Declaration of Consent for Data Protection Regarding the Preventicus Heartbeats App

Declaration of Consent for Data Protection Regarding the Preventicus Heartbeats App

This declaration of consent for data protection ("Data Protection Consent") applies to the use of our Preventicus Heartbeats app.

Upon using the Preventicus Heartbeats app you declare that you consent to the processing of your health data as described here.

This data protection consent informs you with regard to the way in which PREVENTICUS collects, uses, discloses and otherwise processes your personal data when you use the Preventicus Heartbeats app.

1. Who is responsible for data processing and who can I contact?

Responsible within the meaning of the General Data Protection Regulation (GDPR) is:

Preventicus GmbH
Tatzendpromenade 2
07745 Jena

You can contact our in-house Data Protection Officer by means of the contact details stated above or by e-mail: datenschutz@preventicus.de

PREVENTICUS will treat your personal data confidentially and will process it strictly for the purposes intended as described below.
For the use of the Preventicus Heartbeats app we require neither your name nor any other personal contact data, but save your data initially without a name reference (anonymously) on our systems.
Processing takes place solely on servers in Germany.
The Preventicus Heartbeats app is a medicinal product classified for the European Economic Area and fulfils the fundamental requirements of Directive 93/42/EEC or its national transpositions.
For further information, please refer to the General Terms and Conditions.

2. What is personal data?

Personal data is information, by means of which a person can be identified or contacted, such as an e-mail address.
Accordingly, no personal data is processed in the Preventicus Heartbeats app. PREVENTICUS can neither identify nor contact unregistered users based on the data typically stored in the Preventicus Heartbeats app.

3. What data do we collect?

3.1. Health data

You can use the Preventicus Heartbeats app to prepare series of measurements of your pulse yourself on your smartphone and document them with the app. By means of the information collected in this way, the Preventicus Heartbeats app can automatically detect cardiac arrhythmias (extra beats, atrial fibrillation) and help to assess them, provided that sufficiently precise and valid measurement series are available ("health data"). We save your heart rhythm and pulse waves on our servers.
3.2. Sensor data

In addition to the assessment of the measurement results, not only the camera is used for measurement but also other sensor data from your smartphone is added, for example in order to take any vibrations into account that might impair the measurement result.
3.3. Other data you communicate to us

We generally require neither your name nor any other personal contact data from you, but save your data initially without a name reference (anonymously) on our systems. Processing takes place solely on servers in Germany.

You do, however, have the possibility to add your name and, in a free-text field, store the reason for the measurement or symptoms (heart palpitations, dizziness, irregular heartbeat, chest pains, etc.) for personal purposes in stored PDF reports, for instance to be used for assistance when forwarding the information to your physician. In your user profile you can also state your sex and year of birth, thus enabling us to better assess your measurement results.

3.4. Registration

If you would like to register with us, please communicate your e-mail address and a password set by you. Optionally, you can assign a user name, state your name and enter a promotional code in the field 'ID health partner'.
Your data will then be saved in a pseudonymised manner. This means that your personal data is stored in encrypted form in a separate database from your health data and can be assigned if necessary. Processing takes place solely on servers in Germany.

Registration enables the transfer of your licence irrespective of the operating system and the recovery of your measurement data, should you change or lose your smartphone.

3.5. General data we collect regarding the use of our app

3.5.1. Crashlytics

Crashlytics collects data on the use of the app, especially with regard to system crashes and errors. In doing so, information concerning the device (incl. advertising ID), the installed app version as well as other information is used, which may help to remedy errors, particularly regarding the user’s hardware and software.

You can deactivate the analysis service Crashlytics from Google Inc., thus objecting to the collection of this data with future effect. For this purpose, open the settings menu (cogwheel symbol at the top right) and click on Deactivate.

3.5.2. Adjust

Within this app we use the app performance and analysis technology "Adjust" from Adjust GmbH. When starting the app, we collect installation data and data regarding the use of the app via Adjust. This helps us to measure and analyse your use and interaction with the app and with advertising campaigns. Adjust connects IP addresses, information from the User-Agent character string and an application-specific addition to a linked character string. In the case of single-use anonymisation, the values are not retrievable, meaning that users and/or devices cannot be personally identified.

You can deactivate the analysis service Adjust, thus objecting to the collection of this data with future effect. For this purpose, open the settings menu (cogwheel symbol at the top right) and click on Deactivate.

4. Data processing for payment processing when using the full version

If you would like to use the full version, your app store operator will exclusively process your payment details for handling your purchase. Your contact and payment data is not communicated to us. Please observe the data protection provisions and user regulations of your respective app store operator, Apple App Store and Google Play Store.

5. Where do we store your personal data?

When using this app, a transfer of data takes place to countries outside the European Economic Area ("EEA") within the framework of the use of the analytical service Crashlytics (unless you have selected the Opt-Out function). An adequacy decision of the EU Commission does not exist for these countries, to the effect that in said countries (so-called third countries), there are no data protection provisions comparable with those of the EU.

Crashlytics is certified under the EU-US Privacy Shield and guarantees the users an adequate level of data protection, in particular legally binding and judicially enforceable rights for the persons affected.

You can deactivate the analysis service Crashlytics, thus objecting to the collection of this data with future effect. For this purpose, open the settings menu (cogwheel symbol at the top right) and click on Deactivate.

The remaining data processing operations are performed exclusively within the EU by contracted service providers acting on our behalf.

6. To what end do we process your data (purpose of processing) and on which legal basis?

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

6.1. For the fulfilment of contractual obligations (Art. 6 par. 1 b GDPR)

The data stated under section 3.1-3.3 is processed by PREVENTICUS for the purpose of rendering the services agreed with you.

6.2. Within the framework of the balancing of interests (Art. 6 par. 1 f GDPR)

Where necessary, we process your data for the safeguarding of our legitimate interests or those of third parties, unless you have objected to the use of your data, e.g. for

  • checking the success of our advertising campaign, also to enable us to improve the effectiveness of our marketing efforts and to make their success measurable;
  • statistical analyses regarding the use of our app, for a design that takes all interests into consideration, and to ensure that the measurement is performed correctly, and that contents are optimally displayed;
  • the assertion of legal claims and defence purposes in legal disputes;
  • the guarantee of IT security, data protection control and data security;
  • the prosecution of criminal offences;
  • the provision of information regarding our products, services, offers or technical developments (direct marketing) to you, which you request as our customer or which we believe could be of interest to you, insofar as this is legally permissible;
  • the storage of part of your personal data, if you have purchased products or stated a preference regarding marketing communications or other correspondence, for example to enable us to process follow-up orders and improve our service;
  • the storage of your measurement series, personal details and assessments or health values as anonymised data for scientific and statistical purposes and the continuous expansion and improvement of the app and measurement systems, regardless of a revocation or deletion of your account. For this, PREVENTICUS will finally delete the association to the account by means of the anonymised token. Thus, the data will be anonymised in such a way that the persons involved are not or are no longer identifiable.

7. Who is my personally identifiable data transferred to?

In general, only those persons within PREVENTICUS have access to this data who require it for the fulfilment of our contractual or, if applicable, legal obligations. Service providers and vicarious agents deployed by us may also receive data for these purposes. The specifically applies to our ISO27001-certified hosts.

Beyond this we do not communicate your personal or personally identifiable data to third parties.

You are free to communicate the analyses generated via the app (menu option Report) to third parties.

Accordingly, we do not communicate your personal or personally identifiable data to third parties without your explicit previous consent.

You are free to communicate the analyses generated via the app to third parties. You can, therefore, make use of a technical partner of PREVENTICUS, such as a Telecare Center, for instance. For this, please observe section 6 of the GTC regarding the "Telecare Center" service package.

8. Is the provision of the personal data legally or contractually stipulated?

You are under no obligation to provide us with the above-mentioned personal data via the website.

9. How long is my data stored for?

We generally process and save your personal data as long as is necessary for the fulfilment of the purpose or as far as is legally required.

10. Your rights as an affected person

Each person affected by our personal data processing has the right of access in accordance with Article 15 GDPR, the right of rectification in accordance with Article 16 GDPR, the right to deletion in accordance with Article 17 GDPR, the right to the limitation of processing in accordance with Article 18 GDPR, the right of opposition from Article 21 GDPR as well as the right of data portability from Article 20 GDPR. In the case of access and deletion rights, the limitations according to §§ 34 and 35 of the German Federal Data Protection Act (BDSG) shall apply. Furthermore, a right to appeal to a data protection authority exists in accordance with Article 77 GDPR in conjunction with § 19 of the German Federal Data Protection Act (BDSG).

Except in the case of registered users, Preventicus is unable to identify users. Due to the lack of sufficiently identifiable characteristics, Preventicus is unable to allocate the health data to a non-registered user. In these cases, Articles 15 to 20 do not apply.

10.1. Information regarding your right of opposition in accordance with Article 21 GDPR

10.1.1. Individual right of opposition

You have the right, for reasons resulting from your particular situation, to file an opposition at any time against the processing of your personal data, which has taken place based on Article 6 par. 1 f GDPR (data processing based on a balancing of interests); this also applies, where relevant, to a profiling based on this provision within the meaning of Article 4 par. 4 GDPR. See in particular section 3.4.

If you file an opposition, we will no longer process your personal data, unless we can present proof that compelling protection reasons for processing exist that outweigh your interests, rights and freedoms, or that processing serves the assertion, execution or defence of legal claims.

If you oppose the processing for purposes of direct advertising, we will no longer use your personal data for these purposes.

10.1.2.Revocation of consents granted

You can revoke a consent granted to us at any time.

This also applies to the revocation of declarations of consent granted to us prior to the validity of the EU General Data Protection Regulation, meaning prior to 25 May 2018. The legality of the processing performed based on the consent until the time of revocation shall not be affected by the revocation of the consent.

10.1.3. Implementation of the opposition or revocation of consent granted

Opposition can take place informally and can be performed, for instance:

  • by clicking on Unsubscribe in the bottom section of an e-mail message (newsletter);
  • by using our contact form under contact for your opposition;
  • by means of written notification to the address stated in section 1
  • by telephone via the number +49 (0) 36 41 / 55 98 45-0
  • or by sending an e-mail to info @ preventicus.com
  • In order to unsubscribe from receiving e-mails or other advertising materials, you can also follow the instructions given in the respective notification.

Please contact the Data Protection Officer directly with regard to your data protection rights.

11. Right of modification

PREVENTICUS is entitled to modify the data protection declaration at any time and, in particular, to adjust it to amendments in the legal situation brought about by law or legislation. The respectively most recent version can be accessed and viewed at this point. Amendments to the data protection provisions shall come into effect at this point upon the day of their publication.

Jena, 17/05/2018