Privacy Policy for the Use of the medicalmotion App/Webapp

We would like to inform you below about the processing of personal data in connection with the use of the "medicalmotion App/Webapp".

The Controller takes the protection of your personal data seriously and therefore complies with applicable data protection laws. With this privacy policy, the Controller fulfills its information obligations under Art. 12 et seq. of the General Data Protection Regulation (hereinafter "GDPR") and informs you about the details of the processing of your data as well as your related legal rights.

The Controller reserves the right to adapt this privacy policy with effect for the future, in particular to respond to changes in legislation or case law as well as technical developments.

Please read this privacy policy in conjunction with the General Terms and Conditions of Use of the Controller.

Controller

The Controller for data processing directly related to the use of the "medicalmotion App/Webapp" is medicalmotion GmbH, Blütenstr. 15, 80799 Munich.

Data Protection Officer

We have appointed a data protection officer.

You can reach them as follows: datenschutz@medicalmotion.de

What Data is Processed?

When using the "medicalmotion App/Webapp", various types of data are processed, including health data within the meaning of Art. 9 (1) GDPR. The scope of the data also depends on what data you provide during registration and use of the medicalmotion App/Webapp.

1. During registration, information about:
  - First name, last name
  - Health-related data
    - Symptoms
    - Pain perception
    - Illnesses and pre-existing conditions
  - Email address/username
  - Gender and age
  - Professional activity and work posture
  - Sports activities and behavior
  - Health insurance (optional)
  - Insurance number (optional) *
2. During use of the app, information about:
  - Usage behavior
  - Pain perception
  - Changes to profile entries (see point 1))
  - Activity log
  - When using the chat function:
    - User ID

*The transmission of the insurance number is carried out exclusively within the framework of existing cooperation agreements with the respective health insurance company. For insured persons of Allianz Private Krankenversicherungs-AG and Debeka Krankenversicherungsverein a.G., the insurance number is not recorded and accordingly no data transmission takes place, as different contractual billing modalities have been agreed.

Purpose of Processing

Personal data about the user is collected so that the provider can render the services.

In addition, anonymized data is processed for the following purposes: analytics, statistical evaluations for research purposes, and health services research. This also includes having our product clinically validated by research institutions using anonymized data.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

Legal Basis for Data Processing

The legal basis for data processing when using the "medicalmotion App/WebApp", especially for the processing of health data within the meaning of Art. 9 (1) GDPR, is your consent (Art. 6 (1) lit. a) GDPR). You give your express consent by actively checking a checkbox provided for this purpose.

Recipients / Disclosure of Data

Personal data processed in connection with the use of the "medicalmotion App/Webapp" is generally not disclosed to third parties, unless it is specifically intended for disclosure.

The provider processes user data in a proper manner and takes appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of data.

Data processing is carried out using computers or IT-based systems according to organizational procedures and methods specifically aimed at the stated purposes. In addition to the Controller, other persons internally (human resources, sales, marketing, legal department, system administrators) or externally – and in that case, if necessary, designated by the Controller as processors (such as providers of technical services, delivery companies, hosting providers, IT companies, or communication agencies) – could operate this application and thus have access to the data. A current list of these parties can be requested from the provider at any time.
In the context of billing with your health insurance, a pseudonymized transmission of your insurance number to cooperation partners may occur, provided that (1) a corresponding cooperation agreement exists between the Controller and your health insurance and (2) you have consented to the data transmission. For insured persons of Allianz Private Krankenversicherungs-AG and Debeka Krankenversicherungsverein a.G., the insurance number is not recorded and accordingly no data transmission takes place, as different contractual billing modalities have been agreed.

Hetzner Online GmbH

We store and process your personal data exclusively in Germany and use the provider Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany for this purpose. Our hosting provider will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.

In this context, the hosting provider acts as a processor within the meaning of Art. 4 No. 8 GDPR for the Controller and has been obligated by the Controller accordingly on the basis of a data processing agreement (DPA) to establish and maintain appropriate technical and organizational measures (TOMs) that serve to protect your personal data.

Google Cloud Services

We use Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, VAT IE 6388047V, to enable users to receive better suggestions from our system. Your information is pseudonymized and processed on the Google server in Frankfurt, Germany. The data on Google Cloud is encrypted and only we have access to the encryption key. The following data is stored encrypted in Google Services:

User ID (pseudonymized and encrypted, without email address and name),
User profile (pseudonymized and encrypted, without email address and name)

In this context, the service provider acts as a processor within the meaning of Art. 4 No. 8 GDPR for the Controller and has been obligated by the Controller accordingly on the basis of a data processing agreement (DPA) to establish and maintain appropriate technical and organizational measures (TOMs) that serve to protect your personal data.

Your Rights as a Data Subject

You have the right to access the personal data concerning you. You can contact us at any time for information.

For an information request that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.

You also have a right to rectification or erasure or to restriction of processing, to the extent that you are legally entitled to this. Finally, you have a right to object to the processing within the framework of legal requirements. In addition, you have the right to revoke your once given consent to the processing of your personal data at any time with effect for the future.

A right to data portability also exists within the framework of data protection requirements.

Storage Period and Deletion of Data

We generally delete your personal data when there is no need for further storage. A need may exist in particular if the data is still needed to fulfill contractual services, to examine and grant or defend warranty and possibly guarantee claims. In the case of statutory retention obligations, deletion only comes into consideration after the expiry of the respective retention obligation.

If you would like to delete your data, you can send us an email to: support@medicalmotion.de

Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint about the processing of personal data by us with a supervisory authority for data protection.

Changes to this Privacy Policy

We revise this privacy policy when there are changes to data processing or other occasions that make this necessary. You can always find the current version on this website.

Status: 08.01.2026