This Privacy Policy (the "Policy") explains how Santelle SARL, a company incorporated under the laws of Switzerland with registered offices at 5B Route de Pressy, 1243 Vandoeuvres, Switzerland ("Santelle", "we", "us", "our"), collects, uses, discloses, and protects personal data when you access or use our website www.santellehealth.com (the "Website"), our mobile application (the "App"), and related services (together, the "Services").
This Policy is intended to comply with the Swiss Federal Act on Data Protection (FADP), the EU General Data Protection Regulation (GDPR), and the UK GDPR.
1. DATA CONTROLLER
Santelle SARL acts as the Swiss data representative for the processing of personal data under this Policy. Contact for privacy matters: privacy@santellehealth.com
EU Representative:
LEXR Germany Rechtsanwalts GmbH,
Gormannstrasse 14,
10119 Berlin,
Germany,
contact@lexr.com
2. WHO THIS POLICY APPLIES TO
This Policy applies to users located in Switzerland, the European Union, and the United Kingdom, including users aged 16–17 who are legally permitted to use the Services.
Our Services are not directed to children/minors and Santelle does not knowingly collect or solicit personal or sensitive information from individuals under the age of 16. If Santelle learns that we have collected such information, Santelle will promptly take steps to delete such information from our records.
3. PERSONAL DATA WE COLLECT
Personal information” (also called “personal data”) means information that identifies, relates to, describes, or can reasonably be linked, directly or indirectly, to a particular individual or household. Examples include name, email address, phone number, mailing address, online identifiers, IP address, and cookie identifiers.
3.1 Data you provide directly
We may collect the following personal data when you use the Services:
Name
Email address
Account credentials (passwords are stored in hashed form)
Age or date of birth confirmation
Test results (e.g. positive/negative indicators)
Manually entered symptoms
Customer support communications
3.2 Data collected automatically
When you access the Services, we may collect:
Device type, operating system, and app version
IP address
Approximate location (country-level)
Usage data within the App and Website
3.3 Data we do not collect
We do not collect:
Photos or images
Document uploads
Audio or video recordings
Free-text medical records
Precise geolocation data
4. SOURCES OF DATA
We collect personal data:
Directly from you; and
Automatically through your use of the Services.
We do not obtain personal data from data brokers or third-party enrichment services.
5. PURPOSES OF PROCESSING
We process personal data for the following purposes:
Providing access to the Website and App;
Displaying and explaining test results;
Delivering educational content;
Managing user accounts;
Customer support and communications;
Improving and developing the Services;
Security, fraud prevention, and abuse monitoring;
Legal and regulatory compliance;
Sending marketing communications where you have opted in.
6. LEGAL BASES FOR PROCESSING
Depending on the context, we rely on the following legal bases:
Performance of a contract;
Your explicit consent, in particular for processing health-related data;
Legitimate interests, including security, analytics, and service improvement;
Compliance with legal obligations.
7. HEALTH DATA
Certain personal data processed through the Services constitutes sensitive health data.
We process health data in accordance with Article 9(2)(a) GDPR based on your explicit consent and solely for the purposes described in this Policy. Your explicit consent is obtained at the time you create an account, activate a Test Kit, or enter health-related information in the App, through clear affirmative actions (such as checking a consent box or completing the relevant activation flow). You may withdraw your consent at any time, subject to legal retention obligations.
8. DATA SHARING AND PROCESSORS
We may share personal data with trusted third-party processors, including:
Shopify (e-commerce and payments);
Amazon Web Services (AWS) (hosting and infrastructure);
Email service providers (to be selected);
Analytics providers, including Google Analytics.
Sales and marketing
These processors act under contractual obligations to protect personal data and process it only on our instructions.
Cookies and Similar Technologies
We use cookies, pixels, and similar technologies to operate and improve the Site and to support analytics and marketing activities.
We group these technologies into:
Strictly necessary cookie: Required for basic Site functionality and security. You cannot opt out of these through our cookie banner.
Analytics and performance cookies: Help us understand how visitors use the Site so we can improve content and usability.
Functional cookies: Remember choices you make, such as language or region.
Advertising and marketing cookies: Allow us and our third-party partners to show you relevant ads, measure campaign performance, and build audiences for marketing. This may include cross-context behavioral advertising as defined under certain US state laws.
You can manage cookies in several ways:
Through our cookie banner or preference center, where available;
By adjusting your browser settings to refuse or delete cookies; and/or
For certain advertising cookies, through industry opt-out tools (for example, the Digital Advertising Alliance).
In the EU and UK, where required by law, we seek your consent before setting non-essential cookies (such as analytics, functional, and advertising cookies). These countries and regions will be referred to as the Opt-In Regions.
9. INTERNATIONAL DATA TRANSFERS
Personal data is primarily stored and processed in Ireland.
Personal data is not transferred outside Switzerland, the European Union, or the United Kingdom.
10. DATA RETENTION
We retain personal data for as long as necessary to fulfil the purposes described in this Policy.
As a general rule:
Account and health-related data is retained while your account is active;
Upon account closure, data is deleted or anonymised unless retention is required for legal, accounting, or dispute resolution purposes;
Certain data may be retained for up to five (5) years after account closure where required by applicable law.
11. YOUR RIGHTS
Depending on your location, you may have the right to:
Access your personal data;
Rectify inaccurate data;
Request deletion;
Restrict or object to processing;
Data portability;
Withdraw consent at any time;
Lodge a complaint with a supervisory authority.
Requests can be submitted by contacting us at privacy@santellehealth.com.
12. MARKETING COMMUNICATIONS
You will receive marketing communications only where you have provided explicit consent. You may opt out at any time via the unsubscribe link or by contacting us.
13. COOKIES AND TRACKING
We use cookies and similar technologies to operate and improve the Website, including analytics cookies.
Where required by law, cookie consent mechanisms are provided.
14. SECURITY
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse.
These measures include encryption, access controls and regular security reviews.
15. CHANGES TO THIS POLICY
We may update this Policy from time to time. Material changes will be communicated where required by law.
