Data Protection Guidelines of SINOVO health solutions GmbH
SINOVO health solutions GmbH takes the issue of
personal data protection very seriously. We organise our data processing in
line with the statutory objective of collecting, processing or using only the
personal data that is required for the reasonable and economic use of our
offer.
In what follows, you will find out when
data is saved during your use of the mylife software and how we use this data.
We have taken organisational measures to ensure compliance with the regulations
relating to data protection.
Should you do not agree with any aspect of
our Data Protection Guidelines, you may be entitled to legal rights, which are
likewise described here.
Scope of application
In these Data Protection Guidelines, the
words "we", "our", "us" refer to:
• SINOVO health solutions GmbH,
Willy-Brandt-Straße 4, 61118 Bad Vilbel;
• SINOVO business solutions GmbH,
Willy-Brandt-Straße 4, 61118 Bad Vilbel
Personal data
SINOVO health solutions GmbH collects,
processes and uses your personal data in compliance with the data protection
laws of the Federal Republic of Germany and the data protection regulations of
the European Union. Personal data is all the information that relates to a
natural person or is at least obtainable and thus allows conclusions about this
person's identity.
Our online offer can basically be used
without the disclosure of your identity. In the event of your participation in
one of our personalised services, you will be asked separately for the data
required to complete the services. You can freely choose whether you wish to participate
in these services and enter the appropriate information.
We expressly point out that the protection
of data transfers in open networks, such as the Internet, cannot be fully
guaranteed given the current state of the art. The information stored on the
servers of SINOVO health solutions GmbH or the Microsoft Cloud may, from a
technical point of view, also be viewed and changed by other participants on
the Internet without authorisation. SINOVO health solutions GmbH or Microsoft have
secured their servers against unauthorised access using proven and customary
systems.
Type and extent of data collected and
their use
When you visit our website https://mylife-software.net
(and its subdomains), the browser used on your device automatically sends
information to the server of our website. This information is temporarily
stored in a so-called log file. The following information will be collected
without any action on your part and stored until it is automatically deleted:
IP address of the requesting computer, date
and time of access, name and URL of the retrieved file, website from which the
access is made (referrer URL), browser used and, possibly, the operating system
of your computer and the name of your access provider,
We process the data mentioned for the
following purposes:
-
Ensuring the smooth establishment of your
connection to our website,
-
Ensuring the easy use of our website,
-
Evaluating system security and stability as well
as
-
For further administrative purposes.
The legal basis for the data processing is
Art. 6(1)1f GDPR (General Data Protection Regulation). Our legitimate interest
follows from the data collection purposes listed above. In no event do we use
the data collected for the purpose of drawing conclusions about you.
In addition, we use cookies and analytical
services when people visit our website. Further details on this can be found
below.
When you access our website, we also
collect certain information about you. For more information about this, see the
section on 'log files'.
In order to evaluate and continuously
improve the quality of our Internet offer, we undertake statistical evaluations
of the visits to our pages. This is done in part by using counting graphics in
our website. However, the data acquired in this way are strictly anonymised and
do not allow any conclusions to be drawn regarding the personal data of the
user or the identity of the user. Your data will never be used to create user
profiles of any kind.
The data collected will be used for the
following purposes:
-
The provision, maintenance, improvement and
development of relevant functions, content and services;
-
The detection of and defence against fraudulent,
abusive and prohibited activities as well as the protection and security of our
services.
Invitations to the mylife software online
version
You can use the mylife Software to invite
other people to join and view your online data. The personal data collected
will be used exclusively for the invitation and not for other purposes.
Protection and storage of personal
data
To ensure the best possible protection of
your personal data, SINOVO health solutions GmbH uses Microsoft's cloud services
(Windows Azure) with regard to the therapy and device data gathered by the
mylife Software. These data are stored in Europe.
We retain your data only for as long as is
required for the purposes set forth in these Data Protection Guidelines or for
the period of time in which your account is active with SINOVO health solutions GmbH or Microsoft and it is necessary to do so in order to provide you with the
services. If you no longer wish that SINOVO health solutions GmbH uses your data to
provide the services to you, you can close your account and SINOVO health solutions GmbH will delete the stored data insofar as SINOVO health solutions GmbH is not
obliged to keep your data for compliance with legal obligations or for settling
disputes.
If we have not had any relevant contact
with you for two years, we will erase your personal data from our systems
unless we believe in good faith that we are required by law or otherwise to
keep them (e.g. an enquiry in connection with a probable lawsuit).
Transfer of personal data to other third
parties
We do not share personal information with
other third parties. In particular, there is no disclosure of personal data to
third parties for advertising purposes.
Transfer of data
Any
transfer of your personal data to third parties for purposes other than those
listed below does not take place.
We
only pass on your personal information to third parties if:
·
you have given your express consent to this in
accordance with Art. 6 para(1)1a GDPR,
·
disclosure pursuant to Art. 6(1)1f GDPR is
required in order to assert, exercise or defend legal claims and there is no
reason to assume that you have a predominantly legitimate interest in not
disclosing your data,
·
in the event that disclosure pursuant to Art. 6(1)1c
GDPR is a legal obligation, as well as
·
it is legally permissible and is required for
the settlement of contractual relationships with you in accordance with Art.
6(1)1b GDPR.
Only anonymised data can be passed on to
other third parties for evaluation purposes. Anonymization is a process in
which personal data is modified in such a way that the details of personal or
factual circumstances can no longer – or only with a disproportionate amount of
time, costs and labour – be assigned to a particular or identifiable natural
person.
If, however, you use further personalised
services of our offer, the collection of personalised data and their transfer
to third parties may be required for the purpose of carrying out and processing
the service. However, these data are only stored or transmitted to the extent
required for order processing. In order to do so, when you fill in the
respective form, the submission of an explicit declaration of consent is
required.
Third parties to whom your data is passed
on in the context of order processing are, moreover, bound by the statutory
provisions for the handling of personal data. Insofar as we are or will be
required to do so by law or by court order, we will forward data, to the extent
authorised by law, to the respective authorities entitled to receive information.
Right of revocation, right to
disclosure, deletion and data portability
Rights of the data subject
You have the right:
·
in accordance with Art. 15 GDPR, to request
information about your personal data processed by us. In particular, you can
demand information on the purposes of the processing, the categories of
personal data concerned, the recipients or categories of recipient to whom your
data have been or will be disclosed, the envisaged period for which the
personal data will be stored, the right to rectification, erasure, restriction
of processing or objection to such processing, the existence of a right to lodge
a complaint, the source of your data, insofar as they have not been collected
by us, as well as the existence of automated decision-making including
profiling and, where appropriate, meaningful information about their details;
·
pursuant to Art. 16 GDPR, to demand the rectification
of inaccurate or the completion of incomplete personal data stored by us
immediately;
·
in accordance with Art. 17 GDPR, to demand the
erasure of your personal data stored by us, except where the processing is
required for exercising the right of freedom of expression and information, for
compliance with a legal obligation, for reasons of public interest or for the
establishment, exercise or defence of legal claims;
·
in accordance with Art. 18 GDPR, to demand the
restriction of the processing of your personal data, insofar as the accuracy of
the data is contested by you, the processing is unlawful, but you oppose the
erasure of the personal data, and we no longer need the personal data for the
purposes of the processing, but they are required by you for the establishment,
exercise or defence of legal claims or you have objected to processing pursuant
to Article 21(1) GDPR;
·
pursuant to Art. 20 GDPR, to receive your
personal data that you have provided to us in a structured, commonly used and
machine-readable format and to transmit those data to another controller;
·
pursuant to Art. 7(3) GDPR, to withdraw your
consent at any time. This will result in us not being allowed, in future, to
continue the data processing that was based on this consent and
·
in accordance with Art. 77 GDPR, to lodge a
complaint with a supervisory authority. As a rule, you can contact the
supervisory authority of your habitual residence, place of work or place of our
law offices.
Right of objection
Insofar as the processing of your personal
data is required for the purposes of legitimate interests in accordance
with Art. 6(1)1f GDPR, you have the right to object, at any time, to processing
of personal data concerning you in accordance with Art. 21 GDPR, provided that
there grounds relating to your particular situation or the objection is
directed against direct advertising. In the latter case, you have a general
right of objection, which we implement without your specifying any particular
situation.
If you would like to exercise your right of
revocation or objection, an e-mail sent to info@sinovo.de will suffice.
You have the right to revoke your consent
to the collection, processing and use of your personal data at any time,
without stating reasons and with effect for the future. You can exercise this
right by simply calling SINOVO health solutions GmbH or sending the revocation to
us, e.g. in writing or by e-mail.
You are entitled, at any time, to request
from SINOVO health solutions GmbH comprehensive information on the data stored
concerning you.
You can also request, at any time, the
correction, erasure and blocking of individual personal data by SINOVO health solutions GmbH.
If you wish, you have the right to transfer
your data from us to another Data Controller. We will assist you by submitting
your data directly to you or by providing you with a copy in a standard
machine-readable format.
mylife Software online version – Information for the exchange of data
with other persons
Users or patients can use the online
version of mylife to exchange data with the persons authorised to receive it
(e.g. doctor, person of trust). Please note that the linking of personal data
with the health data must be technically possible in order to allow your doctor
to assign the data to the patient. However, SINOVO health solutions GmbH will not
associate personal data with health data in such a way that people other than
the authorised physician can assign health data to certain persons. Employees
of SINOVO health solutions GmbH have been instructed accordingly and are bound by these
Data Protection Guidelines. In no case will personal or health data be passed
on to other third parties other than your authorised doctor or other authorised
third parties or people authorised to retrieve the data. Access to data
contained in mylife Software online version is only possible after the user ID
and password have been entered. Doctors and persons of trust shall only gain
access to the data after you have authorised your doctor to gain access, the
doctor has logged in and the doctor has confirmed his/her registration when
logging on. Doctors and persons of trust may use the mylife Software to
exchange data with patients who have authorised them to access the patient
data. The authorisation of the doctor or a third party can be revoked at any
time. After revocation, no access for the respective doctor or third party is
possible.
Use of cookies
After you have logged in (with your user
name and password), the services of mylife online version use cookies, with
which you can be identified during the duration of your visit. A cookie is
stored on your computer. After the end of the session, the cookie expires
automatically. You can save this cookie permanently so that you can log in
automatically by using the "Automatically log in to this computer"
feature. The cookie will then contain parts of your log-in details in encrypted
form. However, the automatic log-in to two (2) different computers is not
possible in this case.
Log files
With every page you view, access data is
stored in a log file, the so-called server log. The data set saved contains the
following data:
• Your IP address (a unique
identifying number that can be traced back to your device),
• the remote host (the name and IP address of
the computer requesting the page),
• the time, status, volume of data
transferred and the website from which you came to the requested page
(referrer), as well as
• the product and version information of
the browser used (user agent).
SINOVO health solutions GmbH uses the
standardised log file format of the web server for this purpose. SINOVO health solutions GmbH uses the log data (logs) in an anonymised form, i.e. without
assignment or references to your person, for statistical analysis. SINOVO health solutions GmbH may thus, for example, find out on which days and at which times
the offers of mylife online version are particularly popular and what data
volume is generated on the SINOVO websites. Moreover, SINOVO health solutions GmbH
may recognise possible errors thanks to the log files, e.g. faulty links or
bugs, and thus use the log files to further develop the mylife online version
websites. SINOVO health solutions GmbH does not associate the page views and uses
stored in the server log with individuals. SINOVO health solutions GmbH reserves
the right, however, to subsequently check the log files via the last known IP
address of such users who, on the basis of certain facts, are suspected of
using the mylife online version of websites and/or the mylife services
illegally or contrary to contract. This serves the protection of mylife
members, the security of SINOVO member data, as well as the SINOVO websites and
mylife services.
You can prevent the installation of the
cookies by setting your browser appropriately. When a corresponding browser
setting is used, cookies will not be saved. This may mean, however, that not
all features of the mylife Software online version can be used.
Children under 18 years of age
Participation in mylife online services is
reserved exclusively for adults. Parents or guardians are responsible for
protecting the privacy of their children.
Persons under the age of 18 should not
submit any personal data to us without the consent of their parents or
guardians. We do not solicit, collect, store or disclose to any third party personal
information collected from children.
Links to other websites
Insofar as our Internet pages contain links
to the offers of other service providers, we cannot guarantee and cannot assume
any liability for the fact that these Internet pages also comply with the
statutory provisions. Please inform yourself on the respective websites, with
the aid of the privacy policy of the respective provider, of the respective
valid data protection standards.
Right to complain to a supervisory authority
Without prejudice to any other
administrative or judicial remedy, you are entitled to lodge a complaint with a
supervisory authority, in particular in the Member State of your residence,
place of work or place of alleged infringement, if you believe that the processing
of your personal data violates the GDPR.
The supervisory authority with which the
complaint has been lodged shall inform the complainant of the status and
results of the complaint, including the possibility of a judicial remedy
pursuant to Article 78 of the GDPR.
The supervisory authority responsible for
SINOVO health solutions GmbH is the Data Protection Officer of the Federal State of
Hesse.
Name and address of the controller
The Controller in terms of the General Data
Protection Regulation is:
SINOVO health solutions GmbH
Willy-Brandt-Straße 4
61118 Bad Vilbel
Deutschland
Tel.: +49-61-09500 3900
E-mail: info@sinovo.de
Website: www.sinovo.de
Name and address of the Data Protection
Officer:
The Data Protection Officer of the
Controller is:
Sascha Hesse
Niddastraße 74
60329 Frankfurt am Main
Germany
Tel.: +49-61-09500 3947
E-mail: datenschutz@sinovo.de
Changes
This information is subject to legal
regulations and may, therefore, require adjustments. If you have any questions,
suggestions or comments, please contact us by e-mail at info@sinovo.net
The current Privacy Statement can be viewed
and printed off at any time; please go to https://mylife-software.net/privacy.
Status: May 2018