B2B Privacy Notice
1. Who is the Controller?
Alira Health, hereinafter as “Alira Health”, “we” or “us”, is the Data Controller, which means we are responsible for deciding how we hold and use personal data about you. Please, see our contact details in section 8 “Contacts”.
Alira Health has committed to comply with:
- The General Data Protection Regulation N°EU 2016/679 (hereinafter, the “GDPR”);
- The General Data Protection Regulation as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (hereinafter the “UK GDPR”) and the UK Data Protection Act 2018 (amended 2020) (hereinafter the “Data Protection Act”);
- The revised Federal Act on Data Protection 2020 (“FADP”);
- And all EU applicable laws and regulations regarding data protection.
Collectively referred as “Data Protection Laws”.
As required by Data Protection Laws, Alira Health has appointed a Data Protection Officer, hereinafter “DPO” (see contact details below in section 8 “Contacts”).
2. Why this B2B Privacy Notice?
This B2B Privacy Notice applies to the processing of personal data related to B2B activities as part of our contractual relationship with our Clients, Co-contractors, Suppliers, Partners and Prospects, as described below. This Notice therefore applies to the following data subjects: employees, consultants, or any other natural persons acting under the authority of our Clients, Co-contractors, Suppliers, Partners and Prospects.
Please, note that this Privacy Notice does not include processing activities performed in relation to users visiting our website, which is covered by a separate Privacy Notice.
With this B2B Privacy Notice, Alira Health wants to make sure that you understand what personal information is collected about you, how your personal information is used and how it is kept safe.
3. Why, how and for how long do we collect your personal data?
Depending on the purpose for which we process your personal data, we need to process one or other personal data. We will keep them for no longer than necessary to fulfill the purposes for which we collected it, including any legal requirements.
Depending on each case, the processing will therefore be as follows:
Purposes | Types of personal data | Legal basis | Retention period | ||
| Negotiation and execution of contract | ||||
| To negotiate a potential contract with Prospects | Some of your personal data may be processed, such as name, email address, phone number, role in the company, signature of the representative, | This processing is based on our legitimate interest. | 2 for non-signed contracts; 10 years for signed contracts. | ||
| To manage communications and our contractual relationship with our Clients, Suppliers, Co-contractors and Partners during the performance of the contract. This can include sending you emails, managing work orders, managing payments, accounting, organization of meetings, share your data within the framework of our own contracts,… | Some of your personal data may be processed, such as name, email address, phone number, role in the company, localization (to schedule meeting), | This processing is based on our legitimate interest. | We will process your data related to our contract for the time necessary to give execution to the contract and related activities. At least 3 years after expiration of the contract. | ||
| To manage possible litigation | Some of your personal data may be processed, such as name, email address, phone number, role in the company | This processing is based on our legitimate interest. | 10 years | ||
| Marketing purposes for individuals | ||||
| To send you newsletters, if you have subscribed as an individual | Name, email address | This processing is based on your consent.
Please, remember that you may unsubscribe from the Newsletter at any time without any cost. | We will process your data until you unsubscribe or cancel your subscription to the Newsletter. | ||
| To organize your participation in one of our events, if you have subscribed as an individual | Name, email address, financial details, | This processing is based on our contractual obligations | We will process your data related to your inscription and payment for the time necessary for the organization of your participation to one of our events. | ||
| Marketing purposes for professionals | ||||
| To send you commercial prospecting as a professional by e-mail, phone calls | Name, email address, phone number, | This processing is based on our legitimate interest. | For the duration of the contract and 2 years after contract expiration. | ||
| To send you commercial solicitation as a professional for existing Clients, by e-mail, phone calls. For instance, to suggest new services. | Name, email address, phone number | This processing is based on our legitimate interest. | For the duration of the contract and 2 years after contract expiration. | ||
4. Data sharing
We do not sell or trade to outside parties your personal data.
Nevertheless, for the purposes described above, your personal data may also be shared with:
- Alira Health Affiliates for the provision of the activities and organizing the business of the company.
- Alira Heath’s providers for the management of ancillary and supporting activities necessary for the management of data (e.g. technical suppliers, management of tools and systems, etc.).
Sharing your personal data as explained above may involve a transfer of personal data to a country outside the European Economic Area (EEA), and/or the UK, and/or Switzerland. In such case, Alira Health is therefore committed to complying with the transfer rules under applicable Data Protection Laws and therefore ensure to:
- Transfer your data to countries where the data recipient is located that has been recognized as adequate by the European Commission, by the UK secretary of state, and/or the Swiss Federal Data Protection and Information Commissioner (FDPIC); or
- Where a country has not received an adequacy decision from the European Commission, or the UK secretary of state, and/or the FDPIC to implement appropriate safeguards, such as the EU Standard Contractual Clauses (“SCCs”) (and the UK addendum), and/or the International Data Transfer Agreement (“IDTA”).
You can contact our DPO if you want to have more details about the mechanism supporting data transfer.
The list of all the third countries and related safeguards are further described in the Annex 1.
5. How do we protect your information?
Alira Health treats your personal data in a confidential manner and provides for a sufficient and adequate level of protection of your personal data.
Your personal data are contained behind secured networks and are only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.
6. Your rights
According to the GDPR, the UK GDPR and the FADP, you have the following rights:
- You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, information related to the processing of data and a copy of the data being processed.
- You have the right to require rectification of inaccurate or incomplete data about you.
- Right to be forgotten. To obtain the deletion of your personal data in the situations set forth by applicable Data Protection Laws.
- Restrict processing. You have the right to restrict processing of data under certain specified circumstances.
- Data portability. You have the right to request for the receipt or the transfer to another organization, in a machine-readable form, of your personal data.
- Object to processing. You have the right to object, on grounds relating to your particular situation, at any time to the processing of your data.
- Right to withdraw consent. When you have given your explicit consent for the processing of your data, you can withdraw it at any time without justification.
Please note that all these rights are not absolute and will be assessed on a case-by-case basis by our DPO.
If you would like to exercise your rights, please let us know by contacting our DPO, [email protected]
You have also the right to lodge a complaint if you consider that your personal data is not processed in accordance with the GDPR, the UK GDPR and/or the FADP.
If you are an EEA resident: You have the right to lodge a complaint with the Supervisory Authority in the Member State of the European Union of your habitual residence, place of work or place of the alleged infringement.
If you are a UK resident: you may file a complaint with the Information Commissioner’s Office (“ICO”), the Supervisory Authority of UK, following the instruction available in the service channels.
If you are a Swiss resident: you may lodge a civil claim in case of personality rights’ infringements, in particular, regarding the exercise of your rights of access, rectification and object but also regarding infringements related to data privacy principles. The competent Supervisory Authority in Switzerland is the FDPIC.
Please find the contact information of all Authorities in section 8 “Contacts”.
7. Changes to this B2B Privacy Notice
This Notice is effective as of the date stated at the top of this page. We may change this Notice from time to time. Please refer to this Notice on a regular basis.
You can also obtain it on request by contacting [email protected].
8. Contacts
Alira Health acting as Controller
Alira Health Corporate Headquarters
1 Grant Street, Suite 400
Framingham, Massachusetts 01702
United States
Data Protection Officer
MyData-TRUST SA
[email protected]
For other EU Data Protection Authorities
https://edpb.europa.eu/about-edpb/about-edpb/members_en
For UK Supervisory Authority (“ICO”)
Tel: +55 (0)3 03 12 31 11 3
Website: https://ico.org.uk/global/privacy-notice/your-right-to-complain/
For Swiss Federal Data Protection and Information Commissioner (“FDPIC”)
Feldeggweg 1
CH – 3003 Berne
Tel: +41 (0)58 462 43 95 (mon.-fri., 10-12 am)
Fax: +41 (0)58 465 99 96
Website: https://www.edoeb.admin.ch/edoeb/en/home.html