We would like to inform you below about the processing of personal data in connection with the use of the “medicalmotion App/Webapp”.
The controller takes the protection of your personal data seriously and therefore complies with the applicable data protection laws. With this data protection declaration, the responsible party fulfills its information obligations from Art. 12 et seq. of the General Data Protection Regulation (hereinafter “DSGVO”) and informs you about the details of the processing of your data as well as your legal rights in this regard.
The responsible party reserves the right to adapt this data protection declaration with effect for the future, in particular in order to respond to changes in the law or changes in case law as well as technical developments.
The responsible party for data processing directly related to the use of the “medicalmotion App/Webapp” is medicalmotion GmbH, Blütenstr. 15, 80799 Munich, Germany.
Data Protection Officer
We have appointed a data protection officer.
You can reach it as follows: email@example.com
What data is processed?
When using the “medicalmotion App/Webapp”, various types of data are processed, in particular also health data within the meaning of Art. 9 (1) DSGVO. The scope of the data also depends on the data you provide when registering and using the medicalmotion app/webapp.
- When registering, information about:
- First name, last name
- Health related data
- Complaint pattern
- Pain sensation
- Diseases and pre-existing conditions
- E-mail address/username
- Gender and age
- Professional activity and work attitude
- Sports types and behavior
- Health insurance (optional)
- Insured person number
- During the use of the app details about:
- Usage behavior
- Pain sensation
- Changes in profile entries (see point 1))
- Progress log
- When using the chat function:
- User ID
Purpose of processing
Personal data about the user is collected so that the provider can provide the services.
In addition, anonymized data is processed for the following purposes: Analytics, Static Evaluations for Research Purposes, and Health Care Research. This also includes having our product clinically validated with anonymized data by research institutions.
Automated decision-making within the meaning of Art. 22 DSGVO is not used.
Legal bases of data processing
The legal basis for data processing when using the “medicalmotion App/WebApp”, in particular also for the processing of health data within the meaning of Art. 9 (1) DSGVO, is your consent (Art. 6 (1) a) DSGVO). You give your express consent by actively ticking a checkbox provided for this purpose.
Recipient / passing on of data
Personal data processed in connection with the use of the “medicalmotion App/Webapp” will generally not be disclosed to third parties unless it is specifically intended for disclosure.
The Provider processes User Data in a proper manner and takes appropriate security measures to prevent unauthorized access and unauthorized forwarding, modification or destruction of data.
The data processing is carried out by means of computer or IT-based systems according to organizational procedures and practices specifically aimed at the purposes indicated. In addition to the data controller, other persons may operate this application internally (human resources, sales, marketing, legal department, system administrators) or externally – and in that case, if necessary, designated by the data controller as processors (such as technical service providers, delivery companies, hosting providers, IT companies or communication agencies) – and thus have access to the data. For billing purposes with your insurance company, your insurance number/customer number may be pseudonymously transmitted to cooperation partners. An up-to-date list of these parties can be requested from the provider at any time.
Hetzner Online GmbH
We store and process your personal data exclusively in Germany and use the provider Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany) for this purpose. Our hosting provider will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.
In this context, the hosting provider acts as a processor within the meaning of Art. 4 No.8 DSGVO for the controller and was accordingly obligated by the controller on the basis of a contract for the processing of orders (AV contract) to establish and maintain appropriate technical and organizational measures (TOMs) that serve to protect your personal data.
Google Cloud Services
We use Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, VAT IE 6388047V, to enable users to receive better suggestions from our system. Your information is pseudonymized and processed on the Google server in Frankfurt, Germany. The data on Google Cloud is encrypted and only we have access to the encryption key. The following data is stored encrypted on Google services:
- User-Id (pseudonymized and encrypted without email address and name),
- User profile (pseudonymized and encrypted without email address and name)
In this context, the service provider acts as a processor within the meaning of Art. 4 No.8 DSGVO for the controller and was accordingly obligated by the controller on the basis of a contract for the processing of orders (AV contract) to establish and maintain appropriate technical and organizational measures (TOMs) that serve to protect your personal data.
Your rights as a data subject
You have the right to obtain information about the personal data concerning you. You can contact us for information at any time.
In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.
Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.
Finally, you have a right to object to processing within the scope of the law.
In addition, you have the right to revoke your consent to the processing of your personal data at any time with effect for the future.
A right to data portability also exists within the framework of data protection law.
Storage period and deletion of data
We generally delete your personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.
If you want to delete your data, you can send us an email to: firstname.lastname@example.org
Right of appeal to a supervisory authority
You have the right to lodge a complaint about the processing of personal data by us with a data protection supervisory authority.
Amendment of this privacy notice
We revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.