In the following, we would like to inform you about the processing of personal data in connection with the use of the “medicalmotion app / web app”
Purpose of processing
Personal data about the user is collected so that the provider can provide the services.
Medicalmotion GmbH is responsible for data processing that is directly related to the use of the “medicalmotion app / web app”.
Which data are processed?
When using the “medicalmotion app / webapp”, different types of data are processed. The scope of the data also depends on the data you enter when registering and using the medicalmotion app / web app.
- When registering, information about:
- Gender and age
- Sensation of pain
- Complaint picture
- Illnesses and previous illnesses
- Professional activity and work attitude
- Sports and behavior
- Health insurance (optional)
- Email or username
- While using the app, information about:
- Usage behavior
- Sensation of pain
- Changes to profile entries (see point 1))
- History log
- When using the chat function:
- User ID
Scope of processing
Personal data about the user is collected so that the provider can provide the services. For billing purposes with your insurance company, your insurance number / customer number can be transferred to cooperation partners in pseudonymised form.
In addition, anonymized data is processed for the following purposes: analytics, static evaluations for research purposes and health services research. This also means that we have our product clinically validated by research institutions using anonymized data.
Automated decision-making within the meaning of Art. 22 GDPR is not used.
Legal basis for data processing
The legal basis for data processing when using the “medicalmotion App / WebApp” is your consent (Art. 6 Para. 1 lit. a) GDPR).
Recipient / transfer of data
Personal data that are processed in connection with the use of the “medicalmotion app / web app” are generally not passed on to third parties unless they are intended to be passed on.
The provider processes the user data in a proper manner and takes appropriate security measures to avoid unauthorized access and the unauthorized forwarding, modification or destruction of data.
The data processing is carried out by means of computers or IT-based systems according to organizational procedures and procedures that are specifically geared towards the stated purposes. In addition to the person responsible, other persons could also be internal (personnel management, sales, marketing, legal department, system administrators) or external – and, if necessary, named by the person responsible as processors (such as technical service providers, delivery companies, hosting providers, IT companies or Communication agencies) – operate this application and thus have access to the data. A current list of these participants can be requested from the provider at any time.
Data processing outside the European Union
We store your data in encrypted form and use the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, VAT IE 6388047V for this. Google Ireland Limited has no way of accessing the key.
We have concluded an order processing contract with Google that meets the requirements of Art. 28 GDPR.
Data protection officer
We have appointed a data protection officer.
You can contact him as follows: email@example.com
Your rights as a data subject
You have the right to information about your personal data. You can contact us at any time for information.
In the event of a request for information that is not made in writing, we ask for your understanding that we may request evidence from you that proves that you are the person you claim to be.
Furthermore, you have a right to correction or deletion or to restriction of processing, insofar as you are legally entitled to do so.
Finally, you have the right to object to processing within the framework of the legal requirements.
A right to data portability also exists within the framework of data protection regulations.
Deletion of data
We generally delete personal data if there is no need for further storage. A requirement can exist in particular if the data is still required to fulfill contractual services, to check warranty and, if applicable, guarantee claims and to be able to grant or defend them. In the case of statutory retention requirements, deletion can only be considered after the respective retention requirement has expired.
If you want to delete your data, you can send us an email to: firstname.lastname@example.org
Right to lodge a complaint with a supervisory authority
You have the right to complain to a data protection supervisory authority about the processing of personal data by us .
Changes to this data protection notice
We revise this data protection notice in the event of changes in data processing or other occasions that make this necessary. The current version can always be found on this website.