Privacy Policy App

As at: November 2023

The following information is provided on the processing of personal data when using the neotivCare app (“app“) in accordance with the General Data Protection Regulation (“GDPR“). Personal data (Art. 4 para. 1 GDPR) is any data that can be used to identify you personally, such as your e-mail address or other data that can be used to identify you.

1. Purpose

The overall intended use of neotivCare is to provide an app-based objective measurement of cognition to quantify cognitive impairment. The software is intended for use by patients at the indication of medical professionals to quantify and monitor a suspected or self-reported cognitive impairment. The app is not intended as a standalone diagnostic assessment and is only indicated as a tool to support the diagnostic process of a medical professional.

The complete intended use can be found in the instructions for use, which can be downloaded here.

2. Controller and data protection officer

The controller in accordance with Art. 4 para. 7 GDPR for the processing of your personal data in the app is neotiv GmbH, Hegelstraße 19, 39104 Magdeburg (“we“).

You can contact our data protection officer at the following postal address: heyData GmbH, Schützenstraße 5, 10117 Berlin, by email: datenschutz@heydata.eu or by phone: +49 894 1325 320.

3. Processing of personal data

When you use our app, we collect the personal data described below in order to enable the intended use of the functions.

3.1 Download, registration and activation via activation code

When you download the app, the information required for this is transferred to the operator of your app store, in particular your e-mail address, your ID with the respective app store provider, the time of the download and the individual identification number of your end device. We have no influence on this data collection. Therefore, we are not responsible for it.

In order to use the app as intended, you must create a user account in the app after downloading it. We collect and process the following personal data to open and manage the user account and to ensure that you are the person using the app:

  • Your e-mail address (which we verify using a so-called double opt-in)
  • A password (in encrypted form, which we cannot decrypt or otherwise access at any time)
  • A name you provide (if you provide this so that you can be addressed personally within the app)
  • First name, surname, date of birth, gender (required to create the letter of findings)

The processing of your personal data described in this section takes place within the framework of your usage agreement (created by agreeing to the terms of use within the app) with us regarding the use of the app for its intended purpose. The processing is based on your consent in accordance with Art. 6 para. 1 a GDPR and Art. 9 para. 2 a GDPR.

We will delete the personal data described in this section directly after you have deleted your user account.

3.2 Billing with health insurance companies

If the app is used as part of an insurance partnership with health insurance companies, the costs will be covered by the user’s health insurance company. The insured person must be registered with the care module with the respective health insurance company and must consent to data processing (collection, processing, transmission and use). For billing purposes, we only transmit the user’s master data required for billing to their health insurance company (first name, last name, date of birth, gender, insurance number, insurance status) and the service data in accordance with § 295 para. 2 and § 295a SGB V as part of the service billing.

The data is transferred as part of the DTA (data carrier exchange) billing procedure, which is carried out on our behalf by the billing service provider Convema Versorgungsmanagement GmbH. For more information on data protection at Convema, please refer to the provider’s privacy policy (https://convema.com/datenschutz/). Under no circumstances will health data be transferred.

The legal basis for the processing of personal data is Art. 6 para. 1 b GDPR.

3.3 Data exchange with the treating physician

The progress of your testing within your user agreement can be transmitted to your treating physician. The following data can be transmitted in this context:

  • Information related to your test progress in neotivCare
  • Number of tests already performed
  • Date of the last test
  • Number of remaining tests
  • Start of participation (activation of the neotivCare app)
  • Personal data for the doctor to track your test progress
  • Health insurance number (KVNR)

The above information may be used by your treating physician to support you in performing your tests and to provide assistance with medical questions.

The information on your test progress does not contain any qualitative statements (test results) on the tests themselves. Test results are only issued by the evaluation in the letter of findings (see section 3.4). The disclosure of the test results or the letter of findings is solely your responsibility.

Sharing this information with your treating physician is based on Art. 6 para. 1 f GDPR.

3.4 Use of the app (tests and findings letter)

The intended use of the app includes performing certain tests to check your memory. For the purpose of performing tests and evaluating the associated results, we process the following personal data (in addition to the data mentioned above under 3.1) from you:

  • Information about your period of use
  • Information about your age, previous illnesses, acute illnesses, lifestyle factors or your sleeping behavior, if you provide this information
  • Information on which of the tests offered during your application period you have taken
  • Date and time of the test
  • The time you need to complete a test
  • Your entries and answers in the context of the test
  • Information about your personal feelings in connection with the performance of a test, if you provide information about this in the respective free text field
  • Evaluation results of the tests carried out

After the end of your application period or, at your request, during the application period, the personal data described in this section that we have collected up to the relevant point in time will be evaluated and used to create a report in the form of a PDF. The data processing in relation to the report also includes its display in the app or transmission to you if you wish.

We process the personal data mentioned in this section on the basis of your consent in accordance with Art. 6 para. 1 a GDPR and Art. 9 para. 2 a GDPR.

Test results are only provided in the form of an evaluation in the letter of findings. It is your responsibility to decide whether to forward this letter of findings to your treating physician or other medical experts. You can forward the letter of findings in the form of a PDF electronically or print it out.

Your medical report will remain available in the app after the end of your subscription period. We will delete the personal data described in this section directly after you have deleted your user account.

3.5 Ensuring technical functionality

In addition, we process the following personal data from you in order to ensure the long-term technical functionality of the app, its user-friendliness and further development:

  • The date and time of the respective user’s app usage
  • The time zone and time zone difference to Greenwich Mean Time
  • The content of the request (specifically, the content accessed within the app)
  • The amount of data transferred in each case
  • The selected language
  • The version of the app
  • Error messages that occurred during the execution of the app
  • The track trace (interactions with the app before an error occurred)
  • The date and time of an error that occurred
  • The following device information: operating system and version of the operating system, identification number (anonymized, used to be able to assign errors to the device), battery status and temperature, date and time of the last restart, free memory / RAM, connection type (Wi-Fi or mobile data), device orientation (landscape or portrait), screen resolution, IP address (processed in a shortened form)

The app uses so-called log files and a cookie-like technology to process the personal data mentioned in this section. This means that small text files are stored on your device without causing any damage or transferring any content to your device.

We process the personal data mentioned in this section on the basis of your consent in accordance with Art. 6 para. 1 a GDPR and Art. 9 para. 2 a GDPR.

We delete the personal data described in this section no later than 30 calendar days after the end of the processing period (for example: the period until the completion of a bug fix).

3.6 Contact

If you contact us (for example, using our contact information as stated above, see section 2), we will process the personal data that results from your means of communication and that you have provided in the course of your contact (e.g. your name and e-mail address) in order to answer your questions. This data processing is based on Art. 6 para. 1 b GDPR if your questions relate to the license agreement concluded between you and us for the use of the app and on Art. 6 para. 1 f GDPR if there was or is no contractual relationship between you or if such a relationship is being initiated. In this case, our legitimate interest is to answer your questions to your satisfaction.

In addition, we may ask you questions about how you use the app and evaluate your answers to our questions in order to be able to further develop the app in the most user-friendly way possible.

4. No automated decision-making

We do not carry out automated decision-making or profiling.

5. Recipients of the data

We transmit personal data to your treating physician in the course of reporting on your test progress (for the scope, see section 3.3). We transmit personal data to your health insurance company to the extent described in section 3.2 if the use of the app is reimbursed by this health insurance company.

6. Your rights

You have the following rights with regard to your personal data in accordance with the legal provisions:

  • Right of access
  • Right to rectification and erasure
  • Right to restriction of processing
  • Right to data portability

If the processing of your personal data is based on your consent, you can revoke your consent at any time. We will then no longer process the data in question. However, the lawfulness of our data processing up to the time of the revocation of consent remains unaffected by this revocation.

In addition, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR.

To exercise your rights, you can send an e-mail to datenschutz@heydata.eu. The data protection officer will deal with your request immediately.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data in our company. The data protection supervisory authority responsible for us is the Saxony-Anhalt supervisory authority. However, you can also contact any other data protection supervisory authority.

Supervisory authority of Saxony-Anhalt:

State Data Protection Officer

Visitors’ address: Leiterstraße 9, 39104 Magdeburg

Postal address: P.O. Box 1947, 39009 Magdeburg

Web: datenschutz.sachsen-anhalt.de

E-mail: poststelle@lfd.sachsen-anhalt.de

Tel.: +49 391 81803-0

Toll-free phone: 0800 9153190 (DTAG fixed network)

Fax: +49 391 81803-33