Privacy Policy for BioBridge Foundation

Last Updated: 2025

  1. Introduction

BioBridge Foundation (« BioBridge, » « we, » « us, » or « our ») is committed to protecting the privacy of our users, clients, and partners. This Privacy Policy outlines how we collect, use, share, and protect personal data in compliance with the Swiss Federal Act on Data Protection (nFADP), the French « Loi Informatique et Libertés, » and the European Union’s General Data Protection Regulation (GDPR).

  1. Data Controller Information

BioBridge Foundation
CHE-115.002.563
Spittelweg 12, 3782 Lauenen b. Gstaad, Switzerland
Email: contact@biobridge-event.com

  1. Legal Framework

This Privacy Policy is governed by the following legal frameworks:

  • Swiss Federal Act on Data Protection (nFADP): Effective from September 1, 2023, the nFADP modernizes data protection in Switzerland and aligns closely with GDPR, enhancing data subjects’ rights and imposing stricter obligations on data controllers and processors.
  • French Data Protection Law (Loi Informatique et Libertés): This law integrates GDPR into French national legislation, with specific additional requirements enforced by the French Data Protection Authority (CNIL).
  • General Data Protection Regulation (GDPR): GDPR applies to the processing of personal data of individuals in the European Union and imposes stringent data protection requirements, including lawful processing, data subject rights, and accountability measures.
  1. Personal Data We Collect

We may collect and process the following types of personal data:

  • Identification Data: Name, job title, organization, email address, phone number, mailing address.
  • Professional Information: Qualifications, affiliations, and areas of interest.
  • Technical Data: IP address, browser type, operating system, and platform usage data.
  • Sensitive Data: As part of our educational and training activities, we may collect information about medical professionals’ participation in specialized training. This data is classified as sensitive under the nFADP and GDPR.
  1. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Service Provision: To facilitate your participation in our educational programs, webinars, conferences, and other services in accordance with Article 6(1)(b) GDPR (contractual necessity).
  • Communication: To send updates, newsletters, and information about upcoming events and services, in compliance with Article 6(1)(f) GDPR (legitimate interests) and the nFADP requirements for informed consent.
  • Compliance: To fulfill our legal obligations under nFADP, GDPR, and French data protection law, including reporting requirements and data subject rights enforcement.
  • Improvement of Services: To analyze and improve the functionality and user experience of our services and platforms in line with Privacy by Design and Default principles (Article 25 GDPR; Article 7 nFADP).
  1. Legal Basis for Processing

The processing of your personal data is based on one or more of the following legal grounds:

  • Consent (Article 6(1)(a) GDPR; Article 6 nFADP): When you have given clear consent for specific processing activities.
  • Contractual Necessity (Article 6(1)(b) GDPR): Processing necessary for the performance of a contract with you.
  • Legal Obligation (Article 6(1)(c) GDPR; Article 6 nFADP): Compliance with our legal obligations.
  • Legitimate Interests (Article 6(1)(f) GDPR): Processing necessary for our legitimate interests, unless overridden by your rights.
  1. Data Sharing and Disclosure

We do not sell or rent your personal data. However, we may share your data with:

  • Affiliated Organizations: Such as Regen Lab and its associated entities, in line with Article 48 GDPR regarding cross-border processing and Chapter 5 of the nFADP. This includes necessary data sharing for delivering our educational services and managing your participation in our activities.
  • Service Providers: Third-party service providers who assist in our operations, such as IT services, event management platforms (e.g., Cvent), and marketing services. These providers are bound by contracts to process personal data strictly according to our instructions, ensuring compliance with GDPR (Articles 28, 29) and nFADP regulations.
  • Legal and Regulatory Authorities: When required by law, such as in response to lawful requests by public authorities, including to meet national security or law enforcement requirements under Article 6(1)(c) GDPR and corresponding provisions of the nFADP.
  1. International Data Transfers

BioBridge Foundation, while based in Switzerland, may transfer your personal data to countries outside of the European Economic Area (EEA) or Switzerland. Such transfers are conducted in compliance with Chapter V of the GDPR and the nFADP. We ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent measures recognized by the Swiss authorities, to protect your personal data during these transfers.

  1. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy or as required by law. The retention periods are determined based on the nature of the data and the purpose for which it was collected. For instance:

  • Educational and Training Records: Retained for the duration of your engagement with our programs and up to five years thereafter to ensure compliance with applicable legal and regulatory requirements (Articles 5 and 25 GDPR; Article 7 nFADP).
  • Communications Data: Retained as long as necessary to provide you with our services or until you withdraw your consent.

Regular audits are conducted to ensure that data is not retained longer than necessary, and data that is no longer required is securely deleted or anonymized in compliance with Article 17 GDPR and nFADP guidelines.

  1. Your Rights

You have the following rights regarding your personal data under GDPR, nFADP, and French data protection law:

  • Right to Access (Article 15 GDPR; Article 25 nFADP): You can request access to your personal data and obtain a copy of the data we hold about you.
  • Right to Rectification (Article 16 GDPR; Article 5 nFADP): You can request correction of any inaccuracies in your personal data.
  • Right to Erasure (Article 17 GDPR; Article 25 nFADP): You can request the deletion of your personal data under certain conditions.
  • Right to Restrict Processing (Article 18 GDPR; Article 25 nFADP): You can request the restriction of processing your personal data in specific situations.
  • Right to Data Portability (Article 20 GDPR): You can request the transfer of your data to another data controller.
  • Right to Object (Article 21 GDPR): You can object to the processing of your personal data, particularly in cases of direct marketing.
  • Right to Withdraw Consent (Article 7(3) GDPR; Article 6 nFADP): You can withdraw your consent for processing at any time where processing is based on consent.

To exercise these rights, please contact us at [contact information]. We will respond to your requests within the timeframes stipulated by the applicable laws.

  1. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption, access control, and regular security audits to ensure data protection by design and by default as required by Article 25 GDPR and the nFADP.

  1. Breach Notification

In the event of a personal data breach, BioBridge Foundation will promptly notify the relevant supervisory authority as required by Article 33 GDPR and Chapter 5 of the nFADP. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly in accordance with Article 34 GDPR.

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. We will notify you of any significant changes through our website or other direct communication channels, ensuring compliance with the principles of transparency and accountability outlined in the GDPR and the nFADP.

  1. Contact Us

If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at:

BioBridge Foundation
Spittelweg 12, 3782 Lauenen b. Gstaad, Switzerland
Email: contact@biobridge-event.com

 

Privacy Policy for BioBridge Foundation

Last Updated: 2025

  1. Introduction

BioBridge Foundation (« BioBridge, » « we, » « us, » or « our ») is committed to protecting the privacy of our users, clients, and partners. This Privacy Policy outlines how we collect, use, share, and protect personal data in compliance with the Swiss Federal Act on Data Protection (nFADP), the French « Loi Informatique et Libertés, » and the European Union’s General Data Protection Regulation (GDPR).

  1. Data Controller Information

BioBridge Foundation
CHE-115.002.563
Spittelweg 12, 3782 Lauenen b. Gstaad, Switzerland
Contact Email: [email address]
Contact Phone: [phone number]

  1. Legal Framework

This Privacy Policy is governed by the following legal frameworks:

  • Swiss Federal Act on Data Protection (nFADP): Effective from September 1, 2023, the nFADP modernizes data protection in Switzerland and aligns closely with GDPR, enhancing data subjects’ rights and imposing stricter obligations on data controllers and processors.
  • French Data Protection Law (Loi Informatique et Libertés): This law integrates GDPR into French national legislation, with specific additional requirements enforced by the French Data Protection Authority (CNIL).
  • General Data Protection Regulation (GDPR): GDPR applies to the processing of personal data of individuals in the European Union and imposes stringent data protection requirements, including lawful processing, data subject rights, and accountability measures.
  1. Personal Data We Collect

We may collect and process the following types of personal data:

  • Identification Data: Name, job title, organization, email address, phone number, mailing address.
  • Professional Information: Qualifications, affiliations, and areas of interest.
  • Technical Data: IP address, browser type, operating system, and platform usage data.
  • Sensitive Data: As part of our educational and training activities, we may collect information about medical professionals’ participation in specialized training. This data is classified as sensitive under the nFADP and GDPR.
  1. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Service Provision: To facilitate your participation in our educational programs, webinars, conferences, and other services in accordance with Article 6(1)(b) GDPR (contractual necessity).
  • Communication: To send updates, newsletters, and information about upcoming events and services, in compliance with Article 6(1)(f) GDPR (legitimate interests) and the nFADP requirements for informed consent.
  • Compliance: To fulfill our legal obligations under nFADP, GDPR, and French data protection law, including reporting requirements and data subject rights enforcement.
  • Improvement of Services: To analyze and improve the functionality and user experience of our services and platforms in line with Privacy by Design and Default principles (Article 25 GDPR; Article 7 nFADP).
  1. Legal Basis for Processing

The processing of your personal data is based on one or more of the following legal grounds:

  • Consent (Article 6(1)(a) GDPR; Article 6 nFADP): When you have given clear consent for specific processing activities.
  • Contractual Necessity (Article 6(1)(b) GDPR): Processing necessary for the performance of a contract with you.
  • Legal Obligation (Article 6(1)(c) GDPR; Article 6 nFADP): Compliance with our legal obligations.
  • Legitimate Interests (Article 6(1)(f) GDPR): Processing necessary for our legitimate interests, unless overridden by your rights.
  1. Data Sharing and Disclosure

We do not sell or rent your personal data. However, we may share your data with:

  • Affiliated Organizations: Such as Regen Lab and its associated entities, in line with Article 48 GDPR regarding cross-border processing and Chapter 5 of the nFADP. This includes necessary data sharing for delivering our educational services and managing your participation in our activities.
  • Service Providers: Third-party service providers who assist in our operations, such as IT services, event management platforms (e.g., Cvent), and marketing services. These providers are bound by contracts to process personal data strictly according to our instructions, ensuring compliance with GDPR (Articles 28, 29) and nFADP regulations.
  • Legal and Regulatory Authorities: When required by law, such as in response to lawful requests by public authorities, including to meet national security or law enforcement requirements under Article 6(1)(c) GDPR and corresponding provisions of the nFADP.
  1. International Data Transfers

BioBridge Foundation, while based in Switzerland, may transfer your personal data to countries outside of the European Economic Area (EEA) or Switzerland. Such transfers are conducted in compliance with Chapter V of the GDPR and the nFADP. We ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent measures recognized by the Swiss authorities, to protect your personal data during these transfers.

  1. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy or as required by law. The retention periods are determined based on the nature of the data and the purpose for which it was collected. For instance:

  • Educational and Training Records: Retained for the duration of your engagement with our programs and up to five years thereafter to ensure compliance with applicable legal and regulatory requirements (Articles 5 and 25 GDPR; Article 7 nFADP).
  • Communications Data: Retained as long as necessary to provide you with our services or until you withdraw your consent.

Regular audits are conducted to ensure that data is not retained longer than necessary, and data that is no longer required is securely deleted or anonymized in compliance with Article 17 GDPR and nFADP guidelines.

  1. Your Rights

You have the following rights regarding your personal data under GDPR, nFADP, and French data protection law:

  • Right to Access (Article 15 GDPR; Article 25 nFADP): You can request access to your personal data and obtain a copy of the data we hold about you.
  • Right to Rectification (Article 16 GDPR; Article 5 nFADP): You can request correction of any inaccuracies in your personal data.
  • Right to Erasure (Article 17 GDPR; Article 25 nFADP): You can request the deletion of your personal data under certain conditions.
  • Right to Restrict Processing (Article 18 GDPR; Article 25 nFADP): You can request the restriction of processing your personal data in specific situations.
  • Right to Data Portability (Article 20 GDPR): You can request the transfer of your data to another data controller.
  • Right to Object (Article 21 GDPR): You can object to the processing of your personal data, particularly in cases of direct marketing.
  • Right to Withdraw Consent (Article 7(3) GDPR; Article 6 nFADP): You can withdraw your consent for processing at any time where processing is based on consent.

To exercise these rights, please contact us at [contact information]. We will respond to your requests within the timeframes stipulated by the applicable laws.

  1. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption, access control, and regular security audits to ensure data protection by design and by default as required by Article 25 GDPR and the nFADP.

  1. Breach Notification

In the event of a personal data breach, BioBridge Foundation will promptly notify the relevant supervisory authority as required by Article 33 GDPR and Chapter 5 of the nFADP. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly in accordance with Article 34 GDPR.

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. We will notify you of any significant changes through our website or other direct communication channels, ensuring compliance with the principles of transparency and accountability outlined in the GDPR and the nFADP.

  1. Contact Us

If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at:

BioBridge Foundation
Spittelweg 12, 3782 Lauenen b. Gstaad, Switzerland
Email: [email address]
Phone: [phone number]