Data protection

Privacy Policy

Version: June 2021

This Privacy Policy explains how and for what purposes Healthcare X.0 GmbH (“Healthcare” or “we”) processes your personal data and what your rights and options are in this regard. It applies to all personal data that you provide to Healthcare or that result from your contractual relationship or other interaction with us.

1. General information
Healthcare takes the protection of your personal data very seriously and we know how important privacy is for our users. We would therefore like to provide you with transparent information on how we process data (i.e., collect, record, use, disclose, transmit, store, etc.).

We handle your personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Policy. This Privacy Policy provides an overview of our data processing in connection with the use of our PatientAssist service (“PatientAssist”) and our websites.

Please note that the Privacy Policy applies regardless of the device (PC or mobile device) on which you use PatientAssist or our website.

If we update the Privacy Policy and you use PatientAssist after we have updated it, we will notify you of material changes by either posting a notice in the PatientAssist app or by sending you an email to the email address associated with your account.

2. Responsible body
2.1. We, Healthcare X.0 GmbH, Am Sandtorkai 62, 20457 Hamburg, Germany, are responsible for all personal data that you provide to us in the context of our business relationship.

3. Categories of personal data collected by us
3.1. Unless otherwise stated in this Privacy Policy, no personal data are collected, processed or used when using PatientAssist.

Please note that the uploaded patient or health record is first stored on your terminal device. As soon as your terminal device is connected to the internet, the data are transmitted to us in encrypted form and processed according to the use described in this Privacy Policy.

3.2. We collect and process in particular the following categories and personal data:

• Contact information such as your full name, address, telephone number, mobile number and email address, the identification number of your mobile phone and the IP address of your computer when you use our web pages. In particular, data that you provided when you created your user account.
• Payment information, such as data required for payment processing and fraud prevention, including credit/debit card numbers, security codes and other billing information.
• Device information (for example, device model, IMEI number and other unique device identifiers, MAC address, IP address, operating system version, and settings of the device you are using to access PatientAssist.)
• Information about your preferences and interests that we obtain from web tracking or analysis technologies , especially when you use our website and content that we make available for download (e.g. when you register to download software), or other online services that we offer you. For example, we collect information about what content you download from our website and which content you clicked on or viewed in which way.
• Technical data. When visiting our website or using our app, information is automatically sent to the server of our website by the browser used on your terminal device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion (in particular IP address of the requesting computer, date and time of access, name and URL of the file accessed, website from which access is made (referrer URL), browser used and, if applicable, the operating system of your computer and the name of your access provider).
• Where we are legally required to do so, we may collect information for compliance purposes, such as information about any litigation or legal proceedings in which you are involved and information about any interaction with you that may be of antitrust relevance.
• Special categories of personal data. In connection with the use of our services and in order to be able to provide certain functions and contents of PatientAssist (e.g. diary for documentation of symptoms and forwarding to attending physicians), we will, with your consent, request information about your health, in particular data on symptoms (e.g. cold, cough, shortness of breath) or measured values (e.g. temperature) as well as data on your state of health (e.g. previous illnesses, certain medications taken). Any of this information will only be used with your consent. If you do not provide us with information about this, we will not be able to provide the corresponding features and contents of PatientAssist.

4. For what purposes we use your personal data

We will only use your personal data for the following purposes (“Permitted purposes“):

• Initiating, implementing and managing your contractual relationship with Healthcare, for example in order to identify you, to create your user account and provide you with PatientAssist, to process payment transactions, accounting, auditing, billing and debt collection activities, to provide support for your account, and to provide support services or other services that you may have ordered or requested.
• Maintaining and protecting the security of our products, services and web pages or other systems, preventing and detecting security risks, fraud or other criminal or unlawful activities.
• Information within our existing business relationship about similar or related Healthcare products or services, to the extent permitted by applicable law.
• Settlement of disputes, enforcement of our contractual agreements and the establishment, enforcement or defense of legal claims or
• Ensuring compliance with legal obligations, e.g. keeping sales records for tax purposes or sending legally required notices and other announcements.

If you have expressly given us your consent, we may also use your personal data for the following purposes:

• To communicate with you through the communication channels to which you have consented in order to keep you up-to-date with the latest announcements, offers and other information about Healthcare’s products, technologies and services (including marketing-related newsletters) and Healthcare’s events and projects;
• Profiling and automatic processing: We collect information about your preferences based on your activities when using our web pages, products, content available for download (e.g. registering to download software) or other services we offer online. Based on this information (e.g. what content was downloaded and how long and how often it was clicked or viewed), we create a user profile in order to personalize our communication and interaction with you and improve its quality (for example, through newsletter tracking or website analytics). The background to our profiling activities is to identify topics that could be useful or of interest to you and to inform you about them in a way that is tailored to your needs. The algorithms we use apply this logic and automatically provide you with the content and information that is right for you.

Please note: According to Article 21 (2) of the EU General Data Protection Regulation (“GDPR”), you have the right to object to the processing of your personal data for marketing purposes, including the profiling described above. Please refer to the “Your rights” section for a detailed explanation of your rights and how to assert them.

We will only communicate with you for advertising purposes (e.g. through emails and telephone calls) if you have given your express prior consent, where required by law. You can withdraw your consent at any time if you do not wish to receive any further marketing-related information from us

We will not use your personal information to make automated decisions that affect you or create profiles in ways other than those described above.

4.1. The legal basis for processing your personal data is laid down in Article 6 GDPR. Depending on the legitimate purposes described above for which we process your personal data, the processing will be carried out either to fulfill a contract or other commercial agreement with Healthcare, or to comply with our legal obligations, or to safeguard the legitimate interests of Healthcare or third parties, always provided that your interests or fundamental rights and freedoms do not prevail and oppose processing. In addition, the processing may be based on your explicit consent, provided you have given us this consent

5. How we collect and use your personal data

We will normally collect your personal data directly from you as part of our interaction, for example, when you use PatientAssist or visit our website, communicate with us regarding our products and services, or participate in our customer surveys.

PatientAssist may allow you to include health and other information that you collect or have collected through third party applications in PatientAssist. The possibly required consent may be given via data interfaces such as “Apple Health”. Typical health-related data from “Apple Health” are e.g. counted steps.

You can authorize the following applications, individually and separately, to provide data:

• Calendar: Enabling calendar data allows you to synchronize your calendar with the PatienAssist calendar.
• Camera: Enabling the camera allows you to scan barcodes on medicines.
• Photo & Video Library: Enabling the Photo & Video Library allows you to easily upload image and video files.
• Cloud services: Permission to provide data from cloud services allows you to upload relevant data to PatientAssist with ease.
• Delivery of push messages: Permission to deliver push messages enables you to receive push messages.
• Apple Health app: Permission of the Apple Health app enables the synchronization of the data determined there with PatientAssist

6. To whom do we disclose your information?

We do not pass on any information to third parties without your consent. However, we may disclose your information to the following third parties under certain circumstances.

• To service providers (so-called contract processors). We may disclose your information to companies contracted by us to provide services for us or on our behalf and only process personal information for the permitted purposes as directed by us. Healthcare retains control and responsibility for your personal data and will take appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when using such service providers. However, these service providers may only use your information to provide the relevant services.
• Other parties when required by law or necessary to protect our services. We may disclose your information to other parties in the following circumstances:
  • to courts, law enforcement agencies or other competent authorities or lawyers to the extent permitted and necessary to comply with any legal obligation or to establish, enforce or defend any legal claims, to comply with the law or when we are compelled to respond to legal process (such as a search warrant or other court order);
  • to confirm or enforce compliance with the PatientAssist Usage Guidelines; and
  • with credit bureaus and other companies in connection with credit decisions, for the prevention of fraud and for debt collection in order to protect or ensure the rights, property or safety of Healthcare, business partners or customers.
• Other parties with your consent or based on your instructions. In addition to the disclosures described in this Policy, we may disclose information about you to third parties if you consent or instruct us to do so (e.g. if you release your medical records – see 6.1) or if the disclosure is otherwise permitted or required by data protection law (e.g. if the structure of Healthcare X.0 GmbH changes (e.g. change of legal form, formation/purchase/disposal of subsidiaries or parts of companies)) or if we are required to do so by law or by court or official order or if we suspect that fraudulent or criminal acts have occurred.

6.1. Released data

PatientAssist enables you to grant other users (e.g. doctors) access to your data.

Data can be shared with other users by using a security key that you can generate and send to a contact using PatientAssist. When your contact enters your security key, the contact can view the shared data.

You decide whether and to what extent you want to use the aforementioned function. There is no obligation to grant another user access to your data. This is done solely on a voluntary basis. Please only grant permission to view your data to persons you trust. You can revoke the permission granted to another user at any time, in particular by changing or deactivating your security key required for profile access. Only you can change the security key.

7. What do we do to ensure the security of your information?

To ensure the protection of your personal data, we use physical, electronic and procedural safeguards that comply with the current state of the art and legal data protection requirements. These safeguards include the implementation of certain technologies and processes to protect your privacy, such as secure servers, firewalls and SSL encryption. We have implemented appropriate technical and organizational measures to protect the personal data we collect in connection with PatientAssist. Our security processes are regularly reviewed and adapted to technological progress. However, please note that while we take reasonable steps to protect your information, websites, internet transmissions, computer systems and wireless connections are never completely secure. Whenever we disclose data to third parties in the cases described in this Privacy Policy, we ensure that this is done in accordance with this Privacy Policy and the applicable data protection laws. We will always act in accordance with the applicable laws and regulations regarding the confidentiality and security of personal data.

8. Where personal data are processed

8.1. In the course of our business, we may also transfer your personal data to recipients in countries outside the European Economic Area (“third countries”) that do not provide the same level of data protection as in your home country. If we do this, we comply with applicable data protection requirements and take reasonable safeguards to ensure that your personal data are protected and secure, in particular by agreeing to EU standard contractual clauses that are available here. If you would like more information about these safeguards, you can always contact us using the contact details below.

9. Your rights

You have the right at any time, under certain conditions laid down by law, to receive free information about your stored personal data, their origin and recipients and the purpose of data processing, as well as the right to rectify, block or erase such data or to restrict their processing. You can also object to the processing or exercise your right to data portability. In particular, you have the right to request a copy of the personal data we hold about you. For further details of your data protection rights, please refer to the information provided in Articles 15–22 GDPR.

If you have consented to the processing of your personal data, you can revoke your consent at any time with effect for the future, i.e. the revocation of consent does not affect the lawfulness of the processing on the basis of the consent prior to revocation. In the event of a revocation of consent, we will only continue to process the personal data if there is another legal basis for the processing or if we are legally obliged to do so.

You can contact us at any time at the contact address below if you have any questions about the above or about personal data in general. You will not incur any costs other than the transmission costs according to the basic tariffs. If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the applicable law, you can lodge a complaint with the competent data protection supervisory authority in your country.

To submit a request, please send a brief description of the personal data in question, including your name and date of birth as proof of identity, to the contact address below. We may require additional proof of identity to protect your personal data against unauthorized access. We will review your request carefully and, if necessary, discuss with you how we can best respond to it.

10. Data retention
We will only store your personal data for as long as this is necessary for the purposes for which they were collected or as long as this is necessary to provide the services or products ordered or information requested and to carry out and manage our business relationship with you. If you have asked us not to contact you, we will retain this information for as long as necessary to fulfill this request. In addition, we are legally obliged to store certain types of personal data for certain periods of time (e.g. due to retention obligations under commercial law or tax law). Your personal data will be deleted immediately if they are no longer required for these purposes.

11. Links and products of third parties in our app
PatientAssist may contain links to third party websites and services that are beyond our control. We are not responsible for the security or privacy of information collected by external websites or other services. You should exercise caution and read the privacy policies of the third-party websites and services you use.

Analysis tools and similar technologies

12.1. To analyze the use of PatientAssist, we collect statistical usage data using the following analysis services. This usage data helps us to improve PatientAssist and can at no time be assigned to your person. Under no circumstances will health data be transmitted to an external analysis service. Usage data collected can be crash reports, for example, if PatientAssist crashes during use. You can prevent the transmission of usage data to external analysis services by deactivating this in your browser settings. Then the analysis data are not passed on. However, please note that some features of PatientAssist or some of our services may only work with cookies, so disabling cookies may affect your use of PatientAssist or parts of other services.

12.2. Use of own cookies

This website uses its own cookies to improve user-friendliness. Cookies are small files that store information on your computer, mobile phone or other device. They enable us to recognize you on/in different websites, services, devices and/or browser sessions. Cookies serve many useful purposes. For example: Cookies can remember your login details so that you do not have to enter them every time you log in.

The operating system of your device has options for cookies and you can disable the setting of cookies. For more information, refer to your device’s user manual and the user instructions for your operating system.

However, please note that some features of the app or some of our services may only work with cookies, so disabling cookies may affect your use of PatientAssist or parts of other services.

You can generally prevent the use of cookies if you prohibit the storage of cookies in your browser.

12.3. Matomo

PatientAssist uses Matomo, an analysis service provided by MatomoPRO GmbH. The analysis service uses cookies to help the operator of the app or a website analyze how visitors use the app or website. This is done by transmitting the usage information generated by the cookie (including your truncated IP address) to our servers and storing it. Since your IP address is anonymized during this process, this does not allow us to identify you. The information generated by this process is not passed on to third parties. You can object to the use of cookies.

12.4. Google AdWords Conversion Tracking

This PatientAssist website uses Google AdWords Conversion Tracking, a web analytics service provided by Google, Inc. (“Google”). Google AdWords Conversion Tracking also uses cookies, which are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is transferred to a Google server in the USA and stored there. Google uses this information to analyze your use of the website, to compile reports about website activity for the website operator and to provide further services connected with website and internet use. Google may also transfer this information to third parties if this is prescribed by law or if third parties process such data on behalf of Google. Under no circumstances will Google merge the data with other Google data. You can generally prevent the use of cookies if you prohibit the storage of cookies in your browser.

12.5. For more information on terms of use and data protection, please visit http://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/. Please note that on this website Google Analytics has been extended using the code “anonymizeIp” in order to guarantee the anonymous collection of IP addresses (“IP-masking”).

12.6. App Analytics

PatientAssist uses “App Analytics”. The analysis service “App Analytics” is provided by Apple Inc. This tool is used, for example, to process data about the download and use of the PatientAssist app. PatientAssist will not receive any personal information about you from Apple Inc. Usage analysis by App Analytics will only take place with your prior consent. For more information, see the privacy menu of your iOS device. The information generated by this process is not passed on to third parties.

12.7. Other local storage

We use local storage technologies (also known as “app data”) and caching in conjunction with our app. These technologies store information on your device and can be used to store your activities and preferences. The technologies can use different parts of your device (internal memory, SD card). To delete the stored information, search for the app in Settings in the Application Manager, and press [Clear Data] or [Clear Cache] in the app info.

13. Further Information

You can contact us using our email address or the contact form. The personal data transmitted to us in this way will as a matter of course be used exclusively for the purpose for which you provided them when you contacted us. Any input fields where we request information via the contact form that is not required for making contact have been left without a mark (*) for mandatory data. This information serves to concretize your request and to improve the processing of your request. Any communication of this information is expressly on a voluntary basis and with your consent. If this involves information on communication channels (e.g. email address, telephone number), you also agree that we may contact you via this communication channel in order to respond to your request. You can of course withdraw your consent at any time with future effect. To exercise the right of withdrawal, please use the contact information at the end of this declaration.

14. Obligation to provide personal data

You generally provide us with your personal data on a voluntary basis. In principle, there are no negative consequences for you if you do not consent or do not provide your personal data. However, there are cases in which Healthcare cannot function without certain personal data of you, for example, when this personal data is required to provide you with individual services from PatientAssist, to provide you with access to an online offer or newsletter, or to conduct a legally required compliance audit. In these cases, Healthcare will not be able to fulfill your request without the relevant personal data.

15. If I am under 16 years of age

If you are under 16 years of age, you need the consent of your parents/legal guardian before you provide us with your personal data. Persons under 16 years of age are not permitted to send us their personal data without such consent.

16. Changes to this information

This Privacy Policy was last amended in June 2021. We will amend or supplement this Privacy Policy if necessary due to changes in the way data is processed or in the legal framework. Therefore, please check from time to time or when you provide us with personal data to see if there have been any changes. Changes to the Privacy Policy are effective from the date they are posted on our website.

17. How you can contact us
If you have any questions or wish to assert your rights, please click here. You can contact us in writing at:

info@healthcare-xnull.com

Healthcare X.0® GmbH
Am Sandtorkai 62 | 20457 Hamburg

18. Contact details of the data protection officer

dsb@healthcare-xnull.com

Healthcare X.0® GmbH
Am Sandtorkai 62 | 20457 Hamburg

05151/98189220