Privacy policy of the "ThevoSmart" App

Data Processing at a Glance

By using the ThevoSmart sensor mat, various personal data is processed. We would like to give you a brief overview of the processing below:

Setup and operation of the ThevoSmart sensor mat
For the setup you need our app (available for free in the AppStore or PlayStore) in which you create a personal profile. In this app you have to set up the ThevoSmart sensor mat and need the local WLAN access data so that the sensor mat can transmit the information to the caregiver. Some of this information is health data, please remember that you are only acting with the authorization or consent of the caregiver.

The data of the sensor mat will be transmitted to our server (location within the EU) interpreted and if necessary a message will be generated to the caring person. The storage period for data collected in this way is currently limited to 18 months. After the user account has been deleted, the collected data will be deleted from our system after the expiry of the obligation to provide proof.


Activation of additional caregivers
If you want to make the information and messages of the ThevoSmart sensor mat available to additional caregivers, you only need to enter the e-mail address of the additional caregiver in the system. We will send a confirmation e-mail to this address with a link for further setup. With this link, the respective supervisors can complete the setup and configuration themselves.

Please remember that you only enter the e-mail addresses of the additional supervisors into our system with their consent, the consent of the person being cared for and under consideration of the necessity.


Operation and functions of the app
Within the app you have the possibility to access a link to a partner company. You as a user decide whether you want to follow the information. Usually you will be redirected to the website of the respective provider if you click on the corresponding button.

If necessary, we record the user behavior of the operators within the app. We use this data exclusively to optimize functions, service and usability.


I. General

We take the protection of your personal data very seriously and treat it confidentially and in accordance with the legal data protection regulations and this privacy policy. This privacy policy applies to our mobile iPhone and Android apps (hereinafter "APP"). It explains the type, purpose and scope of data collection within the scope of APP use. We would like to point out that data transmission over the Internet may have security gaps. It is not possible to completely protect data from access by third parties.

Responsible body
Responsible body for the data processing within the scope of this APP is:

Thomas Hilfen für Körperbehinderte GmbH & Co. Medico KG
Walkmühlenstr. 1
D – 27432 Bremervörde
e-Mail: info@thevosmart.com

Website: www.thevosmart.com
Phone: +49 (0) 4761 8860
Fax: 04761 88619


Data protection officer
You can contact our data protection officer at:

Mr. Volker Weinhard
Company XMSplus
e-mail: datenschutz@xmsplus.de
Phone: +49 (0) 4142 / 811 69 40


General storage period of personal data
Subject to deviating or more specific details within this data protection declaration, the personal data collected by this APP will be stored until you request us to delete it, revoke your consent to storage or the purpose for which the data is stored no longer applies. If there is a legal obligation to store the data or any other legally recognized reason for storing the data (e.g. justified interest), the personal data concerned will not be deleted until the respective reason for storage no longer applies.

Legal basis for the storage of personal data
The processing of personal data is only permitted if there is an effective legal basis for the processing of such data.If we process your data, this is regularly done on the basis of your consent in accordance with art. 6 para. 1 letter a DSGVO (e.g. if you voluntarily provide your data in the registration form or in the contact form), for the purpose of fulfilling the contract in accordance with art. 6 para. 1 lit. b DSGVO (e.g. when using in-app purchases or the use of other APP functions for which a fee is charged) or on the basis of legitimate interests pursuant to art. 6 para. 1 lit. f DSGVO, which are always weighed against your interests (e.g. in the context of advertising measures). The relevant legal basis will be specified in a separate place in this data protection declaration.

Encryption
This APP uses for security reasons and to protect the transmission of confidential content, such as the requests you send to us as APP operator, or communication between APP users, encryption. This encryption prevents that the data you transmit can be read by unauthorized third parties.

Amendment of this privacy policy
We reserve the right to change these data protection regulations at any time in compliance with legal requirements.


II. Your Rights

The DSGVO grants certain rights to those affected whose personal data is processed by us, about which we would like to inform you at this point:

Revocation of your consent to data processing
Many data processing operations are only possible with your consent. We will expressly obtain this from you before we start processing the data. You can revoke this consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing operations carried out up to the point of revocation remains unaffected by the revocation.

RIGHT TO OBJECT TO DATA COLLECTION IN SPECIAL CASES AND TO DIRECT ADVERTISING (ART. 21 DSGVO)
IF THE DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F DSGVO, YOU SHALL HAVE THE RIGHT TO OBJECT AT ANY TIME, FOR REASONS ARISING FROM YOUR SPECIFIC SITUATION, TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU, INCLUDING PROFILING BASED ON THESE PROVISIONS. THE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS THE PERSONAL DATA CONCERNED, UNLESS WE CAN PROVE THAT THERE ARE COMPELLING REASONS FOR PROCESSING WHICH ARE WORTHY OF PROTECTION, WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR WHICH SERVE THE PROCESSING OF THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT, AT ANY TIME, TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING, INCLUDING PROFILING, INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING.


Right of appeal to a supervisory authority
In the event of violations of the DSGVO, those affected have a right of appeal to a supervisory authority. This right of appeal is without prejudice to other administrative or judicial remedies.

Information, deletion and correction
You have the right to receive information free of charge at any time about your stored personal data, its origin and recipients and the purpose of the data processing and the right to correct or delete this data. For this purpose, as well as for further questions regarding personal data, you can contact us at any time at the address given in the imprint.

Right to limitation of processing
You have the right to request that the processing of your personal data be restricted. To do so, you can contact us at any time at the address given in the imprint. The right to restrict processing exists in the following cases:

• If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to demand the restriction of the processing of your personal data.
• If the processing of your personal data was/is unlawful, you can demand the restriction of data processing instead of deletion.
• If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
• If you have lodged an objection in accordance with art. 21 para. 1 DSGVO, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.


Right to data transferability
You have the right to have data, which we process automatically on the basis of your consent or in fulfilment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done to the extent technically feasible.


III. Access Rights of the APP

Access rights

In order to provide our services via the APP, we require the access rights listed below, which enable us to access certain functions of your device.

android.hardware.camera: The app uses the camera, which is used to specify image acquisition settings and to acquire images and scan QR Codes (e.g. to select an existing image for the patient from the gallery or to acquire an image of the patient to upload it in the patient management - in the app permissions in the system settings "camera" and "memory" are listed).

android.hardware.faketouch: The app uses basic touch interaction events, such as tapping and dragging. When declared as required, this function indicates that the app is only compatible with a device if that device emulates a touch screen ("fake touch" interface) or has an actual touch screen.

android.hardware.location: The app uses one or more functions on the device to determine its location, such as GPS location, network location or cell location.

android.hardware.location.gps: The app uses precise location coordinates obtained from a GPS (Global Positioning System) receiver on the device. By using this function, an application implies that it also uses the android.hardware.location function unless this parent function is declared with the android:required="false" attribute.

android.hardware.microphone: The app records audio with the device's microphone (required due to the app's built-in QR Code scanner - can be removed immediately afterwards in the app's system settings).

Phone (to call our support directly from the app)

Access to the device functions is required to ensure the functionality of the APP. The legal basis for this data processing is our legitimate interest within the meaning of art. 6 para. 1 letter f DSGVO, your consent within the meaning of art. 6 para. 1 letter a DSGVO and/or - if a contract has been concluded - the fulfilment of our contractual obligations (art. 6 para. 1 letter b DSGVO).

The storage period for the data collected in this way is the duration of the active user account. After deletion of the user account, the collected data will be deleted from our system.

Application data
During communication with our server, the app automatically transmits data, which is automatically stored by the server in so-called log files. These data are:

Type of mobile device
Operating system used
Used language
Technical information about the terminal device used
Date and time of the request


IV. Collection of Personal Data within the Scope of APP Use

User master data
When you use our APP, we collect the following personal data from you:

• Salutation
• First and last name
• e-mail address (mandatory field)
• password (mandatory field)
• Street/house number
• Postcode/Place
• Phone number
• Country (mandatory field)

The processing of this personal data is necessary to guarantee the functionalities of APP. The legal basis for this data processing is our legitimate interest within the meaning of art. 6 para. 1 letter f DSGVO, your consent within the meaning of art. 6 para. 1 letter a DSGVO and/or - if a contract has been concluded - the fulfilment of our contractual obligations (art. 6 para. 1 letter b DSGVO).

The storage period for the data collected in this way is the duration of the active user account. After deletion of the user account, the collected data will be deleted from our system.

Patient master data
When registering a ThevoSmart bed pad, we collect the following personal data from the person in need of care (patient), which you enter yourself:

• Name (mandatory field) - will be displayed in the overview if no call sign has been entered
• Birthday (optional)
• Weight (optional)
• Size (optional)
• call sign (optional)
• clinical picture(s) (optional)

You can change the master data at any time via the settings in the app.

Inquiry within the APP, by e-mail, telephone or fax
If you contact us (e.g. via contact form within the app, by e-mail, telephone or fax), your inquiry including all personal data resulting from it (e.g. name, inquiry) will be stored and processed by us for the purpose of processing your request. This data is processed on the basis of art. 6 para. 1 lit. b DSGVO, provided that your inquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases the processing is based on your consent (art. 6 para. 1 lit. a DSGVO) and/or on our legitimate interests (art. 6 para. 1 lit. f DSGVO), as we have a legitimate interest in the effective processing of the inquiries addressed to us. The data sent to us by you via contact request will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected. We will not pass on your data without your consent.


V. Use of Push Services

The app requires the push function and uses the service of OneSignal, 2194 Esperanca Avenue, Santa Clara, CA 95054 (hereinafter "OneSignal") to send you push messages. These are short messages that appear on the user's display and actively notify the user of status changes. A push token is assigned in the event of use of the push services. The sole purpose of their use by us is to provide the Push Services. OneSignal will receive information about the installed app and its use when you access the app, the temporary unique device identifier (e.g., IDFA and Android ID), the current location, linked to the temporary unique device identifier; your email address (if provided), your IP address, type of device, type and version of your operating system, your mobile operator, language settings, time zone and network settings (e.g., WiFi). For OneSignal's privacy policy and other information, please visit https://onesignal.com/privacy_policy.

The collection and processing of device-specific information is based on art. 6 para. 1 sentence 1 lit. b DSGVO for the purpose of processing contractual relationships with you or art. 6 para. 1 lit. f DSGVO if and to the extent that this is necessary to protect our interests or those of third parties. In particular, this may include passing on data to hosting or cloud computing providers for the purpose of optimizing services and increasing usability and user-friendliness. Data passed on may only be used by the third parties for the purposes mentioned.


VI. Links to Websites of other Providers

The ThevoSmart App may contain links to websites of other providers in the Recommendations and Maintenance Information sections. We have no influence on whether these providers adhere to the data protection regulations. We therefore ask you to contact these providers for information about their data protection practices.

Updating and modification of this data protection information
This data protection information is currently valid and has the status of September 2020. Due to the further development of our website and offers above or due to changed legal or official requirements it may become necessary to change this data protection information. You can access and print out the current data protection information at any time on the website at https://www.thevosmart.com/en/privacy-policy-app .

Status: September 2020

Copyright © Thomashilfen.