Privacy Policy

Effective Date: 19.01.2024

Alpine Institute for Longevity Research and Diagnostics (hereinafter referred to as “we” or “Alpine Institute”) is a not-for-profit organization established as an association under the laws of Switzerland. Alpine Institute is subject to Swiss law and any applicable foreign data protection law and adhere to all other applicable laws and regulations to be considered in its activity.

At Alpine Institute, we naturally value your privacy highly, and adhere to the applicable privacy laws when collecting and processing your data. With this privacy notice, Alpine Institute informs you how we collect, process and disclose personal data. This is not an exhaustive description; other privacy notices or general terms and conditions and similar documents may govern specific matters. Personal data is understood to be all information that relates to a specific or identifiable individual.

1. Controller and Contact Information:

Controller
The controller of the data processing described in this privacy notice is Alpine Institute, unless we have informed you otherwise in certain cases. You can contact us with any data protection-related concerns using the following contact details:

Alpine Institute for Longevity Research and Diagnostics
c/o DUFOUR Advokatur AG, Monika Naef
Dufourstrasse 49, 4052 Basel, Switzerland
contact@alpinelongevity.com

Data Protection Officer contact details:
You can contact our Data Protection Officer by sending an e-mail to:
dataprivacy@alpinelongevity.com

Representative In the European Union:
The representative within the meaning of the GDPR and other national data protection laws of the EU member states as well as other data protection provisions is:

Swiss Infosec (Deutschland) GmbH
Unter den Linden 24
10117 Berlin
Germany
alpineinstitute.dataprivacy@swissinfosec.de

2. Collection and processing of personal data:

We primarily process the personal data that we receive from our clients, suppliers, other group entity and other business partners in the course of our business relationship and communication with them and other persons involved, that we receive when participating in events or meetings, or that we collect from users during the operation and use of our websites, apps and other offers.

The categories of personal data that we process may include, in particular, the following information:
– Personal and contact information, such as name, address, contact details, e-mail address, gender, date of birth, language, nationality, identification information, image, family and relatives, interests, professional functions and activities;
– Information related to contracts and services, such as contract information, services offered and performed, inquiries related to services and contracts;
– Information related to communication, such as data exchanged in or in relation to your contact with us by any means, preferred communication channel, messages sent and received, communication and information relating to your inquiries;
– Health-related information, such as health status, blood samples, analysis, biomarkers (such as blood biomarkers), biological data, physical measurements (height, weight, grip, strength, blood pressure etc.), information asked in a medical questionnaire (family health history, medical history, medication, allergies, lifestyle, etc.), genetic information and information derived from DNA samples;
– Financial information, such as payment history, payment information, invoices, creditworthiness data, debt and bankruptcy information, any recorded restrictions on the ability to act;
– Information from public registers and other public sources, such as information from the commercial register, media, internet, other publications;
– Information related to marketing and surveys, such as newsletter opt-ins and opt-outs, invitations and participation in surveys and events and special activities, personal preferences and interests, consulting protocols;
– Information related to the use of our website, such as browsing data, IP address and other online identifiers, date and time of visits, duration of visits, pages visited, referrer URL (i.e. the Internet address of the website from which you accessed our website, if applicable with the search term used), browser type and version, operating system used, amount of data sent in bytes, and the search term used, location data, pages and content accessed, functions used.

3. Purposes of the data processing and legal bases:

We may process personal data, for the following purposes and, if necessary under applicable data protection law, on the basis of the following legal bases:

For the performance of the contract: We may process personal data in connection with the execution and performance of contracts with our clients and/or affiliates entity.

To fulfill legal obligations: We may process personal data in order to comply with our legal and regulatory obligations, which may include the documentation of compliance with legal and regulatory requirements.

To safeguard legitimate interests: We may process personal data if this is necessary to protect the legitimate interests of us or of third parties or to protect legitimate public interests, as follows:
– To provide our services and to improve the quality of and further develop our services and offerings;
– To measure, analyze and understand use of our services, market and industry trends and preferences of our actual and potential clients and other business partners;
– For advertising and marketing purpose, such as to send newsletters (provided that you have not objected to the use of your data for this purpose), organize events;
– For market and opinion research, media monitoring;
– To ensure the continuity, security and efficiency of our business operations, including our IT, data, websites, apps and other applications;
– To protect our physical assets and premises, control access to buildings and sites, protect employees and other individuals and assets owned by or entrusted to us;
– In view of possible corporate transactions and the disclosure of personal data related thereto;
– To manage our business in compliance with legal and regulatory obligations as well as internal regulations of Alpine Institute.

Based on your consent: If you have given us consent to process your personal data for specific purposes (for example, when you register to receive newsletters, participate in research, consent to have sample analyzed and reports disclosed), we process your personal data within the scope of and based on this consent, unless we have another legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.

4. Cookies, tracking and other technologies related to the use of our website:

We may use cookies and similar technologies on our websites that allow us to store information on your device or access information stored on your device. This allows us to better understand user behavior, e.g. to provide our services in a technically error-free, secure, user-friendly and demand-oriented manner.

We may use cookies and similar technologies as follows:

Cookies: These are small text files that are stored in the cookie file on your computer’s hard drive when you visit our website. Through the use of cookies, your browser receives an identifier and shows it on request to.
– Most of the cookies we use are so-called session cookies. These save your entries while you navigate on the website within the same session . Session cookies are automatically deleted after your visit to our website. Permanent cookies, on the other hand, remain stored on your device for several sessions and allow us to recognize your browser the next time you visit the website (and, for example, to perform an automatic log-in or to display the website in your preferred language and according to your preferences). We use permanent cookies to remember your preferences (e.g., language, autologin), to help us understand how you use our services and content, and to provide you with customized offers and advertisements (which may also occur on other companies’ websites; however, we do not tell them who you are, if we even know, because they only see that the same user is on their website who was on a particular page on ours). Some of the cookies are set by us, and some are set by contractors with whom we work. Permanent cookies are deleted when their expiration date is reached or if you delete them beforehand.
– Cookies and similar technologies generally do not provide personal data, but only anonymous traffic data related to your device (e.g., your IP address) and statistical data (e.g., number and type of website visits). However, to the extent that the identifiers collected are classified as personal data by applicable law, we treat them as such. In addition, we sometimes combine non-personal data collected using these technologies with other personal data held by us. When we combine data in this way, we treat the combined data as personal data.
– Most browsers are set to accept cookies by default. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, generally disable cookies for certain cases and activate the automatic deletion of cookies when closing your browser. If you disable cookies, you may no longer be able to use all the functions of this website. The procedure for disabling of cookies depends on the browser you are using. You can find information on this in the settings menu of your browser.
– Apart from technically mandatory cookies, we only use cookies if you have given us your consent to do so. You can revoke any consent given at any time by changing your cookie settings.

Plug-ins (also social plug-ins, social media plug-ins or social share plug-ins): You can recognize plug-ins by the corresponding network logo or the “Like” or “Share” buttons on our website. By clicking on the plug-in, you can share content from our website on social networks. The plug-in reports to the social network that your IP address is visiting our website. This can happen even if you are not logged into the social network or are not a member of the social network. If you are logged into the social network, the social network can assign your surfing behavior directly to your profile there.
– The social network is responsible for the processing of your personal data transmitted with the plug-in and the data protection provisions of the respective social network apply. We do not obtain precise knowledge of the content and scope of the transmitted data and its use by the social network and do not exercise any influence on it. As a rule, this involves the following data: website visited, data transmitted by your browser (IP address, browser type and version, operating system, time) and your identification number in the social network, provided you are registered there as a user.
– If you share content via a plug-in, you are not authorized to speak on our behalf. These are your own expressions, for which we are not responsible and liable.

Social media presence:
– On our website, we have set up links to our social media presence on Facebook, Instagram, LinkedIn and X (former Twitter). If you click on the corresponding icons of the social networks, you will automatically be redirected to our profile on the respective social network. In order to be able to use the functions of the respective network there, you must partially log in to your user account for the respective network.
– When you open a link to one of our social media profiles, a direct connection is established between your browser and the server of the social network in question. This provides the network with the information that you have visited our website with your IP address and accessed the link. If you access a link to a network while logged into your account on the network concerned, the content of our site may be linked to your profile on the network, i.e., the network may link your visit to our website directly to your user account. If you want to prevent this, you should log out before clicking on the relevant links. In any case, an association takes place when you log in to the relevant network after clicking on the link.
– If you have your habitual residence in Switzerland or the European Economic Area (EEA), the provider of the social network is based in Ireland, otherwise in the USA. More detailed information on data processing by the provider of the social media platform can be found in the privacy policy of the respective provider:

Facebook und Instagram
Meta Platforms Inc. (USA)/Meta Platforms Ireland Ltd. (Ireland): Meta Privacy Policy

LinkedIn
LinkedIn Corporation (USA)/LinkedIn Ireland Unlimited Company (Ireland): LinkedIn Privacy Policy

X (former Twitter)
X Corp. (USA)/Twitter International Company (Irland): X Privacy Policy

Google Services:
– On our website and in our operations, we use various services (e.g. Google Analytics and Google Workspace) of Google LLC, based in the USA, respectively if you have your habitual residence in EEA or Switzerland, Google Ireland Limited, based in Ireland (“Google”).
– Google uses technologies such as cookies, web storage in the browser and tracking pixels, which enable an analysis of your use of our website. The information thus generated about your use of our website may be transmitted to a Google server in the USA and stored there.
– We use tools provided by Google that Google claims can process personal data in countries where Google or Google’s subcontractors maintain facilities. Google promises an adequate level of data protection in its Data Processing Addendum for Products where Google is a Data Processor by relying on the EU standard contractual clauses. Google is also certified under the Swiss-U.S. and EU-.US. Privacy Framework. For more information about Google’s processing and privacy settings, please refer to Google’s privacy policy respectively Google privacy settings.

– Google Analytics: We use Google Analytics 4 on our website as well as for marketing and advertising purposes. Google Analytics uses cookies that are stored on your end device (laptop, tablet, smartphone or similar) and enable an analysis of your use of our website. This enables us to evaluate the usage behavior on our website and to make our offer more interesting by means of the statistics/reports obtained.
– The information generated by the cookie about your use of our website (including your IP address) is usually transmitted to a Google server in the USA or Ireland and stored there.
– Google Analytics 4 has IP address anonymization enabled by default. This means that your IP address is shortened by Google within Switzerland or the EU/EEA before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
– Google uses this information to evaluate your pseudonymous use of our website, to compile reports on website activity and to provide us with other services related to website and internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data, according to Google. When you visit our website, your user behavior is recorded in the form of events (such as page views, language settings, your “click path”, interaction with the website) as well as other data such as your approximate location (region), technical information about your browser and the end devices you use or the referrer URL, i.e. via which website / advertising material you came to our website.
– As an alternative to objecting to any consent given (by changing your cookie settings), you can prevent the collection of data generated by the cookie and related to your website use (including your IP address) to Google and the processing of this data by Google by downloading and installing the Google Analytics Opt-out Browser Add-on.
– This will set an opt-out cookie that will prevent future collection of your data when you visit our website. To prevent the collection of data by Google Analytics across different devices, you must perform the opt-out on all devices used.
– An overview of the data use in Google Analytics and the measures taken by Google to protect your data can be found in Google’s Help Center. Further information on the terms of use of Google Analytics and data protection at Google can be found in the Google Analytics Terms of Service and Google’s privacy policy.

Marketing communication:
– We use cookies and other tracking technology in our marketing communications (e.g. Newsletter) which helps us to appraise whether marketing e-mails have been opened, replied or forwarded and links followed, etc. We also use a plugin for LinkedIn which is recognizable by the logo placed on our Newsletters. If you interact with the LinkedIn platform, the relevant information will be forwarded and your visit recognized by LinkedIn.

5. Disclosure of personal data

We may disclose personal data to the following categories of recipients:
– Affiliated entities and/or business partners;
– Service providers (such as laboratories, banks), suppliers and subcontractors, including processors (such as IT service providers);
– Domestic and foreign authorities or courts as well as arbitral tribunals, parties in possible or pending legal proceedings;
– The public, including users of our websites and social media;
– The media;
– Industry organizations, associations, organizations and other bodies;
– Other parties in connection with corporate transactions.
If we transfer personal data to third parties, the respective third party may process personal data in accordance with their own privacy notices and regulations.

6. Disclosure of personal data to other jurisdictions

We may disclose personal data to recipients outside of Switzerland, including to EU/EEA member states, the UK, the US and to any other country of the world, e.g., to countries where our clients or service providers are located.

We may disclose personal data to a country without adequate legal data protection, provided that:
– We ensure adequate protection, namely by means of sufficient contractual guarantees such as the standard contractual clauses of the European Commission, or binding corporate rules, or based on certification under the Swiss-U.S. and EU-.US. Privacy Framework. You can obtain a copy of the contractual guarantees from the contact point mentioned above or find out from them where such a copy can be obtained. We reserve the right to redact such copies for data protection reasons or for reasons of confidentiality or to supply only excerpts;
– You give your express consent;
– It is necessary for the execution of a contract with you or of a contract in your interest;
– It is necessary for the fulfillment of a legal obligation;
– It is necessary to safeguard overriding public interests, to establish, exercise or enforce legal claims or to protect the life or physical integrity of you or third parties;
– You have made the personal data generally accessible and do not expressly prohibit processing; or
– The personal data originate from a register provided for by law, which is public or accessible to persons with an interest worthy of protection, insofar as the legal requirements for inspection are met in the individual case.

7. Duration of the retention of personal data

We process and store personal data as long as it is necessary for the processing purpose for which we collected it (e.g., for the duration of the entire business relationship from the initiation until the termination of a contract). In addition, there may be a contractual or legal obligation to retain or document data for a longer period. It is possible that personal data will be stored for the time during which claims can be asserted against our company and insofar as we are otherwise legally obligated to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). We thus store contract-related personal data in principle for the duration of the contractual relationship and for ten years beyond the termination of the contractual relationship.

If the personal data is no longer required for the fulfillment of the processing purpose, it will be deleted or anonymized as far as possible. Subject to an express written agreement, we are under no obligation to you to retain personal data for a specific period of time.

8. Data security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as the issuance of warnings, training, IT and network security solutions, access controls and restrictions, encryption of data media and transmissions, pseudonymization, controls.

9. Rights of the data subject

Under applicable data protection law, you may have the following rights:
– A right to be informed upon your request of our processing of your personal data;
– A right to correction, deletion or destruction of your personal data;
– A right to objection to the processing of your personal data;
– A right to revoke your consent if the processing of your personal data is based on your consent. The revocation is possible at any time and is effective for the future. The revocation does not affect the lawfulness of the data processing that took place until the revocation.
– A right to receive your personal data in certain cases and in an electronic format that allows your further use (data portability);
– A right to information regarding any automated individual decision-making in which we may engage, insofar as this is required by law.

To exercise your rights, you may contact us at the contact point mentioned above. The exercise of your rights generally requires that you can prove your identity (e.g., by sending us a copy of your valid ID). We also draw your attention to the fact that by deleting your personal data, services are no longer available or can no longer be used, in whole or in part, and that the exercise of these rights may conflict with contractual agreements and this may have consequences such as the premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated. We reserve the right to restrict your rights where permitted by applicable law.

You may have the right to enforce your claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

10. Obligations of the data subject

In the context of our business relationship, you must provide the personal data that is required for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations (you do not usually have a legal obligation to provide us with data). Without this data, we will generally not be able to enter into or perform a contract with you (or the entity or person you represent). Also, the Website cannot be used if certain traffic-securing information (such as IP address) is not disclosed.

If you provide us with personal data of other persons (e.g. data of work colleagues), you must ensure that these persons are aware of this privacy notice and you may only share their personal data with us if you are allowed to do so and if this personal data is correct.

Please note that the internet is generally not a secure environment because it is an open network that can be accessed by anyone. Therefore, we also appeal to your personal responsibility with regard to the handling of your personal data. To the extent permitted by law, we exclude liability for the security of data that you transmit to us via the internet (e.g., by e-mail) or other electronic channels and for any direct or indirect damage. We ask you to choose other communication channels, should this appear necessary or reasonable for security reasons.

11. Modification of the privacy notice

Alpine Institute may amend this privacy notice at any time without prior notice. The current version published on our website https://alpinelongevity.com/ shall apply.

Version 1.0