Privacy
XO Life GmbH ("XO Life", "we", "us", "our") protects your privacy and your private data. With this privacy notice, we inform you about how we handle data that is personally identifiable to you when you visit our website (www.medwatcher.io) as well as in connection with the use of our ImpactMonitor platform ("ImpactMonitor Platform"), e.g. name, place of residence, email addresses, but also information about your visit and use of our website or the ImpactMonitor Platform as well as data about your health.
1. person responsible
Responsible for the collection and processing of your personal data within the meaning of Article 4 No. 7 of the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") is:
XO Life GmbH
Agnes-Pockels-Bogen 1
80992 Munich
Email: info@xo-life.com
Phone: +49 (0) 89 2154 7481
Further information can be found in the imprint
For processing in the context of individual, product-specific areas (see section 4) in the ImpactMonitor platform, we are in some cases joint controllers within the meaning of Article 26 of the GDPR with the providers of the product for which the respective area is set up ("providers"). You can see who the provider is by accessing the privacy notices in the respective area.
As so-called joint controllers according to Art. 26 GDPR, we are jointly responsible for the processing of your data for the processing operations mentioned in section 4. To ensure your rights and taking into account the requirements of the GDPR, we have entered into an agreement that sets out rules on our joint processing of your personal data. We have agreed on how to ensure your rights and specified how we jointly fulfill our obligations under the GDPR. XO Life GmbH is available to you as a contact partner, in particular for the assertion of your rights under Section 10 of this data protection notice. However, you can contact any of the jointly responsible persons.
2. data protection officer
If you have any questions about the processing of personal data by XO Life, you can contact our data protection officer:
XO Life GmbH
Agnes-Pockels-Bogen 1
80992 Munich
Email: datenschutz@xo-life.com
Phone: +49 (0) 89 2154 7481
3. data processing when visiting the MedWatcher website
3.1 Log files
In order to make our website available and to ensure its functionality, the web server automatically records your visit in so-called server log files when you visit our website. The following data is processed in the process: Browser type and version, the operating system used by the terminal device used, the IP address of the requesting computer, access date and time of the server request, the duration of the stay on the website, the amount of data transferred, the location from which the user retrieves data from the website, connection data and sources and from which page the access is made.
Purpose
Thisdata is processed for the purpose of providing our website and for statistical evaluations as well as for the purpose of identifying and tracing unauthorized access to the web server and other criminal offenses.
Legal basisand legitimate interest
Thelegal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interests are to ensure IT security and the operation of our internet presence.
Receivers
Receivers ofthe data are our hosting service providers.
Duration of storage
Logfile informationis stored from the end of your respective website visit and automatically deleted after restart.
Possibility of objection
Dataprocessing is necessary for securing and operating the website. You exercise your objection by no longer accessing our website.
Obligation to provide the data
Theprovision of the aforementioned personal data is neither legally nor contractually required. However, without the provision, the service and functionality of our website cannot be guaranteed. In addition, individual services and services may not be available or may be limited.
3.2 General information about cookies
Cookies are small text files by which the user's terminal device can be identified. When using the ImpactMonitor platform, cookies are stored on your end device. Cookies can transmit information from our web server or third-party web servers to the user's web browser, where it is stored for later retrieval. A cookie usually contains the name of the domain from which the cookie data was sent, information about the age of the cookie, and an alphanumeric identifier.
Purpose
Weuse cookies to ensure the proper functioning of the website and to optimize your website experience.
Legal basisand legitimate interest
Thelegal basis for data processing is Art. 6 (1) p. 1 lit. f DSGVO. Our legitimate interests consist of the technical provision and guarantee of the operation of our internet presence and IT security, as well as the optimization of the presentation of our offer and direct marketing measures.No processing of personal data in connection with analysis or tracking takes place on our website for which we require your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO.
Receivers
Inaddition to the individual transfers outlined below, we pass on your data to our IT and hosting service providers strictly for the intended purpose - if at all necessary - and only to the extent required.
Duration of storage
Westore the data for as long as it is needed to fulfill the aforementioned purpose or until you delete the cookies.
Possibility of objection
Inasmuch asthe data processing is based on the legal basis Art. 6 para. 1 sentence 1 lit. a DSGVO, you have the right to revoke your consent at any time. You can do this by withdrawing your consent as described for the respective technology in section 3 or by deleting the cookies in your browser.Insofar as the data processing is based on the legal basis Art. 6 para. 1 sentence 1 lit. f DSGVO, you can object to the data processing. You can exercise your right to object by configuring your browser according to your wishes, for example, so that no cookies from third-party providers (so-called third-party cookies) or no cookies at all are stored or a notice always appears before a new cookie is created. In addition, cookies that have already been stored can be deleted at any time via the browser.
You can find out how to configure cookies for the popular browsers under the following links:
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/13.0/mac/10.15
Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Obligation to provide data
The provision of your personal data is neither legally nor contractually required. However, without the provision, the service and functionality of our website may not be guaranteed. In addition, individual services and services may not be available or may be limited.
3.3 Stability testing and monitoring by Sentry
We use the Sentry tool from Functional Software, Inc, 132 Hawthorne Street, San Francisco, California 94107, USA ("Sentry") to improve the technical stability of our services by monitoring system stability and detecting code errors. Sentry is used to collect information about crashes and malfunctions of our services on your device. Your IP address is only collected in a shortened, anonymized form and transmitted to Sentry's servers together with technical data of the end device (such as operating system version, screen resolution, device ID).
Purpose
Withthe help of Sentry,weare able to monitor system stability and detect code errors.
Legal basisand legitimate interest
Dataprocessing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to create a website that works as error-free as possible and to maintain the security and stability of our website. By anonymizing the IP address, the interest of the user is sufficiently taken into account.
Recipient/ transfer to a third country
If necessary,your data will be transferred to Sentry servers in the USA and stored there in the event of an error message. The transfer is secured by an order processing agreement. Information on data protection at Sentry can be found here https://sentry.io/privacy/.
Storage period
Datawill only be stored for as long as is necessary for the (error) analysis of your specific access.
Option to object
Dataprocessing is necessary for the security and operation of the website. You can exercise your objection by no longer accessing our website.
Obligationto provide data
Youprovide your data voluntarily. However, it is not possible to visit our website without us carrying out an error analysis.
3.4 Web analysis (Matomo)
Cookies We use the open source software Matomo from InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, to analyze and statistically evaluate the use of the website ("Matomo"). Matomo places a cookie on the user's device. This records three bytes of the IP address, the website accessed, the so-called referrer URL (the website from which the user came to the website accessed), sub-pages accessed, the duration and frequency of the website visit. During your visit, Matomo records a so-called device fingerprint: This retrieves information about your browser, the operating system you are using and also any do-not-track settings. In addition, location, time and audio settings, screen resolution or installed browser plug-ins can be recorded. The device fingerprint data is anonymized. Matomo runs exclusively on the servers of our website. The information collected is only stored there. We have configured Matomo so that the IP address is not stored in full and the last byte is masked (e.g. 192.168.1.x). It is no longer possible to assign the shortened IP address to you or your end device.
Purpose
Theinformation is used to evaluate the use of the website and to enable a needs-based design of our offers and to optimize them.
Legal basis
The legal basisfor this processing is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest is that we analyze your activities on the website in order to optimize our offer. By anonymizing the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.
Recipient
Ourwebsite, including Matomo, is provided by our hosting service provider as part of order processing. The information is not passed on to third parties, as we store the data locally.
Storage period
Thecookies are stored for up to one year.
Option to object
Youcan prevent the collection of data generated by the cookie and related to your use and the processing of this data by Matomo by configuring your browser or device accordingly.
Obligationto provide your data
Theprovision of your data is voluntary. We would like to point out that if you object to the use of Matomo, you may not be able to use the website or may not be able to use it to its full extent.
3.5 Push notifications through OneSignal
To send push notifications in our iOS and Android apps, we use the technology of the provider OneSignal, 201 San Antonio Circle Suite #140, Mountain View, CA, USA. OneSignal has undertaken to comply with the EU-US Privacy Shield Agreement between the EU and the USA on the collection, use and storage of personal data from EU member states by obtaining EU-US Privacy Shield certification from the US Department of Commerce. We do not send any personal data to OneSignal. The IP address of the device/browser from which the visit is made is not stored on the OneSignal servers by users in the EU. In order to be able to send you push notifications, it is necessary that non-personal data, such as a message, is transmitted to the OneSignal servers. The data collected by the OneSignal SDK is as follows: First Session Time, Last Session Time, the operating system of the device/browser, the language the device/browser reports, whether push notifications are enabled or disabled on the device/browser, the version of the application the user ran in the last session, the name of your mobile application, the mobile carrier used by the device, and the model name of the device/browser. We also send usage-related data, such as the time at which a questionnaire was completed, to OneSignal in the form of a tag. We use this data to send you push notifications that are as relevant and tailored as possible. You can find more information here: https://documentation.onesignal.com/docs/data-collected-by-the-onesignal-sdk
Purpose
Afteryou log in to your account for the first time, we will ask you for your consent to receive push notifications on your smartphone. The push notifications are sent to alert you to news. Consent is given by device. If you consent, you will regularly receive push notifications from our app.
Legalbasis
The legal basis for the use of push notifications is your consent (Art. 6 (1) lit. a GDPR).
Recipient
Theabove data, which relates to the creation of segments for sending push notifications, is sent to OneSignal in the form of a tag.
Storage period
Recordsof notifications sent via OneSignal's API are deleted approximately 30 days after delivery.
Option to object
Youhave the option to unsubscribe from push notifications at any time if you no longer wish to receive them. You can unsubscribe from push notifications in your smartphone settings.
Obligationto provide your data
Theprovision of your data is voluntary. We would like to point out that if you object to the use of push notifications, you will not be able to use some features or will not be able to use them to their full extent. One example of this is the reminder function for taking tablets.
4. data processing when using the ImpactMonitor platform.
The ImpactMonitor Platform is a Patient Insight Platform where you can add and use different areas. We provide you with one as a general area our MedWatcher. You can add other areas that are appropriate and relevant to you. These include product-specific ImpactMonitor areas ("Product Area") set up at the behest of the vendor for a specific product. As a user of the Product, you have the option to add and use the relevant Product Area in the ImpactMonitor Platform.
4.1 Logfiles
Cookies In order to provide the ImpactMonitor Platform and to ensure its functionality, your visit to the ImpactMonitor Platform is automatically recorded in so-called server log files. The explanations to section 3.1 apply accordingly with the proviso that less data is processed in the ImpactMonitor Platform, namely: browser type and version, the operating system used by the end device used, the IP address of the requesting end device in anonymized form (192.168.1.1 becomes 192.168.1.x) as well as the access date and time of the server request and transferred data volume. Anonymized log files are not deleted.
4.2 Operation of the ImpactMonitor Platform
Cookies For the operation of the ImpactMonitor platform via web app, the explanations regarding section 3.2 (cookies), section 3.4 (Sentry) and section 3.5 (Matomo) apply accordingly.
4.3 Registering a user account
Cookies In order to use the ImpactMonitor platform, you must register as a user with a user account. If you have registered a user account for a product area or the MedWatcher, you can use this user account for the entire ImpactMonitor Platform, including all other areas added by them. For registration, we process your email address and the password you have assigned. You can add information to your user account during the further course of use. This includes demographic data (age, place of residence) and data on medications taken, medical products and cosmetics used, as well as existing medical conditions, insofar as you provide information on these.
Purpose
Thedata is processed in order to create your user account in the ImpactMonitor platform in accordance with the user agreement with you.
Legal basis
Thelegal basis for data processing is Art. 6 (1) sentence 1 lit. b DSGVO, as we require the data for the purpose of fulfilling the user agreement with you. If we process health data from you within the meaning of Art. 4 No. 15 DSGVO, in particular information on medications or medical conditions, the legal basis for this is your express consent pursuant to Art. 9 (2) a DSGVO.
Recipients
Yourdata will be passed on to our IT service providers as part of order processing, insofar as this is necessary.
Storage period
Weprocess your data until you revoke your consent by deleting individual details or your user account.
Revocation option
Youcan revoke your consent at any time by removing individual details about yourself from your profile or deleting your entire user account.
Obligation to provide your data
There is no legal obligation to provide your data. However, if you do not provide us with your data, it will not be possible to create or link your user account.
4.4 Use of the functions of the ImpactMonitor platform
CookiesAs a registered user, you have the possibility to use the various functions of the ImpactMonitor platform. You can provide information about the medicines you take, other pharmaceutical products or (medical) products you use, as well as add medical conditions. You can add product areas based on your information. Based on your information, MedWatcher and the product areas will suggest suitable questionnaires for you to answer. In this way, you can obtain information on the experiences of users with similar clinical pictures or indications (peer statistics). In the ImpactMonitor platform, you also have the option of directly reporting side effects of the product. We process your activities in the ImpactMonitor platform to show you your advancement in our Achievement Program and reward you with points from our point system. In addition, you will receive information and content relevant or interesting to you about vendors, products and product areas. Finally, you have the opportunity to communicate with us, providers or peers by making use of existing interaction features.
Purpose
Weprocess your data to enable you to use the various features of the ImpactMonitor platform.
Legal basis
So far aswe process health data of you within the meaning of Art. 4 No. 15 DSGVO, the legal basis for this is your explicit consent pursuant to Art. 9 (2) lit. a DSGVO. For the remaining data, the legal basis for data processing is Art. 6 (1) p. 1 lit. b DSGVO, as we process the data for the purpose of fulfilling the usage contract with you.
Receiver
Yourdata will be passed on to our IT service providers as part of order processing, insofar as this is necessary. Provided you use the interaction functions, people to whom you send messages can view the data transmitted in the message. Registered users can see your public reactions or comments.
Storage period
Weprocess your data until you revoke your consent by deleting individual details, messages, reactions or comments or by deleting your user account.
Revocation option
Youcan revoke your consent at any time by removing individual details about yourself from your profile, messages, reactions or comments or by deleting your entire user account. Data from analyses already carried out cannot be deleted.
Obligationto provide your data
Thereis no legal obligation to provide your data. However, if you do not provide us with your data, not all functions of the ImpactMonitor platform may be available to you.
4.5 Pseudonymization and anonymization
Cookies We pseudonymize and anonymize your personal health data from your user profile and the health data you provided as part of answering questionnaires (see section 4.4).Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.Anonymization involves changing your data in such a way that it can no longer be assigned to your person or can only be assigned with a disproportionately large technical effort.Pseudonymization and also anonymization of your data can, however, never completely rule out the subsequent assignment of information to your person via other sources, e.g., information you provide in social media. A residual risk of traceability to your person therefore remains. This is particularly the case if you publish genetic or other health data yourself, e.g. for genealogical research on the Internet. If your data should fall into unauthorized hands despite extensive technical and organizational protective measures and a reference to your person is then made despite the absence of name information, a discriminatory or otherwise harmful use of the data for you and possibly also close relatives cannot be ruled out.
Purpose
Weanonymize your data for statistical purposes, in particular to provide you with statistical evaluations in the form of peer statistics (see section 4.4). We also use anonymized data for our own statistical purposes, in particular for product improvement, as well as to provide anonymized overviews to providers (see section 4.6).We pseudonymize your data in order to be able to analyze it for our own statistical purposes, in particular for product improvement, as well as to be able to provide it to providers relevant to you (see section 4.6).
Legal basis
Legal basis forthe pseudonymization and anonymization and analysis of your health data in. S. d. Art. 4 No. 15 DSGVO for this purpose is your express consent pursuant to Art. 9 (2) lit. a DSGVO.
Receivers
Yourdata will be passed on to our IT service providers as part of order processing, insofar as this is necessary.
Storageperiod
Wewill process your data until you revoke your consent by deleting individual details about yourself or your user account. We cannot delete anonymized data because it can no longer be assigned to you.
Revocation option
Youcan revoke your consent at any time by deleting individual details about yourself from your profile or your entire user account.
Obligationto provide your data
There is no legal obligation to provide your data. However, if you do not provide us with your data, not all functions of the ImpactMonitor platform may be available to you.
4.6 Aggregation and transmission of data to providers
Cookies As a user of the ImpactMonitor platform, you are a user of drugs, medical devices or other pharmaceutical, cosmetic or medical products. Providers, i.e. manufacturers or distributors of these products (e.g. pharmaceutical entrepreneur, medical device manufacturer or another company in the life science industry) or members of medical professions, self-help groups or research institutions have an interest in the (health) data you provide in the context of using the ImpactMonitor Platform, in particular answering questionnaires (see section 4.4), e.g. to conduct market research, to perform or validate product safety reviews or for scientific research purposes. In order to be able to offer you the free functions of the ImpactMonitor platform, we therefore share your data, including adverse event reports, with providers exclusively in a pseudonymized and anonymized form (see section 4.5). In doing so, we ensure that providers cannot identify you or assign the transmitted data to you personally.If you use multiple product areas in the ImpactMonitor platform, your data from the different product areas will be merged before transmission in order to give providers a more comprehensive picture of the use of their products and thus increase patient safety. Providers are thus still unable to identify you. You will not be involved in any commercial benefit that may result from the processing of your data.
Purpose
Weprocess your pseudonymized and anonymized (health) data in order to transfer them to providers.
Legal basis
The legal basis forprocessing your health data within the meaning of Art. 4 No. 15 DSGVO for this purpose is your express consent pursuant to Art. 9 (2) lit. a DSGVO.
Recipients
Recipientsof your data within the scope of commissioned processing are our IT service providers as well as the aforementioned providers in states of the European Union or the European Economic Area or in further countries where the European Commission has determined an adequate level of data protection, in particular pharmaceutical entrepreneurs, medical device manufacturers and other companies of the life science industry as well as members of medical professions, self-help groups and research institutions for which your data is relevant.
Storage period
Weonly transmit your data until you revoke your consent by deleting individual details about yourself or your user account. We cannot delete anonymized data as it can no longer be assigned to you.
Revocation option
Youcan revoke your consent at any time by deleting individual details about yourself from your profile or your entire user account.
Obligation toprovide your data
There is no legal obligation to provide your data. However, if you do not provide us with your data, not all functions of the ImpactMonitor platform may be available to you.
4.7 Communications
CookiesIn certain circumstances, we will send you emails with which we would like to introduce you to our products and services or exciting new offers, possibly give you a little treat with a voucher or determine your satisfaction. You will receive these promotional e-mails without the need for consent if we receive your e-mail address from you in connection with the registration of a user account and have not received any objection from you with regard to promotional e-mails. In this case, we may send you advertisements about our services that are similar to or related to the services you are using. If you provide consent in your system or device settings, we will also send you communications using push and browser notifications in the ImpactMonitor platform. If you have given your consent to the processing of your health data for advertising purposes, we may send you advertising tailored to your needs. We can then inform you, for example, about new product ranges for indications you have indicated or products you use.
Purpose
Wesend you communications for the purpose of direct marketing to inform you about our offers and services.
Legal basisand legitimate interest
The legal basis forprocessing your data for sending the e-mails, for which we do not require your consent, is Art. 6 (1) lit. f DSGVO. Our legitimate interests are to send you advertising in the form of direct marketing. Based on the contractual relationship existing between you and us and the information provided by us in the context of this privacy notice, we assume that you consent to the advertising sent by us, especially because you can unsubscribe at any time by simply clicking at the end of the emails if you are not interested. The legal basis for the communications by means of push and browser notifications is your consent pursuant to Art. 6 (1) lit. a DSGVO. The legal basis for the processing of your health data is your consent pursuant to Art. 9 (2) lit. a DSGVO.
Recipient
Weshareyourdata with our IT service providers strictly for the intended purpose, if at all necessary, and only to the extent required as part of order processing.
Storage period
Yourdata will be stored for sending communications for as long as it is needed for this purpose or until you object to the processing of your data for this purpose or revoke your consent.
Option to object/revocation
Youcan unsubscribe fromoure-mails at any time. For this purpose, you will find a corresponding opt-out link in every advertising email. You can deactivate push and browser notifications in your device or system settings.
Obligation toprovide your data
Wereceive your e-mail data as part of the contractual relationship existing between you and us. Without providing this data, it is not possible to create a user account. However, you may object to the processing of your data for the purpose of sending e-mails at any time in accordance with the above information. Consent to receive push and browser notifications is voluntary.
5. data processing when contacting us via e-mail or telephone.
You can contact us via the e-mail addresses and telephone numbers provided by us. If you make use of this option, your personal data transmitted with the e-mail or by means of a telephone call will be processed.
Purpose
Weprocess your data for the purpose of processing your inquiry.
Legal basisand legitimate interest
Ifthe purpose of contacting you is to conclude a contract or if your contact concerns an existing contract, Art. 6 (1) lit. b DSGVO is the legal basis for the processing. The legal basis for processing your data in the other cases is Art. 6 para. 1 p. 1 lit. f DSGVO. The legitimate interest in these cases results from the fact that we can only perform the action requested by you (e.g. answering inquiries) by processing your data accordingly.
Receivers
Inthe course of processing your inquiry, your data will be transmitted to our IT and service providers as well as to our employees who process your inquiry as part of order processing.
Durationof storage
Wegenerally store your data until we have completely answered your inquiry.
Possibility of objection
Thedata processing is necessary for processing your inquiry. You can prevent us from collecting your data by not sending us an inquiry.
Obligation toprovide your data
Thereis no legal obligation to provide your data. However, if you do not provide us with your data, it is already not possible to contact us or not via any means of communication.
6. further information on XO Life
For more information about XO Life, visit www.xo-life.com.
7. data security
Within your visit to our website(section 3), we use the common TLS (Transport Layer Security) procedure in connection with the highest encryption level supported by your browser. We use HTTP Strict Transport Security (HSTS) and automatic forwarding to ensure that all pages of our website are transmitted in encrypted form. You can recognize this by the closed display of the key or lock symbol in the lower status bar of your browser. When data is stored, it is protected on the storage medium using modern encryption methods. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.In particular in connection with the processing of your data in the ImpactMonitor platform(section 4), we maintain the highest security standards. In addition to the pseudonymization and anonymization of data(section 4.5), our servers are provided in ISO 27001 certified data centers in Germany.
7. data security
Within your visit to our website(section 3), we use the common TLS (Transport Layer Security) procedure in conjunction with the highest encryption level supported by your browser. We use HTTP Strict Transport Security (HSTS) and automatic forwarding to ensure that all pages of our website are transmitted in encrypted form. You can recognize this by the closed display of the key or lock symbol in the lower status bar of your browser. When data is stored, it is protected on the storage medium using modern encryption methods. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
We maintain the highest security standards, particularly in connection with the processing of your data in the ImpactMonitor platform(section 4). In addition to the pseudonymization and anonymization of data(section 4.5), our servers are provided in ISO 27001 certified data centers in Germany.
Despite the high data security standards we have established, a residual risk to the security of your personal data can unfortunately not be completely excluded.
8. transfer to a so-called third country
Unless otherwise stated in this Privacy Notice, we do not transfer your data to countries outside the European Economic Area.
9 How long we store your personal data
Unless a shorter storage period results from the other provisions of this data protection notice, we store your personal data only for as long as is necessary to fulfill the respective purposes, and thereafter only to the extent and to the extent that we are obligated to do so due to mandatory statutory retention obligations. If we no longer need your data for the purposes described in this data protection notice, it will only be stored during the respective statutory retention period and not processed for other purposes.
10. your rights
If we process your personal data, you have the following rights against us:
10.1 Right to information
You may request confirmation from us as to whether personal data concerning you is being processed by us. If such processing exists, you can request information from us about the information listed in Art. 15 DSGVO. If you exercise your right without telling us what specific information you want, we will provide you with all the information pursuant to Art. 15 DSGVO.
10.2 Right of rectification
You have a right against us to have your personal data corrected or completed if the processed personal data concerning you is inaccurate or incomplete.
10.3 Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
- If you dispute the accuracy of the personal data concerning you. This applies for a period of time that allows us to verify the accuracy of the personal data.
- The processing is unlawful. You object to the erasure of the personal data and instead request the restriction of the use of the personal data.
- We no longer need your personal data for the purpose of processing. However, you need them for the assertion, exercise or defense of legal claims.
- If you have objected to the processing pursuant to Article 21 (1) DSGVO and it is not yet clear whether our legitimate grounds for further processing override your interests. If the processing of personal data concerning you has been restricted, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.
If the processing has been restricted in accordance with the above-mentioned conditions, you will be informed by us before the restriction is lifted.
10.4 Right to deletion
10.4.1 Obligation to delete
You may request us to delete the personal data concerning you without delay. For our part, we have a duty to delete this data without delay if one of the reasons listed in Art. 17 DSGVO applies. Anonymous data cannot be deleted.
10.4.2 Information to third parties
If we have made the personal data concerning you public in an individual case and we are obliged to erase it pursuant to Article 17 (1) of the GDPR, we shall take reasonable measures, including technical measures, taking into account the available technologies and the costs of implementation, to inform the data controllers processing the personal data that you, as the data subject, have requested them to erase all links to or copies or replications of such personal data. However, as a matter of principle, we do not make your personal data public.
10.4.3 Exceptions
The right to erasure does not exist insofar as the processing of personal data concerning you is necessary
- for the exercise of the right to freedom of expression and information;
- for compliance with a legal obligation which requires processing under Union or German law, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO;
- for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Art. 89(1) DSGVO, insofar as the erasure is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
- to assert, exercise or defend legal claims.
10.4.4 Right to information
If you have asserted the right to rectification, erasure or restriction of processing of your personal data against us, we are obliged to notify all recipients of your personal data of this rectification or erasure of the data or restriction of processing. This does not apply if the notification proves impossible or would involve a disproportionate effort. You have the right against us to be informed about these recipients.
10.5 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller, provided that:
- the processing is based on consent pursuant to Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO or on a contract pursuant to Art. 6(1)(b) DSGVO and
- the processing is carried out with the aid of automated procedures. If you so request and insofar as it is technically feasible for us and the freedoms and rights of other persons are not thereby impaired, we shall transfer the personal data relating to you directly to the other controller.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
10.6 Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to the creation of user profiles based on these provisions.
We will no longer process the personal data concerning you after your objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to processing of personal data concerning you for the purposes of such marketing; this also applies to user profiling insofar as it is related to such direct marketing.
10.7 Automated decision-making in individual cases including user profiling
Where certain decisions on our part are based solely on automated processing - including user profiling - you have the right not to be subject to such a decision which produces legal effects concerning you or similarly significantly affects you. However, this does not apply if:
- the decision is necessary for the conclusion or performance of a contract between you and us,
- the decision is permitted by Union or German law and that law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
- this form of decision-making is carried out with your explicit consent.
10.8 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the provisions of data protection law, including the GDPR.
10.9 Revocation of consent given
If you have given your consent under data protection law, you have the right to revoke this consent at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. If you have given several declarations of consent under data protection law, please tell us which of the consents you are revoking. If we do not receive such a specification even upon request, we will assume that your revocation applies to all consents granted up to that point. We will then terminate the data processing activities based on the consents.
11. links to third party websites
Please note that our website may contain links to content of other providers to which this data protection notice does not apply. We have no influence on these websites and also not on whether they comply with the applicable data protection provisions.
12. updating of the data protection information
The constant development of technology and the Internet makes it necessary to adapt our data protection information from time to time. We reserve the right to change this privacy policy at any time with effect for the future. The latest version is available on our website. Please visit the website regularly and inform yourself about the current data protection information.
Last updated: August 2022
Your health matters.
MedWatcher helps you to improve it.
Improving your health has never been easier. Get your digital health companion and understand how you can improve your course of treatment.