Privacy Policy - VitaDock+ App

Use of our mobile app

Section 1 Information about the collection of personal data

(1) In addition to our online offer, we provide you with the mobile app VitaDock+®, which you can download to your mobile end device. Below, we will be informing you about the collection of personal data when using our mobile app. Personal data is all data that is personally available to you, e.g. name, address, e-mail addresses, user behaviour.

(2) Responsible pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is Medisana AG, Jagenbergstrasse 19, 41468 Neuss, info@medisana.de, www.medisana.de (see our legal notice). Our Data Protection Officer can be reached at datenschutz.ne@medisana.de or our postal address with the addition "Der Datenschutzbeauftragte".

(3) When you contact us by e-mail or through a contact form, your e-mail address and (if provided) your name and telephone number will be stored by us so that we can answer your questions. We either delete the data that arises in this context after the storage is no longer required or limit the processing of this data if statutory retention requirements apply in this regard.

(4) If we rely on commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective procedures. In doing so, we will also inform you of the specified criteria for the duration of storage.

Section 2 Your rights

(1) With respect to your personal data, you have the following rights in your relationship with us:

• the right to information,
• the right to rectification or deletion,
• the right to restriction of the processing,
• the right to object to the processing,
• the right to data portability.

(2) You also have the right to complain to a data protection supervisory authority regarding our processing of your personal data.

Section 3 Collection of personal data when using our mobile app

(1) When downloading the mobile app, the required information is transferred to the App Store, in particular the user name, e-mail address and customer number of your account, the time of download, payment information as well as the individual device code. We do not have any influence over this data transfer and are not responsible for it. We only process the data as far as is necessary for the mobile app to be downloaded to your mobile end device.

(2) When using the mobile app, we collect the personal data described below in order to enable the convenient use of the features. If you wish to use our mobile app, we collect the following data that is technically necessary for us to offer you the features of our mobile app as well as to ensure stability and security (the respective legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific webpage)
• Access status/HTTP status code
• Respectively transmitted amount of data
• Operating system and its interface.

(3) The mobile app VitaDock+® does not use cookies.

Section 4 Supplementary information for special uses of the mobile app

(1) Use of your personal data and vital signs

1. The app VitaDock+® offers you the opportunity to transfer and share vital signs that are collected using devices which are compatible with VitaDock®.
   
   In order to access the login area of the app and to be able to use this option, you have to register yourself by entering your e-mail address as well as your own password and to create a user account.
   
   We use the so-called double-opt-in procedure for registration, i.e. your registration is only completed once you have previously confirmed your application via a confirmation e-mail, which is sent to you for this purpose, by clicking on the link contained therein. If your confirmation is not received within 24 hours, your registration will automatically be deleted from our database. The above-mentioned data is obligatory; you can provide all further information voluntarily by using our portal.
   
   When you use the VitaDock app, we collect and store the following data after you have provided your prior consent, which you either provide directly or generate by using VitaDock+®:

• Date of birth
• Gender
• Height, weight, activity levels and activity logs
• Health-related data, such as blood glucose levels, blood pressure, blood oxygen levels, oxygen saturation, body temperature, as well as data related to stress and sleep.

Please note that such health-related data can be used to draw conclusions about your state of health and that it can therefore be sensitive personal data.

The vital signs you provide will be stored separately from your other personal information and may be retrieved by the mobile devices you have activated and third parties you have authorised pursuant to the Terms of Use. For the security of your data, we use the Open Authentication (OAuth) procedure, which is also described in more detail in the Terms of Use. The data is always transferred anonymously. The assignment of your retrieved personal data takes place via the account for the respective third-party application. By authorising the third party, you provide your consent in this regard.

If you do not grant permission to use the aforementioned data, we will not use it. In that case, you will not be able to use the features of our app. You may grant or revoke your permission later in the settings of the app or operating system under "Personal Settings."

1. If you allow access to this information, the mobile app will only access your information and transfer it to our server if it is necessary for the provision of the functionality. Your data will be treated confidentially and deleted if you revoke the rights to use or if the data is no longer required in order to provide the services and no legal retention requirements apply.
   
   The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR and for the processing of health data Art. 9 para. 1, 2 a) GDPR.

(2) Collection of your location data, geolocation

1. Our offer includes so-called location based services, by means of which we offer you special offers that are tailored to your particular location. You can only use these functions after you have agreed via a pop-up that we can collect your location data by means of GPS and your IP address in anonymous form for the purposes of providing services.
   
   A so-called geo-localization, i.e. the assignment of a usage process to the place of the call, takes place exclusively on the basis of the anonymised IP address and only up to the geographical level of the federal states/regions. The geographic information obtained in this way can never be used to draw conclusions about the actual place of residence of the user.
   
   You can always allow or revoke the function in the settings of the app or of your operating system under "Settings". Your location will only be transferred to us if, when using the app, you use features that we can only offer you when your location is known.
   
2. Your location data will not be used to create motion profiles beyond your current location.

(3) Use of your address book, phone function, SMS when using "ViFit Touch"

Only when connecting the mobile app with a "ViFit Touch" Medisana Activity Tracker will we ask you in a pop-up for permission to use your address book, the phone function and the SMS function. This information is only used to display the number or name of the caller stored in the address book on the Activity Tracker display. This data is neither stored in the app nor transferred to Medisana. If you do not provide your permission, we will not use this information.

You can later grant or revoke this permission in the settings of the app under Settings.

(4) Use of network-based location when using "ViFit Run"

Only when connecting the mobile app with a "ViFit Run" Medisana Activity Tracker the rough, network-based location is used to display weather information on the activity tracker display. This data is only used to provide the desired information and not being stored on the app nor on Medisana's servers.

(5) Forum and support via Zendesk

To handle customer inquiries, we use the Zendesk ticket system, a customer service platform of Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102. For this purpose, necessary data such as your last name, first name, postal address, telephone number and e-mail address is collected via our app in order to respond to the informational needs of our users.

Zendesk is a certified participant in the "Privacy Shield Framework" and therefore meets the minimum requirements for legally compliant order data processing.

For more information about Zendesk's computing practices, please see Zendesk's Data Privacy Statement at http://www.zendesk.com/company/privacy. The Privacy Officer of Zendesk can be contacted at privacy@zendesk.com.

If you contact us by e-mail or via the form in the app, we will only use the personal information you submit in order to process the specific request. The provided data will be treated confidentially. The provided data as well as the message history with our service desk are stored for the sake of follow-up questions and subsequent contact. The processing of the data entered into the contact form is based upon your consent (Art. 6 para. 1 a GDPR).

Last updated: Oktober 5th 2020