Privacy Policy: Cara Care App
Health is a sensitive topic. Cara is committed to protecting the privacy of the user and assures that personal data will only be processed in accordance with the applicable data protection regulations, in particular the EU Data Protection Basic Regulation.
The description of our services and the terms of use can be found in our General Terms and Conditions, the Privacy Policy for the use of our website can be found here.
Cara Care supports you in getting your digestive problems under control. Discover the connections between your nutrition, your well-being and your digestion by using the app.
The use of the app does not replace a visit to the doctor and is intended to support your self-awareness and the additional interpretation of your entries by your treating physician.
Because the protection of your privacy is important to us when using Cara Care, we would like to inform you with the following information about which personal data we process when you use Cara Care and how we handle this data. Furthermore, we would like to inform you about the legal basis for processing your data and, insofar as processing is necessary to protect our legitimate interests, about our legitimate interests and your rights towards us.
1. Responsible office and data protection officer
Cara Care is offered by HiDoc Technologies GmbH, Hohe Bleichen 22, 20354 Hamburg. ("HiDoc"), hello@cara.care. This is the responsible body in terms of the data protection regulations, in particular the DSGVO. HiDoc has appointed a data protection officer, who can be reached for inquiries under datenschutz@gohidoc.com.
2. Collection and processing of personal data when downloading Cara Care
Certain information is already automatically processed when you use Cara Care.
When you download the App, certain required information is transmitted to the App Store you have selected (e.g. Google Play or Apple App Store). In particular, the user name, e-mail address, customer number of your account, time of download and individual device ID can be processed. The processing of this data is carried out exclusively by the respective App Store and is beyond our sphere of influence.
3. Collection and processing of personal data when using Cara Care
3.1 Automatic data transfer of your smartphone
When using Cara Care, we collect certain data automatically, i.e. without any explicit communication of data by you, which is necessary for the use of the app. This includes:
- IP address
- Date and time of the request
- Content of the request (concrete page)
- Access Status/HTTP Status Code
- Amount of data transferred in each case
- Content from which the request comes
- Operating system and its interface
- Version of the Cara Care App
This data is automatically transmitted to us in order to provide you with the service and related features, to improve the functions and features of the App, and to prevent and correct misuse and malfunctions.
This data processing is based on the legal basis that in relation to the purpose of using the App, the processing is necessary for the fulfillment of a contract or contract-like relationship between you and us in accordance with Art. 6 Para. 1 lit. b) DS-GVO. Insofar as we use this information to improve our App or to prevent misuse, we have a legitimate interest in ensuring the functionality and error-free operation of the App and in being able to offer a service in line with the market and our interests (Art. 6 para. 1 lit. f) DS-GVO).
Furthermore, we use this information to analyze the use of our services by service providers and to improve the advertising of our products and services. For further details, please refer to section 7.3 of this Privacy Policy. Such use will only take place within the scope of the consent you have given us. The legal basis for this is Art 6 Paragraph 1 lit. a DSGVO. The details of this consent are described at the end of this Privacy Policy under the item "Your consent".
3.2 Data provided by you
If you actively use Cara Care to find out the reasons for your complaints and to fight the causes, some data will be requested from you that has nothing to do with your health status or clinical picture. These are:
- Your name (how you want to be addressed in the app)
- Your gender (female/male / intersex), and your age (in years);
- your location data
- Your e-mail address
We can use this data to concretize the later evaluation of your entries, especially gender-specific and based on your age. If you contact us, we use your personal data to answer your questions.
The processing of this data is thus necessary for the fulfillment of the contract between you and us in accordance with Art. 6 Par. 1 lit. b) DS-GVO for the use of the App, insofar as you make this data available to us.
If you enter data in Cara Care, you are responsible for ensuring that the data is correct in terms of content. If you find errors in the information or want to change data, you can do this yourself in Cara Care.
3.3 Your health data
The following data, which you also provide us with by using Cara Care for the intended purpose, are so-called health data. These data are particularly sensitive data and will only be processed by us within the scope of the consent you have given us for the use of these data. The details of your consent are described at the end of this privacy policy under the point "Your consent".
If you use Cara Care, the following health data will be collected by us:
- Information about your health (e.g. complaints, diseases, body measurements, medication)
- Information about your eating habits
- Information about your activities
We use your health information to provide our services and products in Cara Care. The scope of services may vary depending on the Cara Care variant. With the help of the information you provide, we document the factors that can cause health problems.
For analysis purposes, we collect the personal data you provide and use it for the analysis. The information you provide in Cara Care is transferred to our servers when you synchronize the app or connect your smartphone to us.
On the basis of the analysis, we will determine suitable therapy recommendations and tips for you, which will be displayed in the app or sent to you in the agreed manner.
The use of Cara Care and the provision of your information in Cara Care as well as the registration as a user is voluntary.
Within the scope of a nutritional consultation carried out in Cara Care (not included in the version "Digital Health Application" according to section 3.5 when billed via your health insurance company), the nutritionists cooperating with us will also be given access to your personal data in order to carry out a nutritional consultation with you and for you.
We cooperate with research partners and provide anonymized information to medical and pharmaceutical institutions (e.g. researchers, universities, clinics or drug manufacturers) for research purposes. It is not possible to identify you personally, as all identification information (such as name, e-mail address) will be removed by us before such disclosure. It is our concern to make a contribution to research and science in the field of abdominal health. For this reason, we work together with research institutions and researching companies. Perhaps one day the quality of life of countless people can be improved with the help of such anonymous data.
You can also provide Cara Care with your personal data from the Apple Health app of your iOS device, if you have made the appropriate settings there that allow data transfer to Cara Care. You can change this setting at any time. We use your personal data from the Apple Health App to link information about your movements and heart rate with your reported symptoms, for example, in order to show you possible connections.
The processing and use of this health data is done to evaluate your input and to provide our analysis and therapy recommendations in Cara Care. This data processing requires your consent in accordance with Art. 9 para. 2 letter a) DS-GVO.
You will find the specific consent you have given for the use of your health data at the end of this Privacy Policy under the item "Your consent".
3.4 If we are requested by authorities or in the course of legal disputes to provide information to authorities, courts or other third parties, we will comply with this request to the extent that we are legally obliged to do so. The legal basis for this is Art 6 Para.1 lit. c DSGVO.
3.5 Processing of data within the scope of DiGAV requirements
Personal data may only be processed with a DiGA for the following purposes. (1.) for the intended use of the Digital Health Application by the users, (2.) for the proof of positive health care effects within the scope of a trial pursuant to Section 139e Paragraph 4 of Book 5 of the German Social Security Code, (3.) for the proof of agreements pursuant to Section 134 Paragraph 1 Sentence 3 of Book 5 of the German Social Security Code, and (4.) for the permanent guarantee of the technical functionality, user-friendliness and further development of the Digital Health Application.
The intended use of the DiGA by the users includes any data collection and processing, requirements for a DiGA which are necessary to use the DiGA in accordance with its intended use in the context of health care.
The personal data described in points 3.1 to 3.4, which you provide us with in the context of the intended use of the App, are necessary to ensure the best possible achievement of the goal of the use of Cara Care. The aim is to identify triggers of your digestive problems so that the intensity and frequency of your complaints can be significantly reduced. In Cara Care you can document your triggers, eating habits and medication so that Cara Care can analyze your inputs and provide the best possible support.
All data processed by you within the framework of Cara Care are thus used for the intended purpose of DiGA.
The verification of agreements § 134 paragraph 1 sentence 3 of the Fifth Book of the German Social Security Code (Fünftes Buch Sozialgesetzbuch) serves primarily the purpose of verification for settlement with the user's health insurance company.
The permanent guarantee of the technical functionality, user-friendliness and further development of DiGA includes the processing of your personal data for the further development and improvement of Cara Care, especially for the detection of technical faults.
A prerequisite for lawful data processing according to § 4 para. 2 DiGAV is that you consent to data processing for the above-mentioned purposes. You will find the corresponding consent at the end of this declaration.
4. Deletion of data
Personal data stored with us is deleted as soon as it is no longer required for the purpose for which it was collected and we are not obliged to keep it for a longer period of time due to legal obligations. As a rule, we delete your personal data with the deletion of your customer account. You can easily delete your customer account by selecting "Delete account" in your profile under "More" in the app. This will also delete all your data on our servers
We will also delete your data if you explicitly request us to do so or if you remove your personal information from Cara Care. If you revoke your consent to process your personal data, we will no longer process any of your personal data in the future. Uninstalling Cara Care does not delete your data from our systems, so that after reinstalling Cara Care you can access it again.
The deletion of personal data is equivalent to anonymization, i.e. the removal of all personal characteristics.
5. Transfer to third parties
5.1 We will not transfer your personal data to third parties without your consent, unless such transfer is permitted by law and necessary for the provision of our Cara Care services.
5.2 When we use contract processors, such as hosting providers and other service providers, and transfer personal data to them, we select them carefully, agree with them on data protection in contract processing agreements, instruct them and monitor them in accordance with applicable regulations.
For example, we use Hetzner (Hetzner Online). a company based in Germany, with storage in Germany, to host our data. You can request a complete list of the contract processors we use at datenschutz@cara.care
5.3 In order to improve the content of Cara Care and its usability, we analyze the technical information of your app usage.
We store and analyze the technical usage data that is generated when using our service, in particular how you have used our offers in Cara Care. The analysis of such technical data is only carried out in pseudonymous form, i.e. by means of an identification code, a combination with personal data that would enable your identification by third parties does not take place.
Data will only be processed by us in this way if you have given your consent. The details of your consent are described at the end of this privacy policy under the point "Your consent".
5.4 In order to process payment transactions, we may also transfer data, such as your Android or Apple ID, to Apple Inc. or Google Inc. in order to bill you for paid services via the Google Playstore or the Appstore.
5.5 The DSGVO permits data processing within the EU. Processing outside the EU in a so-called third country is permitted provided that a comparable level of protection exists in the third country (adequacy decision pursuant to Articles 45, 46, 47 DSGVO).
The service providers we use are either based in the EU or in a country in which the EU has established an adequate level of data protection.
6. Links and references to other internet offers
Cara Care contains links to external websites and offers. Please note that we are not responsible for their data protection or the content of these other offers.
We recommend all users to inform themselves about the respective data protection information (privacy statements) of these other internet offers when leaving Cara Care.
7. Security
Cara Care uses common, known methods to transfer and store your data securely. For this purpose an encrypted transmission via HTTPS takes place, which you also know from online banking.
As required by law, we use technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved according to technological development.
However, the greatest threat to your data comes from strangers who get their hands on your smartphone. Therefore it is important to use the protection mechanisms offered by Apple or Android. These include an unlock password, Touch ID (fingerprint) or Face ID.
For the storage of our data we use Hetzner (Hetzner Online). The servers of Hetzner (Hetzner Online) are located in Germany. As hosting provider Hetzner (Hetzner Online) is our order processor, with whom we have an agreement for order processing.
In accordance with the applicable data security regulations, data stored by us is backed up on media (backup).
8. E-mail communication and advertising
We use the email address you provide during registration to communicate with you in connection with Cara services or to send you advertising for our own similar goods or services. You can object to this use of your e-mail address for advertising purposes at any time. We will also clearly inform you that you can object to this use of your e-mail address for advertising purposes at any time.
Any other use of your e-mail address for advertising purposes will only take place if you have expressly agreed to this use. Such consent can be revoked at any time. We will also clearly point out to you that you can revoke this consent at any time for any use of your e-mail address for advertising purposes.
9. Your rights
As a user of our offers, you have the right to request information from us about the data stored about you. Upon your request, the information can also be provided electronically. You have the right to request the deletion or restriction of your personal data processed by us or to request that it be transferred to third parties in a common format used by us. You can demand that incorrect data be corrected. You can revoke your consent, e.g. to the use of health data, at any time.
Corresponding inquiries can be directed to HiDoc or our data protection officer at datenschutz@cara.care.
Complaints about the processing of personal data by us can be directed to the responsible supervisory authority.
10. Your consent to the use of health data and other personal data
10.1 By using Cara Care, the health data you provide us with, such as complaints, illnesses, body measurement data, medication, are processed in the context of providing our services to you. Health data are particularly sensitive personal data and are subject to special protection and in particular may not be processed without your consent according to Art 9 DSGVO.
10.2 Consent to the processing of your data outside the use according to DiGAV
10.2.1 You agree that we may process and use your personal data, in particular the data stored by you in the App on your mobile device, as well as the information about your health transmitted to us via your user account and during the nutritional consultation, in order to provide our services and products and that we may create evaluations and therapy recommendations on this basis.
10.2.2 You further agree that we may pass on your personal data to our nutritionists for the purpose of providing nutritional advice.
10.2.3 You also agree that we may process and use your personal data in anonymized form for medical and pharmaceutical research purposes and for this purpose we may also pass on your personal data to medical and pharmaceutical research institutions and companies.
10.2.4 You agree that we may process your personal data for the purpose of permanently ensuring the technical functionality, user-friendliness and further development of Cara Care. This also includes that we and our aforementioned analysis service providers may use the technical information of your use of Cara Care (usage data) in pseudonymized form for the purpose of improving our content and the usability of Cara Care.
10.2.5 You also agree that in order to improve the effectiveness of our advertising campaigns, we may process technical information about your app usage, such as the frequency of use and which of our content offerings from Cara Care you have used, in pseudonymized form. Under no circumstances do we use the data about your health stored in the Cara App or the Cara Care nutritional advice.
10.3 Consent to use in accordance with DiGAV when billing via your health insurance company (Section 3.5)
10.3.1 You agree that we may process your personal data collected in connection with the use of our Digital Health Application for the purposes of the intended use of the Digital Health Application, for the purpose of proving positive health care effects in the course of a trial pursuant to Section 139e (4) of Book 5 of the German Social Security Code, and for the purpose of proving agreements pursuant to Section 134 (1) sentence 3 of Book 5 of the German Social Security Code.
10.3.2 You agree that we may process your personal data for the purpose of permanently ensuring the technical functionality, user-friendliness and further development of Cara Care. This also includes that we and our aforementioned analysis service providers may use the technical information of your use of Cara Care (usage data) in pseudonymized form for the purpose of improving our content and the usability of Cara Care.
10.4 Revocation of Consent
If you have given us your consent to process your personal data, in particular to process the personal data described above, this is done voluntarily. You can revoke any consent at any time with effect for the future. If you are under 16 years of age, your consent for the processing of all personal data is dependent on the consent of your parents or other guardians. In order to exercise your right of revocation, you must inform us (HiDoc Technologies GmbH, Torstr. 59, 10119 Berlin ("HiDoc"), hello@cara.care) by means of a clear declaration (e.g. a letter, fax or e-mail sent by post) of your decision to revoke your consent. If you make use of this option, we will immediately (e.g. by e-mail) send you a confirmation of receipt of such a revocation.
10.5 Consequences of revocation
In the event of a revocation, the processing of your data up to that point remains lawful. After revocation, your personal data can be further processed to the extent legally permissible, e.g. for invoices or within the scope of legal storage periods or in the event of legal disputes before courts or authorities.
11. Scope of application
This data protection information applies exclusively to Cara Care from HiDoc.
We also point out that this data protection information is subject to constant adaptation to current requirements.