Privacy Policy
This Privacy Policy explains the nature, scope, and purpose of the
processing of personal data (hereinafter: "Data") in connection
with the operation of our app.
Scope / Purpose of the digital health apps
This privacy policy applies to Breathment's products and services,
including Breathment's mobile application for patients
("Breathment Therapy App"), and Breathment's web interface for
health professionals ("MyClinic"). Breathment's products and
services are based on the scientifically founded concept of
pulmonary rehabilitation. Breathment combines different approaches
that have proven to be particularly effective together. Therapy
starts after an onboarding interview with a physiotherapist to
assess the physical fitness of the patient. The responsible
physiotherapist creates an individual training plan only depending
on the patient's statements and the given diagnosis of the
responsible doctor. Breathment supports people above the age of 18
years with a Breathment prescription as long as contraindications
and other causes for symptoms that require specific therapy are
excluded. Breathment cannot diagnose conditions or injuries and
cannot be used in lieu of medical consultation.
For more information on our products and services, please refer
to the instructions for use of
Breathment.
1.
Responsible person / Contact / Management
Breathment GmbH, Bahnhofstraße 35a, 79206, Breisach am Rhein
E-mail: datenschutz@breathment.com
Phone: +491786999073
Managing directors authorized to represent the company
: Elçin Can Çavuşoğlu, Yalvaç Top, Baturay Yalvaç
2.
Data Protection Officer
Breathment GmbH, Bahnhofstraße 35a, 79206, Breisach am Rhein
Yalvaç Top
E-mail: datenschutz@breathment.com
3. Terms used
All data protection terms have the same meaning as defined in the
General Data Protection Regulation (EU) 2016/679 ("GDPR").
4.
Purposes of processing and legal basis
We use your personal data exclusively for the following purposes:
-
Intended use of our application (legal basis: consent, Art. 6
(1) lit. a) and Art. 9 (2) a) of the GDPR). Please also see
point \u200E6 below.
-
Permanent guarantee of the technical functionality,
user-friendliness, and further development of the application
(legal basis: consent, Art. 6 (1) a) and Art. 9 (2) a) of the
GDPR.
-
Further processing purposes, as required by law, such as
invoicing a health insurance company or the fulfillment of
obligations under medical product law, etc, but also, for
example, the defense of legal claims (legal bases: legal
obligation, Art. 6 (1) lit. c) of the GDPR in conjunction with
the respective special legal provision, Art. 6 (1) lit. d) and
e) of the GDPR and Art. 9 (2) lit. c), lit. f) to lit. j) of the
GDPR, as far as applicable).
5.
Consent wording
Please find the wording of your consent at the end of this privacy
notice.
6.
Description of the necessary data processing within the scope of
the intended use
-
Processing of inventory data, payment data, etc.
We process your inventory data (name, contact data, etc.) as
well as data records from the interface of your mobile phone
for the following purposes:
-
Establishment, execution, and termination of purchase or
service contracts;
- Creation of an account in the App;
-
Provision of the App and the respective functions and
contents;
-
Answering contact requests and communication with users;
- Handling the payment of the product;
- Answering support requests;
- Security measures.
-
Processing of special categories of personal data (health
data)
We process your health data for the following purposes:
-
Analysis of the user's complaints and preparation of a
therapy plan;
-
User feedback for the therapy and user self assessment;
-
Reminding the user to carry out the therapy if the user
wishes to use this service within the application;
- Storage and notification of the therapy progress.
-
The data entered and saved via the Breathment Therapy App as
well as your health profile can be viewed by the responsible
health professional at any time via the MyClinic web portal.
-
Breathment does not share any medical data with any other
third parties, regardless of how the information is collected,
except:
-
On the Android devices, the data received from the Google
API will only be displayed to the responsible healthcare
professional in the MyClinic, in the context of the
intended use of the application (see Section 6), complying
with
Google API Services User Data Policy,
including the Limited Use requirements.
-
On the iOS devices, the data received from the Health App
will only be displayed to the responsible healthcare
professional in the MyClinic, in the context of the intended
use of the application (see Section 6).
-
In addition, you have the option of making your (health) data
available to your responsible healthcare professional, who
does not yet have access to your data, by means of an
individual release that is limited until revoked. This will
give your responsible healthcare professional a better
overview of your state of health and enable them to adjust
your therapy if necessary. Access to your data expressly
requires your individual data release.
7.
Data processing for further development and to ensure the
technical functionality and user-friendliness
If you have given us your (optional) consent for this, we will
process the personal data as follows:
- Improvement of the application;
-
Analysis of the user’s behavior in the app (e.g. Determining the
acceptance range of certain new features etc.);
-
Internal, anonymized aggregated studies to optimize therapy
approaches;
- Security measures.
As part of data processing to further develop and ensure technical
functionality and user-friendliness, as described in this Section,
we may evaluate your user behavior in connection with app usage.
Where possible, the evaluation is always based on aggregated data,
so that no information that directly identifies you is processed.
8.
Description of data processing for billing as well as
fulfillment of legally required obligations.
-
In connection with the fulfillment of our statutory obligations
to which we are subject, we process your data provided in the
context of the intended use of the App, including user,
application, technical and billing data, such as, in particular,
for the fulfillment of obligations under medical device law,
such as for the performance of conformity assessment procedures
and post-market surveillance of the App.
-
For billing purposes or to fulfill our legally required
obligations, we may also share your data with the relevant
payment processors or regulators, although we generally share
your data only in pseudonymous form, so that no information that
directly identifies you is shared.
9. Revocation
Any consent can easily be revoked at any time via the settings in
your Breathment-app. Please note that if consent has been given
cumulatively for the processing purposes in Sections \u200E4.1 to
\u200E4.3, the revocation will also affect all three processing
purposes, including the intended use of the application. In the
event of a revocation, Breathment can then naturally no longer
make the functions of the application available to you, and your
account will be deleted.
10.
Privacy by default
In accordance with the data protection law principle of \"Privacy
by Default\", our application allows for the individual adaptation
of certain features in certain cases. All features offered within
this application are basically part of the intended use and are
required for the optimal use of the application as a whole.
However, Breathment understands that individuals may have
different preferences regarding communication, sustainability of
control, etc., thus some features are optional and can be turned
on and off through the \"Settings\" screen in the application.
These include using app push notifications to send you
notifications. You can enable or disable these features later. The
same applies, for example, to emails that Breathment can use to
remind you to perform the exercises.
11.
Recipient of personal data
Name |
Location |
Function |
Personal data processed |
Telekom Deutschland GmbH |
Landgrabenweg 151, 53227 Bonn, Deutschland
|
Cloud Platform as a Service (PaaS) – Provisioning of
server and database resources to provide our apps.
|
Inventory data, contact data, health data, data to improve
the product
|
SendGrid / Twilio Germany GmbH |
Rosenheimer Str. 143C, 81671 München, Deutschland
|
Email Delivery API SaaS - Designing email templates and
sending emails to our users.
|
May contain username, initial temporary password, first
name, last name, message text, subject and email address.
|
Stripe, Inc. |
510,Townsend St. Francisco, CA 94103 USA
|
Payment processing |
Billing data |
Actimi GmbH |
Albert-Schäffle-Str. 119 70186 Stuttgart, Deutschland
|
Teletherapy interface |
First name, last name |
-
We have contracts with all our processors in accordance with
Article 28 of the GDPR or the Standard Contractual Clauses
pursuant to Chapter V of the GDPR, which in particular stipulate
that the data processing shall be carried out exclusively in
accordance with Breathment’s instructions and that all employees
who are in contact with personal data of Breathment have been
bound to data protection secrecy.
-
In addition, we may disclose your personal data to the following
categories of recipients for the processing purposes described
above: Accountants, legal advisors, tax advisors, supervisory
authorities, regulatory authorities, etc.
12.
International data transfer
The processing of personal health data by Breathment itself as
well as the processing of personal health data on behalf of
Breathment will only take place within Germany, in a member state
of the EU or the EEA, Switzerland, or if an adequacy decision has
been made in accordance with Art. 45 of the GDPR, in a third
country.
13.
Storage and deletion concept
-
As a matter of principle, your data will only be stored by us
for as long as is necessary to achieve the purposes for which
the data was collected or until you revoke your consent (see
section 9). If there are additional legal retention periods
(e.g. according to the German Commercial Code, the German Fiscal
Code, or for regulatory reasons), your data will be stored for
the duration of this legally prescribed retention period.
-
You can stop using Breathment at any time and have all your
personal data deleted. To do so in the Therapy App, select the
menu item \"Manage My Account\" in the app settings and then
click \"Delete My Account\". To do so in the MyClinic, please
contact our customer support.
-
We store health-related data physically and logically separate
from data required for service billing. In the event of a
deletion process, your data processed by order processors will
also be deleted.
14. Your rights
-
In accordance with the GDPR, you are entitled to the following
data protection rights in accordance with the legal
requirements:
-
Right to information correction, deletion, and restriction:
You have the right to request information about your data
stored by us at any time (Art. 15 DSGVO). When we process or
use your data, we strive to take reasonable steps to ensure
that it is accurate and up to date for the purposes for
which it was collected. In the event that your data is
inaccurate or incomplete, you may request that it be
corrected (Art. 16 GDPR). Furthermore, you may have the
right to request the deletion (Art. 17 GDPR) or restriction
of processing (Art. 18 GDPR) of your data if, for example,
your data is no longer necessary for the purposes for which
it was collected or otherwise processed and legal retention
obligations do not require its continued storage.
-
Right to data portability: where applicable, you have the
right to receive the data concerning you that you have
provided to us in a structured, common, and machine-readable
format or to transfer this data to another controller (Art.
20 GDPR).
-
Right to revoke your consent: If you have consented to the
collection, processing, and use of your data, you may revoke
your consent at any time with effect for the future (see
Section 9), but without affecting the lawfulness of the
processing carried out on the basis of the consent until
revocation (Art. 7 (3) GDPR).
-
Right to object: You have the right to object at any time to
the processing of your data based on Art. 6(1)(e) or (f)
GDPR on grounds relating to your particular situation. We
will not process your data after an objection unless we can
demonstrate compelling legitimate grounds for the processing
that override your interests, rights, and freedoms, or the
processing serves to assert, exercise, or defend legal
claims (Art. 21 (1) DSGVO, so-called \"limited right of
objection\"). In this case, you must provide reasons for the
objection that arises from your particular situation.
Further essing of your data for the purposes of direct
marketing at any time, even without stating reasons (Art. 21
(2) GDPR).
-
Automated decision-making (including profiling): You have
the right not to be subject to a decision based solely on
automated processing (including profiling) that produces
legal effects concerning you or similarly significantly
affects you (Art. 22(1) GDPR). Please note that we do not
use such automated decision-making or profiling within the
meaning of Art. 22 GDPR in connection with our products.
-
To exercise your right to information and your right to data
portability, open the menu item \"Manage My Data\" in the
settings of the Breathment Therapy App. There you can export
your data in a machine-readable format.
-
To correct your data in the Breathment Therapy App or in the
MyClinic, please contact our customer support.
-
To obtain a restriction of processing or to object to the
processing of personal data, you can also find options in the
settings of the Breathment Therapy App under the menu item
\"Manage My Data\". To obtain a restriction of processing or to
object to the processing of personal data in the MyClinic,
please contact our customer support. If you would like to
restrict any processing beyond that, please contact our customer
support.
-
You also have the right to complain to the competent supervisory
authority at any time if you believe your data processing is not
carried out lawfully. The supervisory authority responsible for
Breathment is the The State Commissioner for Data Protection and
Freedom of Information Baden-Württemberg; postal address:
Postfach: 10 29 32 70025 Stuttgart
Tel.: 0711/615541-0
FAX: 0711/615541-15
E-Mail: poststelle@lfdi.bwl.de
15. Contact
For all questions regarding the protection of your personal data,
you can contact our data protection officer, who is also available
for requests for information as well as suggestions and
complaints.
16.
Changes to the data protection declaration
We reserve the right to update this privacy notice from time to
time, in particular, to incorporate your feedback and to reflect
changes in legislation or established case law. We, therefore,
recommend that you visit this website regularly to inform yourself
about how your data is protected and processed.
Consent wording
-
I consent to the processing of my personal and health data in
the scope of the intended use of Breathment’s products and
services, as well as providing necessary proof of use for my
health insurance company and related billing providers, who
partner with Breathment.
-
I consent to the processing of my personal and health data for
the purpose of optimization and development of Breathment’s
products and services. Please note that Breathment relies on
your consent to be able to make further improvements.
-
I consent to Breathment disclosing my personal information and
health data to the responsible healthcare professional in the
scope of the intended use of Breathment’s products and services.
Last Revised: July, 2023
Privacy Policy for website