Data protection information on the processing of data in accordance with Article 13 of the EU General Data Protection Regulation (GDPR)
We, Science for Life GmbH (“we” or “us“ or “Company”) provide you with our program for smoking and alcohol cessation as well as surgical preparation in the form of our prehabilitation app (“App”), which you can download to your mobile device. We take the protection of your personal data seriously and would like to inform you as the data subject about the processing of personal data when using our app.
As part of our data protection responsibility, we are required by the EU General Data Protection Regulation (Regulation (EU) 2016/679; “GDPR”) to ensure the protection of your personal data. Insofar as we decide either alone or jointly with others on the purposes and means of data processing, this includes above all the obligation to inform you transparently about the type, scope, purpose, duration, and legal basis of the processing. With this declaration (“Data Protection Notice”) we inform you about how your personal data will be processed by us.
- Definitions
“Personal data” means any information relating to an identified or identifiable natural person (“affected person” or “data subject”) An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Profiling” means any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements, or predict.
“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. can be assigned.
“Responsible” or “Responsible for processing” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient” means a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a specific investigation under Union or Member State law shall not be considered recipients.
“Third party” means any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data, including other legal entities belonging to the Group.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Health data” means personal data relating to the physical or mental health of a natural person, including the provision of health services, which provide information about his or her state of health.
- Contact
The responsible institution for the processing of your personal data within the meaning of the GDPR is:
Science for Life GmbH
Lugallee 22
40545 Düsseldorf
Germany
E-Mail: support@longevist.com
Any affected person may at any time contact the controller directly with all questions and suggestions regarding data protection.
If you have reason to complain, you can also contact a supervisory authority. The supervisory authority primarily responsible for us is:
State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
Postfach 20 04 44
40102 Düsseldorf
Tel. 0211/38424-0
Fax: 0211/38424-999
E-Mail: poststelle@ldi.nrw.de
- Changes to the data protection information
As part of the further development of data protection law as well as technological or organizational changes, our data protection information is regularly reviewed for adjustments or additions. This data protection information is valid as of October 2022.
- Data Subject Rights
We take the protection of your personal data seriously and want to protect your rights. We therefore only store your personal data for as long as is permitted by law for the purposes mentioned.
In addition, we would like to draw your attention to your rights, in particular the right to
- Information about what data we have stored about you;
- Correction if, despite our efforts to obtain accurate and up-to-date data, incorrect data is stored by us;
- Deletion of your data, unless, in exceptional cases, there is a case authorizing further processing;
- Restriction of processing, if there is a legitimate reason for doing so.
- object to data processing;
- a copy of the data and, if necessary, a transfer of the data to other controllers;
- Revocation of your consent with effect for the future if you have given us consent for the processing of your data.
- Information about the processing of your data
Depending on which of the functions or services of our app you use, it is necessary for us to use your personal data. Your personal data will not be used via the types of use mentioned in this data protection information. In principle, any processing of personal data is prohibited by law and only permitted if there is a justification for the data processing. For the processing operations carried out by us, we indicate the applicable legal basis below. Processing may also be based on several legal bases.
- The data collected during the download
You can download this app directly to your mobile device free of charge via our website.
When downloading this app via an app store, certain personal data required for this purpose will be transmitted to it (e.g. Apple App Store or Google Play). In particular, your e-mail address, your username, any customer number of the downloading account, the individual device identification number, payment information and the time of download will be transmitted to the App Store when downloading. We have no influence on the collection and processing of this data, but it is carried out exclusively by the app store you have selected. Accordingly, we are not responsible for this collection and processing; the responsibility for this lies solely with the App Store. We therefore refer to the data protection information of the App Store used. We process the data only to the extent necessary to download the mobile app to your mobile device.
- Data collected during use
As part of the use of our app, we collect certain personal data that is necessary for app operation and service provision in order to offer you the functions of our mobile app or to ensure stability and security, e.g.,
- Access data: Access data includes the IP address, device ID, device type,
device-specific settings and app settings as well as app properties, the date and time of retrieval, time zone, the amount of data transferred and the message whether the data exchange was complete, crash of the app, browser type and operating system. This access data is processed to technically enable the operation of the app. - Data you provide to us: The creation of a user account is required for the use of the app. To do this, enter at least your first and last name as well as your e-mail address.
- Well-being data: In order to optimize the use of the app, a subjective assessment of your well-being is collected.
We only collect this data if this is necessary for the performance of the contract between you and us (Art. 6 para. 1 sentence 1 lit. b GDPR). Furthermore, we collect this data if this is necessary for the functionality of the app and your interest in the protection of your personal data does not outweigh it (Art. 6 para. 1 sentence 1 lit. f GDPR).
We only process other information if you allow us to do so. As part of the use of our app, health data in the form of weight, height and gender as well as the date of your operation are also processed. For the collection of the above data, consent is required before this data is collected in our app. The legal basis for the processing of your health data is Art. 6 para. 1 sentence 1 lit. a in conjunction with Art. 9 para. 2 lit. a GDPR.
- Data collection when contacting us
If you contact us by e-mail [or via our contact form], then your e-mail address, your name and any other personal data that you have provided in the course of contacting us will be stored by us so that we can contact you to answer the question. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b) or f) GDPR (pre-contractual measures, fulfilment of contract or our legitimate interest in data processing). We delete this data as soon as storage is no longer necessary. If there are legal retention periods, the data remains stored, but we restrict the processing.
- Collection of your location data
We perform a so-called 6-minute walking test. Performance data such as distance travelled, and the time required are recorded. Our offer includes so-called location-based services, with which we offer you special offers that are tailored to your respective location. You can only use these functions after you have agreed via a pop-up that we can collect your location data via GPS and your IP address in anonymous form for the purpose of providing services. You can allow or revoke the feature in the settings of the mobile app or your operating system at any time by going to “Settings” [x]. Your location will only be transmitted to us if you use functions when using the mobile app that we can only offer you if you know your location. This data processing is carried out to safeguard our legitimate interests on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, as well as on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
- Cookies
Our app does not use cookies to process personal data.
- Data Retention Period
The criterion for the duration of the storage of personal data is basically the respective statutory retention period. After expiry of this period, the corresponding data will be routinely deleted, provided that they are no longer required for the fulfilment or initiation of the contract. If the purpose of the collection and processing of personal data ceases to apply, the data will be deleted. However, storage may take place beyond the specified period in the event of an (imminent) legal dispute with you or other legal proceedings. Your personal data will only be stored on servers in an EU member state.
Third parties used by us will store your personal data on their systems for as long as is necessary in connection with the provision of the service for us in accordance with the respective order. Legal requirements for the storage and deletion of personal data remain unaffected by the above (e.g. § 257 HGB or § 147 AO). When the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted, unless further storage by us is necessary and there is a legal basis for this.
- Data Protection
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties, taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including their probability and Impact) for the person concerned. Our security measures are continuously improved in line with technological developments.
- Change of Purpose
Processing of your personal data for purposes other than those described will only take place if this is permitted by law or if you have consented to the changed purpose of data processing.
In the case of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes before further processing and provide you with all other relevant information.
- Data processing by third parties
- Order Data Processing
As with any larger company, we also use external service providers to handle our business transactions (e.g. for IT, logistics, telecommunications, sales and marketing). These only act in accordance with our instructions and have been contractually obliged within the meaning of Art. 28 GDPR to comply with the data protection regulations. The following categories of recipients, which are usually processors, may have access to your personal data:
- Service providers for the operation of our app and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR, unless they are processors;
- Government agencies/authorities, insofar as this is necessary to comply with a legal obligation. The legal basis for the transfer is then Art. 6 para. 1 sentence 1 lit. c GDPR;
- Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the transfer is then Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR.
- Disclosure of data to third parties
In addition, we will only share your personal data with third parties if:
- You have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit.
a or Art. 9 para. 2 lit. a GDPR, the disclosure is necessary pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data, - we are legally obliged to pass on data pursuant to Art. 6 para. 1 sentence 1 lit.
c GDPR or - this is necessary in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request (e.g. when forwarding inquiries and orders to regional cooperation partners)
- Transfer of personal data to third countries
There is no transfer of personal data to third countries.
- Automated decision-making (including profiling)
We do not use automated decision-making or profiling (an automated analysis of your personal circumstances).