Privacy Policy

Version: October 2019

This privacy policy (as amended from time to time, the “Privacy Policy“) describes our policies and procedures on the collection, use and disclosure of data obtained through your access to and use of the services available on the mobile applications and the Website (the “App/Website“) operated by dThx – Digital Therapeutics AG, Färberstrass 6, 8008 Zurich, Switzerland (“dThx“). The use of the App/Website is governed by the Terms of Use. DThx prepared this Privacy Policy to demonstrate our commitment to ensuring the privacy and security of the data that you share with us in accordance with our obligations under the applicable laws, rules and regulations. By accessing the App/Website or using our services you agree to accept and be bound by the current version of this Privacy Policy. In case you do not agree to the current version of this Privacy Policy, you are not authorized to continue accessing the App/Website or using our services.

Switzerland has a high degree of data protection regulation. The fact that your data is stored on servers located in a professionally managed, secure data storage facility in Switzerland means that your information is processed in accordance with Swiss data protection principles. If you access the App/Website from a computer located outside Switzerland, your accessing the App/Website will be considered as your consent to us transferring your data outside Switzerland in order to reach you. If, for any reason, dThx will need to transfer any data to any other country without adequate level of data protection, dThx will procure that appropriate contractual obligations apply ensuring that your data is protected.

Which Data We Collect

1. In order to create or reconfigure an account, you are expected to provide personal data, such as your name, username, password, personal contact details (address, zip code and location and email address), date of birth, gender, details about any of your previous health concerns or clinical issues, details about your family history, especially relating to health concerns or clinical issues, details about your lifestyle and activities (including underlying GPS data), clinical information and similar data (the “Data“) enabling dThx to provide you with the dThx Health Score and various information about your health, including a number of potential health risks based on your clinical background and lifestyle (collectively the “Information“).

How Your Data is Collected

2. We collect Data that you provide to us either directly through the App/Website, or third party devices or apps you connect with your account. We also collect information about your interactions within the App/Website as part of our continuous effort to improve the user experience.

How We Protect and Use Your Data

3. When using the App/Website you consent to the collection, transfer, modification, storage, disclosure and other uses of the Data. Irrespective of the country in which you reside or from where you access to the App/Website, the Data may be used by dThx in Switzerland or any other country of operation.
4. You authorize dThx to de-identify your Data and subsequently to copy, process, use, publicly disclose and distribute the Data in anonymized form for academic and statistical purposes. Such anonymized Data shall no longer be considered as personal data.
5. You authorize dThx to receive, review and store technical data (including crash reports) retrieved from the devices you are using to access the App/Website.
6. We restrict access to the Data to those dThx employees or other parties who need access to such Data in order to provide the services. We maintain appropriate physical, electronic and procedural safeguards to protect your Data, including firewalls, individual passwords and encryption and authentication technology, and take all other necessary and adequate administrative, organizational, technical, personnel and physical measures to safeguard the same against unauthorized or unlawful processing and use, accidental loss or destruction or damage, theft, disclosure or modification and to ensure its integrity. Please note, however, that Data transported over an open network, such as the Internet or email, may be accessible to anybody. We cannot guarantee, and are not responsible for, the confidentiality of any communication or information transmitted via such open networks. When disclosing any Data via an open network, you should consider that it is potentially accessible to others, and consequently, may be collected and used by others without your consent. In particular, while individual data packets are often encrypted, the names of the sender and recipient are not. Even if both the sender and recipient are located in the same country, data may be transmitted via such networks to other countries regularly and without controls, including countries that do not afford the same level of data protection as Switzerland. Your Data and Information may be lost during transmission or may be accessed by unauthorised parties. We do not accept any liability for direct or indirect losses as regards the security of the Data and Information during its transfer via Internet.
7. dThx will not use the Data for marketing purposes and will not sell, rent or otherwise make available any Data submitted by users to any third parties without the user’s consent, unless as permitted under this Privacy Policy or required by law. dThx may use the Data to contact users with respect to all matters related to the user’s activity on the website, including but not limited to sending motivational e-mails and reminders.How Your Data is Shared
‍8. The concept of the App/Website includes the disclosure of the Data provided by you and accessible via the App/Website to other users or third parties. Please note that all registered users of Thx are displayed with their name and profile picture. For all other data, you control and decide yourself which Data shall be accessible to others. You can change the privacy settings of your account at any time and thereby determine who will be able to see which Data. The types of Data which may be distinguished are the following: Health Score, workouts, pictures (workout, profile and profile background pictures) and achievements gained. Sensitive personal data such as weight or blood pressure, are not accessible to others. The following types of sharing options are available: (i) Public: All users registered on Thx will be able to see the Data, meaning the Health Score, the workouts, pictures and achieved goals. (ii) Groups: If you are part of a corporate health program, you will be allocated to a specific company group, which will contain fellow employees with whom you are friends on Thx, and other employees with whom you are not yet friends on hx. If you select the group option, all group members, friends or not, will be able to see the Data. (iii) Friends: Your friends will be able to see the Data. (iv) None: Only you as the user of your account will be able to see the Data. According to our default settings, all your friends will be able to see all the above-mentioned Data. You can change the privacy settings of your account at any time after your registration. Please note that due to the linking option to other social networks, such as Facebook, your Data may be made available to other persons through your friends.

Cookies and Similar Technologies

Like many websites, we use “cookie” technology to collect additional website usage data and to improve the website, but we do not require cookies for many parts of our services. A cookie is a small data file created by a web server and transferred to and stored on your computer’s persistent memory. The cookies created by the web servers contain data that uniquely identifies you during your use of the website. We use session cookies to better understand how you interact with our services, to monitor aggregate usage by our users and to improve our services. Most Internet browsers automatically accept cookies. However, you have the option of using your browser software to stop accepting cookies or to warn you before accepting a cookie from the websites you visit. However, if you disable or choose not to accept cookies, some of the functionality of the website may be impaired or you may not have access to areas of the website that require this type of identification. When using mobile applications, Data may be stored and processed temporarily on your mobile device. By accessing mobile applications operated by dThx you agree to the transfer and temporary storage of Data.
‍
Google Analytics

We use Google Analytics on our public website to help us understand things like how long a visitor stays on our websites, what pages they find most useful and how they navigate through our site. Google Analytics is not used after you have logged into App/Website. To learn more about Google Analytics and how to opt-out visit this Google webpage: https://support.google.com/analytics/answer/6004245

‍Matomo (formerly Piwik)
We use Matomo, a web analytics tool, locally installed at dThx, to learn how you use our public website and our App/Website. Your data never leaves the dThx datacenter and is treated with the same care as your data which you enter in the App/Website.

Facebook for Developers (formerly Facebook Connect) and Facebook Impressions
For some of our applications we have implemented a simplified login method. We use Facebook for Developers (formerly Facebook Connect) and Facebook Impressions to enable login using your existing Facebook Login.

How Long Your Data is Stored

9. We store your Data for as long as you have an account with dThx. You can delete your account at any time. If you follow the instructions available on the App/Website, your account will be deactivated and then deleted. For up to 30 days it is still possible to recover your account if it was deactivated by mistake. After 30 days, we begin the process of deleting your account permanently from our systems and your account may become non-recoverable. You acknowledge that any content posted by you on the App/Website cannot be recovered after the deletion of your account. We reserve the right to keep Data to the extent we reasonably believe it is necessary to satisfy any applicable law or regulation.

Your Rights

10. You have the right to be informed by us on any processing of your Data and obtain a copy of our Data (right of access). If you are affected by incorrect or incomplete Data, you may request rectification or completion of any relevant data (right to rectification). You may request the deletion of your Data (right to erasure) or a temporary restriction of processing in certain cases (right to restriction of processing). You may object to the processing of your Data (right to object) and you have the right to receive your Data in a structured, commonly used and machine-readable format or have your Data transferred to another data controller if technically feasible (right to data portability).

11. Your rights are subject to limitations necessary (a) to satisfy any applicable law, regulation, legal process or governmental request; (b) in connection with any legal proceedings (including prospective legal proceedings), obtaining legal advice or otherwise establishing exercising or defending legal rights; and (c) for medical purposes undertaken by a health professional or any person who in the circumstances is subject to an equivalent duty of confidentiality.Disclosure of Data

12. We reserve the right to disclose Data to the extent we reasonably believe it is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce the Terms, including investigations of a potential violation thereof, (iii) detect, prevent or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or to (v) protect the rights, property or safety of DThx, its users and the public.Additional Points

13. Please note that dThx uses encryption software that may be subject to export control regulations.

14. The App/Website may contain links to App/Websites or materials that are not operated by dThx. Such other App/Websites are not subject to this Privacy Policy and dThx is not responsible in any way for the content or accuracy of such App/Websites or for the policies applied to the treatment of personal data and information. Connecting to or otherwise accessing such App/Websites is at your own risk. We recommend that you read the policies used by these App/Websites, and check how these App/Websites protect your personal data and information and whether they are trustworthy.Updates to this Privacy Policy

15. We may revise this Privacy Policy from time to time. The most current version is always available on our App/Website (www.dThx.io, specifically on https://www.dthx.io/privacy-policy). The revised Privacy Policy shall become effective from the date of publication on the App/Website. Should these changes be substantial, we will provide you with notice and, where required by applicable law, obtain your consent. This notice will be provided by email or by publication on the App/Website.Data Controller and Data Protection Officer16. In case you are dissatisfied with any aspect of processing of your Data, we would like to understand how we can solve this issue. Please contact us at:

dThx – Digital Therapeutics AG
Färberstrasse 6
CH - 8008 Zurich
Switzerland

The data protection officer is located at the same address and can be contacted by mail or sending an email to privacy@dthx.io

17. For EU residents a contact in the EU has been established at:

Jérôme GOLASZEWSKI / Group Transformation Program Director
jerome.golaszewski@altran.com
96, avenue Charles de Gaulle
92200 Neuilly-sur-Seine – France

You also have the right to contact the data protection supervisory authority in your country of residence.JurisdictionThis Privacy Policy shall in all respects be governed by Swiss substantive law. Any dispute arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Zurich, Switzerland, and you consent to such jurisdiction of and venue in such courts and waive any objection as to inconvenient forum.