Data Security App.
Data Privacy Statement myo App
The myo app is offered to you by the respective nursing home. If you register via myo, receive or send messages, then the nursing home will be responsible for such data processing and will deploy Myosotis GmbH as the so-called “processor”. This means that Myosotis GmbH is processing such data exclusively on behalf of the nursing home and in accordance with the nursing home’s provisions and guidelines. Your nursing home’s data privacy statement is linked separately in the app. In addition, Myosotis GmbH also collects certain personal data on its own account and independently of the respective nursing home. We are informing you about this data processing in this data privacy statement. You can access this information at any time by going to https://www.myo.de/datenschutz-app.
- Controller / Contact
The controller for the processing of data described in this data privacy statement is:
Should you have any questions or suggestions regarding data protection, please feel free to contact us by e-mail at the following address:
- Collection and use of your data
2.1 Contact form
If you send us enquiries via our contact form or email, then your details on the contact form, including the contact data you entered there (name, email address, messages) or the details in your email, will be stored and used for the purpose of processing the enquiry. We collect these data in order to receive and process your enquiry (Art. 6 para. 1 (b) of the General Data Protection Regulation (GDPR)). If, as described above, we process your data for the purpose of receiving and processing your enquiries, then you are contractually obliged to make these data available to us. Without such data, we will not be in a position to receive and process your enquiries. We shall store your enquiries for a period of 12 months after your enquiry is processed in order to be able to determine whether there have been past technical difficulties with the App and to optimally process your enquiry. If we are legally obliged to do so, then we may also store your request beyond that period of time. In that case, however, your request will be stored and used only for the purpose of data retention as required by law.
Our App uses the following permissions:
|Camera||Taking photos / making videos|
|Microphone||Recording sound / voice messages|
|Photo linrary||Uploading photos|
- Google Analytics
You may object to the use of Google Analytics by turning-off the Google Analytics Switch in the myo app. See also https://developers.google.com/analytics/devguides/collection/gajs/methods/gaJSApi_gat?hl=de-DE. The use of Google Analytics is based on our legitimate interest in a needs-based design, statistical evaluation and the efficient promotion of our app and on the fact that you do not have an overriding legitimate interest (Art. 6 para. 1 (f) GDPR).
- Google Firebase
- Automated individual decision-making or profiling measures
We do not use automated processing for making decisions or for profiling.
- Disclosure of data
In general, your personal data will be disclosed without your express prior consent in the following situations only:
The disclosure of these data is made on the basis of our legitimate interest in combating misuse, pursuing criminal offences and securing, asserting and enforcing claims and on the notion that you do not have an overriding legitimate interest (Art. 6 para. 1 (f) GDPR) or on the basis of a legal obligation pursuant to Art. 6 para. 1 (c) GDPR
- We rely on contractually affiliated third parties and external service providers (“processors”) to provide the services. In those cases, personal information is shared with these processors to enable them to process it further. These processors are carefully selected and regularly reviewed by us to ensure that your rights and freedoms are protected. The processors may use the data exclusively for the purposes specified by us and are furthermore contractually obliged by us to treat your data exclusively in accordance with this data privacy statement and the German data protection laws.
Specifically, we rely on the following processors
- Google LLC (Google Analytics und Google Firebase)
The disclosure of data to processors is based on Art. 28 para. 1 GDPR, or alternatively on our legitimate interest in the economic and technical benefits associated with the deployment of specialised processors and the fact that your rights and interests in protecting your personal data are not overriding (Art. 6 para. 1 (f) GDPR).
- Google LLC is certified under the EU-U.S. Privacy Shield. For the United States, the European Commission decided on 12 July 2016 that an adequate level of data protection exists under the regulations of the EU-U.S. Privacy Shield (Adequacy Decision, Art. 45 GDPR). Further information – also about the certification of the service providers used by us – is available at https://www.privacyshield.gov
- In connection with the further development of our business, the structure of Myosotis GmbH could change through a legal reorganization or if subsidiaries, corporate divisions or business units are formed, purchased or sold. In such transactions, customer information is transferred together with the part of the company being transferred. We shall act to ensure that each transfer of personal data to third parties to the extent described above is carried out in accordance with this data privacy statement and the relevant data protection laws.
Any disclosure of personal data is justified by the fact that we have a legitimate interest in adjusting our corporate form in an effort to adjust to the economic and legal circumstances as required and that your rights and interests in the protection of your personal data are not overriding (Art. 6 para. 1 (f)f GDPR).
- Erasure of your data
We will delete or render anonymous your personal data as soon as they are no longer required for the purposes for which we have collected or used them in accordance with the above sections. As a rule, we store your personal data for the duration of the usage or contractual relationship via the app, plus a period of 7 days during which time we will store backup copies following the erasure, unless such data are needed for a longer period of time based on legal reasons or for criminal prosecution or to secure, assert or enforce legal claims. If data must be retained for legal reasons, then such data will be blocked. In that case, the data will no longer be available for any other use.
- Your rights as data subject
9.1 Right of access to information
You have the right to obtain from us at any time upon request information about personal data that are related to you and processed by us within in the scope of Art. 15 GDPR. For this purpose, you may submit an application via post or email to the address indicated above.
9.2 Right to correct incorrect data
You have the right to demand that we correct your personal data without undue delay if they are incorrect. To do so, please contact us at the contact addresses indicated above.
9.3 Right to erasure
Subject to the conditions described in Art. 17 GDPR, you have the right to demand that erase your personal data. In particular, these conditions provide for a right of erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, or in cases of unlawful processing, the lodging of an objection or the existence of an obligation to erase under Union law or the laws of the Member State to which we are subject. Regarding the period of data storage, please also see section 7 of this data privacy statement. To exercise your aforementioned right, please contact us at the addresses shown above.
9.4 Right to restrict the processing
You have the right to demand that we restrict the processing in accordance with Art. 18 GDPR. This right exists, particularly if the correctness of the personal data is in dispute between the user and us, for the duration of period required to verify the correctness, and in the event that the user demands restricted processing in lieu of the user’s existing right to erasure; and will also exist in the event that the data are no longer needed for the purposes that we are pursuing but the user still requires the data for purposes of asserting, exercising or defending legal claims, and if there is still a dispute between us and the user about whether an objection has been successfully exercised. To exercise your aforementioned right, please contact us at the addresses shown above.
9.5 Right to data portability
You have the right to receive from us the personal data that concerns you and that you have provided to us in a structured, commonly-used and machine-readable format in accordance with Art. 20 GDPR. To exercise your aforementioned right, please contact us at the addresses indicated above.
9.6 Right to object
You have the right in accordance with Art. 21 GDPR to object, at any time and on grounds relating to your particular situation, to the processing of personal data that concerns you and that is carried out, inter alia, on the basis of Art. 6 para. 1 (e) or (f) GDPR. We will stop processing your personal data, unless we can demonstrate compelling legitimate grounds for the processing and they override your interests, rights and freedoms, or that the processing serves to establish, exercise or defend legal claims.
9.7 Right to lodge a complaint
You also have the right to lodge complaints with a competent supervisory authority. For instance, the competent supervisory authority for Berlin is:
Berlin Commissioner for Data Protection and Freedom of Information
(Berliner Beauftragte für Datenschutz und Informationsfreiheit)
A list of all European data protection authorities can be found here (in English): http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm,
per 26 June 2018