Version dated Oct 01, 2024
Dear User of this App,
The protection of your personal data is not only important to you, but also to us, Her-Medical-Aid GmbH, the responsible party for the "Hermaid" app (hereinafter "we," "us"). We value your trust in our responsible and lawful handling of your personal data. Your data is treated confidentially.
These privacy notices aim to fulfill our legal obligations under Articles 13 and 14 of the GDPR and to clearly explain to you which personal data is processed when using this app and how we handle it. Her-Medical-Aid GmbH processes and uses personal data collected during the installation and use of the app, in compliance with the data protection regulations applicable in the Federal Republic of Germany.
The controller according to Article 24 GDPR for the data processing is:
Her-Medical-Aid GmbH
Gleimstraße 56
D-10437 Berlin
Register Court: Charlottenburg Local Court
Managing Directors: Anne and Susanne Feldt
You can contact the controller at the above contact details or via email at anne@hermaid.me for any concerns.
You can contact the data protection officer of the controller via email at metra-health@caladan.de.
Your Rights as Data Subject
You have the following rights regarding your personal data:
Additionally, you have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.
Purpose
This processing serves to manage and document your consents.
Data Types
We process consent data as personal data relating to you.
Legal Basis
The legal basis is our duty of proof under Article 5(2) GDPR in conjunction with Article 6(1)(1)(c) GDPR. The storage of a technically necessary cookie for managing your consents is governed by Article 5(2) GDPR in conjunction with Article 6(1)(1)(c) GDPR and Section 25(2) No. 2 TTDSG.
Necessity
The processing of the above-mentioned personal data is necessary to fulfill our legal obligations.
Retention Period
The retention period for this processing lasts until you revoke your consent. To fulfill our duty of proof, we keep a deletion log for three years.
Recipients
The personal data mentioned above is transmitted to our hosting service provider, Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA.
This processing ensures the smooth operation of the app.
Data Types
We process connection data (access data and device data) as categories of personal data.
Legal Basis
The legal basis is our legal duty to ensure the secure processing of personal data under Article 5(1)(f) GDPR in conjunction with Article 6(1)(1)(c) GDPR.
Necessity
The processing is necessary to fulfill our legal obligations.
Retention Period
The retention period is 30 days for logging access to the interface between the app and server, and two months for system crash logs.
Recipients
The data is transmitted to Amazon Web Services, Inc., located in the USA, which has an adequacy decision under Article 45 GDPR.
Purpose
This processing is for providing technical support to app users.
Data Types
We process your user ID, request ID, the content of your query, and any additional information you provide.
Legal Basis
The legal basis is our duty to ensure secure data processing per Article 5(1)(f) GDPR in conjunction with Article 6(1)(1)(c) GDPR.
Retention Period
The data is stored until your request is resolved.
Recipients
The data is transmitted to our email hosting provider, Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin.
Purpose
This processing serves to ensure user management security.
Data Types
We process user account data, session data, and login data.
Legal Basis
Our legal basis is the obligation to ensure secure data processing under Article 5(1)(f) GDPR in conjunction with Article 6(1)(1)(c) GDPR.
Retention Period
The retention lasts until you revoke your consent to use our app.
Recipients
The data is transmitted to Amazon Web Services, Inc., with an adequacy decision for transmission to the USA.
Purpose
This processing is for facilitating telemedical treatment within the app for physician consultations.
Data Types
We process personal data, medical history, symptoms, medication, health condition, assessment, and treatment plans.
Legal Basis
The legal basis is your consent per Article 6(1)(b) GDPR and Article 9(2)(a) GDPR.
Retention Period
The data is kept until consent is withdrawn. We retain a deletion log for three years.
Blood Test Orders
Purpose
This processing enables ordering blood tests through a pharmacy.
Data Types
We process your order data.
Legal Basis
The legal basis is your explicit consent under Article 6(1)(a) GDPR and Article 9(2)(a) GDPR.
Retention Period
The data is kept until your order is fulfilled.
Purpose
This processing serves the diary function within the app.
Data Types
We process your diary entries.
Legal Basis
The legal basis is your consent under Article 6(1)(b) GDPR and Article 9(2)(a) GDPR.
Retention Period
The data is retained until consent is revoked, with a three-year deletion log kept.
Purpose
This processing is for payment of telemedical services.
Data Types
We process payment and PayPal user data.
Legal Basis
The legal basis is your agreement with the app per Article 6(1)(b) GDPR and your explicit consent under Article 9(2)(a) GDPR.
Retention Period
The data is stored until you withdraw your consent, with a three-year deletion log kept.
Purpose
This processing serves product development.
Data Types
We process user and health data.
Legal Basis
The legal basis is your explicit consent under Article 6(1)(a) GDPR and Article 9(2)(a) GDPR.
Retention Period
The retention is until consent is withdrawn, with a three-year deletion log kept.
Your Right to Withdraw Consent
You have the right to withdraw your consent at any time with future effect. The legitimacy of processing based on your consent until withdrawal remains unaffected. You may withdraw your consent by emailing anne@hermaid.me or through the account settings by deleting your user account.
