1. General information

​

1.1 Responsible person

​

According to the guidelines of the DSGVO in connection with the services the provider and responsible for processing personal data of our users is:

 

Hypertension Care UG (haftungsbeschränkt)

Marie-Curie-Straße 6

85055 Ingolstadt

 

Phone: +49 841 1380 4270

Fax: +49 89 36 10 40 26

Email: info@hypertonie.app

 

For further information please see our imprint.

 

Please read the privacy policy carefully before using the services of Hypertension Care UG. As the responsible provider, we are subject to statutory information obligations, which we wish to comply with in this data protection declaration. In addition, we provide further information within the scope of our products, e.g. when you are asked for a new consent or the consequences of revocation are explained. The information provided in our products does not contradict this data protection declaration but supplements it with further brief details. You will be granted access to the data protection declaration and further product information within the scope of our products at any time.

 

1.2 Data protection officer

​

If you have any questions or further concerns regarding data security, you have the option to contact the responsible data protection officer at the e-mail address: datenschutz@hypertonie.app.

 

1.3 Information on the handling of personal data and provider identification

​

In this privacy policy, we inform you about the type, purpose and scope, collection and use of personal data when you use Hypertension.App and our Hypertension.App website. Personal data is information about personal or material circumstances of an identified or identifiable natural person (data subject/person concerned). Examples include name, age, contact details or information about physical condition.

Since our range of services is aimed primarily at hypertensive persons, your use of this information already provides information about your individual state of health. For this reason, we process personal data as health data only with your consent.

 

1.3.1 No obligation to provide

The provision of your personal (health) data is neither contractually nor legally required. If the provision of the data is required for a specific service, you will be notified of this by means of appropriate markings. Failure to provide the required data means that the service in question cannot be provided or can only be provided to a limited extent.

 

1.3.2 Consent

In various cases, you have the opportunity to give us your consent to further processing of your data in connection with the processing described below. In this case, we will inform you separately, in connection with the submission of the respective declaration of consent, about all modalities, the scope of the consent and about the purposes that we pursue with these processing operations. The processing operations based on your consent are therefore not listed here again (Art. 13 para. 4 DSGVO).

 

1.3.3 Transfer of personal data to third countries

When personal data is transferred to third countries (countries outside the European Union), a high level of protection must be ensured in accordance with the DSGVO. The transfer is carried out exclusively under the legally regulated conditions of admissibility. We will only transfer your data to a third country if:

​

• you have given your express consent,

• the transfer of data to a third country serves to fulfill our contract with you

• otherwise there is an exception according to Art. 49 DSGVO,

• the transmission is necessary for the assertion, exercise or defense of legal claims,

• an adequacy finding according to Art.45 DSGVO is available,

• suitable guarantees according to Art.45 DSGVO are available.

​

1.3.4 Hosting with external service providers

To a large extent the data processing takes place with the involvement of so-called hosting service providers. These provide us with storage and processing capacity in their data centers and also process personal data in accordance with our instructions. All personal data of Hypertension.App is stored in an encrypted virtual machine. This means that our hosting service providers have no access to personal data of registered Hypertension.App users. For all requests via the contact form, it is possible that personal data may be transmitted to hosting service providers. These service providers process your data exclusively in the European Union and guarantee an adequate level of data protection.

 

1.3.5 Data protection for children

Children need special protection for their personal data. Such protection should concern in particular the use of personal data for advertising purposes, the creation of personality or user profiles and the collection of personal data from children when using services offered directly to children. Our services are generally not subject to any age limit, as high blood pressure problems can occur at any age.

Nevertheless, persons under the age of sixteen are only permitted to use our products with the consent of their parents or legal guardians. This also applies to the processing of their personal data, which is only lawful if the consent of the legal guardian for the child is available. If this is not fulfilled, the use of our products is prohibited. In this respect, we refer to the requirements according to Art. 8 para. 1 DSGVO.

 

 

2. Rights of data subjects/ concerned persons

​

2.1 Right of withdrawal

​

2.1.1 Right to withdraw consent

You have the right, in accordance with Art. 6 Para. 3 DSGVO, to revoke your consent to the processing of personal data at any time, without stating reasons, in whole or in part, with effect for the future. In case of revocation, we will delete the concerned data immediately. Revocation of consent does not affect the lawfulness of the processing that took place on the basis of the consent until revocation.

 

2.1.2 Right of revocation for advertising purposes

In the case of processing of personal data for direct marketing, in accordance with art. 21 DSGVO, you have the right to file an objection at any time to the future processing of data concerning you. If profiling is carried out in the context of direct marketing, the above-mentioned right of withdrawal applies equally.

You may exercise the right of objection free of charge and at any time. You can send your objection to the contact details given in the imprint.

 

2.2 Right to information

​

In accordance with Art. 15 DSGVO, you have the right to receive information about your personal data stored by us, its origin and recipients, as well as the purpose of the data processing, free of charge at any time. If you have any questions in this regard that are not answered by this privacy policy, you can contact us at any time at the following e-mail address or via the contact details given in the imprint: info@hypertonie.app.

 

2.3 Right of correction

​

You have the right to demand that we correct any incorrect personal data concerning you without delay (Art. 16 DSGVO). Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data, also by means of a supplementary declaration.

 

2.4 Right to deletion ("Right to be forgotten")

​

You have the right to demand from us that personal data relating to you is deleted immediately if one of the reasons stated in Art. 17 para. 1 DSGVO applies and the processing is not necessary for one of the purposes regulated in Art. 17 para. 3 DSGVO.

 

2.5 Right to restrict processing

​

You have the right to request a restriction related to processing your personal data if one of the conditions laid down in Art. 18 paragraph 1 letters a) to d) DSGVO is met.

 

2.6 Right to data transferability

​

You have the right, under the conditions specified in Art. 20 para. 1 DSGVO, to receive the personal data concerning you that you have provided to us with in a structured, common and machine-readable format. Also, you can request that it is transferred to another responsible person, insofar as this is technically feasible. Furthermore, you have the right to transfer this data to another responsible person without hindrance by us.

 

2.7 Right of complaint

​

Without prejudice to other legal remedies, you have the right at any time to complain to a supervisory authority about a violation of the basic data protection regulation (Art. 77 DSGVO). Bavarian Commissioner for Data Protection and Freedom of Information, PO box 22 12 19, 80502 Munich, www.datenschutz-bayern.de.

 

 

3. Data security

​

We have taken technical and organizational measures to ensure data security. These measures serve, among other things, to prevent unauthorized access to the technical equipment we use and to protect your personal data from unauthorized access by third parties. The technical and organizational measures are continuously developed and adapted to the current state of the art.

 

To prevent unauthorized access to your personal data by third parties, communication with our Hypertension.App and with our website is encrypted.

 

3.1 Necessary and optional user data of Hypertension.App

​

If you agree, we process the following user data in order to provide you with our services. If you do not consent (mandatory data), you will not be able to use the services of Hypertension Care. You can give us your consent during the registration process and manage it in the account settings.

 

3.1.1 Required user data

Our services can be used with an anonymous, pseudonymized or personalized access. The requested mandatory data must be provided completely. Otherwise the use of the services is not possible. The entered data will be used for the purpose of the service. Hypertension Care processes, collects and stores data which you provide or which you transfer by using and/or registering the app. Your data will not be passed on without your consent. The following personal data is required and processed for the purpose of creating a required Hypertension.App profile so that the app can be used optimally

​

• Taking medication (Yes / No)

• Body height

• Gender

• Pregnancy (only for female sex)

• Consent for receiving notifications

• Registration date and time

• Status of the consents

 

It is possible to use the services within the scope of a "Freemium-Version" or "Premium-Version".

With the Freemium-Version there is no obligation to register. All available functions can be used anonymously. Your entries will be automatically deleted if you decide to log out with your anonymous account.

An encrypted backup of your entered data requires a voluntary and free registration with a user account. If you decide to use the "Premium Version", this is associated with a binding registration and thus account creation. The following options are available for registration:

​

• Registration using an e-mail address

• Registration using the Apple ID (iOS only)

• Registration using the Google account (Android only)

​

When creating a voluntary and free user account, the email address and optionally the profile picture of your Google Account will be collected. During the binding registration for the "Premium Version" the following additional user data is collected:

- Contractual usage data: App Store download, purchase, invoices, payment status, means of payment (credit card, bank account, etc.), IP address, terminal device identification, operating system, browser type and version, token, activity events for personalization, support requests.

 

3.1.2 Optional user data

All further details enable the creation and completion of an individual health profile. These additional user data are optional and self-explanatory in the input masks. This information is summarized to a health profile. By entering this data, a complete and error-free provision of the services is to be guaranteed. These optional details include:

​

• Personal profile: Name/pseudonym/nickname, e-mail address.

• Health profile: Personal information (date of birth, height, gender, pregnancy details), medication, genetics, previous illnesses, physical activities (strength training, endurance sports), bad habits (salt, alcohol, smoking, drugs).

• Health-related usage data (diary): blood pressure values (self measurement, office measurement, 24-hour measurement=ABPM), stress intensity, intensity of symptoms, weight, pulse wave analysis values, type, taking time and dose of medication, notes/text, time of entries.

• PDF report: Summarized data from the personal profile, health profile and health-related usage data (stored both locally and in the cloud)

 

The scope of the user data collected by Hypertension.App depends on your registration and use of our products. We process only those user data that you actively and voluntarily provide to us. The input of requested or optional user data is a prerequisite for the comprehensive use of our app. If you decide against providing the optional data, the functionality of our products may be limited. For example, our digital blood pressure guide or the blood pressure feedback function requires a detailed (voluntary) entry of your data in order to ensure optimal and individual use. The collection of certain data can be (de)activated or removed at any time in the settings of the app or your terminal device.

 

3.1.3 User account under a pseudonym

You have the possibility to create a user account under a pseudonym, i.e. there is no obligation to use a clear name. You can register for this with a functioning e-mail address that you have created exclusively for our App services.

 

3.2 Automatic storage at www.hypertonie.app

​

Visits to websites are accompanied by the automatic creation and storage of certain information. This also applies to this website.

When you visit our website, our web server (computer on which this website is stored) automatically stores data such as

 

• the address (URL) of the web page called,

• browser and browser version,

• the operating system used,

• the address (URL) of the previously visited page (referrer URL),

• the host name and IP address of the device from which access is made,

• date and time,

​

in files (web server log files).

 

On average, web server log files are stored for two weeks and then automatically deleted. Your stored data will not be forwarded, but it cannot be excluded that this data may be viewed in case of illegal behavior. The legal basis according to article 6 paragraph 1 f DSGVO (lawfulness of processing) exists, as there is a legitimate interest in enabling the error-free operation of this website by collecting web server log files.

 

3.3 Operational data protection

​

All Hypertension Care employees have been obligated in writing to comply with all regulations on data protection and data security and to maintain the data secrecy. Appropriate training courses are held regularly for this purpose.

 

 

4. Purpose of data processing

​

This section describes how your personal data provided as part of the consent will be used for the purpose of fulfilling the contract. Failure to obtain the aforementioned consent and the associated data processing will result in an exclusion of use. There is legally and factually no possibility to use our services without the consent of the data processing.

Use of data for specific purposes: We respect the principle of purpose-related data use and collect, process and store your personal data only for the purposes you have communicated to us. Your personal data will not be passed on to third parties without your express consent, unless this is necessary to provide the service or fulfill the contract. Also, the transmission to state institutions and authorities entitled to receive information is only carried out within the scope of the legal obligations to provide information or if we are obliged to provide information by a court decision.

 

4.1 Purpose and legal basis of data processing

​

Necessary user data for registration:

• Purpose: Registration leads to the creation of your Hypertension.App account using your email address and password with verification of login (double opt-in procedure)/Apple ID/Google account.

• Legal basis: Art. 6 Abs. 1 b) DSGVO

• If applicable, justified interest: -

• Storage duration: Duration of the contractual relationship

​

Health profile, usage data and PDF reports of Hypertension.App:

• Purpose: Depending on the feature, the provision of our services requires your active input of data. Each feature explicitly describes what data it requires for what purpose.

• Legal basis: Art. 9 Abs. 2 a) DSGVO

• If applicable, justified interest: -

• Storage duration: Duration of the contractual relationship

 

Contractual usage data of the Hypertension.App

• Purpose: Ordering, provision, support and invoicing of our products requires the specification and processing of certain personal data in order to process your order.

• Legal basis: Art. 6 para. 1 b) DSGVO

• If applicable, justified interest: Fulfillment of contract

• Storage duration: Duration of the contractual relationship

 

Registration data, access data and usage data of the Hypertension.App:

• Purpose: presentation of the content of the service, detection of attacks on our site through unusual activities, error diagnosis, provision of our services.

• Legal basis: Art. 6 para. 1 b), f) DSGVO

• If applicable, justified interest: Proper functioning of the services, security of data and business processes, prevention of misuse, prevention of damage caused by interventions in information systems, improvement of our app.

• Storage period: Until they are no longer required for the purpose of their collection

 

Communication within the Hypertension.App or contact form on www.hypertonie.app:

• Purpose: Possibility for mutual communication via Hypertension.App or other electronic messaging services (e.g. e-mail, messenger, telephone), as far as this is necessary to support or troubleshoot our products or to process customer inquiries and user complaints via the contact form on www.hypertonie.app in order to improve the service.

• Legal basis: Art. 6 para. 1 b), f) DSGVO

• If applicable, justified interest: Customer retention, customer acquisition, improvement of services, fulfilment of contract.

• Storage period: Two years after completion of the processing of the request

 

4.2 Newsletter

​

In addition to the contractual scope of services, you have the opportunity to receive interesting information about products and offers or other sales promotion and marketing activities of Hypertension Care (also called newsletter). To receive the newsletter, you must enter your e-mail address and consent by clicking on the "Send" button (Art. 6 para. 1 a) DSGVO). You can unsubscribe at any time, e.g. via a link in the newsletter. Consent for surveys and other sales promotion and marketing activities will be obtained as required when using the app. You will be informed in each case about the purpose and possibility of withdrawal.

​

This website uses SendinBlue to send newsletters. The provider is SendinBlue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. SendinBlue is a service that can be used to organize and analyze the sending of newsletters. The data (e-mail address) you enter to subscribe to the newsletter is stored on SendinBlue's servers. The hosting servers on which SendinBlue processes and stores the data are located exclusively in the European Union. SendinBlue undertakes not to transfer data outside the European Union.

 

Our newsletters sent with SendinBlue enable us to analyze the behavior of the recipients of the newsletters. This can include analyzing how many recipients opened the newsletter message and how often each link in the newsletter was clicked. All links in the e-mail are so-called tracking links, which allow your clicks to be counted.

If you do not want SendinBlue to analyze your newsletter, you must unsubscribe. To do this, we provide a link in every newsletter message. Furthermore, you can also revoke your consent at any time with future effect by sending an e-mail to the address given in our imprint.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of SendinBlue after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the use of Hypertension.App) remain unaffected. We have entered into an agreement with SendinBlue in which we commit SendinBlue to protect our customers' information and not to disclose it to third parties.

Please refer to the SendinBlue Privacy Policy at: https://de.sendinblue.com/legal/privacypolicy/.

​

​

5. Use within the scope of legal purposes

​

5.1 Scientific research and statistics

​

Hypertension Care is committed to the science of high blood pressure. Therefore, the data may be used anonymously for research and statistical purposes (always in compliance with recognized ethical scientific standards) and for internal analyses. This serves above all to determine and improve the effectiveness of hypertension treatment techniques and therapies. The legal basis for this is Art. 9 para. 2 j) DSGVO.

 

5.2 Enforcement of rights

​

Furthermore, the use of personal data may be necessary to prevent fraud by users or to assert, exercise or defend legal claims. We may be required or compelled to disclose personal information as a result of mandatory laws, court or governmental decisions and orders, criminal prosecution or for reasons of public interest. Even in such cases, the storage and processing of your personal data without your express consent is permitted by law. The legal basis here is Art 9 Paragraph 2 f) DSGVO.

 

5.3 Transmission to state authorities

​

If it is necessary to fulfill a legal obligation, we transmit personal data to state authorities, including law enforcement agencies (legal basis: Art. 6 Par. 1 c) DSGVO).

 

 

6. General

​

6.1 Purpose and security

​

Hypertension Care will use your personal data solely for the purposes clarified in this Privacy Policy and in the respective consents. In doing so, we ensure that any processing only relates to your individual needs and is accordingly limited to these purposes.

Each individual processing is carried out in an appropriate way to ensure adequate protection of your personal data. This includes protection against unauthorized and unlawful processing, as well as against accidental loss, accidental destruction or damage by means of appropriate technical and organizational measures. To this end, we use strict internal procedures, security features and state-of-the-art encryption methods.

Our security procedures are regularly reviewed and adapted to technological progress. In addition, we guarantee data protection on an ongoing basis, through constant auditing and optimization of our data protection organization. Hypertension Care reserves all rights to make changes and updates to this privacy policy.

 

6.2 Contract processors

​

Firebase Authentication is a login and authentication service provided by Google Inc. To simplify the login and authentication process in Hypertension.App, Firebase Authentication can use third party identity services and store the information on its platform. This involves collecting data such as email address, name and password. Therefore, we use servers located within the EU.

 

Google Firebase Cloud Firestore is a web hosting service provided by Google Inc. and is used as a database system. The data, which is generated in the Hypertension.App (for example by entries) is stored in this system. The created PDF reports are stored in Google Firebase Cloud Storage. This data cannot be viewed by other users of the app. By using these services, the entries can be synchronized to all devices of the user. For the synchronization a registration of the user is necessary. Servers with a location within the EU are used. Further information about data processing by Firebase Firestore and Firebase Storage can be found in the Google privacy policy.

 

Google Crashlytics via Firebase is a developer platform operated by Google Inc. to find errors in an app. We use Crashlytics to improve the stability and reliability of our app.

Crashlytics receives user data such as Mobile ad IDs, Installation UUID (universally unique ID), Android IDs and IP addresses for error analysis. For more information about Crashlytics' data processing, please refer to the Google Privacy Policy. The operator of Crashlytics (Google) complies with the data protection regulations of the "US-Privacy-Shield" and is registered with the "US-Privacy Shield" program of the US Department of Commerce and thus offers suitable guarantees for an adequate level of data protection. We have concluded a so-called "Data-Processing-Agreement" with Google, in which we commit Google to protect the data of our customers and not to pass it on to third parties.

 

Further information about Google Firebase and data protection can be found at https://policies.google.com/privacy, https://firebase.google.com/support/privacy and https://docs.fabric.io/apple/fabric/data-privacy.html#data-collection-policies.

 

Google OAuth is a login and authentication service provided by Google Inc. and is connected to the Google Network. This service transfers data from your public Google profile (email address and profile picture) to our Hypertension.App. For the personal information transferred to the United States through your Google Account, Google is subject to the EU-US Privacy Shield: www.privacyshield.gov/participant. For more information about Google and privacy, please visit https://policies.google.com/privacy.

 

Apple Sign in is a login and authentication service provided by Apple Inc. that is linked to the Apple ID. Logging in in conjunction with registering with Hypertension.App using the Apple ID requires an Apple ID account with an email address and password or identification on your Apple device using FaceID or TouchID. During this process, data is transferred from your Apple ID to our Hypertension.App. Apple Inc. assigns a randomly generated one-time address for registration, so your email address is encrypted. Apple Inc. is responsible and accountable for the personal information that is transferred to the United States under your Apple ID account.

For more information about Apple ID and privacy, please visit: https://www.apple.com/legal/privacy/de-ww/

 

For Push Notifications we use the Firebase Cloud Messaging services of the company Google (Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland) and Apple Push Notifications of the company Apple (Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014).

If you want to receive push notifications, you have to enable this in the settings of your end device. We will ask for your consent or when you use (iOS) or install (Android) the app for the first time. The legal basis for this processing is the consent according to art. 6 para. 1 lit. a) DSGVO. All notifications or access options can be subsequently switched on or off in the settings menu.

In doing so, Firebase and Apple generate a calculated key (pseudonymized Device Token ID), which consists of the app's ID and its device ID. This key is stored on our push platform with the settings you have chosen to make the content available to you according to your wishes. The Firebase or Apple servers cannot draw any conclusions about the requests of users or determine any other data related to a person. Firebase or Apple serve exclusively as a transmitter.

 

Wix.com is a website building kit provider for our website www.hypertonie.app and is a certified participant of the EU-US Privacy Shield Framework. Wix.com is committed to ensuring that all personal information received from European Union (EU) member states is handled in accordance with the Privacy Shield Framework and its applicable principles. More information about the Privacy Shield Framework can be found on the Privacy Shield List of the US Department of Commerce at https://www.privacyshield.gov.

Wix.com is solely responsible for the processing of personal data received under the Privacy Shield Framework and subsequently transfers it to a third party acting on behalf of Wix.com as an agent on its behalf. Wix.com will act in accordance with the Privacy Shield Principles for any transfer of personal data from the EU, including the liability provisions for the transfer.

With respect to personal information contained or transmitted under the Privacy Shield Framework, Wix.com is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, Wix.com may be required to disclose personal information in response to governmental requests, including to comply with national security or law enforcement regulations.

Wix.com collects statistical information about visits to the www.hypertonie.app website. The access data includes: Name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the operating system of the user, referrer URL (the previously visited site), IP address and the requesting provider. Wix.com uses the log data for statistical analysis for the purpose of operation, security and optimization of the offer and these are also available to us as the operator of this website. Please also read the privacy policy of Wix.com, which can be found at http://de.wix.com/about/privacy.

 

Our website is hosted by our contract processor IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. Connection data is processed for the purpose of providing and delivering the website. For the sole purpose of delivery and provision of the website, the data will not be stored beyond the call. The legal basis for the data processing is the legitimate interest (absolute technical necessity for the provision and delivery of the service "website" expressly requested by you through your call) in accordance with Art. 6 para. 1. f) DSGVO. For this service a contract for processing orders has been concluded according to DSGVO. Further information on data protection can be found in the IONOS Data Protection Policy at https://www.ionos.de/terms-gtc/terms-privacy.

 

Apple App Store/Google Play Store are Internet-based digital distribution platforms for application software from the companies Apple Inc. and Google LLC. through which software from this operator or from third parties is offered. You can download our services to your end devices via the respective distribution platform. Please note the privacy policy and terms of use of the respective provider. These can be found at https://www.apple.com/de/legal/privacy/de-ww/ and https://policies.google.com/?hl=de.

 

Wiredash.io is a feedback tool and is operated by phntm GmbH (Am Feldbrand 1b, 40667 Meerbusch). We have integrated the tool in our app in the settings under 'Feedback' and thus manage the feedback of the app users. If you give us feedback on our app (e.g. an error or a compliment), all relevant information (e.g. operating system of the cell phone, screen size, version of the app) will be transferred anonymously. If you provide your email address, we can associate it with the feedback and can give you feedback as soon as we have fixed the reported bugs. Servers with a location within the EU are used and all user data is stored encrypted. For more information on data protection, please refer to the privacy policy at https://help.wiredash.io/legal/privacy.

 

HLaN (Health Reality Lab Network) is a project funded by the BMWi and supports digital health companies in finding sustainable business models. The HLaN app offers the possibility to transmit the Hypertension.App report to other HLaN actors (e.g. DiGAs, EPAs, care platforms) via the HLaN-Connector, secured and encrypted. The HLaN module is currently in the beta test phase and is only available to selected users. Further information on HLaN can be found at https://www.hlan.network/.

 

Reminder: Data processing is carried out to a large extent with the involvement of so-called hosting service providers. Further information on this topic can be found under 1.3.4.

 

6.3 Categories of recipients

​

Hypertension Care cooperates with partners who are bound by our terms and conditions on the one hand and by the DSGVO on the other. Personal data can only be processed according to our instructions. We provide user data exclusively for the purpose of fulfilling the contract. This concerns the following services:

 

Accounting and payment service providers support us in the ongoing billing of the chargeable products.

Analysis service providers and their tools help us to understand how users use our products in order to carry out customized communication and product optimizations in the future.

Marketing service providers support us in creating, sorting, customizing and sending newsletters, e-mails and other notifications to our users in connection with our products.

We use hosting and cloud services and their tools for data storage as well as for anonymous evaluations (see point 6.2 above).

 

Please note that within Hypertension.App you have the immediate opportunity to share selected data with a third party. For example, this refers to the blood pressure evaluations generated in the App and your associated state of health. This is an additional service with an accompanying voluntary transfer of personal data, the use of which is solely at your discretion.

 

6.4 Use of cookies on www.hypertonie.app

​

Cookies are used within the scope of our services. The so-called cookies are small data records which are generated when websites are called up and stored on the user's terminal device. Through the use of cookies, the web server can call up user-specific information which serves to individualize the use of the website for the visitor or to grant access to specific functions for the first time.

 

You have the option of setting your browser to reject cookies in general or to confirm the acceptance of cookies in each case. If you decide against cookies, you may not be able to use certain functions of the website. Furthermore, the frequently available help function in the menu bar of the web browser explains how you can prevent your browser from accepting new cookies, how your browser can inform you that you will receive a new cookie or how you can switch off all cookies received.

 

In addition to the cookies already mentioned, which are used for analysis services (so-called "web tracking"), we also use cookies of the following classifications on our websites, such as

- Session cookies: This type of cookie is deleted when the browser or the usage process is terminated, so they are only valid for one browser session.

- Persistent Cookies: This type of cookie remains persistent (even after the browser is closed) and stores e.g. access codes.

- Third-party cookies: This type of cookie is controlled by third-party providers who, for example, display an advertising banner on a website.

- Secure Cookies: This type of cookie is only transmitted via protected HTTPS connections.

The so-called "cookie guidelines" have existed since 2009. This states that the storage of cookies requires the consent of the website visitor (user). The handling of these guidelines within the EU countries still varies greatly. In Germany, the cookie guidelines have not been implemented as national law. Instead, the implementation of these guidelines was largely carried out in § 15 para.3 of the German Telemedia Act (TMG).

If you would like to know more about the topic of cookies, we recommend that you visit https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".

 

6.5 Transaction data

​

In the context of using our website www.hypertonie.app, transaction data may be stored by the user's Internet provider. Hypertension Care has no influence on the type and treatment of data stored in this way and accepts no responsibility for this.

 

6.6 Google Analytics on our website www.hypertonie.app

​

In the publicly accessible area of our products, which does not require login data, Google Universal Analytics is used, a web analysis service of Google Inc. ("Google"). Google is certified according to the EU- US Privacy Shield. In addition, we have also agreed upon an order processing with Google.

 

When you visit our website, Google will place a cookie on your computer with the aim of analyzing your use of the website. The generated data is transferred to the USA and then stored. If personal data is transferred to the USA, Google's certification in accordance with the Privacy-Shield Agreement (https://www.privacyshield.gov/EU-US-Framework) guarantees that European data protection laws are observed. We assume no responsibility for this guarantee.

 

We have activated the IP anonymization "Anonymize-IP", which means that IP addresses are only processed in a shortened form. On this website, your IP address will be shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and then shortened there. On behalf of the website operator, Google will use this information to evaluate your use of the website, compile reports on website activity and provide other services related to the website and Internet use to the responsible party. Furthermore, the cross-device analysis of website visitors has been activated, which is carried out via a so-called user ID. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google. The use of Google Analytics serves the sole purpose of analyzing, optimizing and improving our website.

 

The legal basis for the use of cookies is our legitimate interest in data processing in accordance with Art. 6 Para. 1 S.1 f) DSGVO, which also lies in the above-mentioned purposes.

 

Further information on the use of data can be found here: https://www.google.com/analytics/terms/de.html (Analytics Terms of Use), https://support.google.com/analytics/answer/6004245?hl=de (Analytics Data Protection Notice) and https://policies.google.com/privacy (Google Privacy Policy).

 

You have the option of deactivating the cross-device user analysis in your Google account under "My Data > Personal Data".