MyopiaX® app privacy policy

Privacy policy for the Dopavision apps

Preamble

This privacy policy covers the following apps, referred to within this privacy policy as apps:

  • MyopiaX

  • Content apps

The apps are provided by Dopavision GmbH, with its registered office at Krausenstraße 9-10, 10117 Berlin, Germany (hereinafter referred to as Dopavision or “we” or “us”) as the responsible party within the meaning of the applicable data protection law.

The apps are offered for the conduct of Dopavision’s clinical investigations.

Because protecting your privacy when using the apps is important to us, we would like to inform you with the following details about what data we process when you use the apps and how we handle this data. We would also like to remind you of the informed consent form, since the processing of the data described in this document will be combined with the data processing described in the informed consent form.

The legal basis for data processing is your informed consent in accordance with Article 6 (1) (a) and Article 9 (2) (a) of the European Union General Data Protection Regulation (GDPR) and Article 72 (3) of the European Medical Device Regulation (MDR). This consent is given within the informed consent process of the clinical investigation that the apps are used for.

The provision of your child’s personal data is voluntary. However, without your explicit consent to the processing of their data, your child cannot participate in the clinical investigation.

We would like to point out that the use of the apps on a commercially available smartphone, as well as the storage of usage data in the Azure cloud, is associated with security risks that cannot be fully addressed by us as the manufacturer. However, we have extensive technical and organizational measures in place to mitigate those potential security risks as far as reasonably possible.

1. Information about the processing of your data

1.1 MyopiaX

We have listed which personal data is processed for you below. It also lists the purpose for each category of data.

1.2 Content apps

There are several content apps available to be used with MyopiaX. They all fulfill the same purpose of keeping users of MyopiaX engaged.

As such the content apps process the same categories of data and do that for the same purpose.

2. Data sharing and transfer

In addition to the cases explicitly mentioned in this data protection declaration or the informed consent form, your personal data will only be passed on without your express prior consent if this is permitted or required by law. This may be the case, for example, if the processing is necessary to protect the vital interests of the user or another natural person.

2.1

The data provided by you during registration will be passed on within our company Dopavision GmbH for internal administrative purposes including customer support within the scope of what is necessary.

Any disclosure of personal data is based on your consent to disclosing the data for administrative purposes within our group of companies and that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f) GDPR are not overridden.

2.2

If it is necessary to clarify illegal or abusive use of the app or for legal prosecution, personal data will be forwarded to law enforcement agencies or other authorities and, if necessary, to injured third parties or legal advisors. However, this only happens if there are indications of unlawful or abusive behavior. A transfer can also take place if this serves the enforcement of terms of use or other legal claims. legal claims. We are also legally obligated to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offenses subject to fines, and the tax authorities.

Any disclosure of personal data is justified by the fact that (1) the processing is necessary for compliance with a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. f) GDPR in conjunction with national legal requirements to disclose data to law enforcement authorities, or (2) your consent to us using the data if there are indications of abusive behavior or to enforce our terms of use, other conditions or legal claims and your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f) GDPR do not override.

2.3

As our business evolves, we may change the structure of our business by changing its legal form, establishing, buying or selling subsidiaries, divisions or components. In such transactions, customer information may be transferred along with the part of the company being transferred. In any transfer of personal information to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Policy and applicable data protection law.

Any transfer of personal data is justified by your consent to this privacy policy, helping us in adapting our corporate form to the economic and legal circumstances as necessary and that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f) GDPR are not overridden.

3. Data transfers to third countries

We process the data exclusively on servers hosted in Europe by our provider Microsoft Azure. The contract with Microsoft as processor includes the standard contractual clauses according to Art. 46 GDPR. Your data may be transferred to third countries only in cases which are described in the informed consent form.

4. Changes of purpose

Processing of your personal data for purposes other than those described will only take place if permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you about these other purposes prior to further processing and provide you with all other relevant information.

5. Data storage period

We will delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the above paragraphs.

Specific statements in this privacy policy or legal requirements for the retention and deletion of personal data, in particular those that we must retain for tax law reasons, remain unaffected.

6. Your rights as a data subject

Note regarding your rights: Due to the above-mentioned mechanism of generating a random ID, the recognizability of your data for us is only possible with your assistance, for example, by providing a precise time when you used the app.

6.1 Right to information

You have the right to receive from us at any time upon request information about the personal data processed by us that concerns you within the scope of Art. 15 GDPR. For this purpose, you can submit a request by mail or e-mail to the address below.

6.2 Right to rectify inaccurate data

You have the right to demand that we correct the personal data concerning you without delay if it is incorrect. For this purpose, please contact us at the contact addresses given below.

6.3 Right to deletion

You have the right to request that we delete the personal data concerning you under the conditions described in Art. 17 GDPR. These conditions provide in particular for a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an erasure obligation under Union law or the law of the Member State to which we are subject. For the period of data storage, please also see Section 5 of this Privacy Policy. To exercise your right to erasure, please contact us at the contact addresses below.

6.4 Right to restriction of processing

You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the duration that the verification of the accuracy requires, as well as in the event that the user requests limited processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires it for the assertion, exercise or defense of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the contact addresses below.

6.5 Right to data portability

You have the right to obtain from us the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 GDPR. To exercise your right to data portability, please contact us at the contact addresses below.

7. Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Article 6(1)(e) or (f) GDPR, in accordance with Article 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.

8. Right of appeal

You also have the right to contact the competent supervisory authority in case of complaints. The competent supervisory authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin

9. Contact

If you have any questions or comments about our handling of your personal data, or if you wish to exercise the rights as a data subject set out in sections 6 and 7, please contact us using the following contact details:

Dopavision GmbH
Krausenstr. 9-10
10117 Berlin
Email: info@dopavision.com

10. Changes to this privacy policy

We always keep this privacy policy up to date. Therefore, we reserve the right to change it from time to time and to update any changes in the collection, processing or use of your data.

As of: 25.08.2022

Our Partners

Dopavision is funded as part of the BMBF’s Industry-in-Clinic Platform Program (FKZ: 13GW0256)