Data protection regulations Cara app and Cara Care dietary advice
Health is a sensitive subject. Cara undertakes to protect the privacy of the user and commits to only process data in accordance with the applicable data protection regulations, in particular the EU General Data Protection Regulation.
For this reason, we shall take all reasonable measures to protect your personal data against accidental or unlawful destruction, accidental loss, unjustifiable changes, unauthorized disclosure and unlawful access to the data. In order to do this we comply with the industry standards when transferring and storing your data.
According to the legal definition, personal data include all information that refers to a specific natural person or a natural person identifiable via the information.
Cara is provided by HiDoc Technologies GmbH, Torstr. 59, 10119 Berlin (HiDoc). This is the responsible authority within the meaning of the data protection regulations, in particular the GDPR. HiDoc has appointed a data privacy officer; they can be contacted for enquiries at email@example.com.
Collection and processing of personal data
If you use the Cara app or our online dietary advice, Cara Care, we will collect the following personal data:
- Information regarding your person that you provide to us during registration (e.g. first name, surname, email address).
- Sex and your age (in years);
- Where necessary, your place of residence may be recorded during usage, the release of your location information is voluntary,
- Information on your health that you provide to us when using the app or our dietary advice (e.g. symptoms, illnesses, body measurement data, medication)
- Information about your eating habits that you provided to us when using the Cara app or Cara Care,
- Information about your activities that you provided to us when using the Cara app or Cara Care,
- Technical information on your smartphone, tablet and other technical devices that you transfer to us when using the Cara app or Cara Care (e.g. IP address or Android IP). Cara also sends reports about system errors, crashes and user behavior to our developers. This is the only way to ensure that Cara is stable over the long-term.
Purposes of use for personal data
We use your personal data to provide our services and products in our app as well as to provide you with dietary advice. We use the information provided by you to document your influencing factors that may trigger health problems.
We collect the personal data you provide for the analysis and use it for the analysis. The information provided by you in the app is transferred to our server if you synchronize the app or connect your smartphone to us.
We identify therapy recommendations and tips tailored forwards you based on the analysis, which are displayed to you in the app or sent in the manner agreed.
The use of the Cara app and the display of your information in the Cara app as well as the registration as a user, take place on a voluntary basis.
As part of the dietary advice, the nutritionists cooperating with us shall also receive access to your personal data in order to carry out dietary advice both with and for you.
We cooperate with research partners and provide anonymous information to medical and pharmaceutical institutions (e.g. researchers, universities, clinics or drug manufacturers) for the purposes of research. It is hereby impossible to identify you as an individual given that we remove all identification information (such as name, email address) prior to transferring this information. We are committed to contributing to research and science in the area of abdominal health. That is why we collaborate with top-class researchers and university clinics. It might just be possible to improve the lives of countless people with the help of your anonymous data. Until now, the relationships between nutrition, stress and the psyche as well as exercise have not yet been adequately researched.
If you get in contact with us, we shall use your personal data in order to answer your queries.
In accordance with current data security regulations, data stored by us is backed up on media. We may use your personal data internally for the purpose of improving our services and ensuring technical availability.
Insofar as you gave us your consent, we can use your personal data to send you information about our new products and services. If we are requested by authorities or as part of legal disputes to send information to authorities, courts or third parties, we shall comply with this request if we are legally obliged to do so.
Consent to use health data
Health data such as symptoms, illnesses, body measurement data and medication transferred by you to us when using the Cara app or Cara Care dietary advice, shall be processed in the course of providing our services to you. Health data are particularly sensitive personal data that are subject to special protection and, most notably, may not be processed without your consent.
By using the Cara app and/or the Cara Care dietary advice, you consent that we may process and use your personal data and particularly those stored by you in the app on your mobile terminal device, as well as the information about your health transferred to us via your user account and during the dietary advice, in order to provide our service and products and that we may draw up evaluations and therapy recommendations on the basis of this. You consent that we may transfer your personal data to our nutritionist for dietary advice and may process and use them in an anonymous form for medical research purposes.
Deletion of data
Personal data stored with us shall be deleted if they are no longer required for the purpose for which they were collected and unless we are obliged to store them for longer due to legal obligations. As a rule, we will remove your personal data upon deletion of your customer account.
Insofar as you agreed for your personal data to be processed by us, we shall process your personal data based on this consent. Article 6 paragraph 1 sentence 1 lit. a, GDPR Furthermore, we will process your personal data in order to provide our services to you in accordance with Article 6 paragraph 1 lit b of the GDPR.
Links and references to other websites
The Cara App contains links to external websites and offers. Please take note that we are not responsible for their data protection or for the content of these other offers.
We recommend that all users inquire about the respective data protection information (privacy statements) of these other internet offers upon leaving the Cara app.
Transfer to third parties
We shall not transfer your personal data to third parties without your consent unless such transfer is permitted by law.
If we use data processing companies such as cloud providers and other service providers and transfer these personal data to them, we select them carefully, agree on data protection in order processing agreements, and instruct and monitor within the context of the applicable regulations. For that reason, we use Microsoft Azure, a cloud hosting service from Microsoft Inc., a company with headquarters in the USA with storage location in Europe for our hosting; we use the communication platform Intercom Inc. a company with headquarters in the USA for the communication between you and Cara via the Cara app or with the Cara Care dietary advice; we use mailchimp, a service provided by the Rocket Science Group with headquarters in the USA for our email notifications and for our newsletter; we use a feature of the company tokbox Inc. with headquarters in the USA (Cara app) and the company Video Communication Services AS with headquarters in Norway (Cara Care) for video calls; we use the calendar platform of Calendly Inc. with headquarters in the USA for arranging consultation meetings; we use the platform by Zapier Inc. with headquarters in the USA for our customer support, and the platform by Typeform, a service provider with headquarters in Spain for our forms and questionnaires. You can request a complete list of processing companies that we use at firstname.lastname@example.org.
We analyze the technical information of your app use and we also use partner companies who carry out such analyses on our behalf, in order to improve the content of the Cara app and Cara Care dietary advice including the usability. The following documents apply here:
- Crashlytics and Fabric by Google Inc., a company with headquarters in the USA.
- Branch Metrics Inc., a company with headquarters in the USA
- Mixpanel Inc., a company with headquarters in the USA
- Appsee, a company with headquarters in the USA
- Facebook Inc., a company with headquarters in the USA
The above-mentioned companies save and analyze the technical usage data produced when using our service and in particular, which content you accessed. The analysis of such technical data takes place exclusively in pseudonymous form; a combination with personal data, which would enable identification, does not take place.
By using the Cara app and Cara Care dietary advice, you declare that you consent to us and our above-mentioned partners using the technical information of your use of the Cara app and the Cara Care dietary advice (usage data) in pseudonymous form, for the purposes of improving our content and the usability of our services.
You can revoke this consent for your technical information to be evaluated in a pseudonymized way at any time with effect for the future. In order to do so, please send an email to the address email@example.com with your objection to the use of your data for analytical purposes.
For processing payment transactions, we may transfer data such as your Android or Apple ID as well as Apple Inc. or Google Inc. in order to invoice fee-based services via Google Playstore or the Appstore.
The service providers used by us are headquartered either in the EU or in a country in which the EU has established an adequate level of data privacy. Companies from the USA comply with the requirements for a sufficient level of data privacy according to the EU-US Privacy Shield.
The Cara app uses the common, established methods for the purpose of securely transferring and storing your data. An encrypted transmission via HTTPS, which you will be familiar with from online banking, is carried out to this end.
As prescribed by law, we implement technical and organizational measures in order to protect your data managed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are being continually improved in accordance with technological developments.
However, the greatest threat posed to your data comes from external parties who get their hands on your smartphone. That is why it is important to use the security mechanism provided by Apple in the form of a password for unlocking or fingerprint (touch ID).
We use the cloud provided by Microsoft Azur when storing our data. Microsoft Azur’s servers are located in Europe. As a cloud provider, Microsoft Azur is our processing company with which we have concluded an order processing agreement.
As a user of our services, you have the right to request information from us on data stored about your person. The information can also be issued electronically upon your request. You have the right to request that your personal data processed by us are deleted or restricted or that they are transferred to third parties in one of the common formats that we use. You can request that incorrect data be rectified. Any consent given e.g. to the use of health data can be revoked by you at any time.
Relevant requests can be addressed to HiDoc or our data privacy officer at firstname.lastname@example.org.
You can send complaints about the processing of personal data by us to the competent supervisory authority.
Scope of application
These data privacy statements exclusively apply to HiDoc’s Cara app and the Cara Cara dietary advice.
Moreover, we point out that these data privacy statements are continually adapted in line with current requirements.