Data Security App.

ePrivacy seal

Data Privacy Statement myo App

The myo app is offered to you by the respective nursing home. If you register via myo, receive or send messages, then the nursing home will be responsible for such data processing and will deploy Myosotis GmbH as the so-called “processor”. This means that Myosotis GmbH is processing such data exclusively on behalf of the nursing home and in accordance with the nursing home’s provisions and guidelines. Your nursing home’s data privacy statement is linked separately in the app. In addition, Myosotis GmbH also collects certain personal data on its own account and independently of the respective nursing home. We are informing you about this data processing in this data privacy statement. You can access this information at any time by going to  https://www.myo.de/datenschutz-app.

 

  1. Controller / Contact

The controller for the processing of data described in this data privacy statement is:

Myosotis GmbH
Swinemünderstrasse 110
10435 Berlin

Should you have any questions or suggestions regarding data protection, please feel free to contact us by e-mail at the following address:

datenschutz@myo.de.

 

  1. Collection and use of your data

2.1 Contact form

If you send us enquiries via our contact form or email, then your details on the contact form, including the contact data you entered there (name, email address, messages) or the details in your email, will be stored and used for the purpose of processing the enquiry. We collect these data in order to receive and process your enquiry (Art. 6 para. 1 (b) of the General Data Protection Regulation (GDPR)). If, as described above, we process your data for the purpose of receiving and processing your enquiries, then you are contractually obliged to make these data available to us. Without such data, we will not be in a position to receive and process your enquiries. We shall store your enquiries for a period of 12 months after your enquiry is processed in order to be able to determine whether there have been past technical difficulties with the App and to optimally process your enquiry. If we are legally obliged to do so, then we may also store your request beyond that period of time. In that case, however, your request will be stored and used only for the purpose of data retention as required by law.

 

  1. Permissions

Our App uses the following permissions:

Permission Purpose
Camera Taking photos / making videos
Microphone Recording sound / voice messages
Photo linrary Uploading photos

 

 

  1. Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics collects pseudonymous data from you about the use of our app, including your truncated IP address. These data are transferred to and stored on a Google server in the United States. Google will use this information to allow us to evaluate your use of the app, to compile reports on the use of the app and to generate other analyses and evaluations related to the use of the app and the Internet. Google will also transfer this information to third parties, if required to do so by law or if third parties process the information on Google’s behalf.  Google Analytics will store your data for a period of 14 months. After this period ends, the data will be deleted and only aggregated statistics will be retained. For more information about how Google uses your information, please see Google’s Privacy Policy: https://www.google.com/policies/privacy/.

You may object to the use of Google Analytics by turning-off the Google Analytics Switch in the myo app. See also https://developers.google.com/analytics/devguides/collection/gajs/methods/gaJSApi_gat?hl=de-DE.  The use of Google Analytics is based on our legitimate interest in a needs-based design, statistical evaluation and the efficient promotion of our app and on the fact that you do not have an overriding legitimate interest (Art. 6 para. 1 (f) GDPR).

 

  1. Google Firebase

We use Google Firebase, a service provided by Google LLC, for the non-person-specific analysis of the use of our app and for non-person-specific error logging. For more detailed information about how Google uses your data, please see Google’s Privacy Policy:  : https://www.google.com/policies/privacy/. Our evaluations and error logging are performed in a non-personally identifiable manner. We cannot therefore attribute these data to you. If one were nevertheless to classify the data processing as person-specific, then the use of such data is still justified in any case due to our legitimate interest in an error-free and needs-based operation of our app (Art. 6 para. 1 (f) GDPR).

 

  1. Automated individual decision-making or profiling measures

We do not use automated processing for making decisions or for profiling.

 

  1. Disclosure of data

In general, your personal data will be disclosed without your express prior consent in the following situations only:

  • If it is necessary to clarify an unlawful use of our services or to pursue the judicial enforcement of rights, then personal data will be disclosed to the prosecuting authorities and, if necessary, to injured third parties. Such disclosure will occur, however, only if there are specific indicia of illegal or abusive behaviour. A disclosure can also be made if it serves the enforcement of terms of use or other agreements. We are also legally obliged to provide information to certain government bodies upon request, including prosecuting authorities, authorities that prosecute petty administrative and fine-triggering offences (Ordnungswidrigkeiten) and the tax authorities.

The disclosure of these data is made on the basis of our legitimate interest in combating misuse, pursuing criminal offences and securing, asserting and enforcing claims and on the notion that you do not have an overriding legitimate interest (Art. 6 para. 1 (f) GDPR) or on the basis of a legal obligation pursuant to Art. 6 para. 1 (c) GDPR

 

  • We rely on contractually affiliated third parties and external service providers (“processors”) to provide the services. In those cases, personal information is shared with these processors to enable them to process it further. These processors are carefully selected and regularly reviewed by us to ensure that your rights and freedoms are protected. The processors may use the data exclusively for the purposes specified by us and are furthermore contractually obliged by us to treat your data exclusively in accordance with this data privacy statement and the German data protection laws.

 

Specifically, we rely on the following processors

  • Google LLC (Google Analytics und Google Firebase)

 

The disclosure of data to processors is based on Art. 28 para. 1 GDPR, or alternatively on our legitimate interest in the economic and technical benefits associated with the deployment of specialised processors and the fact that your rights and interests in protecting your personal data are not overriding (Art. 6 para. 1 (f) GDPR).

 

  • Google LLC is certified under the EU-U.S. Privacy Shield. For the United States, the European Commission decided on 12 July 2016 that an adequate level of data protection exists under the regulations of the EU-U.S. Privacy Shield (Adequacy Decision, Art. 45 GDPR). Further information – also about the certification of the service providers used by us – is available at https://www.privacyshield.gov
  • In connection with the further development of our business, the structure of Myosotis GmbH could change through a legal reorganization or if subsidiaries, corporate divisions or business units are formed, purchased or sold. In such transactions, customer information is transferred together with the part of the company being transferred. We shall act to ensure that each transfer of personal data to third parties to the extent described above is carried out in accordance with this data privacy statement and the relevant data protection laws.

 

Any disclosure of personal data is justified by the fact that we have a legitimate interest in adjusting our corporate form in an effort to adjust to the economic and legal circumstances as required and that your rights and interests in the protection of your personal data are not overriding (Art. 6 para. 1 (f)f GDPR).

 

  1. Erasure of your data

We will delete or render anonymous your personal data as soon as they are no longer required for the purposes for which we have collected or used them in accordance with the above sections. As a rule, we store your personal data for the duration of the usage or contractual relationship via the app, plus a period of 7 days during which time we will store backup copies following the erasure, unless such data are needed for a longer period of time based on legal reasons or for criminal prosecution or to secure, assert or enforce legal claims. If data must be retained for legal reasons, then such data will be blocked. In that case, the data will no longer be available for any other use.

 

  1. Your rights as data subject

9.1 Right of access to information

You have the right to obtain from us at any time upon request information about personal data that are related to you and processed by us within in the scope of Art. 15 GDPR. For this purpose, you may submit an application via post or email to the address indicated above.

9.2 Right to correct incorrect data

You have the right to demand that we correct your personal data without undue delay if they are incorrect. To do so, please contact us at the contact addresses indicated above.

9.3 Right to erasure

Subject to the conditions described in Art. 17 GDPR, you have the right to demand that erase your personal data. In particular, these conditions provide for a right of erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, or in cases of unlawful processing, the lodging of an objection or the existence of an obligation to erase under Union law or the laws of the Member State to which we are subject. Regarding the period of data storage, please also see section 7 of this data privacy statement. To exercise your aforementioned right, please contact us at the addresses shown above.

9.4  Right to restrict the processing

You have the right to demand that we restrict the processing in accordance with Art. 18 GDPR. This right exists, particularly if the correctness of the personal data is in dispute between the user and us, for the duration of period required to verify the correctness, and in the event that the user demands restricted processing in lieu of the user’s existing right to erasure; and will also exist in the event that the data are no longer needed for the purposes that we are pursuing but the user still requires the data for purposes of asserting, exercising or defending legal claims, and if there is still a dispute between us and the user about whether an objection has been successfully exercised. To exercise your aforementioned right, please contact us at the addresses shown above.

9.5 Right to data portability

You have the right to receive from us the personal data that concerns you and that you have provided to us in a structured, commonly-used and machine-readable format in accordance with Art. 20 GDPR. To exercise your aforementioned right, please contact us at the addresses indicated above.

9.6 Right to object

You have the right in accordance with Art. 21 GDPR to object, at any time and on grounds relating to your particular situation, to the processing of personal data that concerns you and that is carried out, inter alia, on the basis of Art. 6 para. 1 (e) or (f) GDPR. We will stop processing your personal data, unless we can demonstrate compelling legitimate grounds for the processing and they override your interests, rights and freedoms, or that the processing serves to establish, exercise or defend legal claims.

9.7 Right to lodge a complaint

You also have the right to lodge complaints with a competent supervisory authority. For instance, the competent supervisory authority for Berlin is:

Berlin Commissioner for Data Protection and Freedom of Information

(Berliner Beauftragte für Datenschutz und Informationsfreiheit)

Friedrichstraße 219
10969 Berlin

mailbox@datenschutz-berlin.de

A list of all European data protection authorities can be found here (in English): http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm,

 

per 26 June 2018