Privacy Policy – Heart Force AG

This Privacy Policy explains how Heart Force AG (“Heart Force,” “we,” “our,” or “us”) collects, uses, shares, and protects your personal data when you interact with our websites, products, services, and events. This policy applies to interactions through www.heartforce.com and related platforms unless otherwise stated. Please read this Privacy Policy carefully. By using this website, you agree to the terms of this Privacy Policy. If you do not agree to the terms of this Privacy Policy or any revised Privacy Policy, please exit the site immediately.

1. Who We Are

Heart Force AG is located at Gubelstrasse 12, 6300 Zug, Switzerland. Heart Force is the name we use to refer to our whole business including subsidiaries, and affiliates. When we use the words ‘we’ or ‘our’, we mean Heart Force. In Canada, Heart Force is Heart Force Medical Inc. If you have questions about this policy or your personal data, please contact us at: info@heartforce.com 

2. Scope of this Policy

This policy covers personal data collected when you:

• Visit our website or access our digital platforms

• Subscribe to our newsletter
• Order products or services
• Communicate with us (via email, phone, or forms)
• Participate in events, surveys, or studies
• Access our investor or clinical research portals

This policy applies to personal data when we collect it directly from the data subject (being the person who the data identifies), and also when we collect data indirectly from one person (or company or other legal entity) that identifies another person. 

This policy does not apply when we process your data on behalf of a healthcare provider or medical institution, or when a separate privacy notice is provided. It also does not apply when we process data:

• relating to current or former employees
• about our business consultants in the scope of their consultancy relationship with us
• where we have given other disclaimers, policies, terms of use, or other notices indicating that this policy does not apply, or that a different policy or notice does apply
• that does not identify you as an individual person, including personal information (as defined below) or after any information has been anonymized, so that it can no longer be used to identify you
• only as a processor of information on behalf of a third party where that processing is governed by separate terms

“Data processing” refers to any operation or set of operations involving personal information, whether or not by automatic means, including collecting, disclosing, retrieving, using, adapting, altering, correcting, combining, erasing, transferring, destroying, recording, organizing, storing, or otherwise making available and using personal information.

3. Personal Data We Collect & How We Use It

We may collect the following types of personal data:

Website Visitors

• IP address, device type, browser version, cookies and usage data
• Used to analyze performance, security, and user experience

Contact Forms & Email Communication

• Name, email address, phone number, organization
• Used to respond to inquiries, demo requests, and customer support

Orders & Transactions

• Contact and shipping information
• Billing information and transaction details
• Used to process and fulfill orders and manage payments

Clinical or Investor Portals

• Account credentials and professional details (for HCPs or investors)
• Used for secure access to restricted areas and content

4. Cookies & Tracking Technologies

We use cookies and similar tools to:

• Ensure website functionality and security
• Monitor user behavior to optimize site performance
• Deliver relevant content and communication

The cookie may be stored on your computer’s hard drive. Cookies are used to collect information for business purposes, such as enabling essential website functions and improving the user experience. You may manage your cookie preferences through your browser settings. With most web browsers, you can choose to reject all cookies, though rejecting all cookies may limit the functionality of the website. Fully anonymized data collected from your use and visit of our websites may also be used by third parties to engage in audience marketing through retargeting.

We will not allow third parties other than those companies that we hire to perform services or functions on our behalf to place cookies on our website. Please refer to your browser’s ‘Help’ instructions to learn more about managing cookies. You may opt-out of the use cookies through your internet browser’s plugins or privacy settings at any time, but this may impact the functionality of our website.

5. Legal Basis for Processing

We process personal data:

• Based on your consent
• To fulfill a contract or request or to provide the services or information you request
• To allow you to register certain products or services, or enhance their functionality
• To resolve and track the status of any consumer and/or product or service issues
• To manage our relationship with you
• To enable you to participate in our online communities, including social media 
• To comply with legal obligations
• Based on our legitimate interest to operate and improve our business

We may also use your personal information to achieve the following legitimate interests, so long as compatible with your rights and expectations of privacy:

• for analytical purposes (e.g. to research, develop and improve programs, products, services and content)
• to anonymize your information by removing any personal identifiers (your name, e-mail address, social security number, etc.) so that it may be used for other purposes. In this case, the anonymized information may be treated like other non-personal information
• to enforce this policy and other rules applicable to your use of this website
• to protect our rights or property

6. Sharing Your Personal Data

We may share your data with:

• Trusted service providers (e.g., cloud hosting, CRM platforms)
• Legal and regulatory authorities if required
• Business partners, clinical collaborators, and advisors
• Affiliates and subsidiaries within the HeartForce group of companies

We do not sell your data.

We also have legal grounds to use your personal information in the following circumstances:

• as necessary to protect someone’s health, safety or welfare
• in order to comply with a law or regulation, court order or other legal process

Where required by law, we will ask you to “opt-in” or affirmatively consent to the processing of your personal data for a particular purpose. For example, where the law so requires, we will only send you newsletters if you have subscribed to them.

7. Non-personal information

Non-personal information is information that cannot identify you or be tied to you in any way. Non-personal information that we collect through this website does not identify you as an individual person and will not be linked to you. It may include information such as the following:

• The name of the domain from which you access the Internet
• The Internet Protocol address (“IP Address”) of the computer you are using
• The type of browser and operating system you are using
• The date and time you access our website
• The internet address of the site from which you linked directly to our website
• Which pages you have visited on our website 
• The search terms you use
• The links on which you click

If you visit our website to read or download information, such as information about a health condition or about one of our products, we may collect certain non-personal information from your computer. This information is collected from your computer’s web browser. If you only read or simply click to download information on our website, we do not collect or learn your name, e-mail address, home address, or any other personal information about you.

We will use non-personal information from you to make this website more useful to visitors. We may also use non-personal information for other business purposes. For example, we may use non-personal information or aggregate non-personal information to:

• create reports for internal use to develop programs, products, services or content
• adapt or improve the information or services provided
• share or sell information to third parties
• provide information on how our site is used, such as “traffic statistics” and “response rates” to third parties

8. Use of personal information to send marketing or educational messages

HeartForce may wish to provide you with educational materials or other information about our products and services, as well as information about clinical trials or the products and services of others that might be of interest to you, based on the information you have shared with us and that we have collected through cookies or similar techniques regarding your use of our websites, social media and blogs.

We will ask you to “opt-in” or affirmatively consent to the use of your personal information for the purposes of such communications, in accordance with applicable laws.

If at any time you decide not to receive any educational, commercial or promotional information related to our products and services or regarding the products or services of our affiliates or service providers, please email us at the contact details listed below and mention “OPT-OUT” in the subject of your email. Alternatively, you may use the opt-out procedure provided in any relevant message you receive from us.

Please note that if you opt not to receive promotional messages from us, we may still continue to send you relevant information for other lawful purposes, such as to administer any account you may have with us, to respond to your requests, to execute agreements with you, or to provide you with information that we are required by law to provide, e.g. regarding product recalls.

If you wish to stop receiving communications from us, or would like us to stop processing your personal information in any other way, you can contact us as described at the bottom of this policy to let us know what types of communications you wish to stop receiving. In addition, if you have received, or in the future receive, an e-mail from us, each e-mail we send includes an easy, automated way for you to cease receiving e-mails from us.

9. Surveys

We may invite you to participate in surveys to determine customer satisfaction levels, identify areas of potential improvement or to carry out market research. We may send you a specific invite to participate in such a survey on the basis of our legitimate interests in conducting the survey, or on the basis of your prior “opt-in” consent to receive such communications, in accordance with applicable laws. You may opt-out of receiving any such future communications in the manner detailed in the section above.

The personal information that is collected for the purpose of the survey may include your email address, phone number, survey results, and any free-text message you may have written in the survey. 

The business purpose of collecting your data is to reply to survey feedback you may have provided, specifically:

• Should you have indicated an issue which we need to take action to resolve
• In order to gain further insight to the experience you have described
• To inform you of any action we might take internally to resolve your issue or enhance your experience

10. International Data Transfers and Disclosure Abroad

Heart Force AG may disclose and transfer personal data to recipients located outside Switzerland, the European Economic Area (EEA), and Canada, including to service providers, affiliates, and partners who support our business operations (such as IT hosting, analytics, CRM, and communication services).

Where personal data is transferred abroad, Heart Force AG ensures that such transfers are made in accordance with applicable data protection laws. Personal data is transferred only to countries that provide an adequate level of data protection under Swiss law, or where appropriate safeguards are implemented to ensure an equivalent level of protection.

Such safeguards may include the use of standard contractual clauses (SCCs) approved by the Swiss Federal Council and/or the European Commission, or other legally recognized transfer mechanisms.

International transfers are carried out solely for the purposes described in this Privacy Policy and only where necessary to provide our services, operate our business, or comply with legal obligations.

11. Data Retention

We retain personal data only as long as necessary for the purpose it was collected, or as required by law. Retention periods will be determined taking into account the type of personal information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable opportunity. For example, if you tell us that you no longer wish to receive a newsletter from us, we will immediately delete your email address from our mailing list. If you participate in a program via our website we will delete the personal information provided as part of that program within a reasonable time after its completion. We will continue to treat your personal information in accordance with this policy so long as we retain it.

12. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction or deletion of your data
• Object to or restrict our processing of your data
• Withdraw your consent at any time
• Lodge a complaint with a data protection authority

To exercise any of these rights, please contact: info@heartforce.com 

13. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, or misuse. We also restrict access to your personal information to those employees and contractors who need to know that information to do their jobs. Although we make every reasonable effort to protect your personal data from unauthorized access, loss, misuse or alteration by third parties, there is always risk involved in transmitting information over the Internet. In particular, e-mail sent to or from us may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.

14. Links

This website may contain links to other websites. Some of those websites may be operated by our affiliates, and some may be operated by third parties. This policy does not apply to other websites. Therefore, whenever you leave this website we recommend that you review the privacy practices that apply to information you provide on other websites. We provide the links for your convenience, but we do not review, control, or monitor the privacy practices of websites operated by others, and neither are we responsible for websites operated by third parties or your business dealings with them. 

15. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page, with the effective date listed at the top. We recommend that you check this posted Privacy Policy regularly to ensure that you have viewed the most recent version.

Contact Us

 Heart Force AG

 Gubbelstrasse 12, 6300 Zug, Switzerland

 Email: info@heartforce.com