using the Platform we will also process such sensitive personal data.
Use The Website
If you browse our website, we collect certain technical information, e.g. IP addresses.
Communicate with us
When you communicate with us for example if you e-mail us, we collect the information you provide. This may include your [identity information, contact information and communication].
What personal data do we process and why?
Provide the social media platform and communicate with you
|Processed data||[identity information, contact information, communication, demographic information, location data, health data, audio and video material, and user generated data].|
We use your personal data in order to provide our Platform with its basic functionalities (e.g. communicate or share data with other users in the community) and communicate with you regarding the Platform. For this purpose we process [identity information, contact information, communication, demographic information, location data, health data, audio and video material, and user generated data].
Special categories of personal data (sensitive personal data) about your health are processed based on the necessity of the performance of the service, on the consent you provided when you created your user account and on the fact that you have made them manifestly public. It is voluntary to provide your consent to the processing of sensitive personal data, but to use the Platform we need, at least, your email address, username, date of birth, cancer relation. You may at any time withdraw your consent by unregistering your user account.
The processing of your personal data is necessary for the performance of a contract with you (the terms of service). Your personal data is stored for this purpose as long as your user account is active. If you want us to no longer process the data for this purpose you can delete your account and all its content by accessing the privacy settings page.
Match you with suitable Health Studies and Clinical Trials
|Processed data||[contact information, demographic information, communication and, in certain cases, your health data].|
We may use your personal data in order to be able to match you with suitable Health Studies and Clinical Trials. This is made by processing the data you have already provided us through the usage of the Platform or by carrying out surveys on our Platform, if you have expressed your consent on that. If those surveys are commissioned by third parties, we protect your privacy by not sharing your personal data with any entities that are conducting the surveys. Indeed we share with them just aggregated or pseudonymized data. For this purpose we process your [contact information, demographic information, communication and, in certain cases, your health data].
If you match or potentially match for a health study, you may be notified. It is of course voluntary to participate in a health study and if you decide to share any special categories of personal data (sensitive personal data) about your health, you give your explicit consent to our processing of the sensitive data for this purpose. Your collected / reviewed personal data will be added to your profile and may potentially be used for other surveys until you delete them or you withdraw your consent.
If you choose to use the feature “Clinical Trial Finder” we will generate a list of the clinical trials that are potentially suitable for you.
If you want us to no longer process your data for this purpose you can, at any time, withdraw your consent by accessing the privacy dashboard and opting out.
Provide our newsletter
|Processed data||[identity information and contact information].|
If you sign up for our newsletter, we use your personal data to provide the newsletter to you. For this purpose we process your [identity information and contact information].
The processing is based on your consent so you can receive marketing communications from us and on our legitimate interests: to improve our products and services and better engage with you.
We may also use certain health data [e.g. cancer relation] to personalize the newsletter service content and to improve your user experience. In this case, the legal basis for the processing is your explicit consent.
You can at any time unsubscribe from our newsletter by clicking on the unsubscribe link in the email. Your personal data is stored for this purpose until you choose to unsubscribe from the newsletter.
Publish appropriate external, internal, or communications or publicity materials
|Processed data||[communication, identity information].|
Where relevant, we may use your personal data for publishing appropriate internal or external communications or publicity material (e.g. public posts published via social media in appropriate circumstances). We consider that it is our legitimate interest to support our long-term business goals and outcomes. In case sensitive data would be involved in the processing (e.g. sharing posts with sensitive content you have posted), we may use them for this purpose by relying on the fact you have made them publicly available. If our legal basis to justify the processing of your personal data is not enough, we will request your consent.
Provide marketing communications of third parties' products
[identity information and contact information].
If you express your consent on receiving marketing communications of third parties’ products, we use your personal data to provide them to you. For this purpose we process your [identity information and contact information].
The processing is based on your consent. If you want us to no longer process the data for this purpose you can withdraw your consent by sending us a request to our DPO email address.
Interest based advertising (direct marketing)
In the context of this processing purpose, and only if you give us your consent, we may process your [contact information] with the help of third party providers such as Meta, in order to create a so-called “Lookalike Audience”. This is composed of aggregated/anonymous data and therefore it doesn’t qualify as personal data, but, in order to generate it, the third party provider will need to operate processing activities on other personal data under its controllership. This will allow us, together with such providers, to show the lookalike audience some targeted interest-based advertisements (e.g. on social media pages). Our goal is to highlight our posts to a broader audience that share to some degree your similar interests.
If you want us to no longer process your data for this purpose you can, at any time, withdraw your consent by accessing the privacy dashboard and opting out. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can learn more about Meta’s Terms of services and privacy settings by visiting the following links:
Analyse, develop and improve technical functionalities, and ensure the security of our platform and website
|Processed data||[Identity information, Contact information, Communication, Demographic information, Location data, Health data, Audio and video material, User generated data].|
The processing is based on our legitimate interest of developing/improving, ensuring the technical functionality and the security of our Platform and website. Special categories of personal data (sensitive personal data) about your health may be processed for this statistical purpose in accordance with the appropriate safeguards (art. 89 GDPR). Your personal data is stored for this purpose until your user account is deleted or such period as is necessary in order to anonymize the data, test features or functionality and deploy patches and other bug fixes.
Analyse the use of our platform
|Processed data||[identity information and user generated information].|
We use your personal data to analyze the use of the Platform, e.g. to collect and analyze usage statistics of how the Platform is used. For this purpose we process [identity information and user generated information].
The processing is based on our legitimate interest of analysing how the Platform is used. Your personal data is stored for this purpose as long as your user account is active. Statistics and reports which do not include any personal data are stored until further notice or until deleted.
Analyse the use of our website
|Processed data||[User generated information].|
We use your personal data to analyze the use of our website, e.g. to collect visitor statistics. For this purpose we process [user generated information].
The processing is based on our legitimate interest of analysing how our website is used. Your personal data is stored for a period of 1 month for this purpose. Statistics and reports which do not include any personal data are stored until further notice or until deleted.
Manage and Defend Legal Claims
If necessary we may use your personal data to manage and defend legal claims, e.g. in connection with a dispute or a court proceeding. We will in such a case process the personal data collected which is necessary in order to manage and defend the legal claim in question. The processing is based on our legitimate interest of managing and defending legal claims. Your personal data is stored for this purpose for such a period as is necessary in order to manage or defend the legal claim.
For this purpose, we may also share certain information with other parties, please see below.
Fulfill Legal Obligations
Finally, we use your personal data to fulfil legal obligations that we have, e.g. accounting requirements or obligations under data protection laws. We will in such a case process the personal data collected which is necessary in order to fulfill the legal obligation in question. Your personal data is stored for such a period as is necessary in order to fulfill respective legal obligations. Accounting information is retained for 7 years calculated after the end of the calendar year the relevant financial year ended.
For this purpose, we may share your personal data with other parties, see below.
Sharing of personal data
Sharing by you
The Platform allows you to share content with others. Any personal data that you publish on your profile or in a post is public and visible to others.
Sharing by us
We share information with certain recipients as explained below:
We use certain third-party service providers which provide for example IT services to us. Where a third-party service provider processes personal data on our behalf they act as data processors and we are responsible for the use of your personal data. They may not use your personal data for their own purposes and they are obligated to protect your personal data.
We may share aggregated information with our partners, e.g. reports based on surveys made on the Platform which do not include any personal data.
Moreover, we may also share personal data collected in connection with surveys carried out on the Platform with our partners for the partners’ own processing for the purpose of evaluating the result of the survey. The transfer is based on your consent and on our and the partners’ legitimate interest of evaluating the result of the survey. To the extent the personal data includes special categories of personal data (sensitive personal data) such data will only be shared with the partners if you have given your explicit consent to this.
Partners include, but are not limited to, pharmaceutical companies, hospitals, universities and other educational institutions.
In addition to the above, we may if necessary, share your information with other recipients for the following purposes:
- to allow a merger or an acquisition (based on our legitimate interest of allowing a merger or an acquisition of our business)
- to manage or defend a legal claim (based on our legitimate interest of managing and defending legal claims)
- to respond to lawful requests from authorities according to mandatory applicable laws (where necessary to fulfill legal obligation to which we are subject).
We keep your data safe adopting the best practices and highest standards in terms of security.
All required technical and organisational security measures have been adopted.
When data is shared between our App and the server storage, it is encrypted through https. Our databases are stored in Azure cloud. In order to fetch data from storage, the API of the War On Cancer app needs to be used.
All data handling is GDPR (General Data Protection Regulation) compliant.
We strive to limit the collection of personal information to what is directly relevant and necessary to accomplish the above specified purposes, accordingly to the Data Minimisation Principle
In principle, unless otherwise stated, your personal data will only be stored until the purpose of the collection and storage no longer applies. In accordance with your consent, data may also be stored for longer, as long as you do not withdraw your consent.
Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
In the event of termination - for whatever reason - of the agreement between the user and the provider, the provider shall keep all content, information and (personal) data uploaded by the user available for retrieval by the user for a further 90 days after termination. After expiry of this period, the aforementioned content will be irrevocably deleted or anonymized in accordance with data protection regulations.
Data Destruction Process
The method of disposal varies and is dependent upon the nature of the document. For example, any documents that contain sensitive or confidential information (and particularly sensitive personal data) must be disposed of as confidential waste and be subject to secure electronic deletion; some expired or superseded contracts may only warrant in-house shredding.
In this context, the employee shall perform the tasks and assume the responsibilities relevant for the information destruction in an appropriate way. The specific deletion or destruction process may be carried out either by an employee or by an internal or external service provider that our Company subcontracts for this purpose. Any applicable general provisions under relevant data protection laws and the Company’s Personal Data Protection Policy shall be complied with.
- Level I documents are those that contain information that is of the highest security and confidentiality and those that include any personal data. These documents shall be disposed of as confidential waste (cross-cut shredded and incinerated) and shall be subject to secure electronic deletion. Disposal of the documents should include proof of destruction.
- Level II documents are proprietary documents that contain confidential information such as parties’ names, signatures and addresses, or which could be used by third parties to commit fraud, but which do not contain any personal data. The documents should be cross-cut shredded and then placed into locked rubbish bins for collection by an approved disposal firm, and electronic documents will be subject to secure electronic deletion.
- Level III documents are those that do not contain any confidential information or personal data and are published Company documents. These should be strip-shredded or disposed of through a recycling company and include, among other things, advertisements, catalogues, flyers, and newsletters. These may be disposed of without an audit trail.
A data breach generally refers to the unauthorized access and retrieval of information that may include corporate and / or personal data. Data breaches are generally recognized as one of the more costly security failures of organizations.
Adequate data breach procedures have been put in place by our Company.
All instances of suspected breaches shall be investigated and action taken as appropriate.
Transfer to Other Countries
We transfer personal data to our service providers which are located in the European Union (EU) or the European Economic Area (EEA)) or the United States (US). In order to ensure that your personal data is always protected we ensure that there are adequate safeguards in place, e.g. data processing agreements. Processing of personal data outside the EU or the EEA will only take place on the basis of: an adequacy decision of the European Commission, or the provision of appropriate safeguards and the usage of Standard Contractual Clauses approved by the European Commission (art. 46 GDPR). In this second case, we share data using pseudonymisation techniques to mitigate data protection risks when processing your personal data. If you have questions regarding to which countries your personal data is transferred and which safeguards we take to protect your personal data, or to request a copy of such safeguards respectively information where they are available, please contact us at firstname.lastname@example.org.
It is expressly prohibited for minors under the age of 13, or equivalent minimum age in the relevant jurisdiction, to create and use their own WarOnCancer Account, unless their parents or guardians provided verifiable consent. If you are between 13 and 18 years of age, you hereby agree that your legal guardian has read these Privacy Notice. If law requires that you must be older in order for War On Cancer to lawfully provide the services through the Platform to you without parental consent (including using your personal data) then the Minimum Age is such an older age.
By using the Service, you represent and warrant that you are of legal age to meet all of the foregoing eligibility requirements. If you do not meet all of these requirements, you must not access or use the Service.
You can report any knowledge of a child assessing the app and providing personal data without parental consent by contacting our DPO (see “Contacts” section).
You have certain rights in relation to the use of your personal data. If you wish to exercise your rights, please contact us at: email@example.com. We aim to respond within 30 days from the date we receive privacy-related communications.
You have the right to:
Access Your Personal Data
You have the right to request access to your personal data and request a copy of your personal data that we store. If you have created a user account, you can view certain information directly in your account.
Update Your Personal Data
You have the right to request that personal data that is incorrect or incomplete is corrected or completed. If you have created a user account, you can update certain information directly in your account.
If we rely on your consent to the use of your personal data you have the right to, at any time, withdraw your consent. The consent withdrawal does not affect the legality of the processing carried out previously on the basis of the consent.
Delete Your Persona Data (Right to be forgotten)
You can at any time request that your user account is deleted. Moreover, under certain circumstances, you have the right to request that your personal data shall be deleted. We may, however, still need to keep your personal data if we are obligated to keep certain data in order to fulfill legal obligations or to manage or defend legal claims.
Unsubscribe From Marketing Communication
You have the right to oppose our use of your personal data for promotional and marketing purposes at any time. You can opt-out from marketing communication by clicking on an unsubscribe link in the communication.
Restrict the Use of Your Personal Data
You have, under certain circumstances, the right to request that the use of your personal data is restricted. If you have requested restriction of the use of your personal data, please note that you cannot use the Platform during the time that the use of your personal data is restricted.
Object to the Use of Your Personal Data
Certain use of your personal data is based on our or others’ legitimate interest. You have the right to object to the use of your personal data based on a legitimate interest for reasons which concern your particular situation. In such a situation, we will stop using your personal data where the use is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your personal data is necessary in order to manage or defend legal claims.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Not to Be Subject to a Decision Based Solely on Automated Decision-Making
You may have the right not to be subject to such type of automated decision-making about you, unless: (a) you gave us your explicit consent to use your personal data to make our decision; (b) we are allowed by law to make our decision; or (c) our automated decision was necessary to enable us to enter into a contract with you.
Transfer Your Personal Data (Data Portability)
You have the right to obtain a copy of certain information that you have provided to us in a structured machine-readable format which allows you to transfer the data to another recipient.
If You Have Questions
If you are not satisfied with our response, you have the right to lodge a complaint with your data protection authority. In Sweden, we are supervised by the Swedish Data Protection Authority (Datainspektionen).
Information Regarding Categories of Personal Data
Please see the table below for further information regarding the categories of personal data that we process.
Examples of Personal Data/Sensitive Data
Name, IP-address, [user-ID], username
E-mail address, phone info
Contents of communication (free text, messages, comments, e-mails etc.)
Age, gender/sex, country of residence
|Health data||Cancer relation, type of cancer, Cancer Phase / Stage, M/Y of diagnosis/declared healthy, Type and M/Y of treatment, survey responses|
Health data from your profile page, demographic information
Audio and video material
Pictures, videos, audio
Click history, user settings