Privacy Policy
This Privacy Policy explains the nature, scope, and purpose of the processing of personal data (hereinafter: "Data") in connection with the operation of our app.
Scope / Purpose of the digital health apps
This privacy policy applies to Breathment's products and services, including Breathment's mobile application for patients ("Breathment Therapy App"), and Breathment's web interface for health professionals ("MyClinic"). Breathment's products and services are based on the scientifically founded concept of pulmonary rehabilitation. Breathment combines different approaches that have proven to be particularly effective together. Therapy starts after an onboarding interview with a physiotherapist to assess the physical fitness of the patient. The responsible physiotherapist creates an individual training plan only depending on the patient's statements and the given diagnosis of the responsible doctor. Breathment supports people above the age of 18 years with a Breathment prescription as long as contraindications and other causes for symptoms that require specific therapy are excluded. Breathment cannot diagnose conditions or injuries and cannot be used in lieu of medical consultation.
For more information on our products and services, please refer to the instructions for use of Breathment.
1. Responsible person / Contact / Management
Breathment GmbH, Bahnhofstraße 35a, 79206, Breisach am Rhein
E-mail: datenschutz@breathment.com
Phone: +491786999073
Managing directors authorized to represent the company: Elçin Can Çavuşoğlu, Yalvaç Top, Baturay Yalvaç
2. Data Protection Officer
Breathment GmbH, Bahnhofstraße 35a, 79206, Breisach am Rhein
Yalvaç Top
E-mail: datenschutz@breathment.com
3. Terms used
All data protection terms have the same meaning as defined in the General Data Protection Regulation (EU) 2016/679 ("GDPR").
4. Purposes of processing and legal basis
We use your personal data exclusively for the following purposes:
- Intended use of our application (legal basis: consent, Art. 6 (1) lit. a) and Art. 9 (2) a) of the GDPR). Please also see point \u200E6 below.
-
Permanent guarantee of the technical functionality, user-friendliness, and further development of the application (legal basis: consent, Art. 6 (1) a) and Art. 9 (2) a) of the GDPR.
-
Further processing purposes, as required by law, such as invoicing a health insurance company or the fulfillment of obligations under medical product law, etc, but also, for example, the defense of legal claims (legal bases: legal obligation, Art. 6 (1) lit. c) of the GDPR in conjunction with the respective special legal provision, Art. 6 (1) lit. d) and e) of the GDPR and Art. 9 (2) lit. c), lit. f) to lit. j) of the GDPR, as far as applicable).
5. Consent wording
Please find the wording of your consent at the end of this privacy notice.
6. Description of the necessary data processing within the scope of the intended use
-
Processing of inventory data, payment data, etc.
We process your inventory data (name, contact data, etc.) as well as data records from the interface of your mobile phone for the following purposes:
- Establishment, execution, and termination of purchase or service contracts;
- Creation of an account in the App;
- Provision of the App and the respective functions and contents;
- Answering contact requests and communication with users;
- Handling the payment of the product;
- Answering support requests;
- Security measures.
-
Processing of special categories of personal data (health data)
We process your health data for the following purposes:
- Analysis of the user's complaints and preparation of a therapy plan;
- User feedback for the therapy and user self assessment;
- Reminding the user to carry out the therapy if the user wishes to use this service within the application;
- Storage and notification of the therapy progress.
-
The data entered and saved via the Breathment Therapy App as well as your health profile can be viewed by the responsible health professional at any time via the MyClinic web portal.
-
Breathment does not share any medical data with any other third parties, regardless of how the information is collected, except:
-
On the Android devices, the data received from the Google API will only be displayed to the responsible healthcare professional in the MyClinic, in the context of the intended use of the application (see Section 6), complying with
Google API Services User Data Policy,
including the Limited Use requirements.
-
On the iOS devices, the data received from the Health App will only be displayed to the responsible healthcare professional in the MyClinic, in the context of the intended use of the application (see Section 6).
-
In addition, you have the option of making your (health) data available to your responsible healthcare professional, who does not yet have access to your data, by means of an individual release that is limited until revoked. This will give your responsible healthcare professional a better overview of your state of health and enable them to adjust your therapy if necessary. Access to your data expressly requires your individual data release.
7. Data processing for further development and to ensure the technical functionality and user-friendliness
If you have given us your (optional) consent for this, we will process the personal data as follows:
- Improvement of the application;
- Analysis of the user’s behavior in the app (e.g. Determining the acceptance range of certain new features etc.);
- Internal, anonymized aggregated studies to optimize therapy approaches;
- Security measures.
As part of data processing to further develop and ensure technical functionality and user-friendliness, as described in this Section, we may evaluate your user behavior in connection with app usage. Where possible, the evaluation is always based on aggregated data, so that no information that directly identifies you is processed.
8. Description of data processing for billing as well as fulfillment of legally required obligations.
-
In connection with the fulfillment of our statutory obligations to which we are subject, we process your data provided in the context of the intended use of the App, including user, application, technical and billing data, such as, in particular, for the fulfillment of obligations under medical device law, such as for the performance of conformity assessment procedures and post-market surveillance of the App.
-
For billing purposes or to fulfill our legally required obligations, we may also share your data with the relevant payment processors or regulators, although we generally share your data only in pseudonymous form, so that no information that directly identifies you is shared.
9. Revocation
Any consent can easily be revoked at any time via the settings in your Breathment-app. Please note that if consent has been given cumulatively for the processing purposes in Sections \u200E4.1 to \u200E4.3, the revocation will also affect all three processing purposes, including the intended use of the application. In the event of a revocation, Breathment can then naturally no longer make the functions of the application available to you, and your account will be deleted.
10. Privacy by default
In accordance with the data protection law principle of \"Privacy by Default\", our application allows for the individual adaptation of certain features in certain cases. All features offered within this application are basically part of the intended use and are required for the optimal use of the application as a whole. However, Breathment understands that individuals may have different preferences regarding communication, sustainability of control, etc., thus some features are optional and can be turned on and off through the \"Settings\" screen in the application.
These include using app push notifications to send you notifications. You can enable or disable these features later. The same applies, for example, to emails that Breathment can use to remind you to perform the exercises.
11. Recipient of personal data
Name |
Location |
Function |
Personal data processed |
Telekom Deutschland GmbH |
Landgrabenweg 151, 53227 Bonn, Deutschland |
Cloud Platform as a Service (PaaS) – Provisioning of server and database resources to provide our apps. |
Inventory data, contact data, health data, data to improve the product |
SendGrid / Twilio Germany GmbH |
Rosenheimer Str. 143C, 81671 München, Deutschland |
Email Delivery API SaaS - Designing email templates and sending emails to our users. |
May contain username, initial temporary password, first name, last name, message text, subject and email address.
|
Stripe, Inc. |
510,Townsend St. Francisco, CA 94103 USA |
Payment processing |
Billing data |
Actimi GmbH |
Albert-Schäffle-Str. 119 70186 Stuttgart, Deutschland |
Teletherapy interface |
First name, last name |
-
We have contracts with all our processors in accordance with Article 28 of the GDPR or the Standard Contractual Clauses pursuant to Chapter V of the GDPR, which in particular stipulate that the data processing shall be carried out exclusively in accordance with Breathment’s instructions and that all employees who are in contact with personal data of Breathment have been bound to data protection secrecy.
-
In addition, we may disclose your personal data to the following categories of recipients for the processing purposes described above: Accountants, legal advisors, tax advisors, supervisory authorities, regulatory authorities, etc.
12. International data transfer
The processing of personal health data by Breathment itself as well as the processing of personal health data on behalf of Breathment will only take place within Germany, in a member state of the EU or the EEA, Switzerland, or if an adequacy decision has been made in accordance with Art. 45 of the GDPR, in a third country.
13. Storage and deletion concept
-
As a matter of principle, your data will only be stored by us for as long as is necessary to achieve the purposes for which the data was collected or until you revoke your consent (see section 9). If there are additional legal retention periods (e.g. according to the German Commercial Code, the German Fiscal Code, or for regulatory reasons), your data will be stored for the duration of this legally prescribed retention period.
- You can stop using Breathment at any time and have all your personal data deleted. To do so in the Therapy App, select the menu item \"Manage My Account\" in the app settings and then click \"Delete My Account\". To do so in the MyClinic, please contact our customer support.
- We store health-related data physically and logically separate from data required for service billing. In the event of a deletion process, your data processed by order processors will also be deleted.
14. Your rights
-
In accordance with the GDPR, you are entitled to the following data protection rights in accordance with the legal requirements:
-
Right to information correction, deletion, and restriction: You have the right to request information about your data stored by us at any time (Art. 15 DSGVO). When we process or use your data, we strive to take reasonable steps to ensure that it is accurate and up to date for the purposes for which it was collected. In the event that your data is inaccurate or incomplete, you may request that it be corrected (Art. 16 GDPR). Furthermore, you may have the right to request the deletion (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR) of your data if, for example, your data is no longer necessary for the purposes for which it was collected or otherwise processed and legal retention obligations do not require its continued storage.
-
Right to data portability: where applicable, you have the right to receive the data concerning you that you have provided to us in a structured, common, and machine-readable format or to transfer this data to another controller (Art. 20 GDPR).
-
Right to revoke your consent: If you have consented to the collection, processing, and use of your data, you may revoke your consent at any time with effect for the future (see Section 9), but without affecting the lawfulness of the processing carried out on the basis of the consent until revocation (Art. 7 (3) GDPR).
-
Right to object: You have the right to object at any time to the processing of your data based on Art. 6(1)(e) or (f) GDPR on grounds relating to your particular situation. We will not process your data after an objection unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (Art. 21 (1) DSGVO, so-called \"limited right of objection\"). In this case, you must provide reasons for the objection that arises from your particular situation. Further essing of your data for the purposes of direct marketing at any time, even without stating reasons (Art. 21 (2) GDPR).
-
Automated decision-making (including profiling): You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you (Art. 22(1) GDPR). Please note that we do not use such automated decision-making or profiling within the meaning of Art. 22 GDPR in connection with our products.
- To exercise your right to information and your right to data portability, open the menu item \"Manage My Data\" in the settings of the Breathment Therapy App. There you can export your data in a machine-readable format.
- To correct your data in the Breathment Therapy App or in the MyClinic, please contact our customer support.
-
To obtain a restriction of processing or to object to the processing of personal data, you can also find options in the settings of the Breathment Therapy App under the menu item \"Manage My Data\". To obtain a restriction of processing or to object to the processing of personal data in the MyClinic, please contact our customer support. If you would like to restrict any processing beyond that, please contact our customer support.
-
You also have the right to complain to the competent supervisory authority at any time if you believe your data processing is not carried out lawfully. The supervisory authority responsible for Breathment is the The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg; postal address:
Postfach: 10 29 32
70025 Stuttgart
Tel.: 0711/615541-0
FAX: 0711/615541-15
E-Mail: poststelle@lfdi.bwl.de
15. Contact
For all questions regarding the protection of your personal data, you can contact our data protection officer, who is also available for requests for information as well as suggestions and complaints.
16. Changes to the data protection declaration
We reserve the right to update this privacy notice from time to time, in particular, to incorporate your feedback and to reflect changes in legislation or established case law. We, therefore, recommend that you visit this website regularly to inform yourself about how your data is protected and processed.
Consent wording
-
I consent to the processing of my personal and health data in the scope of the intended use of Breathment’s products and services, as well as providing necessary proof of use for my health insurance company and related billing providers, who partner with Breathment.
-
I consent to the processing of my personal and health data for the purpose of optimization and development of Breathment’s products and services. Please note that Breathment relies on your consent to be able to make further improvements.
- I consent to Breathment disclosing my personal information and health data to the responsible healthcare professional in the scope of the intended use of Breathment’s products and services.
Last Revised: July, 2023
Privacy Policy for website