Compliance: Sub-processors and affiliated operational entities

neuroCare Group GmbH may engage the following entities to carry out specific processing activities on behalf of the customer.

Please contact datenschutz@neurocaregroup.com to be notified of a change to the list.

Affiliate EntityPlace
1. Amazon Web Services, Inc. Germany
2. PamConsult GmbHGermany

Privacy Policy of neuroCare Group GmbH

Version: 1.0 as of 1st of January 2020

 

neuroCare Group GmbH, represented by its Managing Directors Klaus Schellhorn and Dr. Alexander Zobel, Rindermarkt 7, 80331 Munich, Germany, telephone +49 89 215 417 299-0, e-mail: info@neurocaregroup.com (hereinafter “neuroCare”), respects your right for privacy. neuroCare always endeavors to offer you an outstanding service for all products and services. In addition, neuroCare would like to provide Users of the offering with supplemental information concerning the handling of personal data by means of this Privacy Policy. Of course, neuroCare will treat all personal data that a User transmits in the course of the business relationship in compliance with the applicable data protection provisions. The details about how neuroCare handles personal data can be found in this Privacy Policy.

In this privacy policy we inform you which personal data we collect and for what purposes we process this data in accordance with the General Data Protection Regulation (GDPR).

 

1.             Scope of application

This Privacy Policy is applicable to all websites operated by neuroCare as well as all neuroCare apps that can be loaded via the Apple App Store, Google Play Store, Amazon App Store Windows/Windows Phone Store, or other App Stores(“offering”) and is oriented towards Users of this offering (“Users”).

If other neuroCare offerings have differing privacy policies, the differing privacy policy published on the respective website or in the respective offering shall apply. The neuroCare offering might contain cross-references ("links") to other websites or offerings of third-party providers. By clicking on such a link, Users sometimes leave the websites or offerings of neuroCare and reach the websites or offerings of third parties, for which content, compliance with data protection or privacy policy, neuroCare assumes no responsibility. The processing of Users’ personal data is executed by the third party operating the website and offering the service. In particular, neuroCare is not responsible that the same data protection standards that are observed by neuroCare do apply on websites or offerings not operated by neuroCare. neuroCare has no influence on that process. This also applies to personal data entered by the User on third party websites or offerings which come through to neuroCare, e.g. when entering neuroCare’s Facebook profile. For this reason, Users should carefully read through the privacy policies of third party websites and offerings.

 

2.           Personal data

“Personal data” are individual details about personal or objective circumstances of a specific or determinable natural person.These data include name, mailing address, birth date and gender as well as information through the use of the offering, e.g. game and exercise results and individual high scores the User achieves. Information that the User provides to other Users via the offering of neuroCare (e.g. photos, chat-contents) may also constitute personal data.

 

3.          Collecting and Use of Data, Google Analytics, Social Plugins and Advertising

3.1        Data Processing when using the Offering and Downloading the App

3.1.1     Data processing and logging for internal system purposes and statistical purposes

neuroCare’s system automatically records information during the visit to and use of neuroCare’s offering which neuroCare uses to in case it is required to enable the use and recording of the offering, so called usage data. This might include data such as browser type, browser language, operating system of the device used, display resolution, language and time zone settings, User’s geographical origin, date and time of the visit, access time or the address of the pages visited, and potentially the User’s IP address and the domains from which the User is accessing neuroCare’s offering.

IP addresses serve the purpose of the clear identification of the computers which are connected with the Internet. The location of the computer can also be derived from this. The IP address is transmitted with each server enquiry so that the server knows where the answer has to be sent to. The IP address is allocated to each user of an Internet-Service-Provider (ISP) as soon as he connects with the Internet. The ISP can understand which IP address at which time was allocated to which of its customers. As long as the IP address is stored there, it is theoretical possible to determine the identity of the connection holder via the ISP. neuroCare stores the IP address of the User which he possesses during his registration, when logging in, when placing an order as well as in the event of the deactivation of the user account. neuroCare uses it to recognize the session in order to identify the User for the use of the offering and to provide appropriate settings during use of the offering until the browser is closed, for the defense against attacks, especially on the offering, as well as for the further development of the offering. Legal basis for the data processing and logging for the purposes stipulated in this section is article 6, paragraph 1, page 1 lit f) GDPR. neuroCare’s justified interest is the putting forward of an offering, the improvement of the offering to ensure the best possible user experience and comfort as well as IT system security.

3.1.2     Downloading the App

When the app is being downloaded, the following data are being transferred to the respective sales platform from which the app is being purchased (e.g. Apple App Store, Google Play Store, Amazon App Store and Windows Store): User name, e-mail address, customer account number, date and time of download, payment information, and the individual device number. The sole responsibility of logging these data sits with the provider of the respective platform. neuroCare only processes those data supplied by the platform provider which are required for the download.

3.2          Analysis of the Offering

3.2.1       Analysis of the Offering by Google Analytics

The offering of neuroCare uses Google Analytics, a web analytics service of Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“). Google Analytics uses so-called “Cookies”, text files, which are stored on your computer and enable an analysis of the use of the offering by the User. By activating IP anonymization on this offer, the IP address of the User will however be shortened by Google within the member states of the European Union or other contracting states of the agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a server in the US and shortened there. Google will, on behalf of neuroCare, use the information to analyze the use of the offering by the User, in order to compile reports about the activities of Users on the offering and in order to provide further services associated with the use of the offering and the internet. Google will in no way combine the IP address of a User with other data of Google. Users can prevent the saving of cookies by a corresponding setting in the browser software; neuroCare however points out that in this case Users can if applicable not use all functions of the offering of neuroCare in full. The Users can object to the collection and use of their IP address by Google Analytics by downloading and installing the browser plugin available here:

http://tools.google.com/dlpage/gaoptout?hl=en.

Alternatively to using the browser plugin or within browsers on mobile devices, Users can click on the following link to prevent the collection by Google Analytics in the future:

https://tools.google.com/dlpage/gaoptout?hl=en

Thereby, an opt-out-cookie will be placed on your device. In case Users delete the cookies, they will have to click the link again.

neuroCare informs its Users that the neuroCare offering is amended by Google’s offering of the Google Analytics’s Code „gat._anonymizeIp();“, to ensure the anonymization of logged IP-addresses, whereas the anonymization already takes places within the EU.

Additional information on Google’s data processing is available in Google’s Privacy Policy at:

https://www.google.com/policies/privacy/.

neuroCare uses Google Analytics in order to analyze the use of its offerings and to continuously optimize it, making it more interesting for Users as per findings from reviewing the statistics.

For transmitting to the USA, there is a ruling about its adequacy by the EU-Commission (Nr. 2016/1250), for companies, which meet certain criteria and an adequate protection level; also known as “EU-US Privacy Shield”.  These companies are listed in the so called “Privacy Shield List” or “Privacy Policy List”. Google is among the companies listed. Die transmission to Google in connection with Google Analytics is based on articles 45 and 28 GDPR.

Legal basis for the data processing and logging for the purposes stipulated in this section is article 6, paragraph 1, page 1 lit f) GDPR. neuroCare’s justified interest is the improvement and development of the offering.

3.2.2       Analysis of the Offering by AddApptr

Parts of the offering may be financed by advertising. For offering and providing, advertising financed, services, Users are shown advertising during the use of the offering based on the analysis of the User’s data in order to finance the offering instead of Users paying for the offering. In order to enable advertising based on monitoring User behavior (session duration, time, etc.) neuroCare uses the tracking system AddApptr of AddApptr GmbH, Mittelweg 24d, 20148 Hamburg, Germany. This accesses the device ID. There neither is an assignment to an individual’s identity nor to the device ID.

Through using the offering, AddApptr GmbH receives aforementioned data to place advertising based on the usage. Further information on AddApptr GmbH are available on www.addapptr.com.

Additional information on AddApptr’s data processing is available in AddApptr’s Privacy Policy at:

https://www.addapptr.com/data-privacy

Legal basis for the usage of and by AddApptr is article 6, paragraph 1, page 1 lit f) GDPR. neuroCare’s justified interest is the financing of the offering in order for it be free of charge for Users.

3.3         Analysis of Usage Behavior for Scientific and Commercial Purposes

In the course of the performance of the contractual relationship between neuroCare and the User, neuroCare analyses the usage behavior and the usage results of the User for the respective User (please refer to number 3.6 for more detail). Besides that, neuroCare may collect and store anonymized data about User activity and results with neuroCare’s offerings for scientific and commercial purposes and to improve the offering.

Data will be analyzed statistically with respect to usage data (e.g. date and time, time and extent of usage including individual exercises being played and the User’s results), age, gender and geographic location of the respective User. neuroCare uses special software for this purpose. All data is analyzed anonymously and is deleted on a regular basis. The results of these statistics help neuroCare improve the quality of its products and services.

3.4         Combination of Data

During the course of the contractual relationship between neuroCare and the User, neuroCare combines the Users’s statistical and personal data for the individual User (please refer to number 3.6 for more detail). Statistical data in this sense are the exercises selected or level, date and time, time and frequency of exercises or level, achieved exercise and game results, the User’s progress in the individual exercises or Leveln,

Besides that, statistical data will only be combined with personal User data, if this is necessary to prevent infringement or breach of contract. If neuroCare notices that a User is in violation of this agreement, neuroCare reserves the right to combine the IP Address of this User with other stored data about him in order to be able to notify him about his violation of this agreement. Legal basis for the combination of personal data is article 6, paragraph 1, page 1 lit f) GDPR. neuroCare’s justified interest is the prevention of infringement and breach of contract for using the offering and offerings through the offered products and services.

There is no automated decision making, inclusive of profiling, as article 22, paragraphs 1 and 4 GDPR, by neuroCare.

3.5          Cookies

neuroCare uses so-called “cookies.” A cookie contains information that the neuroCare offering sends to the User’s browser, which then stores the information on the User’s system. If cookies are used, neuroCare’s offering is able to note information about the User and his settings until the User closes the current browser window (so-called “session cookies”) or until the user deactivates or deletes the cookie or the validity of the cookie expires. neuroCare uses cookies for purposes as described below.

3.5.1        Session Cookies

neuroCare uses session cookies when Users use the neuroCare offering through a website provided by neuroCare. In this case, neuroCare’s web server automatically sends a session cookie to the User’s browser, which makes it easier for the User to navigate in the offering. The session cookie contains a value, by means of which the neuroCare software can determine which page is supposed to be displayed when the User clicks the “back” button in his browser. In addition cookies contain information about the User ID, which neuroCare automatically allocates to each User. The cookies also contain data about the language and territory selections of User. The cookie is deleted as soon as the User logs out or closes his browser session. These session cookies are used upon the User agreeing to their use as per article 6 paragraph 1, page 1, lit a) GDPR.

3.5.2        Other Cookies

Other cookies will be specifically used in connection with the usage of Google Analytics (see number 3.2.1) as well as the Social Media-Plugins (see number 3.8). For further information, please refer to the respective paragraphs of this Privacy Policy.

3.6          Contractual Relationship

neuroCare uses personal User data to the extent necessary for establishing, performing or ending of the contractual relationship with the respective Users. This is the case if, among other things, Users sign-up to register for neuroCare products and services or wish to utilize paid for neuroCare products and services via the neuroCare offering.

3.6.1       Reasoning

When the User registers, neuroCare collects User data entered upon the registration as well as additional personal data (user name, e-mail address and password for the user account, registration date, date and time of log-in), which neuroCare requires to quality the contract with the User about using the offering. The transmission of these personal data is not required legally but is needed for the contract about using the offering, respectively the products and services, to come into effect. Legal basis for the data processing is article 6 paragraph 1, page 1, lit b) GDPR.

Besides that, Users can, at or after the registration, voluntarily enter additional data in their user account (e.g. chosen user name, gender, birthday, address incl. state, as well as a photo of the User). The transmission of these personal data is neither legally required legally nor needed for the contract to come into effect. neuroCare process these voluntarily added data as per the Users agreement as per article 6 paragraph 1, page 1, lit a) GDPR.

3.6.2        Performance

To the extent necessary for the performance of the contractual relationship between neuroCare and the respective Users, neuroCare uses personal data of Users, for example, for the transmission or furnishing of products or services within the framework of the use contract that has been concluded and for the use possibilities in connection with the usage contract (e.g. support etc.), including acquiring additional services through in App purchase on the respective sales platform. neuroCare processes Users’ personal usage data (e.g. chosen user name, log-in date, date and time, time and extent of use of offering incl. individual exercise performed and exercise results) and combine them with the user account so that User’s personal data to offer the User functions of products and services as requested by the User.

This may include the display of the progress of the respective user or the comparison of results with other users, for example between friend lists and this specific User. For this purpose, neuroCare especially analyses User behavior and results and combines statistical with personal User data, as required to render the possible uses requested by the User. Legal basis for aforementioned data processing is article 6, paragraph 1, page 1 lit b) GDPR.

In addition, relevant personal data are used in order to gain knowledge of malfunctions or an abuse of neuroCare’s offering. Legal basis for aforementioned data processing is article 6, paragraph 1, page 1 lit f) GDPR.

If neuroCare collaborates with third parties, e.g. hosting companies, software developers, payment providers, for purposes of rendering the services, neuroCare will obligate them to observe the applicable data protection provisions and guarantee adequate data protection.

If the operation of the entire offering or a portion of the offering or a product or service of neuroCare, for which Users have registered, is transmitted to a third party in whole or in part (e.g. language versions), neuroCare is entitled to provide such third party with the Users’ personal data for the purpose of further operating or offering or portions of the offering or the product or service. Legal basis for transmitting personal User data is article 6, paragraph 1, page 1 lit f) GDPR. neuroCare’s justified interest is the commercial utilization of its offering. Of course, in case this happens, neuroCare will promptly inform the User about this proceeding.

3.6.3       Payment Process

Data required for purposes of processing payments will be logged and recorded. For Users acquiring a Premium-Account, neuroCare will record the User’s complete address information for tax purposes. Other data required for the processing payments (as far as needed for e.g. Direct Debit: account holder, account number, Bank or for Credit Card Payment: credit card holder, credit card company, card number and expiration date), will not be logged by neuroCare but directly by the contracted payment provider . neuroCare has no access to these data. The User’s address will be transmitted to neuroCare by the payment provider (including to the provider of the sales platform used to acquire the neuroCare App) during their invoicing process with neuroCare. neuroCare may transmit user data logged as result of the use of the offering to the contracted payment provider. Amongst other, neuroCare collaborates with Paypal S.à.r.l. et Cie, S.C.A., headquartered in Luxembourg and Moneybookers Limited headquartered in London and has entered into the required contractual agreements with these providers ensuring the protection of Users’ personal data. Legal basis for processing these data in connection with the payment process is article 6, paragraph 1, page 1 lit b) GDPR.

In order to process payments, neuroCare may also contract fraud management service providers resulting in a higher level of security for Users and neuroCare and to help better safeguard financial information. For this purpose, neuroCare may transmit data to the fraud management service provider. Legal basis for transmitting these data is article 6, paragraph 1, page 1 lit f) GDPR. neuroCare’s justified interest is the detection of fraud and abuse of its offering.

3.6.4       Termination

neuroCare also uses personal data of the respective affected parties in the course of the termination of the contractual relationship with a User to the extent necessary to wind up the obligatory relationship. Legal basis for processing these data in connection with the payment process is article 6, paragraph 1, page 1 lit b) GDPR.

3.7          Communication

User data can be used within the framework of communication. In this regard as well, neuroCare will adhere to standards set by applicable data protection regulations.

3.7.1        User inquires

neuroCare will record any personal data the User enters voluntarily, e.g. in case of User inquires, and process those data to handle the User inquiry. Legal basis for recording these data and using personal data is article 6, paragraph 1, page 1 lit b) GDPR, in case the User enters these data in order to close the contract with neuroCare. In other cases, the recording and usage is based on article 6, paragraph 1, page 1 lit f) GDPR, whereas neuroCare’s justified interest is the processing of the individual user’s inquiry.

neuroCare archives correspondence with Users with the objective of improving neuroCare’s products and services as well as neuroCare’s offering based on article 6, paragraph 1, page 1 lit f) GDPR. neuroCare’s justified interest is the improvement and development of the offering and all products and services being part of the offering.

3.7.2         Surveys

neuroCare shall occasionally request Users to provide data within the framework of surveys. The User is at liberty to decide whether he would like to provide corresponding information and consents to the collection and processing of these data. The survey data are used for monitoring and improving the offer, the products and services as well as for improving the offer of services of neuroCare. neuroCare processes personal data acquired through surveys exclusively with User consent based on article 6, paragraph 1, page 1 lit a) GDPR.

3.7.3         Communication between Users through the Offer

Users are able to communicate with each other about neuroCare’s offering, e.g. by using chat functions. The communication about neuroCare’s offering is volunteered by the individual User and is, as a general rule, not subject to any control of the contents by neuroCare. Nevertheless, neuroCare reserves the right to delete entries at its own discretion and to exclude Users from further use, in particular if entries contain elements which are relevant and constitute a case under criminal law or are not compatible with the principles, respectively objectives, of neuroCare. Legal basis for transmitting communication among Users as part of neuroCare’s offering is article 6, paragraph 1, page 1 lit b) GDPR.

3.8          Social Plugins

The offering of neuroCare uses so-called plugins of social networks. There is Facebook’s “Like” button on the social network facebook.com of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”), the social network Google Plus’s “+1” button of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), as well as buttons of the Twitter service of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). This allows Users torecommendthis offeringto friends inFacebook,to otherusers of GooglePlusas well as followers onTwitter.For example, ifthe"Like"buttonis clicked, a message appears on the User’sFacebook pagethatthe User recommendouroffering. If the User clickstheGooglePlus "+1" button, the recommendation appears on theUsers’s GooglePlusprofile orappears in the search resultsof the search engine"Google".Moreover, the recommendation of neuroCare’s offeringmay be associatedwith the User’s profilename andthe profilephoto by third parties, which will be displayedon the Interneton websites andads. If Users send Twitter messages,it is possible toshare content of neuroCare’s offeringon Twitter, or to followuson Twitter.

For more detailed information for what purpose and to what extent Facebook, Google Plus and Twitter use your data as well as your rights with respect and settings options for protecting your privacy please refer to the Facebook privacy policy at https://www.facebook.com/about/privacy/, the privacy policy of Google Plus for the “+1” button http://www.google.com/intl/de/+/policy/+1button.html, and for further information on the privacy policy of Twitter under https://twitter.com/privacy.

Use of the aforementioned social plugins by Facebook, Google and Twitter is aimed at optimizing the offering to reflect Users needs and wishes. Using the Social Plugins is a User’s voluntary act.

Legal basis for using the social plugins explained below in more detail is the individual User’s consent communication as per article 6, paragraph 1, page 1 lit a) GDPR.

3.8.1     Facebook Plugin

If Users visit our offering, which contains a Facebook social plugin, the User’s browser or device establishes a direct connection to the servers of Facebook. The content of the social plugin is transferred directly by Facebook to the Users’ browser or device which embeds the latter into the offering. Therefore, neuroCare cannot influence the amount of data Facebook is collecting with the help of this social plugin and can only base any information on the knowledge it has: Facebook is, through the integration of the social plugin, aware which offering Users access. While Users are logged in to their Facebook account, Facebook can assign the Users’ visit to their Facebook account. If Users interact with the social plugin, such as click on the “Like” button or leave a comment, the corresponding information with this interaction is transmitted from Users’ devices directly to Facebook and is stored there. If a User has no account on Facebook the IP address will be, according to Facebook, anonymously stored in Germany. If a User has an account on Facebook and does not wish for Facebook to collect information about them through neuroCare’s offering, the User must log out on Facebook before visiting the offering.

For transmitting to the USA, there is a ruling about its adequacy by the EU-Commission (Nr. 2016/1250), for companies, which meet certain criteria and an adequate protection level; also known as “EU-US Privacy Shield”.  These companies are listed in the so called “Privacy Shield List” or “Privacy Policy List”. Facebook is among the companies listed. Die transmission to Facebook in connection with the social plugin is based on articles 45 GDPR.

3.8.2     Google +

If Users visit the offering, which contains Google’s social plugin, their device establishes a direct connection to the servers of Google. The content of the social plugin, the “+1” buttons, is transferred directly by Google to your device which embeds the latter into the offering. Therefore, neuroCare cannot influence the amount of data Google is collecting with the help of this social plugin and can only base any information on the knowledge it has. According to Google, it does not collect personal data collected, if Users do not click on the button. Concurringly, personal data are only collected and processed for members that are logged into their account including their IP address.

For transmitting to the USA, there is a ruling about its adequacy by the EU-Commission (Nr. 2016/1250), for companies, which meet certain criteria and an adequate protection level; also known as “EU-US Privacy Shield”.  These companies are listed in the so called “Privacy Shield List” or “Privacy Policy List”. Google is among the companies listed. Die transmission to Google in connection with the social plugin is based on articles 45 GDPR.

3.8.3     Twitter

If Users visit the offering which contains Twitter’s social plugin, their device establishes a direct connection to Twitter’s servers. The content of the Twitter buttons is transmitted from Twitter directly to the device of the User. Therefore, neuroCare cannot influence the amount of data Twitter is collecting with the help of this social plugin and can only base any information on the knowledge it has. Twitter only transmits your IP address and the text of the offering, when using the button or a Twitter message. It is not used for other purposes than the ones mentioned before, except for displaying the button or a Twitter message.

For transmitting to the USA, there is a ruling about its adequacy by the EU-Commission (Nr. 2016/1250), for companies, which meet certain criteria and an adequate protection level; also known as “EU-US Privacy Shield”.  These companies are listed in the so called “Privacy Shield List” or “Privacy Policy List”. Twitter is among the companies listed. Die transmission to Twitter in connection with the social plugin is based on articles 45 GDPR.

3.9       Advertising, market and opinion research

In addition to the degree which is admissible according to the statutory regulations neuroCare shall only collect, process and use personal data of Users for purposes of advertising and/or purposes of market and opinion research insofar as the respective User has explicitly previously consented to a collection, processing and use for purposes of the market and opinion research or to a processing and use for purposes of advertising.

3.9.1     Information about the neuroCare Service per email

If Users declare their permission to use and process their email address, neuroCare will send the desired information to the respective Users, usually in the form of newsletters or invitations to participate in special offers or competitions.

In order to send newsletters or other information to Users per email (“Newsletter-Service”) neuroCare needs at least one valid email address of the User.

For the registration to the Newsletter-Service neuroCare uses the so-called double-opt-in procedure. In this procedure Users will only receive newsletters or other information after they have clicked on a special link for confirmation, which will be sent to their email address after their registration for the Newsletter-Service. This procedure should guarantee, that the respective User is the owner of the submitted email address. The confirmation through the special link has to be made within a short timeframe after the registration or the submitted email address will be deleted from neuroCare’s database. Until the owner of the email address confirms his wish to participate in the Newsletter-service, another registration with this email address for the Newsletter-Service will not be possible. Aforementioned newsletters or other communication pieces are send based on User’s consent as per article 6, paragraph 1, page 1 lit a) GDPR.

If the User has provided neuroCare with his email address during an existing customer relationship with him, neuroCare may send information about neuroCare, previously contracted services and services similar to those services which he had already contracted. Users can object to the use of their email address for the receipt of such neuroCare information in writing (e.g. by e-mail) at any time, without incurring transmission cost other than the delivery cost to convey the objection (at basic rates). neuroCare will inform the User in every newsletter and email about his rights and offer him the option to directly object to the receipt of further Newsletters or information.

Legal basis for processing the User’s personal data to send non-product related newsletters using personal data is article 6, paragraph 1, page 1 lit f) GDPR, whereas neuroCare’s justified interest is to advertise its own, similar products and services as part of the current customer relationship with the User. The User’s interests worthy of protection are sufficiently maintained as per §7 Sec. 3 of the “Law again Unfair Competition” (Gesetz gegen unlauteren Wettbewerb (UWG)).

3.9.2     Market research

neuroCare can use information stored about Users for internal surveys about demography, user interests, User interest and User behavior. This usage is carried out in an anonymized way. For purposes of advertising and market research, neuroCare can analyze information about Users in anonymized or aggregated form. If and insofar as neuroCare uses User data for creating User profiles it shall discontinue the usage if this is objected to by the respective Users. neuroCare uses data not anonymized nor aggregated based on article 6, paragraph 1, page 1 lit f) GDPR. neuroCare’s justified interest is to improve and develop the offering, products and services, of neuroCare.

3.10       Data transmission

neuroCare is entitled to transmit and store Users’ personal data to other member states of the European Union or within the European Economic Area for the purposes stated in this Privacy Policy, as far as the User consented to it or it being permitted by law. The transmission of personal data to countries outside or the European Union or the European Economic Area requires the explicit permission of the User or as far as permitted by law. Further details are available as part of the aforementioned description of services, which neuroCare utilized to put forward this offering.

neuroCare will not transmit any personal data to third parties in any unlawful way.

3.11       Special Terms for Professional Solutions

Parts of the offering may also be apps and software („Professional Solutions“), which are licensed to a licensee (e.g. medical personnel) to be used by the licensee’s customers (“End User”).

In that case, personal data are entered when setting up a User profile for the End User based on the data provided by the End User as well as further personal data (e.g. predetermined user name, e-mail address and the password for the User profile, registration date, date and time of logins). Transmitting these personal data is neither mandated legally nor is it a prerequisite to entering into a contract.

In addition, when using the Professional Solutions, personal usage data as mention under number #2 are being recorded (e.g. browser type, browser language, operating system of the device used, display resolution, language and time zone settings, users’ geographic location, date and time of last visit, time at accessing the site, visiting time and URLs of sites visited, possibly users’ IP address and domain from which Users access the neuroCare offering, information on the usage of the offering including exercise and game results as well as individual high scores by user).

On a case by case basis, the licensee may transmit additional personal data of the End User to neuroCare.

The logging and processing of all aforementioned personal data of the End User is executed as per the licensee’s briefing for the purposes stated by the licensee. Legal basis for logging and processing End Users’ personal data by neuroCare is article 6, paragraph 1, page 1 lit b) GDPR, whereas neuroCare is being active as the licensee’s provider of the job order as per article 28 GDPR. The legal basis for the logging and procession of Users’ personal is being determined by the licensee; only the licensee is responsible for this. For further information regarding the legal basis, one can inquire with the licensee.

Besides that, neuroCare will use personal data of the End User and those of the licensee regarding the usage of the Professional Solution only in an anonymized and aggregated form, without there being the option to trace them back to individuals. neuroCare will use the data only for its own purposes, in particular to calculate statistics being available as consulting information to the licensee and to optimize the Professional Solution and other offerings.

 

4.             Data integrity and security

neuroCare endeavors to achieve a level of correctness of the stored personal data of Users that is corresponding to the current standards. For this purpose, neuroCare will take a precautionary measure by allowing individual persons reasonable access to the stored personal data of Users in order to check, correct or anonymize (if necessary), block or delete such data. Within the framework of neuroCare’s offering Users also have the opportunity, following authentication, to independently inspect and/or modify the data they have transmitted.

The protection of personal data that neuroCare has received from Users of the offering is an important component of the company philosophy of neuroCare. neuroCare protects personal data of Users of offerings of neuroCare against loss, abuse and modification by means of modern security measures of a physical, technical and administrative nature. All servers are hosted by neuroCare or selected partners, who can ensure the same data security as neuroCare and are obliged to comply with data protection law.

As is the case with all transmissions of data via the Internet, however, a residual risk also remains in the case of sending and receiving personal data.

neuroCare points out to Users that, in spite of the stringent requirements neuroCare places on data protection, all information that a User voluntarily releases via the Internet can also potentially be used by others. For this reason, neuroCare cannot assume any responsibility or liability for the disclosure of information as a result of errors in data transmission and/or unauthorized access by third parties.

 

5.             User Rights

Each User has the right to inquire and receive information about their personal data being stored. More detail is available under number 6.

Each User has the right to the correction, blocking and deletion of his personal data in accordance with the statutory provisions. If the User does not undertake any amendment or deletion himself, neuroCare as well as the person responsible for the Privacy Policy at neuroCare are available at the address stated at the end of this Privacy Policy and are happy to receive corresponding applications. neuroCare will appropriately amend or, as the case may be, delete Users’ personal data of neuroCare’s offering as quickly as possible. neuroCare points out that, due to technical and organizational conditions, it is possible that, even after the request for amendment or deletion, some measures will still be carried out that have already begun, but have not yet been completely executed, after Users notified neuroCare of the request for deletion. neuroCare likewise points out, however, that deletion of User data is only possible if it is not precluded by legal provisions, particularly with respect to data storage timelines, data for billing and/or bookkeeping purposes.

Each User is at liberty at all times to object to the processing and use of his personal data for purposes of direct marketing and data analyses, which are based on article 6, paragraph 1, page 1 lit f) GDPR. In the instance of the last stated case, this applies only if neuroCare cannot prove reasons worthy of protection for processing, which outweigh the User’s interests, rights and freedom of choice or which are designed to claim, execute or defend legal claims (article 21, paragraph 1, GDPR).

In particular, Users can object to the use of their e-mail address for the receipt of newsletters and/or information of neuroCare at all times without cause and without incurring transmission cost for this purpose other than the delivery cost to convey the objection (at basic rates). neuroCare will clearly point out their right to objection to its Users both when collecting the email address as well as with each use in newsletters or other information.

If Users provide data concerning them and neuroCare processes these data based on Users’ consent, Users can demand to have neuroCare transmit the data to them in a structured, commonly used and machine-readable format or that these data are transmitted to another named responsible as far as that is technically feasible (so called Right of Transferring Data).

Each User consent to the use of his personal data can be freely revoked by the User at any point in time effective as of the time is was revoked.

In addition, the User can file a complaint against the data processing with the overseeing authorities if he believes it to be violating current law.

neuroCare as well as the person responsible for the Privacy Policy at neuroCare are available at the address stated at the end of this Privacy Policy for corresponding applications or, as the case may be, communication by Users

 

6.             Information

Users as well as third parties sometimes have a right to information with respect to the data gathered and stored by neuroCare.

In specific individual cases, neuroCare is entitled to give information or obligated to give such information to the competent offices on the basis of statutory provisions.

6.1          Users right to information

In response to a request by a User, neuroCare will at no charge give information concerning all personal data stored by neuroCare concerning him. In principle, such information is transmitted in electronic form (via email). Such Customer inquiries are to be directed to the address stated at the end of this Privacy Policy.

If the User takes advantage of this opportunity for the issuance of information via email, the stated email address (both sender and recipient) will not be used for any purpose other than the issuance of information and the documentation thereof.

6.2          Third Party´s Right to information

In individual cases, neuroCare can be entitled to inform third parties concerning personal data of the Users of offerings of neuroCare. neuroCare reserves the use of its right to give information in individual cases following detailed review and careful consideration.

If neuroCare is legally obligated to forward its data to local, state, national or international agencies, neuroCare will comply with such obligation.

In addition, neuroCare will disclose data to third parties if applicable statutes and regulations require so. In these cases, the disclosure, respectively transmission of information, is based on article 6, paragraph 1, page 1 lit c) GDPR.

Moreover, neuroCare can disclose information in order to review or prevent illegal activities or a suspicion of fraud or to initiate appropriate counter-measures or in order to enforce or apply the contracts of neuroCare. In these cases, the disclosure and the possible transmission to maintain aforementioned justified interest of neuroCare based on article 6, paragraph 1, page 1 lit f) GDPR may be required, and therefore legal.

 

7.             Time to Storage

neuroCare processes and stores personal User data only as long as is required to provide the offering, respectively to achieve the purpose of the processing or to maintain the legally required time limits for storing data.

If the User registers for the neuroCare offering, neuroCare stores the relevant personal data until the User deletes his account unless there is a legally required time limit or a neuroCare has a justified interest requiring the data to be processed (e.g. the processing of outstanding payments or balances), that requires the data to be stored longer.

 

8.             Amendment of the Privacy Policy

neuroCare reserves the right to amend this Privacy Policy from time to time, but neuroCare will always observe the applicable statutes concerning data protection. neuroCare recommends that Users review the current Privacy Policy at the time of each visit to the neuroCare offering. neuroCare will naturally inform the Users in advance if it wishes to use the Users’ personal data to a greater extent than set forth in this Privacy Policy.

 

9.             Contact

The person responsible in accordance with the General Data Protection Regulation (GDPR) is: neuroCare GmbH, Rindermarkt 7, 80331 Munich, Germany including all other neuroCare Group companies.

Do you have questions or suggestions regarding data protection? Send us an e-mail to: info@neurocaregroup.com

You can reach our data protection officer Daniel Steffen by phone on 08456 / 3009880 or via e-mail at datenschutz@neurocaregroup.com

part of neuroCare Solutions

We use cookies to gather information about your website visit in order to continuously improve our website and the user experience. Additional information can be found in our Privacy Policy . You herewith consent to allow cookies.
Agree