Website Privacy Policy
1. Privacy Policy Statement
1.1. Nextkidney Group, (the “Company”, “we”, “our” or “us”), is committed to protecting your personal data collected on its website www.nextkidney.com (the “Website”) and respecting your privacy.
1.2. This Policy outlines the Company’s practices on the protection of individuals with regard to the processing of personal data based on the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
1.3. By visiting, accessing, or using the Website, you (“User”, “you”, or “your”) have indicated that you have the legal capacity to consent to this Policy, and agree to be bound by the policies and practices of this Policy in their entirety.
1.4. This Policy sets out the following :
1.4.1. carry out the processing (art. 4, par. 2, GDPR) of personal data (art. 4, par. 1, GDPR) only for the purposes and the means explained in information to be provided to the User when accessing a section of our Website where you can, directly or indirectly, provide your personal data;
1.4.2. use data which have been spontaneously provided by the User;
1.4.3. use technical cookies to facilitate the navigation on the Website and analytics cookies for statistical purposes;
1.4.4. communicate data to third parties for activities connected to the services asked by the User or whenever required by law, regulation or EU legislation;
1.4.5. reply to the requests of access to data, rectification, right to be forgotten, restriction of processing, data portability or inform about the right to object to data processing. Ensure the data subject the right to object to data processing carried out for marketing purposes, surveys and market research and inform about the right to lodge a complaint with the supervisory authority;
1.4.6. ensure a correct and lawful processing of your personal data, safeguarding your confidentiality, as well as apply appropriate security measures to protect confidentiality, integrity and availability of such data.
1.5. This Policy may be amended from time to time, and we will provide notice of such amendments by posting the revised terms on the Website (and changing the “Updated on” date reflected in the top of this page). Users are invited to periodically read this section to check for updates.
1.6. This Policy may be amended from time to time, and we will provide notice of such amendments by posting the revised terms on the Website (and changing the “Updated on” date reflected in the top of this page). Users are invited to periodically read this section to check for updates.
2. Data controller
2.1. Nextkidney SA located in Switzerland – Avenue de Sévelin 28 – 1004 Lausanne – is the data controller (art. 4, par. 7, GDPR), pursuant to the GDPR, because it decided in which way and for what purposes, communicated in information to be provided to data subjects, it collects and processes personal data, as well as what means and security measures it implements to ensure the integrity, the confidentiality and availability of personal data, taking on liability and complying with the provisions laid down in art. 24, GDPR.
3. Data Protection Officer
3.1. Data subjects may contact our Data Protection Officer for all issues related to processing of their personal data and to the exercise of their rights, by sending an e-mail at : dpo@nextkidney.com
4. Purpose of processing
4.1. Processing activities can be carried out for the following purposes :
4.1.1. To reply to the messages sent by the User by filling in the forms to contact us;
4.1.2. To reply to the messages sent by the User by sending an email using the following email address : contact@nextkidney.com, dpo@nextkidney.com;
4.1.3. With your consent to respond to your enquiries, requests, or feedback received from you about our Website;
4.1.4. With your consent, to investigate any complaints received from you;
4.1.5. To carry out statistical analysis on Website traffic;
4.1.6. To analyse and reply to solicited or unsolicited employment applications;
4.1.7. Optimise and enhance the Website operated by the Company, for all Users.
4.2. We are unable to guarantee confidentiality or a duty of disclosure regarding any unsolicited information provided to us by Users, irrespective of the chosen method or medium. By offering such unsolicited information or materials, you, or any representative acting on your behalf, consent to the understanding that such submissions will not be considered confidential or proprietary.
4.3. We do not offer any means of transmission or reception of private or confidential electronic communications. You are advised not to use the Website for any communications intended solely for you and your designated recipient(s). Please be aware that all messages and content sent via the Website may be accessed by us, even if we are not the intended recipients. However, access to such messages and content will be limited to authorized personnel of the Company who reasonably require this access.
5. Means of data processing
5.1. Personal data received by e-mail are processed by the Controller with manual and electronic means and stored in its filing system- Appropriate security measures are applied to prevent data from loss or alteration – even if accidental – unlawful or improper uses or unauthorized access.
5.2. Personal data received by e-mail are processed by the Controller with manual and electronic means and stored in its filing system- Appropriate security measures are applied to prevent data from loss or alteration – even if accidental – unlawful or improper uses or unauthorized access.
5.3. Personal data received by e-mail are processed by the Controller with manual and electronic means and stored in its filing system- Appropriate security measures are applied to prevent data from loss or alteration – even if accidental – unlawful or improper uses or unauthorized access.
6. Legal basis for the processing
6.1. The legal basis for the processing depends on the purposes of data processing. Here are listed the different legal bases applied for the purposes pursued by the Company.
6.1.1. For the purposes referred to in point 4.1.1. and point 4.1.2. and point 4.1.5, “Purpose of processing” the legal basis is art. 6. par. 1, letter (b), GDPR;
6.1.2. For the purposes referred to in point 4.1.3. and point 4.1.4, “Purpose of processing” the legal basis is art. 6. par. 1, letter (a), GDPR;
6.1.3. For the purposes referred to in point 4.1.6 and point 4.1.7, “Purpose of processing”, the legal basis is art. 6, par.1, letter (f), GDPR;
7. Data storage
7.1. Personal data will be organized within our filing system (as defined in art.4, par. 6, GDPR, according to criteria that consider the category of data, the nature of its processing, and the specific objectives of such processing.
7.1.1. For the purposes referred to in points 4.1.1. to 1.4.44.1.4. “Purpose of processing”, all data related to Users who have requested information by filling the forms, or sent e-mails, or have contacted the Controller will be kept unless Users explicitly request their deletion (per chapter 14.1.3).
7.1.2. For the purpose referred to in point 4.1.5, "Purpose of processing", the data will be kept for the period necessary to analyze the applicant's profile and assess whether his/her profile is suitable for the position to be filled or the position applied for but no longer than 2 years after receipt (based on the suggestion of French supervisory authority1).
7.1.3. For the purpose referred to in point 4.1.6 "Purpose of processing", personal data will be kept for the period necessary to prepare statistical reports. Identification data will be destroyed, unless otherwise specified by supervisory authorities, law enforcement or judiciary, or for the purpose of exercising, enforcing, or defending the rights of the controller or third parties before the courts but no longer than 50 months.
8. Collection of personnal data
8.1. In this Privacy Policy, “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
8.2. We collect and use personal data about you when you visit our Website. The personal data we process includes :
8.2.1. Direct identifiers: first name, last name and, email address,
8.2.2. Internet information: pages viewed, number of visitors, visit time.
8.2.3. Geolocation data: location.
8.2.4. Automatically collected information: automatic technologies and services we use may include, collection of web servers logs/IP addresses, and cookies (read more on this below).
9. Source of collection of personal information
9.1. The User is aware that all information pertaining the User collected by the Company, whether or not directly provided by the User to the Company, may be collected and compiled by the Company and you hereby expressly consent to the same.
9.2. The Company collects data by way of “cookies”.
9.2.1. Cookies are information files which are sent to the User’s browser from the Website and are stored on the User’s computer or device (hard drive).
9.2.2. The cookies shall not provide access to data in the User’s computer or device (hard drive), that can be traced to the User personally.
9.2.3. Information collected from cookies allows the Company to determine which parts of the Website are most visited and difficulties our visitors may experience in accessing the Website. With this knowledge, the Company aims to improve the quality of the User’s experience on the Website by recognizing and delivering the most desired features and information.
9.2.4. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer so. This may prevent you from taking full advantage of the Website.
10. Third-party websites
10.1. Our Website may feature links to other websites that could be of interest. However, once you use these links to leave our site, please be aware that we do not exercise any control over these external websites. As a result, we cannot be liable for the protection and privacy of any information you provide while visiting such websites, as they are not subject to this privacy statement. We advise you to read the privacy policies applicable to the external websites in question.
10.2. Job Application Via LinkedIn: Our Website includes links to LinkedIn for available job positions. Please be aware that by clicking on this link, you will be redirected to the LinkedIn website, which operates under its own privacy policy and data protection practices. We encourage you to review LinkedIn’s privacy policy before submitting your personal information. If you choose to share your LinkedIn profile or any personal information with us as part of your job application, it will be processed in accordance with our Privacy Policy, ensuring compliance with the General Data Protection Regulation (GDPR).
10.3. For statistical purposes and ongoing optimisation of our Website, we use the web analytics service of Google Analytics. In this context pseudonymised User profiles are created, and cookies are used. The information generated by the cookie about how you use this Website is sent to the server of the service provider, stored there, and processed for us.
11. Security of personal information
11.1. For processing referred to in points, 4.1.1 to 4.1.5 state of the art protection measures are implemented by our IT department.
11.2. For processing referred to in points 4.1.6, and 4.1.7 protection measures are enforced by the website hosting service provider and Google Analytics.
12. Disclosure or personal information
12.1. In general, the Company will not disclose personal data except in accordance with the following:
12.1.1. In order to carry out the purposes for which such personal data was collected, or,
12.1.2. Where the User has consented for it, or
12.1.3. If required by applicable law, including regulatory bodies for auditing and monitoring purposes.
13. Data transfer
13.1. Your data can be accessed by all Nextkidney Group but will not be transferred to a third party without your preliminary approval.
14. Legal Rights
14.1. You have the right to control your personal data processing, including the right to access, rectify, erase ("to be forgotten"), restrict processing, and transfer your data. You may object at any time to the processing of personal data based on legitimate interests pursued by the Controller or for direct marketing purposes. If objected, the Controller must cease processing unless compelling legitimate grounds are demonstrated that override your interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims. You can exercise these rights, at any time, by writing at dpo@nextkidney.com or at the postal address - Nextkidney SA - Switzerland – Avenue de Sévelin 28 – 1004 Lausanne. User rights are as follows:
14.1.1. Right of access (art. 15, GDPR; art. 25, FADP)
14.1.2. Right to rectification (art. 16, GDPR; art. 32, FADP)
14.1.3. Right to erasure (“right to be forgotten”) (art. 17, GDPR; art. 32, FADP)
14.1.4. Right to restriction of processing (art. 18, GDPR; art. 32, FADP)
14.1.5. Notification obligation regarding rectification or erasure of personal data or restriction of processing (art. 19, GDPR)
14.1.6. Right to data portability (art. 20, GDPR; art. 28, FADP)
14.1.7. Right to object (art. 21, GDPR; art. 30, par. 2, letter (b), FADP)
14.1.8. Right to reject decisions made solely by automated processing. (art. 22, GDPR)
14.2. As per art. 12, par. 3, GDPR, Nextkidney SA shall reply to the person without undue delay within one month of receipt of the request.
15. Users outside the EU
15.1. This Privacy Policy describes how we use and disclose your personal information pursuant to the GDPR. The privacy laws of the Europe may be different from those in your country, and you understand that by accessing, visiting, or using our Website, your personal information will be processed in the European Economic Area.