The information provided does not concern other online websites, pages or services that can be accessed via hyperlinks on the above social network platform or website but relate to resources outside the WarOnCancer’s domain.
Who are we?
Please see the “Contacts” section for our contact details.
When do we collect personal data?
We collect personal data when you:
Create a User Account
When you create a user account for our platform, we collect the personal data that you provide, such as [contact information].
Use Our Platform
When you use the platform, we collect information that you share using the platform as well as how the platform is accessed and used. If you share special categories of personal data (sensitive personal data) about your health when using the platform we will also process such sensitive personal data.
Use The Website
If you browse our website, we collect certain technical information, e.g. IP addresses.
Communicate with us
When you communicate with us for example if you e-mail us, we collect the information you provide. This may include your [identity information, contact information and communication].
What personal data do we process and why?
Provide the platform and communicate with you regarding our platform
We use your personal data in order to provide our platform with its basic functionalities (e.g. match users or share data with other users in the community) and communicate with you regarding the platform. For this purpose we process [identity information, contact information, communication, demographic information, location data, health data Audio and video material, and user generated data].
Special categories of personal data (sensitive personal data) about your health are processed based on the necessity of the performance of the service, on the consent you provided when you created your user account and on the fact that you have made them manifestly public. It is voluntary to provide your consent to the processing of sensitive personal data, but to use the platform we need, at least, your email address, username, date of birth, cancer relation. You may at any time withdraw your consent by unregistering your user account.
The processing of your personal data is necessary for the performance of a contract with you (the terms of service). Your personal data is stored for this purpose as long as your user account is active.
Carry out surveys on our platform
We may use your personal data in order to carry out surveys on our platform, if you have expressed your consent on that. We protect your privacy by not sharing your identity with any entities that are conducting the surveys. Indeed we share with them just aggregated or pseudonymized data. For this purpose we process your [contact information, demographic information, communication and, in certain cases, your health data].
If you match or potentially match a study, you may be notified about that. It is of course voluntary to participate in a survey and if you decide to share any special categories of personal data (sensitive personal data) about your health, you give your explicit consent to our processing of your sensitive personal data for this purpose. If you choose to participate, your collected / reviewed personal data will be added to your profile and may potentially be used for other surveys until you delete them or you withdraw your consent. The answers to the surveys that cannot be added to your profile will be stored for this purpose during the time the survey is conducted and for a period of 3 months thereafter in order to compile the answers.
Provide our newsletter
If you sign up for our newsletter, we use your personal data to provide the newsletter to you. For this purpose we process your [identity information and contact information].
The processing is based on your consent so you can receive marketing communications from us and on our legitimate interests: to improve our products and services and better engage with you.
We may also use certain health data [e.g. cancer relation] to personalize the newsletter service content and to improve your user experience. In this case, the legal basis for the processing is your explicit consent.
You can at any time unsubscribe from our newsletter by clicking on the unsubscribe link in the email. Your personal data is stored for this purpose until you choose to unsubscribe from the newsletter.
Provide marketing communications of third parties’ products
If you express your consent on receiving marketing communications of third parties’ products, we use your personal data to provide them to you. For this purpose we process your [identity information and contact information].
The processing is based on your consent.
Analyse, develop and improve technical functionalities, and ensure the security of our platform and website
The processing is based on our legitimate interest of developing/improving, ensuring the technical functionality and the security of our platform and website. Special categories of personal data (sensitive personal data) about your health may be processed for this statistical purpose in accordance with the appropriate safeguards (art. 89 GDPR). Your personal data is stored for this purpose until your user account is deleted or such period as is necessary in order to anonymize the data, test features or functionality and deploy patches and other bug fixes.
Analyse the use of our platform
We use your personal data to analyze the use of the platform, e.g. to collect and analyze usage statistics of how the platform is used. For this purpose we process [identity information and user generated information].
The processing is based on our legitimate interest of analysing how the platform is used. Your personal data is stored for this purpose as long your user account is active. Statistics and reports which do not include any personal data are stored until further notice or until deleted.
Analyse the use of our website
We use your personal data to analyze the use of our website, e.g. to collect visitor statistics. For this purpose we process [user generated information].
The processing is based on our legitimate interest of analysing how our website is used. Your personal data is stored for a period of 1 month for this purpose. Statistics and reports which do not include any personal data are stored until further notice or until deleted.
Manage and Defend Legal Claims
If necessary we may use your personal data to manage and defend legal claims, e.g. in connection with a dispute or a court proceeding. We will in such case process the personal data collected which is necessary in order to manage and defend the legal claim in question. The processing is based on our legitimate interest of managing and defending legal claims. Your personal data is stored for this purpose for such a period as is necessary in order to manage or defend the legal claim.
For this purpose, we may also share certain information with other parties, please see below.
Finally, we use your personal data to fulfil legal obligations that we have, e.g. accounting requirements or obligations under data protection laws. We will in such case process the personal data collected which is necessary in order to fulfill the legal obligation in question. Your personal data is stored for such a period as is necessary in order to fulfill respective legal obligations. Accounting information is retained for 7 years calculated after the end of the calendar year the relevant financial year ended.
For this purpose, we may share your personal data with other parties, see below.
Sharing of personal data
Sharing by you
The platform allows you to share content with others. Any personal data that you publish on your profile or in a post is public and visible to others.
Sharing by us
We share information with certain recipients as explained below:
We use certain third-party service providers which provide for example IT services to us. Where a third-party service provider processes personal data on our behalf they act as data processors and we are responsible for the use of your personal data. They may not use your personal data for their own purposes and they are obligated to protect your personal data.
We may share aggregated information with our partners, e.g. reports based on surveys made on the platform which do not include any personal data.
Moreover, we may also share personal data collected in connection with surveys carried out on the platform with our partners for the partners’ own processing for the purpose of evaluating the result of the survey. The transfer is based on your consent and on our and the partners’ legitimate interest of evaluating the result of the survey. To the extent the personal data includes special categories of personal data (sensitive personal data) such data will only be shared with the partners if you have given your explicit consent to this.
Partners include, but are not limited to, pharmaceutical companies, hospitals, universities and other educational institutions.
In addition to the above, we may if necessary, share your information with other recipients for the following purposes:
- to allow a merger or an acquisition (based on our legitimate interest of allowing a merger or an acquisition of our business)
- to manage or defend a legal claim (based on our legitimate interest of managing and defending legal claims)
- to respond to lawful requests from authorities according to mandatory applicable laws (where necessary to fulfill legal obligation to which we are subject).
We keep your data safe adopting the best practices and highest standards in terms of security.
All required technical and organisational security measures have been adopted.
When data is shared between our App and the server storage, it is encrypted through https. Our databases are stored in Azure cloud. In order to fetch data from storage, the API of the War On Cancer app needs to be used.
All data handling is GDPR (General Data Protection Regulation) compliant.
Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
In the event of termination – for whatever reason – of the agreement between the user and the provider, the provider shall keep all content, information and (personal) data uploaded by the user available for retrieval by the user for a further 90 days after termination. After expiry of this period, the aforementioned content will be irrevocably deleted or anonymized in accordance with data protection regulations.
Data Destruction Process
The method of disposal varies and is dependent upon the nature of the document. For example, any documents that contain sensitive or confidential information (and particularly sensitive personal data) must be disposed of as confidential waste and be subject to secure electronic deletion; some expired or superseded contracts may only warrant in-house shredding.
In this context, the employee shall perform the tasks and assume the responsibilities relevant for the information destruction in an appropriate way. The specific deletion or destruction process may be carried out either by an employee or by an internal or external service provider that our Company subcontracts for this purpose. Any applicable general provisions under relevant data protection laws and the Company’s Personal Data Protection Policy shall be complied with.
- Level I documents are those that contain information that is of the highest security and confidentiality and those that include any personal data. These documents shall be disposed of as confidential waste (cross-cut shredded and incinerated) and shall be subject to secure electronic deletion. Disposal of the documents should include proof of destruction.
- Level II documents are proprietary documents that contain confidential information such as parties’ names, signatures and addresses, or which could be used by third parties to commit fraud, but which do not contain any personal data. The documents should be cross-cut shredded and then placed into locked rubbish bins for collection by an approved disposal firm, and electronic documents will be subject to secure electronic deletion.
- Level III documents are those that do not contain any confidential information or personal data and are published Company documents. These should be strip-shredded or disposed of through a recycling company and include, among other things, advertisements, catalogues, flyers, and newsletters. These may be disposed of without an audit trail.
A data breach generally refers to the unauthorized access and retrieval of information that may include corporate and / or personal data. Data breaches are generally recognized as one of the more costly security failures of organizations.
Adequate data breach procedures have been put in place by our Company.
All instances of suspected breaches shall be investigated and action taken as appropriate.
Transfer to Other Countries
You have the right to:
Access Your Personal Data
You have the right to request access to your personal data and request a copy of your personal data that we store. If you have created a user account, you can view certain information directly in your account.
Update Your Personal Data
You have the right to request that personal data that is incorrect or incomplete is corrected or completed. If you have created a user account, you can update certain information directly in your account.
If we rely on your consent to the use of your personal data you have the right to, at any time, withdraw your consent. The consent withdrawal does not affect the legality of the processing carried out previously on the basis of the consent.
Delete Your Persona Data (Right to be Forgotten)
You can at any time request that your user account is deleted. Moreover, under certain circumstances, you have the right to request that your personal data shall be deleted. We may, however, still need to keep your personal data if we are obligated to keep certain data in order to fulfill legal obligations or to manage or defend legal claims.
Unsubscribe From Marketing Communication
You have the right to oppose our use of your personal data for promotional and marketing purposes at any time. You can opt-out from marketing communication by clicking on an unsubscribe link in the communication.
Restrict the Use of Your Personal Data
You have, under certain circumstances, the right to request that the use of your personal data is restricted. If you have requested restriction of the use of your personal data, please note that you cannot use the platform during the time that the use of your personal data is restricted.
Object to the Use of Your Personal Data
Certain use of your personal data is based on our or others’ legitimate interest. You have the right to object to the use of your personal data based on a legitimate interest for reasons which concerns your particular situation. In such a situation, we will stop using your personal data where the use is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your personal data is necessary in order to manage or defend legal claims.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Not to Be Subject to a Decision Based Solely on Automated Decision-Making
You may have the right not to be subject to such type of automated decision-making about you, unless: (a) you gave us your explicit consent to use your personal data to make our decision; (b) we are allowed by law to make our decision; or (c) our automated decision was necessary to enable us to enter into a contract with you.
Transfer Your Personal Data (Data Portability)
You have the right to obtain a copy of certain information that you have provided to us in a structured machine-readable format which allows you to transfer the data to another recipient.
If You Have Questions
If you are not satisfied with our response, you have the right to lodge a complaint with your data protection authority. In Sweden, we are supervised by the Swedish data protection authority (Datainspektionen).
Birger Jarlsgatan 57C
Box 89, 113 56 Stockholm, SWEDEN
Information Regarding Categories of Personal Data
Please see the table below for further information regarding the categories of personal data that we process.
Examples of Personal Data
Name, IP-address, [user-ID], username
E-mail address, phone info, country of residence
Contents of communication (free text, messages, comments, e-mails etc.)
Cancer relation, type of cancer, Cancer Phase / Stage, M/Y of diagnosis/declared healthy, Type and M/Y of treatment, survey responses
Audio and video material
Pictures, videos, audio
User generated data
Click history, user settings