Health is a sensitive topic. Cara is committed to protecting the privacy of users and guarantees that it processes personal data only in accordance with applicable data protection legislation, in particular the EU Data Protection Regulation (GDPR).
CARA CARE helps you to get a grip on your digestive problems. Discover the connection between your diet, your well-being and your digestion by using the app.
The use of the app expressly does not replace a doctor’s visit and serves to support your own perception and that of the supplementary interpretation of your input by your treating physician.
Because protecting your privacy while using CARA CARE is important to us, we want to use the information below to help you understand which personal data we process when you use CARA CARE, and how we treat it. In addition, we also inform you about the legal basis for the processing of your data and, to the extent that processing is necessary to safeguard our legitimate interests, our legitimate interests as well as your rights vis-a-vis us.
1. Responsible controller and data protection officer
CARA CARE is offered by HiDoc Technologies GmbH, Torstr. 59, 10119 Berlin (“HiDoc”), firstname.lastname@example.org. This is the responsible controller in the sense of the data protection regulations, in particular the GDPR. HiDoc has appointed a data protection officer, who can be contacted for inquiries at email@example.com.
2. Collection and processing of personal data when downloading CARA CARE
Certain information is automatically processed as soon as you use CARA CARE. When downloading the app, certain required information will be sent to the app store you have selected (eg Google Play or Apple app store); in particular the username, the email address, the account number of your account, the time of the download and the individual device code number are processed. The processing of this data is done exclusively by the respective app store and is beyond our control.
3. Collection and processing of personal data when using CARA CARE
3.1 Automatic data transmission of your smartphone
When you use CARA CARE, we automatically collect certain data that is necessary for the use of the app, without you having to explicitly provide this data. This includes:
- IP address
- Date and time of the request
- Content of the request (concrete page)
- Access status/HTTP status code
- Amount of data transmitted in each case
- Content from which the request comes
- Operating system and its interface
- CARA CARE app version
This information is automatically transmitted to us to provide you with the service and related features, to enhance the functionality and features of the app and to prevent and eliminate misuse and malfunction.
This data processing is based on the legal basis that, with respect to the purpose of the use of the app, the processing is required for the fulfilment of a contract or similar relationship between you and us pursuant to Art. 6 (1) (b) GDPR. To the extent that we use this information to improve our app or to prevent abuse, we have a legitimate interest in ensuring the functionality and proper operation of the app and providing a market- and interest-based service (Art. 6 (1) (f) GDPR).
3.2 Data provided by you
If you use CARA CARE actively to find out the reasons for your complaints and to fight the causes, some of your data which has nothing to do with your health status or clinical picture will be queried. This includes:
- Your name (how you want to be addressed in the app)
- Your gender (female/male/intersex), and your age (in years);
- Your location information,
- Your e-mail address
We can use this data to make the later evaluation of your submissions more specific, in particular in a gender-specific and age-based way. If you contact us, we will use your personal data to answer your inquiries.
The processing of this data is therefore necessary for the fulfillment of the contract between you and us pursuant to Art. 6 (1) (b) GDPR for the use of the app, as long as you provide us with this data.
3.3 Your health data
If you use CARA CARE, the following health data will be collected by us:
- Information on your health (e.g. complaints, illnesses, body measurements, medicines)
- Information about your eating habits
- Information about your activities
We use your health information to provide our services and products in CARA CARE. With the help of the information provided by you, we document the influencing factors that may cause health problems in you. The personal data provided by you is collected by us and used for the analysis. The information provided by you in CARA CARE will be transmitted to our servers when you synchronize the app or connect your smartphone with us. On the basis of the analysis, we determine suitable therapy recommendations and instructions for you that are displayed to you in the app or transmitted in the agreed manner. The use of CARA CARE and the provision of your information in CARA CARE as well as registration as a user are voluntary.
As part of a dietary consultation conducted in CARA CARE, the nutritionists cooperating with us will also have access to your personal data in order to provide nutritional advice with you and for you.
We cooperate with research partners and provide anonymized information to medical and pharmaceutical institutions (such as researchers, universities, clinics or drug manufacturers) for research purposes. It is not possible to draw a conclusion about your person here as all identifying information (such as name, e-mail address) is removed from us before such disclosure. It is important to us to contribute to research and science in the field of abdominal health. That is why we work together with research institutes and research companies. The quality of life of countless people may be improved with the help of such anonymous data.
You can also share your personal data with CARA CARE from the Apple Health App on your iOS device if you have made settings there that allow you to submit data to CARA CARE. You can always change this setting again. We use your personal data from the Apple Health App to store, for example, to connect information about your movements or your pulse with your symptoms and shared symptoms in order to show you possible connections.
3.4 If we are required by authorities or litigation to provide information to authorities, courts or other third parties, we will comply with this request to the extent that we are legally required to do so. The legal basis for this is Article 6 (1) (c) GDPR.
4. Deletion of data
Personal data stored with us will be deleted as soon as it is no longer needed for the purpose for which it was collected and we are not obliged to store it for longer due to legal obligations. As a rule, we delete your personal data by deleting your customer account. You can simply delete your customer account by selecting “Delete account” in your profile on the app under “More”. This will also delete all your data on our servers
5. Transmission to third parties
5.1 We will not transmit your personal data to third parties without your consent, unless such transfer is permitted by law and is required for the provision of the services of CARA CARE .
5.2 When we use commissioned data processors, such as cloud providers and other service providers, and transmit data to them we carefully select them, agree with them in terms of data protection with regard to commissioned data processing, and instruct and monitor them in accordance with the applicable regulations.
For the hosting of our data, we use Microsoft Azure, a cloud hosting service from Microsoft Inc., a US-based company, located in Europe; for communication between you and CARA CARE, we use the communication platform of Intercom Inc., a US-based company; for our e-mail alerts and newsletter service, we use MailChimp, a Rocket Science Group service based in the US; for video calls, we use a functionality of the company tokbox Inc. based in the USA (Cara App) and the company Video Communication Services AS based in Norway (CARA CARE); we use the calendar platform of Calendly Inc, based in the US for arranging consultation appointments; for our customer support, we use the platform of Zapier Inc, a US-based company; and for our forms and questionnaires, we use the platform of Typeform, a service provider based in Spain. For a complete list of the commissioned data processors we use, please contact firstname.lastname@example.org
5.3 In order to improve the content of CARA CARE and its usability, we analyze the technical information of your use of the app and we also use partner companies that conduct such analyzes on our behalf. These are the following companies:
- Sentry from Functional Software, Inc., a US-based company
- Branch Metrics Inc, a US-based company
- Mixpanel Inc, a US-based company
- Appsee, a US-based company
- Facebook Inc., a US-based company
The named companies store and analyze the technical usage data that arises when using our service, in particular how you have used our offers in CARA CARE. The analysis of such technical data takes place exclusively in pseudonymous form, i.e. means of an identification code; combination of this data with personal data that would enable your identification by third parties does not take place.
The Cara app and the Care dietary consultation use Facebook’s advertising and analytics product “Facebook Audiences“ for Cara App and CARA CARE commercials on Facebook, Facebook applications such as Instagram or third-party websites connected to Facebook Audience, as well as to get a better understanding of our users and thereby improve the effectiveness of our advertising campaigns, so that we can present our high-quality products and services to a more willing number of customers.
In the context of Facebook Audiences, we mainly process the frequency of use, i.e. how many times you have used the Cara app in one month and which of our content offers you used, i.e. which articles you have read and which of our programs you have participated in. In no case will we use the data about your health deposited by you in the Cara app or the CARA CARE nutrition consultation for this purpose.
5.4 For the settlement of payment transactions, we may transmit data such as your Android or Apple ID to Apple Inc. or Google Inc. for invoicing for paid services through the Google Playstore or AppStore.
5.5 The service providers we use are located either in the EU or in a country that has established a level of data protection sufficient for the EU. Companies from the US meet the requirements for a sufficient level of data protection according to the EU-US Privacy Shield.
6. Links and references to other internet offers
CARA CARE contains links to external websites and offers. Please note that we are not responsible for their data protection policies or the content of these other offers.
We recommend that all users, when leaving CARA CARE, inform themselves about the privacy statements of these other internet offers.
CARA CARE uses the common, well-known methods to securely transfer and store your information. Encrypted transmission takes place via HTTPS, which you are also familiar with online banking.
We use, as required by law, technical and organizational security measures to protect your data managed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in line with technological developments.
The biggest threat to your data, however, comes from strangers who manage to get your smartphone in their hands. Therefore, it is important to use Apple's or Android’s protection mechanism of an unlock password, Face ID or fingerprint (Touch ID).
We use the Microsoft Azure cloud to store our data. The servers of Microsoft Azure are located in Europe. As a cloud provider, Microsoft Azure is our commissioned data processor, with whom we have a data processing agreement.
In accordance with applicable data security regulations, data stored by us is backed up to media (backup).
8. E-mail communication and advertising
We use the e-mail address communicated by you during the registration for the communication in the context of the Cara services or in order to send advertisements for our own similar goods or services. You can always object to this use of your email address for advertising purposes. When we use your email address for advertising purposes, we will clearly point out to you again each time that you can object to this use at any time.
Any further use of your email addresses for advertising purposes only takes place if you have expressly consented to this use. Such consent is revocable at any time. We will also clearly point out to you every time that we use your email address for advertising purposes with your consent, that you can revoke this consent at any time.
9. Your rights
As a user of our offers, you have the right to ask us for information about the personal data stored about you. This information can also be issued electronically at your request. You have the right to request deletion or restriction of your personal data processed by us or its transfer to third parties in a common format used by us. You can request that incorrect data be corrected. You can withdraw granted consent, e.g. to the use of health data, at any time.
Such requests may be directed to HiDoc or our data protection officer at email@example.com.
You may submit a complaint about the processing of your personal data by us to the responsible supervisory authority.
10. Your consent to the use of health data and other personal data
10.1 With the use of CARA CARE, the health data transmitted by you to us, such as complaints, illnesses, body data, medicines, is processed as part of the provision of our services to you. Health data is particularly sensitive personal data and is subject to special protection and in particular may not be processed without your consent pursuant to Art. 9 GDPR.
By using CARA CARE, you agree to us processing and using your personal data, in particular the data stored by you in the app on your mobile device, as well as your user account, and information transmitted to us about your health during the dietary consultation, for the provision of our services and our products, and the creation on this basis of evaluations and therapy recommendations.
You also agree that we may disclose your personal data to our nutritionists for a dietary consultation.
You also agree that we may anonymize your personal data and may process and use it anonymously for medical and pharmaceutical research purposes and for this purpose also pass it on to medical and pharmaceutical research institutions and companies.
10.2 With the use of CARA CARE, you declare your agreement that we and our named service providers may process the technical information of your use of CARA CARE (user data) in a pseudonymized form for the purpose of improving our content and the usability of our services.
You also agree that we may process technical information about your app use, such as the frequency of use and which content of CARA CARE's offerings you have used, in a pseudonymized form to improve the effectiveness of our advertising campaigns and may share it with Facebook, Instagram, Pinterest, Twitter, Universal App Campaigns and other advertisers. In no case do we use the data on your health deposited by you in the Cara app or the CARA CARE dietary consultation.
10.3 Revocation of consent
If you have given us consent to the processing of your personal data, in particular for processing the personal data described above, this is done voluntarily. Any consent can be revoked by you at any time with effect for the future. If you have not completed your 16th year of age, the consent for the processing of all personal data depends on the consent of your parents or other guardians. In order to exercise your right of revocation, you must provide us (HiDoc Technologies GmbH, Torstr. 59, 10119 Berlin (“HiDoc”), firstname.lastname@example.org) a clear statement (e.g. a letter sent by post, fax or email) about your decision to revoke your consent. If you make use of this possibility, we will immediately send you (for example by email) a confirmation of the receipt of such a revocation.
10.4 Consequences of the revocation
In the case of a revocation, the processing of your data until then remains legal. After the revocation, your personal data may be further processed, as far as this is legally permissible, e.g. for invoices or in the context of legal retention periods or in litigation before courts or authorities.
11. Scope of application
12. Your California privacy rights
If you are a California resident, California Civil Code Section 1798.83 permits you to request in writing a list of the categories of Personal Information relating third parties to which CARA CARE has disclosed Personal Information during the preceding year for the third parties’ direct marketing purposes.
To make such a request, please contact us at: email@example.com.