Thank you for choosing the Bauerfeind curaflow app. In the following, we’d like to explain  how we’re handling personal data that you’re disclosing while installing and using the app. The protection of your personal data is important to us!

Please read this policy carefully before setting up and using the app. You can only use the app once you’ve read, understood, and confirmed the privacy policy.

 

1. Overview of key points:

With this app we are focusing on supporting you during your everyday life, not on collecting your data.
However, the app does need some of your personal data to provide you with suitable exercises and recommendations, to create reports and assessments for you and to present all content attractively and correctly. This may include, for example, information about your individual medical condition, physical measurements, state of health and symptoms (mobility, activity, mood).
In the following will provide you with an in-depth explanation of how we’re handling your personal data when you’re using this app.

 

2. General explanations:

Personal data includes all information that can be directly or indirectly linked to you as a person. This includes, for example, name, contact details, IP address, health information, gender, age, etc.

The term “processing” refers to all processes where personal data is collected, used, stored, shared or deleted, with or without the help of automated procedures. These processes are subject to data protection regulations.

A lot of data processed as part of this app is data concerning health according to Article 9, Paragraph 1 of the General Data Protection Regulation (GDPR). This includes all data related to physical or mental health status of a natural person, for example, data with a clear health reference or data which allows conclusions  about a person’s health. The processed data can be used individually as well as for depicting health-related data as an overall view.
Please see Article 4 of the General Data Protection Regulation (GDPR) for further definitions.

 

3. Who is responsible for data processing as part of the app?

The entity responsible for the operation of the app, the related processing and protection of your personal data, i.e. the controller, is
Bauerfeind AG
Triebeser Strasse 16
07937 Zeulenroda-Triebes, Germany
T +49 (0) 36628 66 – 10 00
F +49 (0) 36628 66 – 19 99
E info@bauerfeind.com
You can find further contact information and contact partners in our legal notice at https://www.bauerfeind-group.com/en/imprint.

 

4. Who is in charge of data protection at Bauerfeind?

We have appointed an internal company Data Protection Officer (pursuant to Article 37 et seq. of the GDPR) who will help you with any questions you may have relating to data protection and your associated rights:
Bauerfeind AG
Datenschutzbeauftragter
Triebeser Straße 16
07937 Zeulenroda-Triebes, Germany
T: +49 (0) 36628 66 – 13 39
E: datenschutzbeauftragter@bauerfeind.com

 

5. What personal data is processed during the set-up and use of the app, and what purpose does this processing have?

Data collection during download
Please note that the app can only be used if it has been installed correctly on your device (e.g. smartphone or tablet). When downloading the app via App Store or Google Play your IP address and information about date and time of the download is recorded. This process is linked to your  Google Account or Apple Account.
The download data is not shared with Bauerfeind, and the service provider does not provide us with any information about your account either.
Being able to link the app to your account is necessary so that the download provider can notify you, as part of your app use, of any changes required in the app, operational restrictions or, for example, additions and amendments to the terms of use and application (in accordance with Article 6, Paragraph 1 lit. b of the GDPR). For further information relating to data processing, please also read the privacy statements of the relevant store operator.
While setting up and using the app, you have the option of creating a user account to retrieve your data from different devices. But you can also use the app to its full extent without creating an user account. Then your data will only be stored on your device.

Data collection during app use
While actively using the app, various data is collected about you, particularly from your interaction with the app. New data is entered by you as the user (e.g. diary entries about your state of health, physical measurements), automatically generated (e.g. training progress) or collected through your active use of the app in order to suggest the appropriate exercises and to measure or ensure quality levels. In addition, we collect technical data about your device (e.g. device ID, operating system version, IP address).
Your data is primarily recorded, processed and stored to
– be able to carry out the basic functions of the app,
– be able to guarantee application security,
– select suitable exercises for you,
– check, ensure and improve the app’s function,
– if applicable, to generate statistical, anonymous analyses that provide us with information about usability and functional performance.
The data is collected and processed on the following basis:
– your consent (Article 6, Paragraph 1 lit. a of the GDPR),
– to fulfill the contractual services promised by the app (Article 6, Paragraph 1 lit. b of the GDPR), and
– based on our legitimate interest (Article 6, Paragraph 1 lit. f of the GDPR).
When you’re setting up the app and your user profile you will be prompted to provide information about yourself (name or nickname, gender), your indication and the products you are using to ensure you can properly use all the app’s functions to their full extent. The app can only provide targeted support and fulfill its purpose if you enter correct information.
If you like, you can allow the app to access your smartphone calendar. The app can then automatically display your smartphone calendar entries in the app’s appointments view. You can withdraw this permission at any time in your operating system settings.
There is also a diary function available to you. It can support you, for example, to document your mood and how long you are wearing your compression products. To keep an eye on your condition and to document its progression, you can record the circumferences of your arms and legs once a week. Measurement instructions and an input screen will help you with this. This will also display changes compared with your previous measurement.
If you decide not to set up a cloud-based user account, all the data you enter during set-up and use will exclusively be stored locally on your end device. You will be able to access your data via this end device only. If you switch end devices or you install the app on other devices, the data you have already entered won’t be available to you (any more).

Data collection during app use with a user account
If you would like to access your app data from different devices, you have the option of creating a user account. With your consent, your data will be fully synchronized in the cloud storage of Amazon Web Service EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg (AWS in short). We exclusively store your data on servers in Germany that comply with data protection standards. We have concluded a data processing agreement with AWS that excludes data use for their own purposes. To protect your data, we also use an encryption mechanism that fulfills state-of-the-art specifications. In order to access your data, you have to authenticate yourself with your e-mail address and a secure password chosen by you. Do not share this information with third parties to protect your data from improper use or unauthorized access.
When you have set up a user account, you can summarize your diary entries and body measurements in a PDF format for documentation purposes. The PDF file will be displayed in the app when you are logged in. You can save it on your device or share it using your device’s usual sharing functions via other channels (e.g. e-mail). Make sure you share your report with trustworthy people only as it contains sensitive data about yourself.
You can delete your user account and the data stored there at any time. Find out more about this in the Section “How can I update or delete my data?”.

Analysis of user behavior during app use
Once you have provided us with your consent, we will analyze your user behavior in an anonymized way and evaluate it statistically to be able to continuously improve our app. In order to do this, we use the services provided by Google and Facebook. Tracking provides allows us to discover potential problems during app use, recognize indicators for functional enhancement and constantly improve your user experience. Tracking will only start when you have given your consent for this. You can revoke your consent at any time with future effect in your settings under the menu item “More”.

By consenting to the analysis of your user behavior, you are also agreeing that, in accordance with Article 49, Paragraph 1, Sentence 1 lit. a of the GDPR, your data will be processed by the specified companies, possibly in the US. The European Court of Justice considers the US to be a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that US authorities may process your data for monitoring and surveillance purposes, potentially without the possibility of redress.

If you no longer want to allow tracking by Google Analytics and Facebook App Ads, you can revoke your consent at any time by deactivating tracking in your settings under the menu item “More”.
paper+coffee GmbH, Crellestraße 21, 10827 Berlin, Germany, supports us in the anonymized evaluation of data. This agency is commissioned by us, as part of a data processing agreement, to create statistics from the usage data and to optimize the app based on the results.
The following provides more information about the tools we use to analyze your user behavior.

A. Google Analytics
The app uses Google Analytics (Google Analytics in short), a service offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
With the use of the service and the associated collection of data, we pursue our interest of continuously improving our app and adapting it to users’ requirements. For this, we request your consent when you set up the app before we activate the analysis tool.
For example, technical information about the device you are using, selected actions during app use, as well as your entries and possible crash reports will be transmitted to Google Analytics in an encrypted and pseudonymized form. Please note that Google can also obtain information about your health in this way. Tracking allows us to analyze both the general user behavior and the functionality of the app with regard to efficiency, usability, performance and other similar criteria as well as to draw conclusions concerning the continuous improvement of the app in the course of the evaluation.
The collected data will not be shared or linked to the actual user data (e.g. your e-mail address).
Further information about how Google uses data can be found in the company’s Privacy Policy, which is available at: https://policies.google.com/privacy

B. Facebook App Ads
Facebook App Ads is a service provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
The objective of using Facebook App Ads is to show you useful notifications on social media about the use of our app and to subsequently determine how successful our advertisements for the app have been on social media. The insights gained in this way help us improve your user experience. For the tracking of your user behavior, we request your consent when you set up the app before we activate the analysis tool.
Please note that data about your user behavior relating to the app in particular, as well as technical data from your end device will be transmitted to Facebook. This may provide information about your state of health. Facebook may link your data with other data the company already has to merge it into a profile. This happens, for example, when Facebook reads the advertising ID of your end device. Further information about how Facebook uses data can be found in the company’s Privacy Policy, which is available at: https://www.facebook.com/about/privacy

Data processing when additional offers and services are provided

A. Your inquiries via e-mail
If you have any questions about the use of the app or you want to give us feedback, you can use the e-mail address lymphteam@bauerfeind.com to get in touch with us. When you contact us, you are disclosing your name and e-mail address as well as potentially other personal data about you.
By processing your data as part of this correspondence, we are fulfilling our legitimate interest to enable you to submit your inquiries to us quickly and easily and to allow us to respond to them (in accordance with Article 6, Paragraph 1 lit. f of the GDPR).  We will only use and store your data for the purpose of processing your request. We will forward your message to the responsible employee, who will process your query according to your requests. We will only share your data with third parties if doing so is necessary in order to process your request.
We will store your inquiry and the data provided for the purpose of processing it and to allow us to respond to any follow-up questions. We will keep this data until you ask us to delete it or until we have fulfilled the purpose for which we were storing it. Any mandatory legal provisions – in particular retention periods – will remain unaffected by this.
We would like to point out here that the transmission of data online, during communication by e-mail in particular, may, in principle, be vulnerable to security breaches. It is not possible to fully protect data from access by third parties.

B. Questions from Bauerfeind to app users (e.g. about satisfaction)
The app allows more detailed communication between you and Bauerfeind. Bauerfeind may ask, for example, about your level of satisfaction with the app use. These surveys are mainly carried out and evaluated in an anonymized way. In some cases, Bauerfeind may receive information and data about you as a user along with your answers. This data is always handled carefully and only evaluated, used and stored within the scope of the permission given. The collected data serves our legitimate interest (in accordance with Article 6, Paragraph1 lit. f of the GDPR) in checking and improving the quality of what we are offering. It helps us to identify information users need and to optimize it accordingly.

 

6. Where is personal data stored and who is it shared with?

To fully allow for the protection of your personal data, the app is initially installed on your mobile end device only, where it uses local memory space for all the entries you make. Storage of your data in a cloud in a user account created by you is encrypted, and this only takes place if you explicitly carry out this action and give your consent for it. Bauerfeind cannot draw conclusions about you as an app user purely from within the app. Bauerfeind does not have access to your personal data via the app. All information associated with the set-up and use of the app is permanently stored on your end device until you delete it. This is the only way the app functions and the quality of the content created for you can be guaranteed. Your data won’t be used for other purposes and it won’t be shared with uninvolved third parties.
Data that you have submitted to us via active communication (e.g. using the contact form) or as part of your consent, for example, to receive newsletters, will be used by us so we can process the relevant query and stored for as long as the purpose at hand requires it. We will only ever store your data within the European Union.
Access to (primarily technical) data is only granted to people and service providers who absolutely need this data for processing, operation, quality assurance and further development purposes. The extent of access is always restricted to what is strictly necessary.

 

7. How can I update or delete my data?

If you want to change, reset or delete your personal data within the app, you can do that yourself at any time in the “Settings” section. You have the option of adapting your data to the specific situation (e.g. indications, product or of resetting the entire app to delete all data from your device memory.
If you do not want to use the app anymore, you can uninstall it. This will delete all your entries from your device memory, but they will continue to be saved in your user account if you have set up an account. You can reinstall the app at any time, of course.
You can delete your user account and all data stored within it at any time by selecting the function “Delete user account” under “More” and “User account” in the app. Please note that your data will then be completely deleted. It will no longer be available to you on your end device either.

 

8. How is my data protected?

Bauerfeind AG’s technological infrastructure is comprehensively protected against unauthorized access by third parties. This protection is designed to prevent the unauthorized inspection, acquisition or amendment of data collected by the app. Bauerfeind will always observe the necessary standard and the applicable requirements stipulated by German and European data protection laws. We require the same on a contractual basis from our business partners who are involved in operating the app, regardless of where the data is stored or processed.

 

9. What rights do I have relating to my personal data?

As part of the applicable statutory provisions, you have various rights relating to the processing of your personal data. You can contact our Data Protection Officer at any time using the details provided if you would like to exercise your rights or if you have any questions concerning your personal data.

Access, blocking, erasure, restriction, objection
Each data subject has the following rights under the GDPR:
– The right of access to the personal data stored about you (pursuant to Article 15 of the GDPR),
– The right to have your personal data rectified (pursuant to Article 16 of the GDPR),
– The right to erasure (pursuant to Article 17 of the GDPR),
– The right to the restriction of processing (pursuant to Article 18 of the GDPR),
– The right to data portability (pursuant to Article 20 of the GDPR),
– The right to object to your data being processed (pursuant to Article 21 of the GDPR).
The right of access and the right to erasure are subject to the restrictions laid down in Sections 34 and 35 of the German Data Protection Act (BDSG).

Withdrawal of your consent to the processing of your data
If we are processing your data on the basis of your consent (e.g. in accordance with Article 6, Paragraph 1 lit. a of the GDPR), you have the right to withdraw this consent at any time. To exercise this right, you simply need to notify us of your request by e-mail. This withdrawal of consent will not affect the lawfulness of any data processing that has already taken place.

The right to lodge a complaint with the competent supervisory authority
You have the right to lodge a complaint with a supervisory authority if you are affected by violations of data protection legislation.

 

Last revised: Juni 2023