MyopiaX® app privacy policy

Privacy policy for the MyopiaX® app

Preamble

The App is provided by Dopavision GmbH, with its registered office at Friedrichstraße 68, 10117 Berlin, Germany (hereinafter referred to as „we“ or „us“) as the responsible party within the meaning of the applicable data protection law.

In doing so, we collect data on the use of the app. For this purpose, we generate a random ID („AccountID“) so that we can recognize recurring use of the app from the same end device. The collected (usage) data is considered „personal“ in the sense of the GDPR.

Because protecting your privacy when using the app is important to us, we would like to inform you with the following details about what data we process when you use the app and how we handle this data. We would also like to remind of the informed consent form, since the processing of the data described in this document will be combined with the data processing described in the informed consent form.

The legal basis for data processing is your informed consent in accordance with Article 6 (1) (a) and Article 9 (2) (a) of the European Union General Data Protection Regulation (GDPR) and Article 72 (3) of the European Medical Device Regulation (MDR). The provision of your child’s personal data is voluntary. However, without your explicit consent to the processing of their data, your child cannot participate in this clinical trial.

1. Information about the processing of your data

Certain information is already processed automatically as soon as you use the app. We have listed exactly which personal data is processed for you below:

1.1 Information that is collected automatically

As part of your use of the App, we automatically collect certain data that is required to use the App. These include: Version of your operating system and the App, technical data of the display, the settings applied (which may have been set for you by your ophthalmologist or optometrist), and the time of use.

This data is automatically transmitted to us (1) to provide you with the Service and related features; (2) to improve the functions and performance features of the App; and (3) to prevent and remedy misuse and malfunctions. This data processing is necessary for usage of the app and to enable the data analysis for the clinical investigation. The processing is based on your consent to the ICF and this privacy policy.

1.2 Use of the app

You do not have to enter any information about yourself in the app. The app generates a random, unique ID („AccountID“) when you use it for the first time, so that we can recognize recurring use on a device in the stored data and associate it with each other. The data collected is considered „personal“ for the purposes of the GDPR. Your ophthalmologist/optometrist will transfer data obtained from a fundus image into the app in order to optimally set up the app for your specific eye.

The app collects the following data: Details on the start and end of the app, the start and end of individual „treatment sessions“, and the (de)activation of the light stimulus. In addition, the behavior in the game is recorded (e.g., the number of correct clicks and the reaction speed).

The app requires the following permissions:

  • Screen Overlay: this permission is required to be able to display the light stimulus in addition to the actual game.

  • System settings: in order to display the light stimulus in an optimal way, the app sets the correct screen brightness setting

  • Internet access: this is needed to transfer the collected data to our servers via an encrypted connection. For this purpose, an automatic service is used that periodically checks for the runtime of the app whether data needs to be transferred and transfers it if necessary.


The above data is automatically transmitted to us (1) to provide you with the Service and related features; (2) to improve the functions and performance features of the App; and (3) to prevent and remedy misuse and malfunctions. This data processing is necessary for usage of the app and to enable the data analysis for the clinical investigation. The processing is based on your consent to the ICF and this privacy policy.

We would like to point out that the use of the app on a commercially available smartphone, as well as the storage of usage data in the Azure cloud, is associated with security risks that cannot be fully addressed by us as the manufacturer.

2. Data sharing and transfer

In addition to the cases explicitly mentioned in this data protection declaration or the informed consent form, your personal data will only be passed on without your express prior consent if this is permitted or required by law. This may be the case, for example, if the processing is necessary to protect the vital interests of the user or another natural person.

2.1

The data provided by you during registration will be passed on within our company Dopavision GmbH for internal administrative purposes including customer support within the scope of what is necessary.

Any disclosure of personal data is based on your consent to disclosing the data for administrative purposes within our group of companies and that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f) GDPR are not overridden.

2.2

If it is necessary to clarify illegal or abusive use of the app or for legal prosecution, personal data will be forwarded to law enforcement agencies or other authorities and, if necessary, to injured third parties or legal advisors. However, this only happens if there are indications of unlawful or abusive behavior. A transfer can also take place if this serves the enforcement of terms of use or other legal claims. legal claims. We are also legally obligated to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offenses subject to fines, and the tax authorities.

Any disclosure of personal data is justified by the fact that (1) the processing is necessary for compliance with a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. f) GDPR in conjunction with national legal requirements to disclose data to law enforcement authorities, or (2) your consent to us using the data if there are indications of abusive behavior or to enforce our terms of use, other conditions or legal claims and your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f) GDPR do not override.

2.3

As our business evolves, we may change the structure of our business by changing its legal form, establishing, buying or selling subsidiaries, divisions or components. In such transactions, customer information may be transferred along with the part of the company being transferred. In any transfer of personal information to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Policy and applicable data protection law.

Any transfer of personal data is justified by your consent to this privacy policy, helping us in adapting our corporate form to the economic and legal circumstances as necessary and that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f) GDPR are not overridden.

3. Data transfers to third countries

We process the data exclusively on servers hosted in Europe by our provider Microsoft Azure. The contract with Microsoft as processor includes the standard contractual clauses according to Art. 46 GDPR. Your data may be transferred to third countries only in cases which are described in the informed consent form.

4. Changes of purpose

Processing of your personal data for purposes other than those described will only take place if permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you about these other purposes prior to further processing and provide you with all other relevant information.

5. Data storage period

We will delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the above paragraphs.

Specific statements in this privacy policy or legal requirements for the retention and deletion of personal data, in particular those that we must retain for tax law reasons, remain unaffected.

6. Your rights as a data subject

Note regarding your rights: Due to the above-mentioned mechanism of generating a random ID, the recognizability of your data for us is only possible with your assistance, for example, by providing a precise time when you used the app.

6.1 Right to information

You have the right to receive from us at any time upon request information about the personal data processed by us that concerns you within the scope of Art. 15 GDPR. For this purpose, you can submit a request by mail or e-mail to the address below.

6.2 Right to rectify inaccurate data

You have the right to demand that we correct the personal data concerning you without delay if it is incorrect. For this purpose, please contact us at the contact addresses given below.

6.3 Right to deletion

You have the right to request that we delete the personal data concerning you under the conditions described in Art. 17 GDPR. These conditions provide in particular for a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an erasure obligation under Union law or the law of the Member State to which we are subject. For the period of data storage, please also see Section 5 of this Privacy Policy. To exercise your right to erasure, please contact us at the contact addresses below.

6.4 Right to restriction of processing

You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the duration that the verification of the accuracy requires, as well as in the event that the user requests limited processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires it for the assertion, exercise or defense of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the contact addresses below.

6.5 Right to data portability

You have the right to obtain from us the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 GDPR. To exercise your right to data portability, please contact us at the contact addresses below.

7. Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Article 6(1)(e) or (f) GDPR, in accordance with Article 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.

8. Right of appeal

You also have the right to contact the competent supervisory authority in case of complaints. The competent supervisory authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin

9. Contact

If you have any questions or comments about our handling of your personal data, or if you wish to exercise the rights as a data subject set out in sections 6 and 7, please contact us using the following contact details:

Dopavision GmbH
Friedrichstr. 68
10117 Berlin
Email: info@dopavision.com

10. Changes to this privacy policy

We always keep this privacy policy up to date. Therefore, we reserve the right to change it from time to time and to update any changes in the collection, processing or use of your data.

As of: 18.06.2021

Our Partner

Dopavision wird im Rahmen des Industrie-in-Klinik-Plattform Programms des BMBF gefördert (FKZ: 13GW0256)