Privacy Policy of SINOVO
SINOVO takes the
protection of personal data very seriously. We base our data processing on the
legal objective of collecting, processing or using only the personal data
required for a meaningful and economic use of our offer. In the following you
will learn, when data is stored when using SiDiary software and our services
and how we use them. We have taken organisational measures to ensure compliance
with data protection regulations. If you do not agree with any aspect of our
privacy policy, you may be entitled to legal claims, which are also described
here.
Scope of
application
In these
data protection guidelines "SINOVO", "we", "our",
"us" refer to:
"
SINOVO health solutions gmbH, Willy-Brandt-Str. 4, 61118 Bad Vilbel;
"
SINOVO business solutions GmbH, Willy-Brandt-Str. 4, 61118 Bad Vilbel
Personal
Information
SINOVO
collects, processes and uses your personal data in compliance with the data
protection laws of the Federal Republic of Germany and the data protection
regulations of the European Union. Personal data means any information that
relate to a natural person or at least can be related and thus allow
conclusions to be drawn about his/her personal data.
Our online offer
can be used without disclosing your identity. In the case of participation in
one of our personalized services, you will be asked separately for the data
required for processing the services. It is your free decision to participate
in these services and enter the relevant data.
We expressly point
out that protection for data transmission in open networks, such as the
Internet, cannot be fully guaranteed according to the current state of the art.
The data stored on servers of SINOVO or in the Microsoft Cloud may also be
viewed and modified by other participants in the Internet without authorization
from a technical point of view. SINOVO or Microsoft have secured their servers
against unauthorized access with proven and customary systems.
Nature and
scope of the data collected and its use
When you
visit our website https://diabetes.sinovo.net (and its subdomains), the
browser used on your device automatically sends information to the server of
our website. This information is temporarily stored in a so-called log file.
The following information is recorded without your intervention and stored until
it is automatically deleted:
IP address of the
requesting computer, date and time of access, name and URL of the accessed
file, website from which access is made (referrer URL), browser used and, if
applicable, your computer's operating system and the name of your access
provider.
The mentioned data
will be processed by us for the following purposes:
-
Ensuring a smooth connection of the website,
- Ensuring comfortable
use of our website,
- evaluation of system
security and stability as well as
- for other
administrative purposes.
The legal basis
for data processing is Art. 6, 1 S. 1 lit. f DSGVO. Our legitimate interest
follows from the purposes listed above for data collection. Under no
circumstances do we use the data collected for the purpose of drawing
conclusions about you personally. In addition, we use cookies and analysis
services when you visit our website. For more information, see below. We also
collect certain information about you when you access our website. For more
information, see Log Files.
In order to
evaluate and continuously improve the quality of our website, we carry out
statistical evaluations of access to our pages. This is also partly done by
using counting graphics on the pages of our offer. However, the data obtained
in this way is strictly anonymised and does not allow any conclusions to be
drawn about the personal data of the user or the person of the user. Under no
circumstances will your data be used to create user profiles of any kind.
The data collected
will be used for the following purposes:
-
Provision, maintenance, improvement and development of relevant functions,
content and services;
- Detection of and
defense against fraudulent, abusive and prohibited activities and protection
and security of our services.
Invitations in
the SiDiary Online Version
With the
SiDiary software you can invite other people to join and view your online data.
The personal data collected will be used exclusively for the invitation and not
for other purposes.
Protection and
storage of personal data
For the
best possible protection of your personal data, collected by SiDiary software
regarding therapy and device data, SINOVO uses the cloud services of Microsoft
(Windows Azure. This data is stored in Europe.
We will only keep
your data for as long as necessary for the purposes set out in this Privacy
Policy or for the time that your account with SINOVO or Microsoft is active and
as long it is necessary to provide the services for you. If you no longer wish SINOVO
to use your data to provide the services for you, you can close your account
and SINOVO will delete the stored data, if SINOVO is not obliged to keep your
data for compliance with legal obligations or for the settlement of disputes.
If we have not had
relevant contact with you for two years, we will delete your personal
information from our systems, unless we have a good faith belief that we are
required by law or other regulation to keep it (for example, because of a
request in connection with an anticipated lawsuit).
Disclosure of
personal data to other third parties
We do not
disclose any personal data to other third parties. In particular, personal data
will not be passed on to third parties for advertising purposes.
Disclosure of
data
Your
personal data will not be transmitted to third parties for purposes other than
those listed below.
We will only pass
on your personal data to third parties if:
�
you have given your express consent pursuant to Art. 6, 1 S. 1 lit. a DSGVO,
� the disclosure pursuant to
Art. 6, 1 S. 1 lit. f DSGVO is necessary to assert, exercise or defend legal
claims and there is no reason to assume that you have an overriding interest
worthy of protection in not disclosing your data,
� in the event that a legal
obligation exists for the transfer pursuant to Art. 6, 1 S. 1 lit. c DSGVO, and
� this is legally permissible
and is necessary for the processing of contractual relationships with you
pursuant to Art. 6, 1 S. 1 lit. b DSGVO.
Only anonymous
data can be passed on to other third parties for evaluation purposes.
Anonymization is the alteration of personal data in such a way that the
individual information about personal or factual circumstances can no longer be
assigned to a specific or identifiable natural person, or only with a
disproportionately large expenditure of time, cost and manpower.
If you use other
personalized services of our offer, it may be necessary to collect personalized
data and pass it on to third parties for the purpose of carrying out and
processing the service. This data is only stored or passed on to the extent
necessary for order processing. This requires the submission of an explicit
declaration of consent when filling in the respective form.
Third parties to
whom your data is passed on within the framework of order processing are also
bound by the statutory regulations for the handling of personal data. Insofar
as we are or will be obliged to do so by law or by court order, we transmit
data to the respective authorities entitled to receive information to the
extent prescribed by law.
Right of
revocation, disclosure of information, deletion and data transferability
Rights of
persons affected
You have the
right:
- to
request information about your personal data processed by us in accordance
with Art. 15 DSGVO. In particular, you may request information about the
purposes of processing, the category of personal data, the categories of
recipients to whom your data have been or will be disclosed, the planned
storage period, the existence of a right to rectification, deletion,
restriction of processing or objection, the existence of a right of
appeal, the origin of your data, if these have not been collected by us,
and the existence of automated decision-making including profiling and, if
applicable, meaningful information on their details;
- in
accordance with Art. 16 DSGVO, to demand without delay the correction of
incorrect or complete personal data stored by us;
- to
request the deletion of your personal data stored with us in accordance
with Art. 17 DSGVO, unless the processing is necessary to exercise the
right to freedom of expression and information, to fulfil a legal
obligation, for reasons of public interest or to assert, exercise or defend
legal claims;
- pursuant
to Art. 18 DSGVO, to demand the restriction of the processing of your
personal data if you dispute the accuracy of the data, if the processing
is unlawful but you refuse to delete the data and we no longer need the
data, but you need it to assert, exercise or defend legal claims or you
have filed an objection against the processing pursuant to Art. 21 DSGVO;
- to
receive your personal data, which you have provided to us, in a
structured, current and machine-readable format in accordance with Art. 20
DSGVO or to request its transfer to another person responsible;
- in
accordance with Art. 7, 3 DSGVO, to revoke your consent to us at any time.
As a result, we are no longer allowed to continue processing data based on
this consent in the future and
- to
complain to a supervisory authority pursuant to Art. 77 DSGVO. As a rule,
you can contact the supervisory authority at your usual place of residence
or workplace or at our company headquarters.
Right of
objection
If your
personal data are processed on the basis of legitimate interests pursuant to
Art. 6, 1 S. 1 f DSGVO, you have the right to object to the processing of your
personal data pursuant to Art. 21 DSGVO, provided that there are reasons for
this which arise from your particular situation or the objection is directed
against direct advertising. In the latter case, you have a general right of
objection, which we will implement without specifying a particular situation.
If you wish to
exercise your right of revocation or objection, simply send an e-mail to info@sinovo.de.
You have the right to revoke your consent to the collection, processing and use
of your personal data at any time with effect for the future without stating
reasons. You can exercise this right by simply calling SINOVO or send us the
revocation, e.g. in writing or by e-mail.
You are entitled at any time to inform SINOVO to request comprehensive
information on the personal data stored about you.
You can also contact SINOVO may request the correction, deletion and blocking
of individual personal data.
If you wish, you
are entitled to transfer your data from us to another person responsible. We
will support you by sending your data directly to us or by providing you with a
copy in a standard machine-readable format.
SiDiary Online
Version - Notes for data exchange with other persons
Users/patients
can use SiDiary Online for data exchange with persons authorized by them (e.g.
doctor, trusted third party). We point out that the connection of personal data
with health data must be technically possible in order to enable your physician
to assign the data to the patients. SINOVO will not associate personal data
with health data in such a way that other than the authorized physician can
assign health data to certain persons. Employees of SINOVO are instructed
accordingly and are obligated to these data protection regulations. Under no
circumstances will personal or health data be passed on to third parties other
than the doctor you have authorised or other third parties authorised by you or
authorised to access the data. Access to data contained in SiDiary Online is
only possible after entering the user ID and password. Doctors and trusted
third parties will only have access to the data after you have authorised your
doctor for access, registered him or her and confirmed his or her registration
upon registration. Doctors and trusted persons can use SiDiary Online to
exchange data with patients who authorized them to access their patient data.
The authorization of the physician or a third party can be revoked at any time.
From the date of revocation no access for the respective physician or third
parties is made possible.
Use of Cookies
The
services of SiDiary Online use cookies after your registration (with user name
and password), with which you can be identified during the duration of your
visit. A cookie is stored on your computer. After the end of the session the
cookie expires automatically. You can save this cookie permanently with the
function "Log in automatically on this computer" for an automatic
login. The cookie then contains parts of your login data in encrypted form.
However, automatic logon to two (2) different computers is not possible in this
case.
Log-Files
Each time
a page is accessed, access data is stored in a log file, the server log. The
data set saved contains the following data:
�
Your IP address (which uniquely identifies your computer),
� the remote host (name and IP
address of the computer requesting the page),
� the time, status, amount of
data transferred and the website from which you accessed the requested page
(referrer), as well as
� the product and version
information of the browser used (user agent).
SINOVO uses the
standardized log file format of the web server. SINOVO uses the log data (logs)
anonymously, i.e. without allocation or references to your person, for
statistical evaluations. SINOVO can find out on which days and at which times
the offers of SiDiary Online are particularly popular and how much data volume
is generated on the SINOVO websites. In addition, SINOVO uses the log files to
detect possible errors, e.g. faulty links or program errors, and thus use the
log files for the further development of the SiDiary Online websites. SINOVO
does not link the page views and uses stored in the server log to individual
persons. SINOVO reserves the right to check the log files subsequently via the
last known IP address of such users who, due to certain facts, are suspected of
using the SiDiary Online websites and/or the SiDiary services in violation of
the law or the contract. This serves the protection of SiDiary members, the
security of SINOVO member data, as well as the SINOVO websites and SiDiary
services.
You can prevent
the installation of cookies by setting your browser accordingly. If a
corresponding browser setting is used, cookies are not stored. It may happen
that not all functions of the SiDiary Online version can be used.
Minors under 18
years
Participation
in SiDiary-Online services is reserved exclusively for persons of full age.
Parents or guardians are responsible for protecting the privacy of their
children. Persons under the age of 18 should not transmit any personal data to
us without the consent of their parents or legal guardians. We do not request
personal data from children, do not collect, store or pass it on to third
parties.
Links to other
websites
Insofar as
our Internet pages contain links to the offers of other service providers, we
cannot guarantee and accept no liability that these Internet pages also comply
with the statutory provisions. Please inform yourself on the corresponding
pages with the help of the data protection declaration of the respective
provider about the respectively valid data protection standards.
Right of appeal
to a supervisory authority
Without
prejudice to any other administrative or judicial remedy, you have the right of
appeal to a supervisory authority, in particular in the Member State where you
reside, work or suspect of infringement, if you believe that the processing of
personal data concerning you is contrary to the DSGVO.
The supervisory authority to which the complaint has been lodged shall inform
the complainant of the status and results of the complaint, including the
possibility of a judicial remedy under Article 78 DSGVO.
The appropriate supervising authority for SINOVO is the Hessian Data Protection
Officer (Hessischer Datenschutzbeauftragter).
Name and
address of the person responsible
Responsible
within the meaning of the Basic Data Protection Ordinance is:
SINOVO health
solutions GmbH / SINOVO business solutions GmbH
Willy-Brandt-Str. 4
61118 Bad Vilbel
Germany
Tel.: +49 61 01
590 90 00
E-Mail: info@sinovo.de
Website: www.sinovo.de
Name and
address of the data protection officer:
AGOR AG
Herr Sascha Hesse
Niddastra�e 74
60329 Frankfurt am Main
Germany
Tel.: +49 61 01
590 90 47
E-Mail: datenschutz@sinovo.de
Amendments
These
notes are subject to the respective legal situation and may therefore require
adjustments. For questions, suggestions or comments please send an e-mail to info@sinovo.de
You can access and
print out the current data protection declaration at any time on the website
under https://diabetes.sinovo.net/frmPrivacy.aspx
Status: September 2021
Data processing under the Swiss DSG
In principle, the use of our website is subject to the statutory provisions of the GDPR. If you also visit our website from Switzerland and insofar as the associated data processing also affects you as a Swiss citizen, these data protection provisions also apply to you under the Swiss Federal Act on Data Protection ("Swiss FADP" in the version dated September 1, 2023), analogous to the GDPR.
In principle, the Swiss DPA does not provide for a legal basis. In this respect, we only process your data from Switzerland if the processing is lawful, is carried out in good faith and is proportionate in accordance with Art. 6 para. 1 and 2 of the Swiss FADP. Furthermore, your data will only be collected by us for a specific purpose that is recognizable to the data subject and only processed in such a way that it is compatible with these purposes in accordance with Art. 6 para. 3 of the Swiss FADP.
In this context, please also note that although certain terms are formulated differently under the GDPR, they have the same legal meaning as under the Swiss DPA. For example, the GDPR terms "processing" of "personal data", "legitimate interest" and "special categories of data" used in this data protection notice correspond to the terms "processing" of "personal data", "overriding interest" and "sensitive personal data" used in the Swiss FADP.
The data subject rights set out here pursuant to Art. 12 et seq. GDPR can also be asserted by data subjects from Switzerland in accordance with the provisions of Art. 25 et seq. of the Swiss FADP.
Status: September 2023