The apps are provided by Dopavision GmbH, with its registered office at Krausenstraße 9-10, 10117 Berlin, Germany (hereinafter referred to as Dopavision or “we” or “us”) as the responsible party within the meaning of the applicable data protection law.
The apps are offered for the conduct of Dopavision’s clinical investigations.
Because protecting your privacy when using the apps is important to us, we would like to inform you with the following details about what data we process when you use the apps and how we handle this data. We would also like to remind you of the informed consent form, since the processing of the data described in this document will be combined with the data processing described in the informed consent form.
The legal basis for data processing is your informed consent in accordance with Article 6 (1) (a) and Article 9 (2) (a) of the European Union General Data Protection Regulation (GDPR) and Article 72 (3) of the European Medical Device Regulation (MDR). This consent is given within the informed consent process of the clinical investigation that the apps are used for.
The provision of your child’s personal data is voluntary. However, without your explicit consent to the processing of their data, your child cannot participate in the clinical investigation.
We would like to point out that the use of the apps on a commercially available smartphone, as well as the storage of usage data in the Azure cloud, is associated with security risks that cannot be fully addressed by us as the manufacturer. However, we have extensive technical and organizational measures in place to mitigate those potential security risks as far as reasonably possible.
We have listed which personal data is processed for you below. It also lists the purpose for each category of data.
1.2 Content apps
There are several content apps available to be used with MyopiaX. They all fulfill the same purpose of keeping users of MyopiaX engaged.
As such the content apps process the same categories of data and do that for the same purpose.
In addition to the cases explicitly mentioned in this data protection declaration or the informed consent form, your personal data will only be passed on without your express prior consent if this is permitted or required by law. This may be the case, for example, if the processing is necessary to protect the vital interests of the user or another natural person.
The data provided by you during registration will be passed on within our company Dopavision GmbH for internal administrative purposes including customer support within the scope of what is necessary.
Any disclosure of personal data is based on your consent to disclosing the data for administrative purposes within our group of companies and that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f) GDPR are not overridden.
We process the data exclusively on servers hosted in Europe by our provider Microsoft Azure. The contract with Microsoft as processor includes the standard contractual clauses according to Art. 46 GDPR. Your data may be transferred to third countries only in cases which are described in the informed consent form.
Processing of your personal data for purposes other than those described will only take place if permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you about these other purposes prior to further processing and provide you with all other relevant information.
We will delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the above paragraphs.
Note regarding your rights: Due to the above-mentioned mechanism of generating a random ID, the recognizability of your data for us is only possible with your assistance, for example, by providing a precise time when you used the app.
6.1 Right to information
You have the right to receive from us at any time upon request information about the personal data processed by us that concerns you within the scope of Art. 15 GDPR. For this purpose, you can submit a request by mail or e-mail to the address below.
6.2 Right to rectify inaccurate data
You have the right to demand that we correct the personal data concerning you without delay if it is incorrect. For this purpose, please contact us at the contact addresses given below.
6.3 Right to deletion
6.4 Right to restriction of processing
You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the duration that the verification of the accuracy requires, as well as in the event that the user requests limited processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires it for the assertion, exercise or defense of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the contact addresses below.
6.5 Right to data portability
You have the right to obtain from us the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 GDPR. To exercise your right to data portability, please contact us at the contact addresses below.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Article 6(1)(e) or (f) GDPR, in accordance with Article 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.
You also have the right to contact the competent supervisory authority in case of complaints. The competent supervisory authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
If you have any questions or comments about our handling of your personal data, or if you wish to exercise the rights as a data subject set out in sections 6 and 7, please contact us using the following contact details:
As of: 25.08.2022