Privacy
XO Life GmbH ("XO Life", "we", "us", "our") protects your privacy and your private data. With this privacy notice, we inform you about how we handle data that is personally identifiable to you when you visit our website (www.medwatcher.io) as well as in connection with the use of our ImpactMonitor platform ("ImpactMonitor Platform"), e.g. name, place of residence, email addresses, but also information about your visit and use of our website or the ImpactMonitor Platform as well as data about your health.
1. person responsible
Responsible for the collection and processing of your personal data within the meaning of Article 4 No. 7 of the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") is:
XO Life GmbH
Agnes-Pockels-Bogen 1
80992 Munich
Email: info@xo-life.com
Phone: +49 (0) 89 2154 7481
Further information can be found in the imprint
For processing in the context of individual, product-specific areas (see section 4) in the ImpactMonitor platform, we are in some cases joint controllers within the meaning of Article 26 of the GDPR with the providers of the product for which the respective area is set up ("providers"). You can see who the provider is by accessing the privacy notices in the respective area.
As so-called joint controllers according to Art. 26 GDPR, we are jointly responsible for the processing of your data for the processing operations mentioned in section 4. To ensure your rights and taking into account the requirements of the GDPR, we have entered into an agreement that sets out rules on our joint processing of your personal data. We have agreed on how to ensure your rights and specified how we jointly fulfill our obligations under the GDPR. XO Life GmbH is available to you as a contact partner, in particular for the assertion of your rights under Section 10 of this data protection notice. However, you can contact any of the jointly responsible persons.
2. data protection officer
If you have any questions about the processing of personal data by XO Life, you can contact our data protection officer:
XO Life GmbH
Agnes-Pockels-Bogen 1
80992 Munich
Email: datenschutz@xo-life.com
Phone: +49 (0) 89 2154 7481
3. data processing when visiting the MedWatcher website
3.1 Log files
In order to make our website available and to ensure its functionality, the web server automatically records your visit in so-called server log files when you visit our website. The following data is processed in the process: Browser type and version, the operating system used by the terminal device used, the IP address of the requesting computer, access date and time of the server request, the duration of the stay on the website, the amount of data transferred, the location from which the user retrieves data from the website, connection data and sources and from which page the access is made.
Purpose
Thisdata is processed for the purpose of providing our website and for statistical evaluations as well as for the purpose of identifying and tracing unauthorized access to the web server and other criminal offenses.
Legal basisand legitimate interest
Thelegal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interests are to ensure IT security and the operation of our internet presence.
Receivers
Receivers ofthe data are our hosting service providers.
Duration of storage
Logfile informationis stored from the end of your respective website visit and automatically deleted after restart.
Possibility of objection
Dataprocessing is necessary for securing and operating the website. You exercise your objection by no longer accessing our website.
Obligation to provide the data
Theprovision of the aforementioned personal data is neither legally nor contractually required. However, without the provision, the service and functionality of our website cannot be guaranteed. In addition, individual services and services may not be available or may be limited.
3.2 General information about cookies
Cookies are small text files by which the user's terminal device can be identified. When using the ImpactMonitor platform, cookies are stored on your end device. Cookies can transmit information from our web server or third-party web servers to the user's web browser, where it is stored for later retrieval. A cookie usually contains the name of the domain from which the cookie data was sent, information about the age of the cookie, and an alphanumeric identifier.
Purpose
Weuse cookies to ensure the proper functioning of the website and to optimize your website experience.
Legal basisand legitimate interest
Thelegal basis for data processing is Art. 6 (1) p. 1 lit. f DSGVO. Our legitimate interests consist of the technical provision and guarantee of the operation of our internet presence and IT security, as well as the optimization of the presentation of our offer and direct marketing measures.No processing of personal data in connection with analysis or tracking takes place on our website for which we require your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO.
Receivers
Inaddition to the individual transfers outlined below, we pass on your data to our IT and hosting service providers strictly for the intended purpose - if at all necessary - and only to the extent required.
Duration of storage
Westore the data for as long as it is needed to fulfill the aforementioned purpose or until you delete the cookies.
Possibility of objection
Inasmuch asthe data processing is based on the legal basis Art. 6 para. 1 sentence 1 lit. a DSGVO, you have the right to revoke your consent at any time. You can do this by withdrawing your consent as described for the respective technology in section 3 or by deleting the cookies in your browser.Insofar as the data processing is based on the legal basis Art. 6 para. 1 sentence 1 lit. f DSGVO, you can object to the data processing. You can exercise your right to object by configuring your browser according to your wishes, for example, so that no cookies from third-party providers (so-called third-party cookies) or no cookies at all are stored or a notice always appears before a new cookie is created. In addition, cookies that have already been stored can be deleted at any time via the browser.
You can find out how to configure cookies for the popular browsers under the following links:
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/13.0/mac/10.15
Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Obligation to provide data
The provision of your personal data is neither legally nor contractually required. However, without the provision, the service and functionality of our website may not be guaranteed. In addition, individual services and services may not be available or may be limited.
3.3 Content Delivery Network CloudFlare
On our website, we use the Content Delivery Network of CloudFlare, Inc. 101 Townsend St, San Francisco, CA 94107, USA ("CloudFlare") through our hosting service provider. This routes the transfer of information between your browser and our website through CloudFlare's network, and your IP address is transmitted to CloudFlare's servers for further processing. CloudFlare is not used in the web app itself(app.medwatcher.io).
Purpose
By means ofCloudFlare, we are thus able to analyze the data traffic between you as a user and our websites in order to detect and ward off attacks on our services and to increase the loading speeds of our website.
Legal basis
Thelegal basis for the aforementioned data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest is to maintain the security and stability of our website and to improve the loading speed of our website.
Receiver/ Transfer to a third country
If applicable,personal data will be transferred to servers of CloudFlare in the USA and stored there. The transfer is secured by an order processing agreement and the conclusion of the EU standard contractual clauses, which in individual cases allow a transfer to so-called third countries outside the EU. Information on data protection at CloudFlare Inc. can be found here https://www.cloudflare.com/privacypolicy/.
Storage period
Datais only stored for as long as is necessary to check and assign your access.
Option to object
Dataprocessing is necessary for securing and operating the website. You exercise your objection by no longer accessing our website.
Obligation toprovide data
Theprovision of your data is voluntary. However, visiting our website is not possible without us using CloudFlare for this purpose.
3.4 Stability Testing and Monitoring by Sentry
We use the Sentry tool from Functional Software, Inc, 132 Hawthorne Street, San Francisco, California 94107, USA ("Sentry") to improve the technical stability of our services by monitoring system stability and identifying code errors. Sentry collects information about crashes and malfunctions of our services on your terminal device. In the process, your IP address is only collected in abbreviated anonymized form and transmitted to Sentry's servers together with technical data of the end device (such as operating system version, screen resolution, device ID).
Purpose
Withthe help of Sentry,weare able to monitor system stability and identify code errors.
Legal basisand legitimate interest
Dataprocessing is based on our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f DSGVO. Our legitimate interest is to create a website that works as error-free as possible and to maintain the security and stability of our website. By anonymizing the IP address, the interest of the user is sufficiently taken into account.
Empfänger/ Übermittlung in ein Drittland
If necessary, your data will be transferred to servers of Sentry in the USA in the event of an error message and stored there. The transfer is secured by an order processing agreement. Information on data protection at Sentry can be found here https://sentry.io/privacy/.
Duration of storage
Thedata will only be stored for as long as is necessary for the (error) analysis of your specific access.
Option of objection
Dataprocessing is necessary for securing and operating the website. You exercise your objection by no longer accessing our website.
Obligation toprovide data
Theprovision of your data is voluntary. However, it is not possible to visit our website without us conducting an error analysis.
3.5 Web analysis (Matomo)
Cookies We use the open source software Matomo from InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, to analyze and statistically evaluate the use of the website ("Matomo"). Matomo sets a cookie on the user's terminal device. Through this, three bytes of the IP address, the accessed website, the so-called referrer URL (the website from which the user has reached the accessed website), accessed subpages, the duration and frequency of the website visit are recorded. During your visit, Matomo collects a so-called device fingerprint: This retrieves information about your browser, the operating system you use and also any do-not-track settings. In addition, location, time and audio settings, screen resolution or installed browser plugins may be collected. Device fingerprint data is anonymized. Matomo runs exclusively on the servers of our website. The collected information is only stored there. We have configured Matomo so that the IP address is not stored in full and the last byte is masked (ex. 192.168.1.x). It is no longer possible to assign the shortened IP address to you or your end device.
Purpose
Theinformation is used to evaluate the use of the website and to enable us to design our offers in line with requirements and to optimize them.
Legal basis
The legal basis forthis processing is Art. 6 (1) sentence 1 lit. f DSGVO. The legitimate interest is that we analyze your activities on the website in order to optimize our offer. By anonymizing the IP address, the interest of users in their personal data protection is sufficiently taken into account.
Receiver
Ourwebsite, including Matomo, is provided by our hosting service providers as part of order processing. The information is not passed on to third parties, as we store the data locally.
Storage period
Thecookies are stored for up to one year.
Option to object
You can prevent the collection of data generated by the cookie and related to your use, as well as the processing of this data by Matomo, by configuring your browser or terminal device accordingly.
Obligationto provide your data
Theprovision of your data is voluntary. Please note that if you object to the use of Matomo, you may not be able to use the website in full or at all.
4. data processing when using the ImpactMonitor platform.
The ImpactMonitor Platform is a Patient Insight Platform where you can add and use different areas. We provide you with one as a general area our MedWatcher. You can add other areas that are appropriate and relevant to you. These include product-specific ImpactMonitor areas ("Product Area") set up at the behest of the vendor for a specific product. As a user of the Product, you have the option to add and use the relevant Product Area in the ImpactMonitor Platform.
4.1 Logfiles
Cookies In order to provide the ImpactMonitor Platform and to ensure its functionality, your visit to the ImpactMonitor Platform is automatically recorded in so-called server log files. The explanations to section 3.1 apply accordingly with the proviso that less data is processed in the ImpactMonitor Platform, namely: browser type and version, the operating system used by the end device used, the IP address of the requesting end device in anonymized form (192.168.1.1 becomes 192.168.1.x) as well as the access date and time of the server request and transferred data volume. Anonymized log files are not deleted.
4.2 Operation of the ImpactMonitor Platform
Cookies For the operation of the ImpactMonitor platform via web app, the explanations regarding section 3.2 (cookies), section 3.4 (Sentry) and section 3.5 (Matomo) apply accordingly.
4.3 Registering a user account
Cookies In order to use the ImpactMonitor platform, you must register as a user with a user account. If you have registered a user account for a product area or the MedWatcher, you can use this user account for the entire ImpactMonitor Platform, including all other areas added by them. For registration, we process your email address and the password you have assigned. You can add information to your user account during the further course of use. This includes demographic data (age, place of residence) and data on medications taken, medical products and cosmetics used, as well as existing medical conditions, insofar as you provide information on these.
Purpose
Thedata is processed in order to create your user account in the ImpactMonitor platform in accordance with the user agreement with you.
Legal basis
Thelegal basis for data processing is Art. 6 (1) sentence 1 lit. b DSGVO, as we require the data for the purpose of fulfilling the user agreement with you. If we process health data from you within the meaning of Art. 4 No. 15 DSGVO, in particular information on medications or medical conditions, the legal basis for this is your express consent pursuant to Art. 9 (2) a DSGVO.
Recipients
Yourdata will be passed on to our IT service providers as part of order processing, insofar as this is necessary.
Storage period
Weprocess your data until you revoke your consent by deleting individual details or your user account.
Revocation option
Youcan revoke your consent at any time by removing individual details about yourself from your profile or deleting your entire user account.
Obligation to provide your data
There is no legal obligation to provide your data. However, if you do not provide us with your data, it will not be possible to create or link your user account.
4.4 Use of the functions of the ImpactMonitor platform
CookiesAs a registered user, you have the possibility to use the various functions of the ImpactMonitor platform. You can provide information about the medicines you take, other pharmaceutical products or (medical) products you use, as well as add medical conditions. You can add product areas based on your information. Based on your information, MedWatcher and the product areas will suggest suitable questionnaires for you to answer. In this way, you can obtain information on the experiences of users with similar clinical pictures or indications (peer statistics). In the ImpactMonitor platform, you also have the option of directly reporting side effects of the product. We process your activities in the ImpactMonitor platform to show you your advancement in our Achievement Program and reward you with points from our point system. In addition, you will receive information and content relevant or interesting to you about vendors, products and product areas. Finally, you have the opportunity to communicate with us, providers or peers by making use of existing interaction features.
Purpose
Weprocess your data to enable you to use the various features of the ImpactMonitor platform.
Legal basis
So far aswe process health data of you within the meaning of Art. 4 No. 15 DSGVO, the legal basis for this is your explicit consent pursuant to Art. 9 (2) lit. a DSGVO. For the remaining data, the legal basis for data processing is Art. 6 (1) p. 1 lit. b DSGVO, as we process the data for the purpose of fulfilling the usage contract with you.
Receiver
Yourdata will be passed on to our IT service providers as part of order processing, insofar as this is necessary. Provided you use the interaction functions, people to whom you send messages can view the data transmitted in the message. Registered users can see your public reactions or comments.
Storage period
Weprocess your data until you revoke your consent by deleting individual details, messages, reactions or comments or by deleting your user account.
Revocation option
Youcan revoke your consent at any time by removing individual details about yourself from your profile, messages, reactions or comments or by deleting your entire user account. Data from analyses already carried out cannot be deleted.
Obligationto provide your data
Thereis no legal obligation to provide your data. However, if you do not provide us with your data, not all functions of the ImpactMonitor platform may be available to you.
4.5 Pseudonymization and anonymization
Cookies We pseudonymize and anonymize your personal health data from your user profile and the health data you provided as part of answering questionnaires (see section 4.4).Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.Anonymization involves changing your data in such a way that it can no longer be assigned to your person or can only be assigned with a disproportionately large technical effort.Pseudonymization and also anonymization of your data can, however, never completely rule out the subsequent assignment of information to your person via other sources, e.g., information you provide in social media. A residual risk of traceability to your person therefore remains. This is particularly the case if you publish genetic or other health data yourself, e.g. for genealogical research on the Internet. If your data should fall into unauthorized hands despite extensive technical and organizational protective measures and a reference to your person is then made despite the absence of name information, a discriminatory or otherwise harmful use of the data for you and possibly also close relatives cannot be ruled out.
Purpose
Weanonymize your data for statistical purposes, in particular to provide you with statistical evaluations in the form of peer statistics (see section 4.4). We also use anonymized data for our own statistical purposes, in particular for product improvement, as well as to provide anonymized overviews to providers (see section 4.6).We pseudonymize your data in order to be able to analyze it for our own statistical purposes, in particular for product improvement, as well as to be able to provide it to providers relevant to you (see section 4.6).
Legal basis
Legal basis forthe pseudonymization and anonymization and analysis of your health data in. S. d. Art. 4 No. 15 DSGVO for this purpose is your express consent pursuant to Art. 9 (2) lit. a DSGVO.
Receivers
Yourdata will be passed on to our IT service providers as part of order processing, insofar as this is necessary.
Storageperiod
Wewill process your data until you revoke your consent by deleting individual details about yourself or your user account. We cannot delete anonymized data because it can no longer be assigned to you.
Revocation option
Youcan revoke your consent at any time by deleting individual details about yourself from your profile or your entire user account.
Obligationto provide your data
There is no legal obligation to provide your data. However, if you do not provide us with your data, not all functions of the ImpactMonitor platform may be available to you.
4.6 Aggregation and transmission of data to providers
Cookies As a user of the ImpactMonitor platform, you are a user of drugs, medical devices or other pharmaceutical, cosmetic or medical products. Providers, i.e. manufacturers or distributors of these products (e.g. pharmaceutical entrepreneur, medical device manufacturer or another company in the life science industry) or members of medical professions, self-help groups or research institutions have an interest in the (health) data you provide in the context of using the ImpactMonitor Platform, in particular answering questionnaires (see section 4.4), e.g. to conduct market research, to perform or validate product safety reviews or for scientific research purposes. In order to be able to offer you the free functions of the ImpactMonitor platform, we therefore share your data, including adverse event reports, with providers exclusively in a pseudonymized and anonymized form (see section 4.5). In doing so, we ensure that providers cannot identify you or assign the transmitted data to you personally.If you use multiple product areas in the ImpactMonitor platform, your data from the different product areas will be merged before transmission in order to give providers a more comprehensive picture of the use of their products and thus increase patient safety. Providers are thus still unable to identify you. You will not be involved in any commercial benefit that may result from the processing of your data.
Purpose
Weprocess your pseudonymized and anonymized (health) data in order to transfer them to providers.
Legal basis
The legal basis forprocessing your health data within the meaning of Art. 4 No. 15 DSGVO for this purpose is your express consent pursuant to Art. 9 (2) lit. a DSGVO.
Recipients
Recipientsof your data within the scope of commissioned processing are our IT service providers as well as the aforementioned providers in states of the European Union or the European Economic Area or in further countries where the European Commission has determined an adequate level of data protection, in particular pharmaceutical entrepreneurs, medical device manufacturers and other companies of the life science industry as well as members of medical professions, self-help groups and research institutions for which your data is relevant.
Storage period
Weonly transmit your data until you revoke your consent by deleting individual details about yourself or your user account. We cannot delete anonymized data as it can no longer be assigned to you.
Revocation option
Youcan revoke your consent at any time by deleting individual details about yourself from your profile or your entire user account.
Obligation toprovide your data
There is no legal obligation to provide your data. However, if you do not provide us with your data, not all functions of the ImpactMonitor platform may be available to you.
4.7 Communications
CookiesIn certain circumstances, we will send you emails with which we would like to introduce you to our products and services or exciting new offers, possibly give you a little treat with a voucher or determine your satisfaction. You will receive these promotional e-mails without the need for consent if we receive your e-mail address from you in connection with the registration of a user account and have not received any objection from you with regard to promotional e-mails. In this case, we may send you advertisements about our services that are similar to or related to the services you are using. If you provide consent in your system or device settings, we will also send you communications using push and browser notifications in the ImpactMonitor platform. If you have given your consent to the processing of your health data for advertising purposes, we may send you advertising tailored to your needs. We can then inform you, for example, about new product ranges for indications you have indicated or products you use.
Purpose
Wesend you communications for the purpose of direct marketing to inform you about our offers and services.
Legal basisand legitimate interest
The legal basis forprocessing your data for sending the e-mails, for which we do not require your consent, is Art. 6 (1) lit. f DSGVO. Our legitimate interests are to send you advertising in the form of direct marketing. Based on the contractual relationship existing between you and us and the information provided by us in the context of this privacy notice, we assume that you consent to the advertising sent by us, especially because you can unsubscribe at any time by simply clicking at the end of the emails if you are not interested. The legal basis for the communications by means of push and browser notifications is your consent pursuant to Art. 6 (1) lit. a DSGVO. The legal basis for the processing of your health data is your consent pursuant to Art. 9 (2) lit. a DSGVO.
Recipient
Weshareyourdata with our IT service providers strictly for the intended purpose, if at all necessary, and only to the extent required as part of order processing.
Storage period
Yourdata will be stored for sending communications for as long as it is needed for this purpose or until you object to the processing of your data for this purpose or revoke your consent.
Option to object/revocation
Youcan unsubscribe fromoure-mails at any time. For this purpose, you will find a corresponding opt-out link in every advertising email. You can deactivate push and browser notifications in your device or system settings.
Obligation toprovide your data
Wereceive your e-mail data as part of the contractual relationship existing between you and us. Without providing this data, it is not possible to create a user account. However, you may object to the processing of your data for the purpose of sending e-mails at any time in accordance with the above information. Consent to receive push and browser notifications is voluntary.
5. data processing when contacting us via e-mail or telephone.
You can contact us via the e-mail addresses and telephone numbers provided by us. If you make use of this option, your personal data transmitted with the e-mail or by means of a telephone call will be processed.
Purpose
Weprocess your data for the purpose of processing your inquiry.
Legal basisand legitimate interest
Ifthe purpose of contacting you is to conclude a contract or if your contact concerns an existing contract, Art. 6 (1) lit. b DSGVO is the legal basis for the processing. The legal basis for processing your data in the other cases is Art. 6 para. 1 p. 1 lit. f DSGVO. The legitimate interest in these cases results from the fact that we can only perform the action requested by you (e.g. answering inquiries) by processing your data accordingly.
Receivers
Inthe course of processing your inquiry, your data will be transmitted to our IT and service providers as well as to our employees who process your inquiry as part of order processing.
Durationof storage
Wegenerally store your data until we have completely answered your inquiry.
Possibility of objection
Thedata processing is necessary for processing your inquiry. You can prevent us from collecting your data by not sending us an inquiry.
Obligation toprovide your data
Thereis no legal obligation to provide your data. However, if you do not provide us with your data, it is already not possible to contact us or not via any means of communication.
6. further information on XO Life
For more information about XO Life, visit www.xo-life.com.
7. data security
Within your visit to our website(section 3), we use the common TLS (Transport Layer Security) procedure in connection with the highest encryption level supported by your browser. We use HTTP Strict Transport Security (HSTS) and automatic forwarding to ensure that all pages of our website are transmitted in encrypted form. You can recognize this by the closed display of the key or lock symbol in the lower status bar of your browser. When data is stored, it is protected on the storage medium using modern encryption methods. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.In particular in connection with the processing of your data in the ImpactMonitor platform(section 4), we maintain the highest security standards. In addition to the pseudonymization and anonymization of data(section 4.5), our servers are provided in ISO 27001 certified data centers in Germany.
7. data security
Within your visit to our website(section 3), we use the common TLS (Transport Layer Security) procedure in conjunction with the highest encryption level supported by your browser. We use HTTP Strict Transport Security (HSTS) and automatic forwarding to ensure that all pages of our website are transmitted in encrypted form. You can recognize this by the closed display of the key or lock symbol in the lower status bar of your browser. When data is stored, it is protected on the storage medium using modern encryption methods. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
We maintain the highest security standards, particularly in connection with the processing of your data in the ImpactMonitor platform(section 4). In addition to the pseudonymization and anonymization of data(section 4.5), our servers are provided in ISO 27001 certified data centers in Germany.
Despite the high data security standards we have established, a residual risk to the security of your personal data can unfortunately not be completely excluded.
8. transfer to a so-called third country
Unless otherwise stated in this Privacy Notice, we do not transfer your data to countries outside the European Economic Area.
9 How long we store your personal data
Unless a shorter storage period results from the other provisions of this data protection notice, we store your personal data only for as long as is necessary to fulfill the respective purposes, and thereafter only to the extent and to the extent that we are obligated to do so due to mandatory statutory retention obligations. If we no longer need your data for the purposes described in this data protection notice, it will only be stored during the respective statutory retention period and not processed for other purposes.
10. your rights
If we process your personal data, you have the following rights against us:
10.1 Right to information
You may request confirmation from us as to whether personal data concerning you is being processed by us. If such processing exists, you can request information from us about the information listed in Art. 15 DSGVO. If you exercise your right without telling us what specific information you want, we will provide you with all the information pursuant to Art. 15 DSGVO.
10.2 Right of rectification
You have a right against us to have your personal data corrected or completed if the processed personal data concerning you is inaccurate or incomplete.
10.3 Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
- If you dispute the accuracy of the personal data concerning you. This applies for a period of time that allows us to verify the accuracy of the personal data.
- The processing is unlawful. You object to the erasure of the personal data and instead request the restriction of the use of the personal data.
- We no longer need your personal data for the purpose of processing. However, you need them for the assertion, exercise or defense of legal claims.
- If you have objected to the processing pursuant to Article 21 (1) DSGVO and it is not yet clear whether our legitimate grounds for further processing override your interests. If the processing of personal data concerning you has been restricted, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.
If the processing has been restricted in accordance with the above-mentioned conditions, you will be informed by us before the restriction is lifted.
10.4 Right to deletion
10.4.1 Obligation to delete
You may request us to delete the personal data concerning you without delay. For our part, we have a duty to delete this data without delay if one of the reasons listed in Art. 17 DSGVO applies. Anonymous data cannot be deleted.
10.4.2 Information to third parties
If we have made the personal data concerning you public in an individual case and we are obliged to erase it pursuant to Article 17 (1) of the GDPR, we shall take reasonable measures, including technical measures, taking into account the available technologies and the costs of implementation, to inform the data controllers processing the personal data that you, as the data subject, have requested them to erase all links to or copies or replications of such personal data. However, as a matter of principle, we do not make your personal data public.
10.4.3 Exceptions
The right to erasure does not exist insofar as the processing of personal data concerning you is necessary
- for the exercise of the right to freedom of expression and information;
- for compliance with a legal obligation which requires processing under Union or German law, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO;
- for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Art. 89(1) DSGVO, insofar as the erasure is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
- to assert, exercise or defend legal claims.
10.4.4 Right to information
If you have asserted the right to rectification, erasure or restriction of processing of your personal data against us, we are obliged to notify all recipients of your personal data of this rectification or erasure of the data or restriction of processing. This does not apply if the notification proves impossible or would involve a disproportionate effort. You have the right against us to be informed about these recipients.
10.5 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller, provided that:
- the processing is based on consent pursuant to Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO or on a contract pursuant to Art. 6(1)(b) DSGVO and
- the processing is carried out with the aid of automated procedures. If you so request and insofar as it is technically feasible for us and the freedoms and rights of other persons are not thereby impaired, we shall transfer the personal data relating to you directly to the other controller.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
10.6 Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to the creation of user profiles based on these provisions.
We will no longer process the personal data concerning you after your objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to processing of personal data concerning you for the purposes of such marketing; this also applies to user profiling insofar as it is related to such direct marketing.
10.7 Automated decision-making in individual cases including user profiling
Where certain decisions on our part are based solely on automated processing - including user profiling - you have the right not to be subject to such a decision which produces legal effects concerning you or similarly significantly affects you. However, this does not apply if:
- the decision is necessary for the conclusion or performance of a contract between you and us,
- the decision is permitted by Union or German law and that law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
- this form of decision-making is carried out with your explicit consent.
10.8 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the provisions of data protection law, including the GDPR.
10.9 Revocation of consent given
If you have given your consent under data protection law, you have the right to revoke this consent at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. If you have given several declarations of consent under data protection law, please tell us which of the consents you are revoking. If we do not receive such a specification even upon request, we will assume that your revocation applies to all consents granted up to that point. We will then terminate the data processing activities based on the consents.
11. links to third party websites
Please note that our website may contain links to content of other providers to which this data protection notice does not apply. We have no influence on these websites and also not on whether they comply with the applicable data protection provisions.
12. updating of the data protection information
The constant development of technology and the Internet makes it necessary to adapt our data protection information from time to time. We reserve the right to change this privacy policy at any time with effect for the future. The latest version is available on our website. Please visit the website regularly and inform yourself about the current data protection information.
Last updated: August 2022
![MedWatcher's many features such as an expert questions, medications, health library and secure health information](https://cdn.prod.website-files.com/65438139a392532676bf1a5f/65438139a392532676bf1b34_cta-image_medwatcher.webp)
Your health matters.
MedWatcher helps you to improve it.
Improving your health has never been easier. Get your digital health companion and understand how you can improve your course of treatment.