The App is provided by Dopavision GmbH, with its registered office at Friedrichstraße 68, 10117 Berlin, Germany (hereinafter referred to as “we” or “us”) as the responsible party within the meaning of the applicable data protection law.
In doing so, we collect data on the use of the app. For this purpose, we generate a random ID (“AccountID”) so that we can recognize recurring use of the app from the same end device. The collected (usage) data is considered “personal” in the sense of the GDPR.
Because protecting your privacy when using the app is important to us, we would like to inform you with the following details about what data we process when you use the app and how we handle this data. We would also like to remind of the informed consent form, since the processing of the data described in this document will be combined with the data processing described in the informed consent form.
The legal basis for data processing is your informed consent in accordance with Article 6 (1) (a) and Article 9 (2) (a) of the European Union General Data Protection Regulation (GDPR) and Article 72 (3) of the European Medical Device Regulation (MDR). The provision of your child’s personal data is voluntary. However, without your explicit consent to the processing of their data, your child cannot participate in this clinical trial.
Certain information is already processed automatically as soon as you use the app. We have listed exactly which personal data is processed for you below:
1.1 Information that is collected automatically
As part of your use of the App, we automatically collect certain data that is required to use the App. These include: Version of your operating system and the App, technical data of the display, the settings applied (which may have been set for you by your ophthalmologist or optometrist), and the time of use.
1.2 Use of the app
You do not have to enter any information about yourself in the app. The app generates a random, unique ID (“AccountID”) when you use it for the first time, so that we can recognize recurring use on a device in the stored data and associate it with each other. The data collected is considered “personal” for the purposes of the GDPR. Your ophthalmologist/optometrist will transfer data obtained from a fundus image into the app in order to optimally set up the app for your specific eye.
The app collects the following data: Details on the start and end of the app, the start and end of individual “treatment sessions”, and the (de)activation of the light stimulus. In addition, the behavior in the game is recorded (e.g., the number of correct clicks and the reaction speed).
The app requires the following permissions:
We would like to point out that the use of the app on a commercially available smartphone, as well as the storage of usage data in the Azure cloud, is associated with security risks that cannot be fully addressed by us as the manufacturer.
In addition to the cases explicitly mentioned in this data protection declaration or the informed consent form, your personal data will only be passed on without your express prior consent if this is permitted or required by law. This may be the case, for example, if the processing is necessary to protect the vital interests of the user or another natural person.
The data provided by you during registration will be passed on within our company Dopavision GmbH for internal administrative purposes including customer support within the scope of what is necessary.
Any disclosure of personal data is based on your consent to disclosing the data for administrative purposes within our group of companies and that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f) GDPR are not overridden.
We process the data exclusively on servers hosted in Europe by our provider Microsoft Azure. The contract with Microsoft as processor includes the standard contractual clauses according to Art. 46 GDPR. Your data may be transferred to third countries only in cases which are described in the informed consent form.
Processing of your personal data for purposes other than those described will only take place if permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you about these other purposes prior to further processing and provide you with all other relevant information.
We will delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the above paragraphs.
Note regarding your rights: Due to the above-mentioned mechanism of generating a random ID, the recognizability of your data for us is only possible with your assistance, for example, by providing a precise time when you used the app.
6.1 Right to information
You have the right to receive from us at any time upon request information about the personal data processed by us that concerns you within the scope of Art. 15 GDPR. For this purpose, you can submit a request by mail or e-mail to the address below.
6.2 Right to rectify inaccurate data
You have the right to demand that we correct the personal data concerning you without delay if it is incorrect. For this purpose, please contact us at the contact addresses given below.
6.3 Right to deletion
6.4 Right to restriction of processing
You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the duration that the verification of the accuracy requires, as well as in the event that the user requests limited processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires it for the assertion, exercise or defense of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the contact addresses below.
6.5 Right to data portability
You have the right to obtain from us the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 GDPR. To exercise your right to data portability, please contact us at the contact addresses below.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Article 6(1)(e) or (f) GDPR, in accordance with Article 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.
You also have the right to contact the competent supervisory authority in case of complaints. The competent supervisory authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
If you have any questions or comments about our handling of your personal data, or if you wish to exercise the rights as a data subject set out in sections 6 and 7, please contact us using the following contact details:
As of: 18.06.2021