This privacy policy explains how we, Health Study Club GmbH (hereinafter: “HSC”, “we”, “us”, etc.) process your personal data (hereinafter: “data”) when you use the digital health applications (hereinafter: “apps”) provided by us and the associated features.
The protection of your data when you use our apps is important to us. We therefore collect and process your data exclusively in accordance with the applicable data protection laws, in particular the General Data Protection Regulation (EU) 2016/679 (hereinafter: “GDPR”).
The following privacy policy applies to the “momentum” app. With the help of the “momentum” app, users can participate in a study of the Research Institute Diabetes (FIDAM RDC), in the context of which questionnaires can be filled out and sent to a secure server of Health Study Club GmbH.
We recommend contacting the specialist staff at the Research Institute for Diabetes if you have any further health-related questions.
The data controller for the processing of your data within the meaning of Art. 4 No. 7 GDPR is: Health Study Club GmbH, Allee am Röthelheimpark 11-15, 91052 Erlangen, Germany E-mail: datenschutz@healthstudyclub.de
You can reach our data protection officer using the following contact details: Datenschutzdoktor Rechtsanwaltsgesellschaft mbH, Gervinusstraße 31, 90491 Nuremberg, Germany E-mail: info@datenschutzdoktor.de
If you provide us with your personal data by using the app, we collect and process your data, in particular
This means in particular
A specific description of the processing of your data can be found in the following section III. of this privacy policy.
Below we describe how we process your data in connection with the provision and use of the app, including the categories of data used, the purposes of data processing, the respective legal bases on which we base the processing of your data and the storage period of your data.
We process your data that you provide to us in connection with the intended use of the app as follows
To use the app, you do not need to register or create a user account after downloading the app from the app store. A participant code is stored in the app so that the FIDAM RDC specialist staff can assign your submitted questionnaires.
When you enter your contact details in the app, we collect the following data from you (hereinafter: “user data”)
We process your user data in order to
The legal basis for the processing of your user data is your consent to the processing of your data for the intended use of the app, pursuant to Art. 6 para. 1 lit. a) and Art. 9 para. 2 lit. a) GDPR.
We process your personal (health) data for the use of the app and the associated features
In connection with the use of the app and the associated features, we collect the following data from you (hereinafter: “application data”)
We process your application data to provide the app and the associated features, in particular as follows
The legal basis for the processing of your application data is your consent given during registration or in the settings menu of the app to the processing of your data for the intended use of the app, pursuant to Art. 6 para. 1 lit. a) and Art. 9 para. 2 lit. a) GDPR.
We store and process your personal data in connection with the collection of device data for the technical provision of the app.
In connection with the use of the app, our system automatically collects the following data from you (hereinafter: “technical data”)
We process your technical data in order to
The legal basis for the processing of your technical data is your consent to the processing of your data for the intended use of the app, given during registration or in the settings menu of the app, in accordance with Art. 6 para. 1 lit. a) and Art. 9 para. 2 lit. a) GDPR.
We process your personal data to communicate with you in connection with support requests.
If you contact us in connection with support requests, we collect the data you provide in the context of support requests (e.g. via contact form or email). Mandatory fields are marked as such, as in these cases we absolutely need the data to process your support request. Which data is collected can be seen from the respective input form. No prior determination can be made for free fields.
We process this data for the purpose of communicating with you, e.g. to receive error messages and answer questions as part of the support request.
The legal basis for the processing of your data is your consent to the processing of your data for the intended use of the app given during registration or in the settings menu of the app, in accordance with Art. 6 para. 1 lit. a) and Art. 9 para. 2 lit. a) GDPR.
If you have given us your (optional) consent for this, we process your data to improve and further develop the app, e.g. to permanently guarantee and optimize the technical functionality and user-friendliness of the app and the associated features.
In connection with the improvement and further development of the app, we process your data provided in the context of the intended use of the app, including user, application and technical data (see above).
We also process the following data from you:
We process this data for the purpose of improving and further developing the app, in particular
When processing your data to improve and further develop the app, we ensure anonymization or pseudonymization of your data at the earliest possible stage wherever possible.
The legal basis for the processing of your data is your consent to the processing of your data for the improvement and further development of the app given during registration or in the settings menu of the app, in accordance with Art. 6 para. 1 lit. a) and Art. 9 para. 2 lit. a) GDPR.
We store and process your personal data to fulfill our statutory obligations.
We store and process the personal data you provide, including user, application, technical and billing data (see above), in order to fulfill our legal obligations.
We process your personal data for the purpose of fulfilling statutory obligations to which we are subject, in particular to fulfill our obligations under medical device law, e.g. to carry out conformity assessment procedures and to monitor the app after it has been placed on the market.
To fulfill our legal obligations, we may also share your data with competent regulatory and supervisory authorities, whereby we only share your data in pseudonymous form so that no information that directly identifies you is shared.
The legal basis for the processing of your data in connection with the fulfillment of our statutory obligations is Art. 6 para. 1 lit. c) or e) GDPR in conjunction with the respective special legal provision of Art. 9 para. 2 lit. i) or lit. j) GDPR.
At the end of the document you will find the wording of your declaration of consent to the processing of your data for the intended use of the app (mandatory consent) and for the improvement and further development of the app (optional consent).
Please note that in order to use the app, you must first give your consent to the processing of your data for the intended use of the app.
You have the option of revoking your consent to the processing of your data for the intended use of the app or, if given by you, for the improvement and further development of the app at any time in the settings menu in the app for the future by selecting the respective menu item there.
If you do not give your consent to the processing of your data for the intended use of the app or revoke it later, HSC cannot (or can no longer) provide you with the functions of the app.
In principle, the personal data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated otherwise in this privacy policy, the personal data stored by us will be deleted immediately as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.
You can also request the erasure of your data within the scope of the right to erasure and the right to be forgotten. You can initiate the deletion yourself at any time in the app settings. You can also contact our support team or the controller using the contact details provided above. All personal data and your health data that is not subject to any statutory retention obligations will then be deleted within 30 days.
For liability reasons, your user account will be deleted after 36 months once you have stopped using our app, unless you have expressly consented to the further storage of your personal data.
If the data cannot be deleted because it is required for other and legally permissible purposes, its processing will be restricted. If the processing of the data is restricted, it will be blocked and cannot be processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons. Data whose further retention is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
In accordance with the data protection principle of “privacy by default”, the app allows certain features to be customized in certain cases. All features offered within this app are basically part of the intended use and are necessary for optimal use of the app as a whole. However, HSC understands that different people may have different preferences regarding communication, sustainability of control, etc., so some features are optional and can be switched on and off via the “Settings” function in the app.
This includes, for example, the use of push notifications to send you alerts. When you use the app for the first time, you will be asked whether you want to activate these functions in your settings menu. You can also activate these functions later or deactivate them at any time.
HSC is a processor for the Diabetes Research Institute in accordance with Art. 28 GDPR.
If we disclose data to other persons and companies (processors or third parties) in the course of processing, transfer data to them or otherwise grant them access to the data, this will only be done on the basis of a legal basis, your consent, insofar as we are legally obliged to do so or on the basis of our legitimate interests (e.g. when using third parties for the purpose of hosting the servers, delivering the contact forms of the e-mails and answering inquiries via the form). We only pass on your data to government bodies within the scope of our legal obligations or on the basis of an official order or court decision and only insofar as this is permitted under data protection law.
If we commission third parties to process data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
In principle, the following categories of recipients are involved in the processing of data
In addition, we may disclose your data to the following categories of recipients for the processing purposes described above:
The above recipients each process your data independently as data controllers under data protection law (Art. 4 No. 7 GDPR).
The processing of your data may be carried out by HSC in Germany, in a member state of the EU or the EEA or, if an adequacy decision pursuant to Art. 45 GDPR exists, in a third country outside the EU or the EEA.
In accordance with the GDPR, you are entitled to the following data protection rights in accordance with the legal requirements
Right of access, rectification, erasure and restriction: You have the right to request information about your data stored by us at any time (Art. 15 GDPR). When we process or use your data, we endeavor to take appropriate measures to ensure that your data is correct and up-to-date for the purposes for which it was collected. In the event that your data is incorrect or incomplete, you can request the correction of this data (Art. 16 GDPR). Furthermore, you may have the right to request the erasure (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR) of your data if, for example, your data is no longer necessary for the purposes for which it was collected or otherwise processed and statutory retention obligations do not require further storage.
Right to data portability: You may have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to transmit those data to another controller (Art. 20 GDPR).
Right to withdraw the consent you have given: If you have consented to the collection, processing and use of your data, you can withdraw your consent at any time with effect for the future, but without affecting the lawfulness of processing based on consent before its withdrawal (Art. 7 para. 3 GDPR).
Automated decision-making (including profiling): You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you (Art. 22 para. 1 GDPR). Please note that we do not use any such automated decision-making or profiling within the meaning of Art. 22 GDPR in connection with our app.
Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of your data which is based on Art. 6 para. 1 lit. e) or f) GDPR.
We will not process your data after an objection unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims (Art. 21 para. 1 GDPR, so-called “limited right to object”). In this case, you must provide reasons for the objection that arise from your particular situation. Furthermore, you have the right to object to the processing of your data for the purposes of direct marketing at any time, even without giving reasons (Art. 21 para. 2 GDPR).
To correct your data, you will find several options directly in the app settings. If you would like to correct data beyond this, you can contact our customer support at www.healthstudyclub.de/kontakt/ at any time, who will make the correction for you.
To restrict the processing or object to the processing of your data, you will also find options in the app settings under the menu item “Manage your data”. If you would also like to restrict the processing of your data, please contact our customer support at www.healthstudyclub.de/kontakt/.
You also have the right to lodge a complaint with the competent supervisory authority if you believe that your data is being processed unlawfully. The supervisory authority responsible for HSC is the Bavarian State Office for Data Protection Supervision; postal address: Postfach 606, 91511 Ansbach; telephone: +49 (0) 981 53 1300; e-mail: poststelle@lda.bayern.de.
In order to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access and other unlawful or unauthorized forms of processing in accordance with applicable law, we have taken appropriate technical and organizational security measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
Our measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, safeguarding availability and separation of the data. We have also implemented procedures that ensure the exercise of data subject rights, deletion of data and response to data threats. Furthermore, we take the protection of your personal data into account as early as the development and selection of our hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).
All data is collected directly from the end user via the use of the app. When filling out feedback or self-test forms or when completing an exercise, this information is transmitted to our servers via an encrypted TLS connection and stored in an appropriately secured database.
For all questions regarding the protection of your data, you can also contact our data protection officer at info@datenschutzdoktor.de, who is also available to receive your data protection rights as well as suggestions and complaints.
We reserve the right to update this privacy notice from time to time, in particular to reflect changes to our services, such as technical and organizational adjustments in the app, changes in legislation or case law or your feedback. We therefore recommend that you visit this website regularly to find out how your data is protected and processed. We will inform you in advance by email and/or in the app of any significant changes to this privacy policy.
As at: August 2024