Privacy policy website

Note: For the information available via www.eterno.health the privacy policy of the Eterno web app applies.

Status September, 2022

Table of contents

Name and address of the responsible person
Contact details of the data protection officer
General information on data processing
Rights of the data subject
Provision of the website and creation of the log files
Cookies use
Newsletter
E-mail contact
Application by e-mail and application form
Company presences in social networks
Use of company presences in job-oriented networks
Hosting
Plugins used

‍

I. Name and address of the responsible person

Responsible person according to Art. 4 No. 7 EU General Data Protection Regulation (DSGVO) is:

Eterno Health GmbH
C/o Mindspace
Münzstraße 12
10178 Berlin

datenschutz@eternohealth.de

II. contact details of the data protection officer

You can reach our data protection officer at

Fresh Compliance Ltd.

Fürbringerstr. 15

10961 Berlin

Germany

www.freshcompliance.de

Tel: 030 32765751

‍

III. General information on data processing

1. scope of the processing of personal data

As a matter of principle, we only process personal data of visitors to our website to the extent that this is necessary to provide the website and the content and services accessible via it.

2. legal basis for the processing of personal data‍

Consent of the data subject:

Art. 6 para. 1 p. 1 lit. a DSGVO

performance of a contract to which the data subject is a party:

Art. 6 para. 1 p. 1 lit. b DSGVO

Fulfillment of a legal obligation:

Art. 6 para. 1 p. 1 lit. c DSGVO

Vital interests of the data subject or another natural person:

Art. 6 para. 1 p. 1 lit. d DSGVO

Legitimate interest of our company or a third party:

Art. 6 para. 1 p. 1 lit. f DSGVO

‍

3. data deletion and storage duration‍

The personal data of the data subject will generally be deleted or blocked as soon as the purpose of the processing no longer applies. Processing may take place beyond this if this has been provided for by the European or national legislator. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for further processing of the data for the conclusion or performance of a contract.

4. no obligation to provide personal data

If we ask you to provide personal data, you can of course refuse. However, we may then not be able to answer your inquiries or provide you with certain functions of our websites. This applies in particular if data is necessary to respond to your inquiries (e.g. contact data) or if we are required by law to collect data. Mandatory data is marked as such.

IV. Rights of the data subject

You have the following rights against the responsible person:

Right to information:

You can request information free of charge at any time about the scope, origin and recipients of the stored personal data relating to you and the purpose of storage. If you wish to exercise your right to information, you can contact us or the data protection officer at any time.

Right to data portability:

You may receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format.

Right of rectification:

You have the right to request that inaccurate personal data concerning you be corrected without delay. Furthermore, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.

Right to erasure (right to be forgotten):

You may at any time request us to delete the personal data concerning you without delay. Certain legal restrictions may apply to this.

Right to object:

You have the right to object at any time to the processing of personal data concerning you. We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.

Right to withdraw consent:

You can revoke consent to the processing of personal data at any time.

Right to complain to a supervisory authority:

You also have the right to complain to a supervisory authority. You can find an overview of the data protection authorities in Germany here. You can find European data protection authorities here view.

‍

V. Provision of the website and creation of the log files

1. description and scope of data processing‍

Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

Information about the browser type and version used
The operating system of the user
The IP address of the user
Date and time of access
Websites from which the user's system accesses our website
Web pages that are called up by the user's system via our website

This data is stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

2. purpose of data processing‍

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 p. 1 lit. f DSGVO.

3. legal basis for data processing‍

The legal basis for the collection and temporary storage of the data is Art. 6 para. 1 p. 1 lit. f DSGVO, § 25 para. 2 no. 2 TTDSG.

4. duration of storage‍

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. objection and removal option‍

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

‍

VI. use of cookies

1. description and scope of data processing‍

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

‍

The following data is stored and transmitted in the cookies:

Use of website functions
The user data collected in this way is anonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data is not stored together with other personal data of the users.
Video Player from Vimeo: Vimeo's embeddable video player uses first-party cookies that are necessary for the user experience. Vimeo does not use third-party analytics or advertising cookies when your video player appears on a third-party website unless (i) the website visitor is logged into their Vimeo account and (ii) the user who embedded the video has not implemented the DNT parameters.

2. purpose of data processing‍

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

We need cookies for the following applications:

Consent Log

The user data collected through technically necessary cookies are not used to create user profiles.

3. legal basis for data processing‍

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 p. 1 lit. f DSGVO, § 25 para. 2 No. 2 TTDSG.

4. duration of storage, possibility of objection and elimination‍

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

If you use a Safari browser version 12.1 or higher, cookies are automatically deleted after seven days. This also applies to opt-out cookies, which are set to prevent tracking measures.

VII. Newsletter

1. description and scope of data processing‍

On our website there is the possibility to subscribe to free newsletters. When registering for the respective newsletter, the data from the input mask is transmitted to us:

Name
Email address

In connection with the data processing for the dispatch of newsletters, the data is passed on to the service provider

rapidmail GmbH, Augustinerplatz 2, 79098, Freiburg, Baden-Württemberg, Germany (hereinafter referred to as: rapidmail).

The data will be used exclusively for sending the newsletter.

For more information on the processing of data by rapidmail, please click here:

https://www.rapidmail.de/datenschutz

https://www.rapidmail.de/newsletter-marketing-dsgvo-und-datenschutz-konform

2. purpose of data processing‍

The collection of the user's email address is used to deliver the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.

3. legal basis for data processing‍

The legal basis for the processing of the data after the user has registered for the newsletter is the user's consent and thus Art. 6 para. 1 p. 1 lit. a DSGVO.‍

‍

4. duration of storage‍

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's email address will be stored as long as the subscription to the newsletter is active.‍

‍

5. revocation and removal option‍

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.

This also enables revocation of consent to the storage of personal data collected during the registration process.‍

‍

VIII. e-mail contact‍

‍

1. description and scope of data processing‍

On our website, it is possible to contact us via the email address provided. In this case, the personal data of the user transmitted with the email will be stored.

The data will be used exclusively for conducting the conversation and according to the content of the conversation.‍

‍

2. purpose of data processing‍

In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.‍

‍

3. legal basis for data processing‍

The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO. If the e-mail contact is aimed at the conclusion or performance of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO.‍

‍

4. duration of storage‍

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.‍

‍

5. revocation and removal option‍

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. Our contact details can be found in chapter I of this privacy policy.

All personal data stored in the course of contacting us will be deleted in this case.‍

‍

IX. Application by application form‍

‍

1. description and scope of data processing‍

An application form is available on our website, which can be used for electronic applications. For the provision of the application form, we use the personnel and applicant management software Personio of the service provider Personio GmbH, Rundfunkplatz 4, 80335, Munich, Germany.

If an applicant uses this option, the data entered in the input mask will be transmitted to Personio and stored.

For more information, please see Personio's privacy policy:‍

https://www.personio.de/datenschutzerklaerung/

‍‍

If an applicant takes advantage of this option, the data entered in the input mask is transmitted to us and stored in the personnel and applicant management software Personio. These data are:

First name
Name
Phone / mobile number
Email address
Salary requirements
Resume
Testimonials
Cover letter

‍

Other personal data voluntarily communicated during the application process.

For the processing of your data, a confirmation of awareness of this privacy policy is obtained during the submission process.

Alternatively, you can also send us your application by e-mail. In this case, we will collect your e-mail address and the data you provide in the e-mail.

After sending your application, you will receive a confirmation of receipt of your application documents by e-mail from us.

The data will be used exclusively for the processing of your application.

2. purpose of data processing‍

The processing of personal data from the application form serves us solely to process your application. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.‍

‍

3. legal basis for data processing‍

The legal basis for the processing of your data is the initiation of a contract at the request of the data subject, Art. 6 para. 1 p.1 lit. b Alt. 1 DSGVO and § 26 para. 1 p. 1 BDSG.

‍

4. duration of storage‍

After completion of the application process, the data will be stored for up to six months. Your data will be deleted after the six months at the latest. In the event of a legal obligation, the data will be stored within the framework of the applicable provisions.‍

‍

5. objection and removal option‍

The applicant has the option to object to the processing of personal data at any time. If the applicant contacts us by e-mail to datenschutz@eterno.healh, he or she can object to the storage of his or her personal data at any time. In such a case, the application can no longer be considered.

All personal data stored in the course of electronic applications will be deleted in this case.‍

‍

IX. Application by e-mail ‍

‍

1. scope of processing of personal data‍

You can send us your application by e-mail. In that case, we will collect your email address and the data you provide in the email.

After sending your application, you will receive a confirmation of receipt of your application documents by e-mail from us.

The data will be used exclusively for processing your application and informing you about relevant job openings.‍

‍

2. purpose of data processing‍

In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the submission process serve to prevent misuse of the application form and to ensure the security of our information technology systems.‍.

‍

3. legal basis for data processing‍

The legal basis for the processing of your data is the contract initiation which takes place at the request of the data subject, Art. 6 para. 1S.1 lit. b Alt. 1 DSGVO and § 26 para. 1 p. 1 BDSG.

The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO.‍ if the user has given his consent.

‍

4. duration of storage‍

After completion of the application process, the data will be stored for up to 6 months. After this period at the latest, your data will be deleted. In the event of a legal obligation, the data will be stored within the scope of the applicable provisions.‍

‍

5. objection and removal option‍

The applicant has the possibility to object to the processing of personal data at any time. If the applicant contacts us by email, he can object to the storage of his personal data at any time. In such a case, the application can no longer be considered. Our contact details can be found in Chapter I of this privacy policy.

All personal data stored in the course of electronic applications will be deleted in this case.‍

‍

X. Company presences in social networks

‍
Use of corporate presences in social networks‍

‍

Instagram‍

Instagram, Part of Meta Platforms Ireland Limited (formerly Facebook Ireland Ltd.),

4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland

‍

On our company page, we provide information and offer Instagram users the opportunity to communicate. If you perform an action on our Instagram company page (e.g. comments, posts, likes, etc.), it is possible that you will make personal data (e.g. clear name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by the Instagram company co-responsible for the Eterno Health GmbH corporate presence, we cannot make any binding statements about the purpose and scope of the processing of your data.

Our corporate presence in social networks is used for communication and information exchange with (potential) customers. In particular, we use the corporate presence through social media to draw the attention of patients and potential employees to Eterno Health.

‍

In this context, publications about the company's presence may include the following content:

● Information about services

● Customer contact

Every user is free to publish personal data through activities. The legal basis for the data processing is Art. 6 para.1 p.1 lit. aDSGVO.

The data generated by the company website is not stored in our own systems.

You can object at any time to the processing of your personal data that we collect in the course of your use of our Instagram corporate presence and assert your data subject rights as stated under IV. of this privacy statement. To do so, send us an informal email to datenschutz@eterno.health.

You can find more information about the processing of your personal data by Instagram and the corresponding objection options here:

https://help.instagram.com/519522125107875

‍

Facebook‍

Meta Platforms Ireland Limited (formerly Facebook Ireland Ltd.),

4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland

‍

In this context, publications about the company's presence may include the following content:

● Information about services

● Customer contact

Every user is free to publish personal data through activities. The legal basis for the data processing is Art. 6 para.1 p.1 lit. a DSGVO.

The data generated by the company website is not stored in our own systems.

You can find more information about the processing of your personal data by Facebook and the corresponding objection options here:

https://help.instagram.com/519522125107875

Twitter‍

Twitter International Company,

One Cumberland Place, Fenian Street, Dublin 2, Ireland

On our company website, we provide information and offer Twitter users the opportunity to communicate. If you perform an action on our Twitter corporate site (e.g. comments, posts, likes, etc.), you may make personal data (e.g. clear name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by the Twitter companies jointly responsible for the Eterno - Company presence, we cannot make any binding statements about the purpose and scope of the processing of your data.

‍

In this context, publications about the company's presence may include the following content:

● Information about services

● Customer contact

Every user is free to publish personal data through activities.

The legal basis for the data processing is Art. 6 para.1 p.1 lit. a DSGVO.

The data generated by the company website is not stored in our own systems.

You can object at any time to the processing of your personal data that we collect in the course of your use of our Twitter corporate presence and assert your data subject rights listed under IV. of this privacy policy. To do so, send us an informal e-mail to datenschutz@eterno.health.

You can find more information about the processing of your personal data by Twitter and the corresponding objection options here:

https://twitter.com/de/privacy

YouTube‍

YouTube LLC, 901 Cherry Ave, San Bruno,

CA 94066, USA

‍

On our company page, we provide information and offer YouTube users the opportunity to communicate. If you perform an action on our YouTube corporate site (e.g. comments, posts, likes, etc.), it is possible that you will make personal data (e.g. clear name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by YouTube, the company responsible for the Eterno Health GmbH corporate presence, we cannot provide any binding information on the purpose and scope of the processing of your data.

‍

In this context, publications about the company's presence may include the following content:

Information about services
Customer contact

Every user is free to publish personal data through activities.

The legal basis for the data processing is Art. 6 para.1 p.1 lit. aDSGVO.

The data generated by the company website is not stored in our own systems.

You can object at any time to the processing of your personal data that we collect in the course of your use of our YouTube corporate presence and assert your data subject rights as set out in IV. of this privacy policy.

Please send us an informal e-mail to datenschutz@eterno.health

You can find more information about the processing of your personal data by YouTube and the corresponding objection options here:

https://policies.google.com/privacy?gl=DE&hl=de

XI. Use of company presences in job-oriented networks

1. scope of data processing

We use the possibility of company appearances on profession-oriented networks. We maintain a company presence on the following job-oriented networks:

LinkedIn

LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland

On our site we provide information and offer users the possibility of communication. The company website is used for job applications, information/PR and active sourcing.

‍

We do not have any information on the processing of your personal data by the companies responsible for the corporate presence.

‍

For more information, please see LinkedIn's privacy policy:‍

‍

https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv‍

‍

If you carry out an action on our company website (e.g. comments, posts, likes, etc.), you may make personal data (e.g. clear name or photo of your user profile) public.‍

‍

2. legal basis for data processing‍

The legal basis for the processing of your data in connection with the use of our corporate presence is Art.6 para.1 p.1 lit.f DSGVO.‍

‍

3. purpose of data processing‍

Our company website serves to inform users about our services. In doing so, every user is free to publish personal data through activities.‍

‍

4. duration of storage‍

We store your activities and personal data published via our corporate website until you revoke your consent. In addition, we comply with the statutory retention periods.‍

‍

5. objection and removal option‍

You can object at any time to the processing of your personal data that we collect in the course of your use of our company website and exercise your data subject rights listed under IV. of this data protection declaration. To do so, send us an informal e-mail to the e-mail address stated in this data protection declaration.

For more information on appeal and removal options, click here:

LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv‍

XII. Hosting‍

The website is hosted on servers of a service provider contracted by us.

Our service provider is:

Webflow, Inc.

398 11th Street, 2nd Floor

San Francisco, CA 94103

USA

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:

● Browser type and browser version

● Operating system used

● Referrer URL

● Host name of the accessing computer

● Date and time of the server request

● IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f DSGVO, § 25 para. 2 no. 2 TTDSG. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be collected.

The location of the server of the website is geographically in the USA. To ensure appropriate safeguards for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and data processing by Webflow is based on appropriate safeguards pursuant to Art. 46 et seq. DSGVO, in particular by concluding so-called standard data protection clauses according to Art. 46 para. 2 lit. c DSGVO. A copy of the standard data protection clauses can be requested by sending an informal email to us.

XIII Plugins used

We use plugins for various purposes. The plugins used are listed below. When using our plugins, some data transfer of personal data to the USA takes place. Health data and other special categories of personal data according to Art. 9 DSGVO are excluded, these are only processed in the EU. To ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the data transfer to and data processing by corresponding processors is carried out on the basis of appropriate guarantees pursuant to Art. 46 et seq. DSGVO, in particular by concluding so-called standard data protection clauses pursuant to Art. 46 (2) lit. C DSGVO. A copy of the appropriate guarantees can be requested by sending us an informal e-mail.

The following plugins are used:

Typeform (Carrer de Bac de Roda, 163, 08018 Barcelona, Spain)
Sendgrid (1801 California St #500, Denver, CO 80202, United States).
Google Analytics (1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States).
Crazy Egg (16220 Ridgeview Ln, La Mirada, CA 90638, United States).

‍

Privacy Policy Eterno Web App

Note: For the information available via www.eterno.health the privacy policy of the Eterno website applies.

Status September, 2022

‍

Table of contents

Name and address of the responsible person
Contact details of the data protection officer
Data processing in the Eterno Web App
Rights of the data subject
Deployment of the app and creation of the log files
Cookies use
Newsletter
Hosting
Plugins used
Use of SDK's
Device authorizations
Privacy notice for the use of our web application on the website

‍

I. Name and address of the responsible person

Responsible person according to Art. 4 No. 7 EU General Data Protection Regulation (DSGVO) is:

Eterno Health Ltd.

Gate road 85-87

10119 Berlin

Germany

contact@eterno.health

www.eterno.health

‍

II. contact details of the data protection officer

You can reach our data protection officer at:
‍

Fresh Compliance Ltd.

Fürbringerstr. 15

10961 Berlin

Germany

www.freshcompliance.de

Tel: O3O 32765751

III. Data Processing in the Eterno Web App‍

On this page we inform you about the privacy policy applicable to the Eterno web application ("App" or "Eterno Web App"). The App is an offer of Eterno Health GmbH, Torstraße 85-87, 10119 Berlin, Germany

("Eterno Health," "we" or "us").

1. scope of processing‍

The Eterno web app is an application that

Enables users to electronically manage health records and other data and provides content; and

Health professionals assisted in the delivery of medical services.

Depending on the functionality, Eterno Health provides the Eterno Web App to the User either as a data controller or as an order processor of health professionals.

‍

An overview of the roles under data protection law can be found here.

a) Processing as controller

As a data controller, Eterno Health processes personal data of the User when the User uses functionalities of the App or Eterno Health processes personal data via the App for its own purposes or in order to analyze, improve or market its own services. This applies when the following functionalities are used or when the following processing operations take place:

Registration for the app, including creating and managing the user account.
Use of the "Appointments" functionality
Use of the "Medical Documents" functionality by the user to manage documents and data, including. the transfer of such documents and data to health professionals; physicians can transfer to the "Medical Documents" area documents and data from the patient's file.
Use of the "Health Portal" functionality to manage health data and other data by the User.
Use of the video consultation functionality for participation in video consultations by the user.
Use of the "Prepare medical history" functionality to provide data to health professionals so that they can perform the medical history.
Conducting surveys, e.g., to analyze user satisfaction with Eterno Health services by sending satisfaction questionnaires via email or notification in the app.
Provision and use of a chat bot by Eterno Health to enable users to provide feedback, provide customer service services, and facilitate users' use of Eterno Health's app functionalities and services.
Smart recommendations such as personalized messages or ads about the range of services offered by providers and/or Eterno Health, or information via email or notification in the app.

b) Processing as a processor of the healthcare drivers‍.

As a processor of health professionals, Eterno Health processes personal data of the User when the User uses the following functionalities of the App:

Appointment bookings for doctor's visits or consultation of other health professionals including initial description of symptoms, including push notifications, emails and SMS to remind about appointments, confirmations, etc.
Communication with the respective health professional via asynchronous and synchronous communication technology
Provide the technical means for the health professional to conduct video consultations.
Provision of bills from health professionals (only for privately insured users).
Processing of data provided by the user via the "Prepare medical history" functionality for filling out the medical history form and its further use in the context of service provision by the healthcare professional.

To the extent that Eterno processes personal data as a processor of health care professionals, information about this can be found in their privacy notices.

‍

Within the app, the following data is collected for the purpose of registration:

Name
First name
E-mail address
Date of birth
Gender
Salutation and title
Address
Booking occasion
Name of the health insurance
CPC ID
KVZ insurance number
CPC membership type
Billing address
Mobile number
Payment information
Profile picture (optional)

Furthermore, Eterno Health processes the following data either as a data controller or as a processor, depending on the functionality of the app used:

o Reasons for doctor's appointment

o Symptoms in case of complaints

o Medical history data (for patient questionnaires), including, among other things

o Blood group

o Severe disability

o Weight

o Size

o BMI (Body Mass Index)

o Cholesterol level

o Blood pressure

o Pregnancy

o Current complaints

o Medication

o Allergies & reactions

o Existing diseases & examinations

o Operations

o Family history

o Nutrition

o Sports/ Physical activity

o Sleep

o Mental health and energy

o Habits

Preferred medical practice
Preferred doctor
Prescriptions & referral slip
Laboratory Data, & Findings
Imaging processes
Feedback & Support Questions

2. purpose of processing‍

Eterno processes personal data as a data controller in order to provide users with the functionalities of the app or to analyze, improve or market its own services.

3. legal basis for the processing of personal data as controller‍.

The legal basis for the processing by Eterno Health as the controller of the User's health data is the User's consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO in conjunction with Art. 9 para. 2 lit. a DSGVO.

The legal basis for the processing by Eterno Health as the controller of personal data that is not health data is the fulfillment of the contract for the use of the app pursuant to Art. 6 (1) p. 1 lit. b DSGVO or, when conducting surveys or marketing, the legitimate interest of Eterno Health pursuant to Art. 6 (1) p. 1 lit. f DSGVO or the consent of the user pursuant to Art. 6 (1) p. 1 lit. a DSGVO.‍

‍

4. duration of storage‍

The personal data will be stored exclusively for the above-mentioned purposes until the user account is deleted. With the deletion of the account by the user, all data will be removed whose preservation is not required for the fulfillment of legal retention obligations or for the assertion, exercise or defense of legal claims.‍

‍

5. revocation and removal option‍

A revocation of consent or objection to data processing can be made at any time informally by e-mail todatenschutz@eterno.health.‍

‍

6. recipients of personal data‍

For the provision of all services, processors are engaged to take over partial services. In addition to the processors listed under "Plugins used", the following processors are engaged for the delivery of appointment reminders & appointment bookings:

rapidmail GmbH, Augustinerplatz 2, 79098, Freiburg, Germany
Mailchimp (The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 United States)
Doc Cirrus GmbH, Pohlstraße 20, 10785 Berlin
Twilio Ireland Limited, 25-28 North Wall Quay, Dublin 1, Ireland

4. no obligation to provide personal data‍

If we ask you to provide personal data, you can of course refuse to do so. However, you may then not be able to register as a user of our app or we may not be able to provide you with certain functions of the app. This applies in particular if data is necessary for the conclusion of the contract on the use of the app (e.g. master data that you provide during registration) or if we are required by law to collect data. Mandatory data is marked as such.

‍

IV. Rights of the data subject

You have the following rights against the responsible person:

‍

Right to information:

Right to data portability:

You may receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format.

Right of rectification:

Right to erasure (right to be forgotten):

You may at any time request us to delete the personal data concerning you without delay. Certain legal restrictions may apply to this.

Right to object:

Right to withdraw consent:

You can at any time, revoke consent to the processing of personal data.

Right to complain to a supervisory authority:

‍

V. Technical provision of the web app and creation of log files

1. description and scope of data processing‍

Each time you use our app, the system automatically collects data and information from the calling end device.

‍

The following data is collected here, if possible:

Information about the browser type and version used
The operating system of the user
The user's device
The IP address of the user
Date and time of access

This data is stored in the log files of the system. This data is not stored together with other personal data of the user.

The app is hosted on servers by a service provider contracted by us. Our service provider is:

Amazon Web Services EMEA Sàrl, 38 avenue John F. Kennedy, L 1885 Luxembourg.

The location of the app's server is geographically within the EU.

2. purpose of data processing‍

The temporary storage of the IP address by the system is necessary to enable delivery of the app to the user's terminal device. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the app. In addition, we use the data to optimize the app and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.‍

‍

3. legal basis for data processing‍

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. b DSGVO, § 25 para. 2 no. 2 TTDSG.

4. duration of storage‍

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

5. objection and removal option‍

The collection of data for the provision of the app and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

VI. use of cookies

1. description and scope of data processing‍

Our app uses cookies. Cookies are text files that are stored on the respective end device. If a user calls up an app, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that enables the device to be uniquely identified when the app is called up again.

The purpose of the use of these cookies is to provide you with an optimal user experience as well as to "remember" you in order to present you with the most varied website and new content possible during your next visit. The content of a cookie is limited to an identification number.

The following data is stored and transmitted in cookies:

Language settings
Log-in information
Performance data
User behavior

The user data collected in this way is anonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data is not stored together with other personal data of the users.

2. purpose of data processing‍

The purpose of using technically necessary cookies is to simplify the use of apps for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

The user data collected through technically necessary cookies are not used to create user profiles.

Analysis and marketing cookies are used to continuously improve our offer.

3. legal basis for data processing‍

The legal basis for the processing of personal data using analysis or marketing cookies is, with your declaration of consent, Art. 6 para. 1 p. 1 lit. a DSGVO.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 p. 1 lit. f DSGVO.‍

‍

4. duration of storage, possibility of objection and elimination‍

Cookies are stored on the user's device and transmitted from it to our app. Therefore, you as a user also have full control over the use of cookies. By changing the settings on your device, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our app, it may no longer be possible to fully use all functions of the app.

‍

VII. Newsletter

1. description and scope of data processing‍

In our app there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us.

E-mail address
Name
First name
Date and time of registration

No data will be passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.

2. purpose of data processing‍

The collection of the user's e-mail address is used to deliver the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

3. legal basis for data processing‍

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 p. 1 lit. a DSGVO if the user has given his consent.

4. duration of storage‍

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and legal retention obligations do not require the retention of the corresponding data.

5. objection and removal option‍

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.

This also enables the revocation of consent to the storage of personal data collected during the registration process.

‍

VIII. Plugins used

The following plugins are used:

Typeform (Carrer de Bac de Roda, 163, 08018 Barcelona, Spain)
Sendgrid (1801 California St #500, Denver, CO 80202, United States).
Google Analytics (1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States).
Crazy Egg (16220 Ridgeview Ln, La Mirada, CA 90638, United States).
Stormly (Lutmastraat 1 - 3, 1072 JL Amsterdam, The Netherlands)