We value your privacy.

Privacy Policy

Introduction

Your privacy is important to us and we are committed to protecting it through our compliance with this Policy. The information provided below describes, as required by the EU Regulation 2016/679, how and why WarOnCancer processes your personal data, which you share with us and which we collect when you use our social network platform (“the App”) or visit our website (www.waroncancer.com). Personal data means any information which may be used to identify you.

The information provided does not concern other online websites, pages or services that can be accessed via hyperlinks on the above social network platform or website but relate to resources outside the WarOnCancer’s domain.

Who are we?

WarOnCancer AB is responsible for the personal data that you share with us. When we say “WarOnCancer”, “us”, “our” or “we”, this is who we are referring to.

WarOnCancer is the data controller for the use and processing of your personal data as described in this Privacy Policy.

Please see the “Contacts” section for our contact details.

When do we collect personal data?

We collect personal data when you:

Create a User Account

When you create a user account for our platform, we collect the personal data that you provide, such as [contact information].

Use Our Platform

When you use the platform, we collect information that you share using the platform as well as how the platform is accessed and used. If you share special categories of personal data (sensitive personal data) about your health when using the platform we will also process such sensitive personal data.

Use The Website

If you browse our website, we collect certain technical information, e.g. IP addresses.

Communicate with us

When you communicate with us for example if you e-mail us, we collect the information you provide. This may include your [identity information, contact information and communication].

What personal data do we process and why?

Provide the platform and communicate with you regarding our platform

We use your personal data in order to provide our platform with its basic functionalities (e.g. match users or share data with other users in the community) and communicate with you regarding the platform. For this purpose we process [identity information, contact information, communication, demographic information, location data, health data Audio and video material, and user generated data].

Special categories of personal data (sensitive personal data) about your health are processed based on the necessity of the performance of the service, on the consent you provided when you created your user account and on the fact that you have made them manifestly public. It is voluntary to provide your consent to the processing of sensitive personal data, but to use the platform we need, at least, your email address, username, date of birth, cancer relation. You may at any time withdraw your consent by unregistering your user account.

The processing of your personal data is necessary for the performance of a contract with you (the terms of service). Your personal data is stored for this purpose as long as your user account is active.

Carry out surveys on our platform

We may use your personal data in order to carry out surveys on our platform, if you have expressed your consent on that. We protect your privacy by not sharing your identity with any entities that are conducting the surveys. Indeed we share with them just aggregated or pseudonymized data. For this purpose we process your [contact information, demographic information, communication and, in certain cases, your health data].

If you match or potentially match a study, you may be notified about that. It is of course voluntary to participate in a survey and if you decide to share any special categories of personal data (sensitive personal data) about your health, you give your explicit consent to our processing of your sensitive personal data for this purpose. If you choose to participate, your collected / reviewed personal data will be added to your profile and may potentially be used for other surveys until you delete them or you withdraw your consent. The answers to the surveys that cannot be added to your profile will be stored for this purpose during the time the survey is conducted and for a period of 3 months thereafter in order to compile the answers.

Provide our newsletter

If you sign up for our newsletter, we use your personal data to provide the newsletter to you. For this purpose we process your [identity information and contact information].

The processing is based on your consent so you can receive marketing communications from us and on our legitimate interests: to improve our products and services and better engage with you.
We may also use certain health data [e.g. cancer relation] to personalize the newsletter service content and to improve your user experience. In this case, the legal basis for the processing is your explicit consent.

You can at any time unsubscribe from our newsletter by clicking on the unsubscribe link in the email. Your personal data is stored for this purpose until you choose to unsubscribe from the newsletter.

Provide marketing communications of third parties’ products

If you express your consent on receiving marketing communications of third parties’ products, we use your personal data to provide them to you. For this purpose we process your [identity information and contact information].

The processing is based on your consent.

Analyse, develop and improve technical functionalities, and ensure the security of our platform and website

We continuously strive to provide the best experience possible. We therefore may use your personal data to analyse, develop, and improve technical functionalities and ensure the security of our platform and website. For this purpose we may process the personal data collected for the other purposes outlined in this Privacy Policy.

The processing is based on our legitimate interest of developing/improving, ensuring the technical functionality and the security of our platform and website. Special categories of personal data (sensitive personal data) about your health may be processed for this statistical purpose in accordance with the appropriate safeguards (art. 89 GDPR). Your personal data is stored for this purpose until your user account is deleted or such period as is necessary in order to anonymize the data, test features or functionality and deploy patches and other bug fixes.

Analyse the use of our platform

We use your personal data to analyze the use of the platform, e.g. to collect and analyze usage statistics of how the platform is used. For this purpose we process [identity information and user generated information].

The processing is based on our legitimate interest of analysing how the platform is used. Your personal data is stored for this purpose as long your user account is active. Statistics and reports which do not include any personal data are stored until further notice or until deleted.

Analyse the use of our website

We use your personal data to analyze the use of our website, e.g. to collect visitor statistics. For this purpose we process [user generated information].

The processing is based on our legitimate interest of analysing how our website is used. Your personal data is stored for a period of 1 month for this purpose. Statistics and reports which do not include any personal data are stored until further notice or until deleted.

Other purposes

Manage and Defend Legal Claims

If necessary we may use your personal data to manage and defend legal claims, e.g. in connection with a dispute or a court proceeding. We will in such case process the personal data collected which is necessary in order to manage and defend the legal claim in question. The processing is based on our legitimate interest of managing and defending legal claims. Your personal data is stored for this purpose for such a period as is necessary in order to manage or defend the legal claim.

For this purpose, we may also share certain information with other parties, please see below.

Fulfill Legal Obligations

Finally, we use your personal data to fulfil legal obligations that we have, e.g. accounting requirements or obligations under data protection laws. We will in such case process the personal data collected which is necessary in order to fulfill the legal obligation in question. Your personal data is stored for such a period as is necessary in order to fulfill respective legal obligations. Accounting information is retained for 7 years calculated after the end of the calendar year the relevant financial year ended.

For this purpose, we may share your personal data with other parties, see below.

Sharing of personal data

Sharing by you

The platform allows you to share content with others. Any personal data that you publish on your profile or in a post is public and visible to others.

Sharing by us

We share information with certain recipients as explained below:

Service Providers

We use certain third-party service providers which provide for example IT services to us. Where a third-party service provider processes personal data on our behalf they act as data processors and we are responsible for the use of your personal data. They may not use your personal data for their own purposes and they are obligated to protect your personal data.

Partners

We may share aggregated information with our partners, e.g. reports based on surveys made on the platform which do not include any personal data.

Moreover, we may also share personal data collected in connection with surveys carried out on the platform with our partners for the partners’ own processing for the purpose of evaluating the result of the survey. The transfer is based on your consent and on our and the partners’ legitimate interest of evaluating the result of the survey. To the extent the personal data includes special categories of personal data (sensitive personal data) such data will only be shared with the partners if you have given your explicit consent to this.
Partners include, but are not limited to, pharmaceutical companies, hospitals, universities and other educational institutions.

Other Sharing

In addition to the above, we may if necessary, share your information with other recipients for the following purposes:

  • to allow a merger or an acquisition (based on our legitimate interest of allowing a merger or an acquisition of our business)
  • to manage or defend a legal claim (based on our legitimate interest of managing and defending legal claims)
  • to respond to lawful requests from authorities according to mandatory applicable laws (where necessary to fulfill legal obligation to which we are subject).

Data Security

We keep your data safe adopting the best practices and highest standards in terms of security.

All required technical and organisational security measures have been adopted.

When data is shared between our App and the server storage, it is encrypted through https. Our databases are stored in Azure cloud. In order to fetch data from storage, the API of the War On Cancer app needs to be used.

All data handling is GDPR (General Data Protection Regulation) compliant.

Retention Period

In principle, unless otherwise stated, your personal data will only be stored until the purpose of the collection and storage no longer applies. In accordance with your consent, data may also be stored for longer, as long as you do not withdraw your consent.

Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.

In the event of termination – for whatever reason – of the agreement between the user and the provider, the provider shall keep all content, information and (personal) data uploaded by the user available for retrieval by the user for a further 90 days after termination. After expiry of this period, the aforementioned content will be irrevocably deleted or anonymized in accordance with data protection regulations.

Data Destruction Process

The method of disposal varies and is dependent upon the nature of the document. For example, any documents that contain sensitive or confidential information (and particularly sensitive personal data) must be disposed of as confidential waste and be subject to secure electronic deletion; some expired or superseded contracts may only warrant in-house shredding.

In this context, the employee shall perform the tasks and assume the responsibilities relevant for the information destruction in an appropriate way. The specific deletion or destruction process may be carried out either by an employee or by an internal or external service provider that our Company subcontracts for this purpose. Any applicable general provisions under relevant data protection laws and the Company’s Personal Data Protection Policy shall be complied with.

Destruction Method

  • Level I documents are those that contain information that is of the highest security and confidentiality and those that include any personal data. These documents shall be disposed of as confidential waste (cross-cut shredded and incinerated) and shall be subject to secure electronic deletion. Disposal of the documents should include proof of destruction.
  • Level II documents are proprietary documents that contain confidential information such as parties’ names, signatures and addresses, or which could be used by third parties to commit fraud, but which do not contain any personal data. The documents should be cross-cut shredded and then placed into locked rubbish bins for collection by an approved disposal firm, and electronic documents will be subject to secure electronic deletion.
  • Level III documents are those that do not contain any confidential information or personal data and are published Company documents. These should be strip-shredded or disposed of through a recycling company and include, among other things, advertisements, catalogues, flyers, and newsletters. These may be disposed of without an audit trail.
Data Breaches

A data breach generally refers to the unauthorized access and retrieval of information that may include corporate and / or personal data. Data breaches are generally recognized as one of the more costly security failures of organizations.

Adequate data breach procedures have been put in place by our Company.

All instances of suspected breaches shall be investigated and action taken as appropriate.

Transfer to Other Countries

We transfer personal data to our service providers which are located in the European Union (EU) or the European Economic Area (EEA)) or the United States (US). In order to ensure that your personal data is always protected we ensure that there are adequate safeguards in place, e.g. data processing agreements. The transfer of data to service providers located in the US must also be considered legitimate because it is covered by the EU-US Privacy Shield. If you have questions regarding to which countries your personal data is transferred and which safeguards we take to protect your personal data, or to request a copy of such safeguards respectively information where they are available, please contact us at support@waroncancer.com.

Children

It is expressly prohibited for minors under the age of 13, or equivalent minimum age in the relevant jurisdiction, to create and use their own WarOnCancer Account, unless their parents or guardians provided verifiable consent.

Your Rights

You have certain rights in relation to the use of your personal data. If you wish to exercise your rights, please contact us at: support@waroncancer.com.

You have the right to:

Be Informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data, and your rights. This is what we are trying to do, providing you with the information in this Privacy Policy.

Access Your Personal Data

You have the right to request access to your personal data and request a copy of your personal data that we store. If you have created a user account, you can view certain information directly in your account.

Update Your Personal Data

You have the right to request that personal data that is incorrect or incomplete is corrected or completed. If you have created a user account, you can update certain information directly in your account.

Withdraw Consent

If we rely on your consent to the use of your personal data you have the right to, at any time, withdraw your consent. The consent withdrawal does not affect the legality of the processing carried out previously on the basis of the consent.

Delete Your Persona Data (Right to be Forgotten)

You can at any time request that your user account is deleted. Moreover, under certain circumstances, you have the right to request that your personal data shall be deleted. We may, however, still need to keep your personal data if we are obligated to keep certain data in order to fulfill legal obligations or to manage or defend legal claims.

Unsubscribe From Marketing Communication

You have the right to oppose our use of your personal data for promotional and marketing purposes at any time. You can opt-out from marketing communication by clicking on an unsubscribe link in the communication.

Restrict the Use of Your Personal Data

You have, under certain circumstances, the right to request that the use of your personal data is restricted. If you have requested restriction of the use of your personal data, please note that you cannot use the platform during the time that the use of your personal data is restricted.

Object to the Use of Your Personal Data

Certain use of your personal data is based on our or others’ legitimate interest. You have the right to object to the use of your personal data based on a legitimate interest for reasons which concerns your particular situation. In such a situation, we will stop using your personal data where the use is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your personal data is necessary in order to manage or defend legal claims.

If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Not to Be Subject to a Decision Based Solely on Automated Decision-Making

You may have the right not to be subject to such type of automated decision-making about you, unless: (a) you gave us your explicit consent to use your personal data to make our decision; (b) we are allowed by law to make our decision; or (c) our automated decision was necessary to enable us to enter into a contract with you.

Transfer Your Personal Data (Data Portability)

You have the right to obtain a copy of certain information that you have provided to us in a structured machine-readable format which allows you to transfer the data to another recipient.

Use of Cookies

We use cookies on our website and on the platform. A cookie is a text file stored on your computer or mobile device when you visit a website. Cookies are used to recognize your device the next time you visit the website. We use cookies in order to provide functionality on the website and in the platform and in order to analyze the use of the website and the platform. Such data is not passed on to third parties. You can handle your cookie settings in the settings in your browser, e.g. to block all cookies, only allow certain cookies or that cookies shall be deleted when you close your browser. Please note that if you choose to block cookies in your browser, certain parts of the website and or the platform may not work properly.

Changes to the Privacy Policy

We update this Privacy Policy on a regular basis, e.g. if we decide to collect additional information, use collected information for new purposes not described in this Privacy Policy or if share your personal data with additional recipients. In case of any changes, we will notify you in advance in an appropriate way, e.g. by displaying a notice in the platform or by sending you an e-mail.

If no objection occurs within the specified period, the amended privacy policy shall be deemed to have been accepted by you. In the notification we will inform you of your right of objection and the significance of the objection period.

If You Have Questions

If you have any questions regarding this Privacy Policy or our use of your personal data, please contact us at support@waroncancer.com.

If you are not satisfied with our response, you have the right to lodge a complaint with your data protection authority. In Sweden, we are supervised by the Swedish data protection authority (Datainspektionen).

Contacts

WarOnCancer AB
559119-1555
Birger Jarlsgatan 57C
Box 89, 113 56 Stockholm, SWEDEN
support@waroncancer.com

Information Regarding Categories of Personal Data

Please see the table below for further information regarding the categories of personal data that we process.

Category
Examples of Personal Data

Identity information

Name, IP-address, [user-ID], username

Contact information

E-mail address, phone info, country of residence

Communication

Contents of communication (free text, messages, comments, e-mails etc.)

Demographic information

Age, gender/sex

Location data

Location

Health data

Cancer relation, type of cancer, Cancer Phase / Stage, M/Y of diagnosis/declared healthy, Type and M/Y of treatment, survey responses

Audio and video material

Pictures, videos, audio

User generated data

Click history, user settings