Privacy Policy of SINOVO

SINOVO takes the protection of personal data very seriously. We base our data processing on the legal objective of collecting, processing or using only the personal data required for a meaningful and economic use of our offer. In the following you will learn, when data is stored when using SiDiary software and our services and how we use them. We have taken organisational measures to ensure compliance with data protection regulations. If you do not agree with any aspect of our privacy policy, you may be entitled to legal claims, which are also described here.

Scope of application
In these data protection guidelines "SINOVO", "we", "our", "us" refer to:

"              SINOVO health solutions gmbH, Willy-Brandt-Str. 4, 61118 Bad Vilbel;
"              SINOVO business solutions GmbH, Willy-Brandt-Str. 4, 61118 Bad Vilbel

Personal Information
SINOVO collects, processes and uses your personal data in compliance with the data protection laws of the Federal Republic of Germany and the data protection regulations of the European Union. Personal data means any information that relate to a natural person or at least can be related and thus allow conclusions to be drawn about his/her personal data.

Our online offer can be used without disclosing your identity. In the case of participation in one of our personalized services, you will be asked separately for the data required for processing the services. It is your free decision to participate in these services and enter the relevant data.

We expressly point out that protection for data transmission in open networks, such as the Internet, cannot be fully guaranteed according to the current state of the art. The data stored on servers of SINOVO or in the Microsoft Cloud may also be viewed and modified by other participants in the Internet without authorization from a technical point of view. SINOVO or Microsoft have secured their servers against unauthorized access with proven and customary systems.

Nature and scope of the data collected and its use
When you visit our website https://diabetes.sinovo.net (and its subdomains), the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:

IP address of the requesting computer, date and time of access, name and URL of the accessed file, website from which access is made (referrer URL), browser used and, if applicable, your computer's operating system and the name of your access provider.

The mentioned data will be processed by us for the following purposes:

-          Ensuring a smooth connection of the website,
-          Ensuring comfortable use of our website,
-          evaluation of system security and stability as well as
-          for other administrative purposes.

The legal basis for data processing is Art. 6, 1 S. 1 lit. f DSGVO. Our legitimate interest follows from the purposes listed above for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally. In addition, we use cookies and analysis services when you visit our website. For more information, see below. We also collect certain information about you when you access our website. For more information, see Log Files.

In order to evaluate and continuously improve the quality of our website, we carry out statistical evaluations of access to our pages. This is also partly done by using counting graphics on the pages of our offer. However, the data obtained in this way is strictly anonymised and does not allow any conclusions to be drawn about the personal data of the user or the person of the user. Under no circumstances will your data be used to create user profiles of any kind.

The data collected will be used for the following purposes:

-          Provision, maintenance, improvement and development of relevant functions, content and services;
-          Detection of and defense against fraudulent, abusive and prohibited activities and protection and security of our services.

Invitations in the SiDiary Online Version
With the SiDiary software you can invite other people to join and view your online data. The personal data collected will be used exclusively for the invitation and not for other purposes.

Protection and storage of personal data
For the best possible protection of your personal data, collected by SiDiary software regarding therapy and device data, SINOVO uses the cloud services of Microsoft (Windows Azure. This data is stored in Europe.

We will only keep your data for as long as necessary for the purposes set out in this Privacy Policy or for the time that your account with SINOVO or Microsoft is active and as long it is necessary to provide the services for you. If you no longer wish SINOVO to use your data to provide the services for you, you can close your account and SINOVO will delete the stored data, if SINOVO is not obliged to keep your data for compliance with legal obligations or for the settlement of disputes.

If we have not had relevant contact with you for two years, we will delete your personal information from our systems, unless we have a good faith belief that we are required by law or other regulation to keep it (for example, because of a request in connection with an anticipated lawsuit).

Disclosure of personal data to other third parties
We do not disclose any personal data to other third parties. In particular, personal data will not be passed on to third parties for advertising purposes.

Disclosure of data
Your personal data will not be transmitted to third parties for purposes other than those listed below.

We will only pass on your personal data to third parties if:

�         you have given your express consent pursuant to Art. 6, 1 S. 1 lit. a DSGVO,
�         the disclosure pursuant to Art. 6, 1 S. 1 lit. f DSGVO is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
�         in the event that a legal obligation exists for the transfer pursuant to Art. 6, 1 S. 1 lit. c DSGVO, and
�         this is legally permissible and is necessary for the processing of contractual relationships with you pursuant to Art. 6, 1 S. 1 lit. b DSGVO.

Only anonymous data can be passed on to other third parties for evaluation purposes. Anonymization is the alteration of personal data in such a way that the individual information about personal or factual circumstances can no longer be assigned to a specific or identifiable natural person, or only with a disproportionately large expenditure of time, cost and manpower.

If you use other personalized services of our offer, it may be necessary to collect personalized data and pass it on to third parties for the purpose of carrying out and processing the service. This data is only stored or passed on to the extent necessary for order processing. This requires the submission of an explicit declaration of consent when filling in the respective form.

Third parties to whom your data is passed on within the framework of order processing are also bound by the statutory regulations for the handling of personal data. Insofar as we are or will be obliged to do so by law or by court order, we transmit data to the respective authorities entitled to receive information to the extent prescribed by law.

Right of revocation, disclosure of information, deletion and data transferability

Rights of persons affected

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
  • in accordance with Art. 16 DSGVO, to demand without delay the correction of incorrect or complete personal data stored by us;
  • to request the deletion of your personal data stored with us in accordance with Art. 17 DSGVO, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • pursuant to Art. 18 DSGVO, to demand the restriction of the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against the processing pursuant to Art. 21 DSGVO;
  • to receive your personal data, which you have provided to us, in a structured, current and machine-readable format in accordance with Art. 20 DSGVO or to request its transfer to another person responsible;
  • in accordance with Art. 7, 3 DSGVO, to revoke your consent to us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future and
  • to complain to a supervisory authority pursuant to Art. 77 DSGVO. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.

Right of objection
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6, 1 S. 1 f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are reasons for this which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to info@sinovo.de.
You have the right to revoke your consent to the collection, processing and use of your personal data at any time with effect for the future without stating reasons. You can exercise this right by simply calling SINOVO or send us the revocation, e.g. in writing or by e-mail.
You are entitled at any time to inform SINOVO to request comprehensive information on the personal data stored about you.
You can also contact SINOVO may request the correction, deletion and blocking of individual personal data.

If you wish, you are entitled to transfer your data from us to another person responsible. We will support you by sending your data directly to us or by providing you with a copy in a standard machine-readable format.

SiDiary Online Version - Notes for data exchange with other persons
Users/patients can use SiDiary Online for data exchange with persons authorized by them (e.g. doctor, trusted third party). We point out that the connection of personal data with health data must be technically possible in order to enable your physician to assign the data to the patients. SINOVO will not associate personal data with health data in such a way that other than the authorized physician can assign health data to certain persons. Employees of SINOVO are instructed accordingly and are obligated to these data protection regulations. Under no circumstances will personal or health data be passed on to third parties other than the doctor you have authorised or other third parties authorised by you or authorised to access the data. Access to data contained in SiDiary Online is only possible after entering the user ID and password. Doctors and trusted third parties will only have access to the data after you have authorised your doctor for access, registered him or her and confirmed his or her registration upon registration. Doctors and trusted persons can use SiDiary Online to exchange data with patients who authorized them to access their patient data. The authorization of the physician or a third party can be revoked at any time. From the date of revocation no access for the respective physician or third parties is made possible.

Use of Cookies
The services of SiDiary Online use cookies after your registration (with user name and password), with which you can be identified during the duration of your visit. A cookie is stored on your computer. After the end of the session the cookie expires automatically. You can save this cookie permanently with the function "Log in automatically on this computer" for an automatic login. The cookie then contains parts of your login data in encrypted form. However, automatic logon to two (2) different computers is not possible in this case.

Each time a page is accessed, access data is stored in a log file, the server log. The data set saved contains the following data:

�         Your IP address (which uniquely identifies your computer),
�         the remote host (name and IP address of the computer requesting the page),
�         the time, status, amount of data transferred and the website from which you accessed the requested page (referrer), as well as
�         the product and version information of the browser used (user agent).

SINOVO uses the standardized log file format of the web server. SINOVO uses the log data (logs) anonymously, i.e. without allocation or references to your person, for statistical evaluations. SINOVO can find out on which days and at which times the offers of SiDiary Online are particularly popular and how much data volume is generated on the SINOVO websites. In addition, SINOVO uses the log files to detect possible errors, e.g. faulty links or program errors, and thus use the log files for the further development of the SiDiary Online websites. SINOVO does not link the page views and uses stored in the server log to individual persons. SINOVO reserves the right to check the log files subsequently via the last known IP address of such users who, due to certain facts, are suspected of using the SiDiary Online websites and/or the SiDiary services in violation of the law or the contract. This serves the protection of SiDiary members, the security of SINOVO member data, as well as the SINOVO websites and SiDiary services.

You can prevent the installation of cookies by setting your browser accordingly. If a corresponding browser setting is used, cookies are not stored. It may happen that not all functions of the SiDiary Online version can be used.

Minors under 18 years
Participation in SiDiary-Online services is reserved exclusively for persons of full age. Parents or guardians are responsible for protecting the privacy of their children. Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children, do not collect, store or pass it on to third parties.

Links to other websites
Insofar as our Internet pages contain links to the offers of other service providers, we cannot guarantee and accept no liability that these Internet pages also comply with the statutory provisions. Please inform yourself on the corresponding pages with the help of the data protection declaration of the respective provider about the respectively valid data protection standards.

Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspect of infringement, if you believe that the processing of personal data concerning you is contrary to the DSGVO.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 DSGVO.
The appropriate supervising authority for SINOVO is the Hessian Data Protection Officer (Hessischer Datenschutzbeauftragter).

Name and address of the person responsible
Responsible within the meaning of the Basic Data Protection Ordinance is:

SINOVO health solutions GmbH / SINOVO business solutions GmbH

Willy-Brandt-Str. 4

61118 Bad Vilbel

Tel.: +49 61 01 590 90 00

Website: www.sinovo.de

Name and address of the data protection officer:

Herr Sascha Hesse
Niddastra�e 74
60329 Frankfurt am Main

Tel.: +49 61 01 590 90 47

These notes are subject to the respective legal situation and may therefore require adjustments. For questions, suggestions or comments please send an e-mail to info@sinovo.de

You can access and print out the current data protection declaration at any time on the website under https://diabetes.sinovo.net/frmPrivacy.aspx

Status: September 2021

Data processing under the Swiss DSG
In principle, the use of our website is subject to the statutory provisions of the GDPR. If you also visit our website from Switzerland and insofar as the associated data processing also affects you as a Swiss citizen, these data protection provisions also apply to you under the Swiss Federal Act on Data Protection ("Swiss FADP" in the version dated September 1, 2023), analogous to the GDPR.

In principle, the Swiss DPA does not provide for a legal basis. In this respect, we only process your data from Switzerland if the processing is lawful, is carried out in good faith and is proportionate in accordance with Art. 6 para. 1 and 2 of the Swiss FADP. Furthermore, your data will only be collected by us for a specific purpose that is recognizable to the data subject and only processed in such a way that it is compatible with these purposes in accordance with Art. 6 para. 3 of the Swiss FADP.

In this context, please also note that although certain terms are formulated differently under the GDPR, they have the same legal meaning as under the Swiss DPA. For example, the GDPR terms "processing" of "personal data", "legitimate interest" and "special categories of data" used in this data protection notice correspond to the terms "processing" of "personal data", "overriding interest" and "sensitive personal data" used in the Swiss FADP.

The data subject rights set out here pursuant to Art. 12 et seq. GDPR can also be asserted by data subjects from Switzerland in accordance with the provisions of Art. 25 et seq. of the Swiss FADP.

Status: September 2023