) carefully before proceeding. Visitors (hereinafter “Data Subjects”
) who access the website https://longevity.foundation/
(hereinafter - “Website”
) and/or donor platform http://donor.longevity.foundation/
(hereinafter – “Donor Platform”
The Longevity Science Foundation group (hereinafter – “Foundation”
) comprising of Longevity Science Foundation, non-profit foundation, registration number 179.286.854, registered at: Bahnhofstrasse 10, 6300 Zug, Switzerland, and Longevity Science Foundation, Inc., not for profit corporation, EIN 88-0936587, registered at: 5805 Blue Lagoon DR STE 300 Miami, FL 33126, the United States of America, is the operator of the Website and Donor Platform.
), while using the Website, Donor Platform or interacting with the Foundation.
”), the Switzerland Ordinance to the Federal Act on Data Protection (hereinafter - “OFADP”
), and, where applicable, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter - “GDPR”
), and the corresponding data protection laws of the United States of America.Data Controller
Your Personal Data will be controlled by the relevant entity within the Foundation that is communicating to you or to which you are donating and each such entity is regarded as an independent data controller of your personal data (the “Data Controller
Longevity Science Foundation
Bahnhofstrasse 10, 6300 Zug, Switzerland, and
Longevity Science Foundation, Inc.
5805 Blue Lagoon DR STE 300 Miami, FL 33126, the USAEU Representative
Our representative in the EU according to Article 27 of GDPR (hereinafter - “Representative”
Address: Dzirnavu iela 41A, Riga, Latvia, LV-1010
Tel.: +371 29269814
- consent [of the data subject], means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
- controller - the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- localstorage – a file created by a website in Data Subject’s device;
- JSON Web Token (JWT) - signed credentials encoded into a long string of characters created by the server, which is used for authorization purposes;
- information society service - any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services;
- personal data - any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- processing - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- processor - a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- profiling - any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
- recipient - a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
- restriction of processing - the marking of stored personal data with the aim of limiting their processing in the future;
- supervisory authority - an independent public authority which applies data protection law at a national level;
- third party - a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
1. Purpose, Scope, Processing and Use of the Personal Data of Data Subjects 1.1 Localstorage and JWT
- EU - European Union;
- FADP - Switzerland Federal Act on Data Protection;
- OFADP - Switzerland Ordinance to the Federal Act on Data Protection;
- GDPR - General Data Protection Regulation;
- DPA - Data Protection Authority;
- ID - Identity document;
- JWT – JSON Web Token.
Our Website and Donor Platform does not store any Cookies in the web browser. Instead, we store the JWT in the Localstorage of the Data Subject for safe access to the backup of the Service provider and regenerate it each hour.
Once the Data Subject has successfully submitted (authorized) with his/her username and password, the JWT is generated and stored in the Localstorage of the Data Subject and the backup of the Service Provider. After this authorization, JWT allows to securely transmit information between the Data Subject and Service Provider.
Since the JWT is refreshed each hour, the Data Subject revisiting the Website and/or Donor Platform has to authorize with his/her username and password repeatedly, to ensure the reception of a new JWT. This cycle of authorization is necessary to ensure secure transmission of information between the Data Subject and Service Provider, and to reduce the risk of possible cyber-attacks and/or other processes related to data theft.
The Data Subject can, at any time, clear/remove their data from the Localstorage of their device, by using browser development tools:
1) Right mouse click;
2) Select Inspect/view code/developer tool;
3) Locate “Application” tab;
4) Expand “Storage” section;
5) Expand “Localstorage” section;
6) View, edit, delete or clear all Localstorage.
1) Open Developer tools (F12, Ctrl+Shift+I (Windows) or Cmd+Opt+I (Mac);
2) Locate “Application” tab;
3) Expand “Storage” section;
4) Expand “Localstorage” section;
5) View, edit, delete or clear all Localstorage.1.2 Subscription to the Foundation Newsletter (Optional)
In order to receive valuable information within our network and gain direct access to the most up-to-date information, you may wish to subscribe to our newsletter. For this, we may collect your name and/or email address. By registering for our newsletter, you give us your consent to process the provided data in order to periodically send out the newsletters to the provided email address. All and every information gathered this way shall never be passed on or sold to any third party.
At the end of each newsletter there shall be a link enabling you to unsubscribe from the Foundation newsletter at any time. After unsubscribing, all your Personal Data will be deleted.1.3 Collection and Processing
When using the Website and/or Donor Platform, Data Controller, the service providers Tilda Publishing Ltd., Hetzner Online GmbH, The Giving Block, Inc. and Stripe, Inc. (the “Service Providers”), may automatically or with the participation of the Visitor collect additional Personal Data and information. Such Personal Data and information are stored in the server log files of Tilda Publishing Ltd., Hetzner Online GmbH, The Giving Block, Inc. and/or Stripe, Inc. The list of Personal Data and information which may be collected includes data such as:
1. a name and surname;
2. an identification card number;
3. location data (for example the location data function on a mobile phone);
4. an email address;
5. an online identifier;
6. billing address.
The activity of the Foundation is governed and regulated by a number of laws and regulations which oblige the Foundation to meet all the necessary standards and principles of Personal Data processing. These principles include but are not limited to the Foundation processing Personal Data with an aim to meet anti-money laundering and counter-terrorism and proliferation financing requirements, to maintain accounting records and bookkeeping, to meet international and national sanctions, and to cooperate with public and private entities.
The Foundation processes Personal Data to perform its legal obligations, based on applicable requirements of laws and regulations in the sphere of non-profit activity, anti-money laundering and counter-terrorism and proliferation financing, tax liabilities and bookkeeping, international sanctions, activity of public bodies and requirements of other laws and regulations applicable to the Foundation. The Foundation also processes Personal Data on the basis of its legitimate interests to ensure comprehensive compliance with provisions of the law and prevent from violation, make internal assessment and promote the compliance with the statutory requirements, to meet requirements of the supervisory body.
The Foundation may process Personal Data to improve the quality of its services and the use of our Website and/or Donor Platform, to carry out internal analysis and statistics, to support the activities of the Foundation and compliance with the internal administration procedures, to improve and test the Foundation’s technical infrastructure, to ensure the long-term stability, and security of the system, to further optimize our Website and/or Donor Platform, to ensure the cooperation with the Foundation’s counterparties and to examine complaints or applications of the Data Subject or other persons.
The legal basis for the Personal Data processing for these purposes is stated in Article 6, paragraph 1(f) of the GDPR and the principles of processing laid out in Article 4 of the FADP.1.4 Transfer to Third Parties and Internationally
With the exception of the Service Providers, we do not make the Personal Data of a Data Subject available to third parties unless he/she has expressly consented to it or if the Foundation is legally obliged to.
The Foundation is entitled to transfer Personal Data, including, but not limited to, to:
1) state and supervisory bodies, bailiffs, investigation bodies, courts, tax authority, insolvency administrators, notaries, orphans’ courts, subjects of investigative activities, and other representatives of state authorities within the framework of relevant requests, fulfilment of the Foundation’s legal obligations, filing of reports;
2) counterparties which ensure that the Data Subject signs documents with a qualified electronic signature or which provide services of validation and/or retention thereof;
3) payment processors, in case of transfer of monetary funds, international payment card systems, incl. Mastercard and Visa, persons involved in card payments, processing centres, persons who check infringements of the regulations of international payment systems made by the Data Subject. Mastercard Europe SA processes Personal Data according to the corporate rules which are available at https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf
and provide for a number of rights for the Data Subject, and also contain relevant information in respect of the use of Mastercard services;
4) persons related to the protection of rights and interests, filing of claims, legal proceedings, dispute resolution, including, but not limited to, lawyers, state and arbitration courts, mediators, bailiffs, ombudsmen, alternative dispute resolution mechanisms;
5) the Foundation’s auditors within the framework of the audit, drawing up of financial reports, and carrying out of other inspections;
6) Service Providers and persons providing technical support to the activities of the Foundation, including, but not limited to, IT and business service providers, consultants, postal couriers, translators, communications operators, developers;
7) individuals and structural units within the Longevity Science Foundation group.
The aforementioned recipients are obliged to protect Personal Data of the Data Subjects to the same extent as the Foundation. In a case where the level of Personal Data protection in a given country does not correspond to that of Switzerland, the EU, or the U.S., the Foundation provides for the protection measures for the protection of information transferred outside the EU, the U.S. or Switzerland e.g., the availability of duly approved corporate binding rules in respect of the Personal Data at the recipient, or entering into an agreement on transferring of information according to the standard contractual clauses in Switzerland, the E.U., or as the case maybe, the U.S.
The transfer of Personal Data is for the sole purpose of providing and maintaining the functionality of our Website and Donor Platform. The legal basis for the transfer and processing of the Data Subjects’ Personal Data by third parties is stated in Article 6, paragraph 1(f) of the GDPR and Article 10a of the FADP.1.5 Security of Personal Data
The Foundation uses convenient technical and organisational security measures to protect the Personal Data of Data Subjects against a) manipulation; b) partial or complete loss; and c) unauthorized access by third parties.
It must be noted that any data transmission on the internet (for example by communicating via email) is generally not considered secure and unfortunately absolute security and protection is not possible, therefore we accept no liability for data transmitted to us via the internet.1.6 Erasure and Blocking of Personal Data
The Foundation shall process and store the Personal Data of the Data Subject for a period of 5 (five) years after the Data Subject has consented to the processing unless a different term is prescribed by the applicable legislation.
In a case where storage of the Personal Data is not required, or if a period of storage prescribed by the applicable legislation expires, the Personal Data of the Data Subject is blocked or erased in accordance with the applicable legal requirements.2. Rights of the Data Subject
The rights that are available to the Data Subjects in relation to their Personal Data held by us are outlined below. If you wish to exercise any of these rights, you may contact and notify the Data Controller at any time.2.1 Confirmation and Access
The Data Subject has the right to obtain (1) the confirmation from us as to whether or not the Personal Data concerning the Data Subject is being processed by us, and (2) the information regarding his/her Personal Data stored by us at any time for free, as well as request a copy of this information.
Additionally, the Data Subject has the right to access the following information regarding his/her Personal Data:
· the purposes of the processing;
· the categories of Personal Data concerned;
· the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular, recipients in third countries or international organisations;
· where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
· the existence of the right to request from the data controller rectification or erasure of Personal Data or restriction of processing of Personal Data concerning the Data Subject or to object to such processing;
· the right to lodge a complaint with a supervisory authority;
· where the Personal Data are not collected from the Data Subject, any available information as to their source;
· the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.
Additionally, the Data Subject has a right to obtain information as to whether Personal Data is transferred to a third country or to an international organisation. Where this is the case, the Data Subject has the right to be informed of the appropriate safeguards relating to the transfer.2.2 Rectification
The Data Subject has the right to request from the Data Controller the rectification of inaccurate Personal Data concerning the Data Subject without undue delay. Taking into account the purposes of the processing, the Data Subject has the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.2.3 Erasure (Right to be Forgotten)
The Data Subject has the right to request from the Data Controller the erasure of Personal Data concerning the Data Subject and the Data Controller shall erase Personal Data without undue delay in the following cases:
· the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
· the Data Subject withdraws consent on which the processing is based (in particular, according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, or Article 4(5) of the FADP), and where there is no other legal ground for the processing;
· the Data Subject objects to the processing pursuant to Article 21(1) of the GDPR or Article 12(2) of the FADP and there are no overriding legitimate grounds for the processing according to the applicable legislation;
· the Data Subject objects to the processing pursuant to Article 21(2) of the GDPR;
· the Personal Data have been unlawfully processed;
· the Personal Data have to be erased for compliance with a legal obligation in accordance with the applicable law to which the data controller is subject;
· the Personal Data have been collected in relation to the offer of Information Society Services.
If any one of the aforementioned reasons applies, and the Data Subject wishes to request the erasure of Personal Data stored by the Foundation, the Data Subject may at any time contact and notify the Data Controller, and the Data Controller shall ensure that the erasure request is complied with as soon as possible.2.4 Restriction of Processing
The Data Subject has the right to request from the Data Controller restriction of processing where one of the following applies:
· the accuracy of the Personal Data is contested by the Data Subject, for a period enabling the controller to verify the accuracy of the Personal Data;
· the processing is unlawful and the Data Subject opposes the erasure of the Personal Data and requests the restriction of their use instead;
· the Data Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
· the Data Subject has objected to processing pursuant to Article 21(1) of the GDPR, or Article 12(2) of the FADP pending the verification whether the legitimate grounds of the Data Controller override those of the Data Subject.
If any one of the aforementioned reasons applies, and the Data Subject wishes to request the restriction of the processing of Personal Data stored by the Foundation, the Data Subject may contact the Data Controller at any time, and we will arrange for the restriction of processing.2.5 Data Portability
The Data Subject has the right to receive the Personal Data concerning the Data Subject, which the Data Subject has provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller of data without hindrance from the Data Controller, as long as:
· the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR, or Article 4(5) of the FADP or on a contract pursuant to point (b) of Article 6(1) of the GDPR or points (a) and (c) of Article 13(2) of the FADP; and
· the processing is carried out by automated means.
This right shall not apply to the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Additionally, in exercising the Data Subject’s right to data portability pursuant to Article 20(1) of the GDPR, the Data Subject has the right to have Personal Data transmitted directly from one controller to another, where technically feasible, and when this does not adversely affect the rights and freedoms of others. 2.6 Objection
The Data Subject has the right to object, on the grounds relating to the Data Subject’s particular situation, to the processing of Personal Data concerning the Data Subject which is based on points (e) or (f) of Article 6(1) of the GDPR, or point (a) of Article 12(2) of the FADP, including profiling based on those provisions, at any time. The Data Controller shall no longer process the Personal Data unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.2.7 Automated Individual Decision-Making
The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the Data Subject or similarly significantly affects the Data Subject, as long as the decision:
· is not necessary for entering into, or performance of, a contract between the Data Subject and the Data Controller;
· is not authorised by the applicable law to which the Data Controller is subject and which also lays down suitable measures to safeguard the Data Subject's rights and freedoms and legitimate interests;
· is not based on the Data Subject's explicit consent.
If the decision 1) is necessary for entering into, or the performance of, a contract between the Data Subject and the Data Controller, or 2) is based on the Data Subject’s explicit consent, the Foundation shall implement suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Data Controller, to express their point of view and contest the decision.2.8 Withdrawal of Consent
The Data Subject has the right to withdraw the Data Subject’s consent at any time, except as it is required to: (a) carry out fraud detection; or (b) comply with any statutory or regulatory requirement or the order of a court or other public authority.
Please note that the Data Subject’s ability to participate in the activities of the Foundation may be impacted should the Data Subject withdraw his/her consent to the collection, use and disclosure of the Data Subject’s personal information. For example, If the Data Subject has given his/her consent to subscribe to the Foundation’s newsletter, this allows the Foundation to process the Personal Data of the Data Subject. If the Data Subject withdraws his/her consent, the Foundation will erase all Personal Data relating to the Data Subject collected in the context of the newsletter subscription from the Foundation’s database.3. Final Provisions3.1 Lodging a Complaint with the Supervisory Authority
Without prejudice to any other administrative or judicial remedy, each Data Subject has the right to lodge a complaint with a DPA in Switzerland, if the Data Subject considers that the processing of Personal Data relating to the Data Subject infringes the FADP or, if applicable, the GDPR, or lodge a complaint with the corresponding authority in the U.S., if the Data Subject considers that the processing of Personal Data relating to the Data Subject infringes the corresponding data protection laws of the United States of America.3.2 Provision of Personal Data