PLEASE READ THIS POLICY CAREFULLY BEFORE USING HEALTH TECH ESSENTIALS’ SERVICES
Protecting your data, privacy and personal information is very important to Health Tech Essentials GmbH (“us”, “our” or “we” or „Kardea App“ or „Kardea”). It is vitally important to us that our customers feel secure when using the Services.
When visiting Health Tech Essentials GmbH website
(our “Website”), using our application “Kardea” (our “App”) or using any of the services offered via the Website or the App (the “Services”), you will be asked to indicate your acknowledgment of, and where applicable your consent to, the practices described in this policy.
Our Website contain links to third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.
Information we may collect
We may collect and process the following data about you:
- Information that you provide to us. You will be asked to provide us with your information when you:
- fill in forms on our Website or App, or correspond with us by phone, email or otherwise;
- register to use our Services, subscribe to our newsletter, promotional emails or other marketing materials;
- use the Services;
- report a problem with our Services; or
- complete any surveys we ask you to fill in that we use for research purposes (although you do not have to respond to these if you do not want to).
The information you will be asked to provide to us for these purposes will include your name, gender, date of birth, email address, vital data such as blood pressure, heart rate, BMI or further information required to verify your identity.
- Information we collect about you. With regard to each of your visits to our Website or our App we may automatically collect the following information; however, this information cannot be used to identify you:
- device-specific information, such as your hardware model, operating system version, unique device identifiers, and mobile network information;
- technical information about your computer, including where available, your IP address, operating system and browser type, for system administration and analytical purposes;
- details of your visits to our Website and App, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website and App (including date and time), length of visits to certain pages, and page interaction information (such as scrolling, clicks, and mouse-overs);
- information showing us from which app store you downloaded our App; and
- details of conditions and symptoms searched (aggregated and/or anonymised).
- Information we receive from other sources. When using our Services, we will be in contact with third parties who may provide us with certain information about you in order to enable your use of the Services. This includes information from Apple Health Kit.
How we use your information and justification of use
Use of personal information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the ground in respect of each use of your personal data in this policy. These are the principal grounds that justify our use of your information:
- Consent: where you have consented to our use of your information (you are providing explicit, informed, freely given consent, in relation to any such use and may withdraw your consent in the circumstance detailed below by notifying us);
- Contract performance: where your information is necessary to enter into or perform our contract with you;
- Legal obligation: where we need to use your information to comply with our legal obligations;
- Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights; and
- Legal claims: where your information if necessary for us to defend, prosecute or make a claim against you or a third party.
We use information held about you (and information about others that you have provided us with) in the following ways:
Types of information we collect
- Apple Health Kit data
- Email address, name, date of birth, gender
- Uses of that Information: To provide you with access to our Website, App and any other information which you request from us, and to use our Services.
- Use Justification: Contract performance
- vital data, nutrition status, height, weight, drinking age, smoking habits, sleeping habits
- Uses of that Information: To provide you with the Services.
- Use Justification: Consent (we require your consent to process your sensitive personal data, which is required in order to provide the Services.)
- Email address, name
- Uses of that Information: For marketing products and services that we believe will be of interest to you.
- Use Justification: Legitimate interest (for marketing our own similar products and services and any re-engagement campaigns) Consent (for marketing unrelated products or services or products or services of third parties).
- Email address, name, date of birth, illness symptoms, potential causes of illness symptoms, medical history, allergies
- Uses of that Information: To administer our Services and for internal operations, including research, data analysis and data statistics, and to create derived, anonymised and aggregated data to improve our Services.
- Use Justification: Legitimate interest (to administer and improve our Services).
- Email address
- Uses of that Information: To notify you about changes to our Services.
- Use Justification: Contract performance, legitimate interests (to update our Services from time to time).
We will not sell your personal data (or any other data you provide us with) to third-parties, however, we reserve the right to share any data, which has been anonymised and/or aggregated. You acknowledge and accept that we own all right, title and interest in and to any derived data or aggregated and/or anonymised data collected or created by us.
We may use information for marketing products of our partners and services to you in the following ways:
Types of marketing activity:
- we will show you products of our partners in the Kardea App based on your data (vital data and the data you provide us)
- To send you details about unrelated services or products or special offers and discounts which are being provided by our selected business partners. Where required by law, we will ask your consent at the time we collect your data to conduct any of these types of marketing.
- Use justification: Consent (which can be withdrawn at any time)
We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us.
Where we store your personal information
The personal data that we collect from you (including email addresses that form part of our prospective marketing database) is processed in the European Economic Area (“EEA”) and stored on Amazon Web Services (Europe) Cloud Servers This data may however be processed by staff operating outside of the EEA who work for us or for one of our business partners or service providers. Countries outside the EEA may not provide the same level of adequate protection for the rights and freedoms of data subjects in relation to the processing of personal data; however, by using our Services, you provide your consent for Health Tech Essentials GmbH to disclose your personal data to those third parties.
Your passwords are stored on Health Tech Essentials GmbH’s servers in encrypted form. We do not disclose your account details. It is your responsibility to keep your password secure. Unfortunately, the transmission of information via the internet is not completely secure. Although Health Tech Essentials GmbH will do its best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent any unauthorised access.
Sensitive information between your browser and our Website is transferred in encrypted form using Secure Socket Layer (“SSL”). When transmitting sensitive information, you should always make sure that your browser can validate the Health Tech Essentials GmbH certificate.
Please contact us if you would like further details on the specific safeguards applied to the export of your personal information outside EEA.
Disclosure of your information
We do not disclose your personal information to any other third parties.
How long we retain your personal data
We will hold the above information for as long as is necessary in order to provide you with the Services, deal with any specific issues that may raise, or otherwise as is required by law or any relevant regulatory body. Once your account is terminated or deactivated, we shall delete the personal data relating to your account within 1 month. If your account is inactive for 12 months, we may contact you to assess whether you want to continue to use the Services. Some personal data may need to be retained for longer than this to ensure Health Tech Essentials GmbH can comply with applicable laws and internal compliance procedures, including retaining your email address for marketing communication suppression if you have opted not to receive any further marketing.
If information is used for two purposes, we will retain it until the purpose with the latest period expires but we will stop using it for the purpose with a shorter period when that period expires.
We restrict access to your personal information to those persons who need to use it for the relevant purpose(s). Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymized (and the anonymized information may be retained) or securely destroyed.
Under the General Data Protection Regulation (EU) DGSVO, you have various rights in relation to your personal data. All of these rights can be exercised by contacting us at firstname.lastname@example.org
You have the following rights in relation to your personal data:
- Right to Rectification
- We will use reasonable endeavors to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by sending us a request to rectify your personal data where you believe the personal data we have is inaccurate or incomplete.
- Right to erasure / ‘Right to be forgotten’
- By deleting your account, Health Tech Essentials GmbH will delete all of your personal data without undue delay (unless there is a legitimate and legal reason why Health Tech Essentials GmbH is unable to delete certain of your personal data, in which case we will inform you of this in writing).
- Right to restriction of processing
- You have the right to ask us to stop processing your personal data at any time.
- Right to data portability
- You have the right to request that Health Tech Essentials GmbH provides you with a copy of all of your personal data and to transmit your personal data to another data controller in a structured, commonly used and machine-readable format, where it is technically feasible for us to do so.
- Right to complain
- You have the right to lodge a complaint to a supervisory authority such as the Bundesdatenschutzbehörde in Germany or the Information Commissioner’s Office in the UK. Although we encourage our customers to engage with us in the event they have any concerns or complaints.
Health Tech Essentials GmbH will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above; however, if you make excessive, repetitive or manifestly unfounded requests, we may charge you an administration fee in order to process such requests or refuse to act on such requests. Where we are required to provide a copy of the personal data undergoing processing this will be free of charge; however, any further copies requested may be subject to reasonable fees based on administrative costs.
Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use Health Tech Essentials GmbH’s Services, or at least those aspects of the Services which require the processing of the types of personal data you have asked us to delete, which may result in you no longer being able to use the Services.
Where you request Health Tech Essentials GmbH to rectify or erase your personal data or restrict any processing of such personal data, Health Tech Essentials GmbH may notify third parties to whom such personal data has been disclosed of such request. However, such third party may have the right to retain and continue to process such personal data in its own right.
Changes to this policy
For the purpose of the relevant data protection legislation, the data controller is Health Tech Essentials GmbH with registered address at Potsdamer Platz 1, 10785 Berlin, Germany.
Our data protection officer is Stefan Söllner.