Your privacy is important to us and we are committed to protecting it through our compliance with this Policy. The information provided below describes, as required by the EU Regulation 2016/679, how and why WarOnCancer processes your personal data, which you share with us and which we collect when you use our social network platform (“the App”) or visit our website (www.waroncancer.com). Personal data means any information which may be used to identify you.
The information provided does not concern other online websites, pages or services that can be accessed via hyperlinks on the above social network platform or website but relate to resources outside the WarOnCancer’s domain.
Who are we?
WarOnCancer AB is responsible for the personal data that you share with us. When we say “WarOnCancer”, “us”, “our” or “we”, this is who we are referring to.
Please see the “Contacts” section for our contact details.
When do we collect personal data?
We collect personal data when you:
Create a User Account
When you create a user account for our platform, we collect the personal data that you provide, such as [contact information].
Use Our Platform
When you use the platform, we collect information that you share using the platform as well as how the platform is accessed and used. If you share special categories of personal data (sensitive personal data) about your health when using the platform we will also process such sensitive personal data (see the table below to understand which data must be considered as sensitive and which not).
Use The Website
If you browse our website, we collect certain technical information, e.g. IP addresses.
Communicate with us
When you communicate with us for example if you e-mail us, we collect the information you provide. This may include your [identity information, contact information and communication].
What personal data do we process and why?
Provide the platform and communicate with you regarding our platform
We use your personal data in order to provide our platform with its basic functionalities (e.g. match users or share data with other users in the community) and communicate with you regarding the platform. For this purpose we process [identity information, contact information, communication, demographic information, location data, health data, audio and video material, and user generated data].
Special categories of personal data (sensitive personal data) about your health are processed based on the necessity of the performance of the service, on the consent you provided when you created your user account and on the fact that you have made them manifestly public. It is voluntary to provide your consent to the processing of sensitive personal data, but to use the platform we need, at least, your email address, username, date of birth, cancer relation. You may at any time withdraw your consent by deleting your user account via the Account Settings page in the app.
The processing of your personal data is necessary for the performance of a contract with you (the terms of service). Your personal data is stored for this purpose as long as your user account is active.
Carry out Health Studies on our platform
We may use your personal data in order to carry out health studies on our platform, if you have expressed your consent regarding that. We protect your privacy by not sharing your identity with any entities that are conducting the surveys. We do not disclose the Personal Data about you to third parties without your consent or otherwise as specified in this Policy (see “Sharing of personal data” section for more information).
Indeed we may share with them just aggregated or pseudonymized data. For this purpose we may process your [contact information, demographic information, communication and, in certain cases, your health data].
If you match or potentially match a study, you may be notified about that. It is of course voluntary to participate in a health study and if you decide to share any special categories of personal data (sensitive personal data) about your health, you give your explicit consent to our processing of your sensitive personal data for this purpose. If you choose to participate, your collected / reviewed personal data will be added to your profile and may potentially be used for other health studies until you delete them or you withdraw your consent. The answers to the health study that cannot be added to your profile will be stored for this purpose during the time the health study is conducted and for a period of 3 months thereafter in order to compile the answers.
Provide our newsletter
If you sign up for our newsletter, we use your personal data to provide the newsletter to you. For this purpose we process your [identity information and contact information].
The processing is based on your consent so you can receive marketing communications from us and on our legitimate interests: to improve our products and services and better engage with you.
We may also use certain health data [e.g. cancer relation] to personalize the newsletter service content and to improve your user experience. In this case, the legal basis for the processing is your explicit consent.
You can at any time unsubscribe from our newsletter by clicking on the unsubscribe link in the email. Your personal data is stored for this purpose until you choose to unsubscribe from the newsletter.
Provide marketing communications of third parties’ products
If you express your consent to receive marketing communications from third parties’ products, we use your personal data to provide them to you. For this purpose we process your [identity information and contact information].
The processing is based on your consent.
Analyse, develop and improve technical functionalities, and ensure the security of our platform and website
The processing is based on our legitimate interest of developing/improving, ensuring the technical functionality and the security of our platform and website. Special categories of personal data (sensitive personal data) about your health may be processed for this scientific and/or statistical purpose in accordance with the appropriate safeguards (art. 89 GDPR). Your personal data is stored for this purpose until your user account is deleted or such period as is necessary in order to anonymize the data, test features or functionality and deploy patches and other bug fixes.
Analyse the use of our platform
We use your personal data to analyse the use of the platform, e.g. to collect and analyse usage statistics of how the platform is used. For this purpose we process [identity information and user generated information].
The processing is based on our legitimate interest of analysing how the platform is used. Your personal data is stored for this purpose as long your user account is active. Statistics and reports which do not include any personal data are stored until further notice or until deleted.
Analyse the use of our website
We use your personal data to analyse the use of our website, e.g. to collect visitor statistics. For this purpose we process [user generated information].
The processing is based on our legitimate interest of analysing how our website is used. Your personal data is stored for a period of 1 month for this purpose. Statistics and reports which do not include any personal data are stored until further notice or until deleted.
Aggregation and Anonymisation
We also collect, use and share Aggregated/Anonymous Data such as statistical.
Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.
For example, we may raise certain questions on our social media network posts, aggregate your answers with those of the rest of the community, calculate the percentages, and show you and the community the aggregated results.
The resulting aggregated data must be considered as anonymous since it will not be possible to identify the data subjects it refers to, since we are not keeping any link to the users profiles.
Manage and Defend Legal Claims
If necessary we may use your personal data to manage and defend legal claims, e.g. in connection with a dispute or a court proceeding. We will in such case process the personal data collected which is necessary in order to manage and defend the legal claim in question. The processing is based on our legitimate interest of managing and defending legal claims. Your personal data is stored for this purpose for such a period as is necessary in order to manage or defend the legal claim.
For this purpose, we may also share certain information with other parties, please see below.
Fulfill Legal Obligations
Finally, we use your personal data to fulfil legal obligations that we have, e.g. accounting requirements or obligations under data protection laws. We will in such case process the personal data collected which is necessary in order to fulfill the legal obligation in question. Your personal data is stored for such a period as is necessary in order to fulfill respective legal obligations. Accounting information is retained for 7 years calculated after the end of the calendar year the relevant financial year ended.
For this purpose, we may share your personal data with other parties, see below.
Sharing of personal data
Sharing by you
The platform allows you to share content with others. Any personal data that you publish on your profile or in a post is public and visible to others.
Sharing by us
We share information with certain recipients as explained below:
We use certain third-party service providers which provide for example IT services to us. Where a third-party service provider processes personal data on our behalf they act as data processors and we are responsible for the use of your personal data. They may not use your personal data for their own purposes and they are obligated to protect your personal data.
We may share aggregated information with our partners, e.g. reports based on surveys made on the platform which do not include any personal data.
Moreover, we may also share personal data collected in connection with surveys carried out on the platform with our partners for the partners’ own processing for the purpose of evaluating the result of the survey. The transfer is based on your consent and on our and the partners’ legitimate interest of evaluating the result of the survey. To the extent the personal data includes special categories of personal data (sensitive personal data) such data will only be shared with the partners if you have given your explicit consent to this.
Partners include, but are not limited to, pharmaceutical companies, hospitals, universities and other educational institutions.
In addition to the above, we may if necessary, share your information with other recipients for the following purposes:
- to allow a merger or an acquisition (based on our legitimate interest of allowing a merger or an acquisition of our business)
- to manage or defend a legal claim (based on our legitimate interest of managing and defending legal claims)
- to respond to lawful requests from authorities according to mandatory applicable laws (where necessary to fulfill legal obligation to which we are subject).
We keep your data safe adopting the best practices and highest standards in terms of security.
All required technical and organisational security measures have been adopted.
When data is shared between our App and the server storage, it is encrypted through https. Our databases are stored in Azure cloud. In order to fetch data from storage, the API of the War On Cancer app needs to be used.
All data handling is GDPR (General Data Protection Regulation) compliant.
In principle, unless otherwise stated, your personal data will only be stored until the purpose of the collection and storage no longer applies. In accordance with your consent, data may also be stored for longer, as long as you do not withdraw your consent.
Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
In the event of termination – for whatever reason – of the agreement between the user and the provider, the provider shall keep all content, information and (personal) data uploaded by the user available for retrieval by the user for a further 90 days after termination. After expiry of this period, the aforementioned content will be irrevocably deleted or anonymized in accordance with data protection regulations.
Data Destruction Process
The method of disposal varies and is dependent upon the nature of the document. For example, any documents that contain sensitive or confidential information (and particularly sensitive personal data) must be disposed of as confidential waste and be subject to secure electronic deletion; some expired or superseded contracts may only warrant in-house shredding.
In this context, the employee shall perform the tasks and assume the responsibilities relevant for the information destruction in an appropriate way. The specific deletion or destruction process may be carried out either by an employee or by an internal or external service provider that our Company subcontracts for this purpose. Any applicable general provisions under relevant data protection laws and the Company’s Personal Data Protection Policy shall be complied with.
- Level I documents are those that contain information that is of the highest security and confidentiality and those that include any personal data. These documents shall be disposed of as confidential waste (cross-cut shredded and incinerated) and shall be subject to secure electronic deletion. Disposal of the documents should include proof of destruction.
- Level II documents are proprietary documents that contain confidential information such as parties’ names, signatures and addresses, or which could be used by third parties to commit fraud, but which do not contain any personal data. The documents should be cross-cut shredded and then placed into locked rubbish bins for collection by an approved disposal firm, and electronic documents will be subject to secure electronic deletion.
- Level III documents are those that do not contain any confidential information or personal data and are published Company documents. These should be strip-shredded or disposed of through a recycling company and include, among other things, advertisements, catalogues, flyers, and newsletters. These may be disposed of without an audit trail.
A data breach generally refers to the unauthorized access and retrieval of information that may include corporate and / or personal data. Data breaches are generally recognized as one of the more costly security failures of organizations.
Adequate data breach procedures have been put in place by our Company.
All instances of suspected breaches shall be investigated and action taken as appropriate.
Transfer to Other Countries
It is expressly prohibited for minors under the age of 16, or equivalent minimum age in the relevant jurisdiction, to create and use their own WarOnCancer Account, unless their parents or guardians provided verifiable consent.
You have certain rights in relation to the use of your personal data. If you wish to exercise your rights, please contact us at: firstname.lastname@example.org.
You have the right to:
Access Your Personal Data
You have the right to request access to your personal data and request a copy of your personal data that we store. If you have created a user account, you can view certain information directly in your account.
Update Your Personal Data
You have the right to request that personal data that is incorrect or incomplete is corrected or completed. If you have created a user account, you can update certain information directly in your account.
If we rely on your consent to the use of your personal data you have the right to, at any time, withdraw your consent. The consent withdrawal does not affect the legality of the processing carried out previously on the basis of the consent.
You may at any time withdraw your consent by deleting your user account via the Account Settings page in the app.
Delete Your Persona Data (Right to be Forgotten)
You can at any time request that your user account is deleted. Moreover, under certain circumstances, you have the right to request that your personal data shall be deleted. We may, however, still need to keep your personal data if we are obligated to keep certain data in order to fulfill legal obligations or to manage or defend legal claims.
Unsubscribe From Marketing Communication
You have the right to oppose our use of your personal data for promotional and marketing purposes at any time. You can opt-out from marketing communication by clicking on an unsubscribe link in the communication.
Restrict the Use of Your Personal Data
You have, under certain circumstances, the right to request that the use of your personal data is restricted. If you have requested restriction of the use of your personal data, please note that you cannot use the platform during the time that the use of your personal data is restricted.
Object to the Use of Your Personal Data
Certain use of your personal data is based on our or others’ legitimate interest. You have the right to object to the use of your personal data based on a legitimate interest for reasons which concerns your particular situation. In such a situation, we will stop using your personal data where the use is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your personal data is necessary in order to manage or defend legal claims.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Not to Be Subject to a Decision Based Solely on Automated Decision-Making
You may have the right not to be subject to such type of automated decision-making about you, unless: (a) you gave us your explicit consent to use your personal data to make our decision; (b) we are allowed by law to make our decision; or (c) our automated decision was necessary to enable us to enter into a contract with you.
Transfer Your Personal Data (Data Portability)
You have the right to obtain a copy of certain information that you have provided to us in a structured machine-readable format which allows you to transfer the data to another recipient.
If You Have Questions
If you are not satisfied with our response, you have the right to lodge a complaint with your data protection authority (In Sweden, we are supervised by the Swedish data protection authority [Datainspektionen] ) or seek a remedy in the national courts if you think that your rights in relation to your personal data have been breached. However, we would be grateful if you could give us the opportunity to address your complaint in the first instance by using the contact details provided.
14447 Stockholm, SWEDEN
Information Regarding Categories of Personal Data
Please see the table below for further information regarding the categories of personal data that we process.
Examples of Personal Data
Name, IP-address, [user-ID], username
E-mail address, phone info
Contents of communication (free text, messages, comments, e-mails etc.)
Age, sex, country of residence
Sexual orientation (sensitive data)
Cancer relation, type of cancer, Cancer Phase / Stage, M/Y of diagnosis/declared healthy, Type and M/Y of treatment, survey responses
Audio and video material (potential sensitive data)
Pictures, videos, audio
Free text (potential sensitive data)
User posts, messages
Click history, user settings
Health data from your profile page, demographic information