Status: October 13, 2022
– Information according to Art. 13, 14, 21 General Data Protection Regulation (GDPR).
With the following data protection notices, we inform you about the nature, scope and purposes of the collection, use and other processing of personal data when using our mobile app « medidux™ » (hereinafter « medidux™ app »).
The responsible party for the processing of your data when using the medidux™ app is:
mobile Health AG
Tel: +41 43 243 76 22
You can reach the data protection officer of the responsible party at:
You can download the medidux™ app from the Google Play Store or the Apple App Store.
When downloading apps from the Google Play Store or the Apple App Store, the information required for this purpose is transferred to Google Ireland Limited or Apple Distribution International in Ireland, i.e. in particular user name, e-mail address and customer number of your Google or Apple account, time of download, payment information and the individual device identification number.
We have no influence on this data collection and are not responsible for it. For more information, please refer to the respective privacy notices of Google (https://policies.google.com/privacy) and Apple (https://www.apple.com/legal/privacy/de-ww/).
Personal data is any information relating to an identified or identifiable natural person. When we process personal data, this means that we collect, store, transmit, delete or otherwise use this data.
When you use the medidux™ app, we request data from you that has nothing to do with your health or medical condition. When you register in the medidux™ app, we process information about you. This may include, for example:
The following data, which you can provide to us by using the medidux™ app, is so-called health data:
Information about vital parameters
Indication of medication
Information on the overall status
Data on physician consultations, emergencies and hospitalizations
The health data you enter is stored and processed in the app on your terminal device. The data entries/ recordings (your details) are transmitted to our server solely for you for the purpose of data backup. On this basis, you can also restore the medidux™ app after changing devices.
For the collection of health data, your consent is requested before this data is collected in the medidux™ app, as provided by law. Revocation of consent is possible at any time. Upon successful revocation, the personal account data and all data provided in the app as part of the treatment will be irrevocably deleted.
4.1 Processing of usage data of the medidux™ app.
When you use the medidux™ app, we process so-called usage data. For example, we log the connection of the medidux™ app to our servers. Among other things, your e-mail address (if you have logged in), date and time of access, duration of use, the functions called up, the amount of data transferred and the successful retrieval are stored in log files.
4.2 Use of the contents of the medidux™ app
When you use the contents of the medidux™ app, we additionally process the personal data you entered in the response to questions. This data is partly related to your physical and mental health (e.g. answering questions about your current mood and how you deal with it).
We process your data within DiGA for the following purposes:
If you have given us your separate consent, we will also process data to permanently ensure the technical functionality, user-friendliness and further development of the DiGA (§ 4 para. 2 p. 1 no. 4 DiGAV).
If you are a self-payer or use a voucher code, selected data is processed to bill you for our services.
If legal retention periods exist, we store the data to meet our legal obligations.
In rare cases, data is stored for the defense of legal claims or fraud prevention.
In the following, we describe the purposes for which we process personal data with the medidux™ app and the legal basis on which we do so.
5.1 Registration in the medidux™ app.
When you register in the medidux™ app, we collect the above-mentioned and recorded data about you. Some of this information (e.g. name and email address) is mandatory for successful registration.
The processing is carried out for the implementation of pre-contractual measures, which take place at your request, in accordance with Art. 6 (1) (1) lit. b DSGVO. We process information that is not required for the execution of the contract on the basis of your consent pursuant to Art. 6 (1) (1) a DSGVO.
5.2 Processing of usage data in the medidux™ app
Usage data is logged for statistical purposes, for backup purposes, and for troubleshooting. The basis for the processing is a balancing of interests pursuant to Art. 6 (1) (1) (f) DSGVO, which always takes into account your legitimate interests.
For this purpose, your data is stored and processed on our servers. If you use the medidux™ app via different end devices, we synchronize your data between your end devices via our servers.
The basis for this processing is the fulfillment of our contractual obligation to you, and is carried out in accordance with Art. 6 (1) (1) (b) DSGVO and, if applicable, in accordance with your consent in accordance with Art. 6 (1) (1) (a) DSGVO.
We generally process your health data exclusively in accordance with Art. 9 (2) lit. a DSGVO if and insofar as we have received your consent to do so.
5.3 Contact and support
Our offer enables you to contact us. This is possible, for example, by using the telephone number provided or by sending us an e-mail. The information you provide when contacting us, such as name, address, e-mail address and telephone number, will be stored in order to process your request and any subsequent correspondence. The processing is carried out either for the fulfillment of a contract Art. 6 para. 1 lit. b GDPR or on the basis of a balancing of interests according to Art. 6 para. 1 lit. f GDPR, which always takes your interests into account.
5.4 Anonymization of personal data
We use collected data for other purposes (e.g. scientific evaluation, improvement of the medidux™ app and its stability) only after we have anonymized this data, i.e. when this data no longer allows identification of natural persons.
We do not transfer your personal data to third parties without their consent, unless such transfer is permitted by law and necessary for the provision of our medidux™ app services.
When we use contract processing, such as hosting and other services, and transfer personal data to contractors for this purpose, we select them carefully, agree with them on data protection in contract processing agreements, and instruct and monitor them in accordance with applicable regulations.
To provide the service, we use the Open Telekom Cloud, in which your data is stored. The operator is T-Systems International GmbH (Hahnstraße 43d, 60528 Frankfurt am Main, Germany). Your data will be processed exclusively in Germany.
For the transmission of e-mails in the context of app use, we use the services of rapidmail (rapidmail GmbH, Wentzingerstraße 21 79106 Freiburg). Your data will be processed exclusively in Germany.
For the transmission of SMS in the context of medidux™ app in Switzerland use, we use the services of Sinch (Sinch AB (publ), Lindhagensgatan 74, 112 18 Stockholm, Sweeden). Your data will be processed exclusively in EU.
For the transmission of SMS in the context of medidux™ (DE) app in Germany use, we use the services of pitcom (pitcom GmbH, Bahnhofstraße 61 08523 Plauen). Your data will be processed exclusively in Germany.
Personal data shall be kept for as long as necessary to fulfil the purpose(s) for which they were collected under the Regulation.
We store your data even after the original purpose for which it was collected has ceased to apply, only if we are obliged to store the data for other reasons, for example for archiving purposes (e.g. under commercial or tax law).
This results in the following deletion periods:
There is no transfer of personal data to third countries.
If personal data of yours is processed, you are a data subject within the meaning of the GDPR and, in addition to the right to revoke the consent you have given to us, you have the following rights vis-à-vis the person responsible:
9.1 Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless he/she can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.
9.2 Right to revoke your declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
9.3 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant* of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
There is no obligation to provide us with your data. However, it is possible that we need your data to perform a contract, e.g. if you wish to purchase one or more products on our website.
If you do not provide us with the personal data required for this and requested by us, about which you will be informed in the context of this data protection declaration, we may not be able to enter into a contract with you or fulfill a contract already concluded.
If you also prevent us from receiving data that is required to use our website, e.g. through technical measures, it is possible that you will not be able to use our website or not be able to use it to its full extent.