Red drop LAB.
HC Professionals
Login

Privacy Policy
Version 1.1 – 2025-03-18

1. What is this Privacy Notice about?
This Privacy Notice explains how we process personal data, primarily in relation with our services (incl. Application) and with our website. If you would like more information about our data processing, please feel free to contact us (sec. 2).

2. Who is the controller for the data processing?
For each data processing activity, there is a party that is primarily responsible for ensuring compliance, the “controller”. For the processing described in this Privacy Notice, the controller (also referred to as “we”) is:

Red drop LAB. SARL
Chemin de Clamogne 4
1170 Aubonne

If you have any questions regarding data protection, please feel free to contact us at the above postal address or by email: contact@reddroplab.com.
If you provide us with data about other individuals, we assume this data is accurate and that you are authorised to share it with us. As we may not directly contact these individuals or inform them about our data processing, we ask you to do so (e.g., by referring them to this Privacy Notice).

3. How do we process data in relation with our products and services?
When you use our products and services, we process data for onboarding, concluding service agreements, and their performance and management.

If we are in contact with you in view of an agreement, we process data, for example if you fill out and we analyze medical questionnaires, if you send us biological samples such as blood tests and we analyze such tests. In the course of these processing activities, we process particularly sensitive data such as health data, and necessary master data such as your name, contact details, date of birth, phone, email, information collected through applications and forms, consent, details of services requested, and the date of agreement.
We may work together with third parties such as laboratories or health care professionals. Open App | Red drop LAB. may also be required to disclose certain Test Results and Information to the Swiss authorities in compliance with applicable laws and regulations. Such disclosures will be made only to the extent required by law.

If we enter into an agreement with you, we process data from onboarding and agreement information.
We process personal data during and after the agreement, including service purchases, payments, customer service interactions, claims, returns, online services access, logins, terminations, and disputes.
We also process your personal data to provide useful recommendations on our App or Website and anonymize data for machine learning and AI training.
We may advertise our services (see sec. 4).
We also process data for statistical purposes to improve products and inform strategy.

4. How do we process data in relation with advertising?
We process personal data for advertising purposes:

  • Newsletter: We send electronic information and newsletters, which may include advertising. We ask for consent unless allowed for existing customers. We process your name, email, service usage, newsletter opens, and link clicks using invisible images (“tracking pixels”).
  • Online advertising: personalized website presentation and advertising on third-party platforms.
  • Market research: We process data to improve services: purchases, newsletter reactions, surveys, social media, media monitoring, and public sources.
    We also anonymize data for machine learning and personalized recommendations.

5. How do we disclose personal data?
We may disclose personal data to:

  • persons associated with you (representatives, relatives);
  • intermediaries involved in our services;
  • third-party service providers including laboratories and healthcare professionals (which may include sensitive health data);
  • IT and administrative service providers (storage, infrastructure, consulting, logistics, banking);
  • credit agencies;
  • authorities and courts;
  • third parties in acquisitions or sales of assets.

6. Can we disclose data abroad?
Some recipients are outside Switzerland. This includes IT providers in the EU or worldwide. Data may also be shared with foreign authorities if legally required or during legal proceedings.
If a country lacks adequate protection, we use safeguards such as EU Standard Contractual Clauses. In specific cases, data may be shared without safeguards if allowed by law (e.g., consent, contractual necessity, legal claims).

7. How do we use artificial intelligence?
We use AI and machine learning responsibly and ensure human review for impactful decisions. If an AI interacts directly with you, we will inform you.

AI may be used to:

  • improve products and services;
  • increase internal efficiency;
  • enhance security and prevent misuse;
  • improve customer requests processing and feedback analysis;
  • provide tailored information and advice.

8. How do we process data in relation with our website and Application?
Each website visit stores log file data: IP address, ISP, OS, browser, referrer, date/time, and accessed content.
We use cookies and similar technologies (pixels, browser fingerprinting) for functionality, analytics, optimization, and statistics.

You can adjust browser settings to block or delete cookies.

Third-party providers (including Google and Facebook) may use cookies for analytics, personalized ads, and cross-device tracking.
We use Google Analytics for user behavior analysis.
We may use Facebook Pixel and Custom Audiences for advertising and conversion measurement.

9. How do we process data via social media?
We maintain presences on Instagram, LinkedIn, Facebook, YouTube, etc.
If you interact with us, we collect information for communication, marketing, and statistics.
Platform providers independently collect and use data and may combine it with other information.

10. Are there other processing purposes?
Yes, including:

  • communication (calls, messages; calls may be recorded with prior notice);
  • job applications (CVs, contact details, references);
  • compliance with legal requirements;
  • fraud prevention and misuse prevention;
  • legal proceedings;
  • IT security and backups;
  • competition and market observation;
  • business transactions;
  • training, administration, accounting, claims, process improvement;
  • anonymous statistics.

11. How do we protect your data?
We implement appropriate technical and organizational measures to protect your data, but absolute security cannot be guaranteed.

12. How long do we process personal data?
We retain data as long as necessary for the purpose, legitimate interests (e.g., legal claims, archiving, IT security), or legal obligations (e.g., 10-year retention).
Afterward, we delete or anonymize data.

13. Anything else to consider?
Under GDPR (if applicable), we rely on legal bases such as:

  • contract performance (Art. 6(1)(b));
  • legitimate interests (Art. 6(1)(f));
  • legal obligations (Art. 6(1)(c));
  • consent (Art. 6(1)(a)).

Some data is necessary for contracts or website use.

14. What are your rights?
You may, subject to applicable law:

  • request a copy of your personal data and details about processing;
  • object to processing (especially direct marketing);
  • correct or complete data;
  • receive data in machine-readable format (data portability);
  • withdraw consent at any time.

You may be asked to verify your identity.
You may file a complaint with the competent supervisory authority, in Switzerland the FDPIC.