Company contact details
vivamind – Society for Preventive Medicine and Psychology mbH
Lindemannstr. 6a, 44137 Dortmund, Germany
Phone number: ++49 231 477 684 3
E-mail address: firstname.lastname@example.org
Dr. Rüdiger Beck, managing partner
Prof. Dr. Stefan Diestel, managing partner
Marion Beck, managing partner
Contact details of the data protection officer
Attorney at law Ulf Haumann LL.M.
Specialist attorney for IT law/ specialist for data protection
Kaiserstr. 21-23, 44135 Dortmund, Germany
Phone number: +49 231 22 81 90 10
E-mail address: email@example.com
We take the protection of your personal data very seriously and strictly adhere to the rules of data protection laws. We take conscientious precautions to protect your data from loss, manipulation and unauthorized access. The precautions correspond to the state of technological development. The following statement gives you an overview of how we ensure this protection and what kind of data is collected for what purpose.
Basic principles in the processing of personal data
We process your personal data in compliance with the legal provisions on data protection (General Data Protection Regulation (DSGVO), Federal Data Protection Act (BDSG-Neu)).
Your data will be handled exclusively for the fulfillment of the contractually justified purposes and on the basis of your voluntary consent and applicable legal provisions.
Personal data will not be passed on to third parties without your express consent, unless this is absolutely necessary for the processing of business transactions for the provision of the service or for the performance of the contract. In this case, the data is limited to the minimum necessary.
Personal data is any information related to an identified or identifiable natural person. It includes all types of information that can be traced directly or indirectly (i.e., in conjunction with other data) back to a person. This includes, for example, information such as name, address, email address. Personal data is only processed by vivamind if this is permitted by law or if you have consented to the collection of the data.
By order of the competent authority, we may provide information about this data in individual cases, insofar as this is necessary for the purposes of law enforcement to avert danger, to fulfill the legal tasks of the constitution protection authorities or the military counterintelligence service or to enforce intellectual property rights.
User registration and provision of chargeable services
In principle, you can use the my.vivamind website without having to register with us. However, the use of services within the application “my.vivamind”, requires prior registration (creation of an account) and associated with this, further processing of personal data.
After registration you will receive an e-mail in which you must confirm that you really want to create the account. If you do not confirm this within 24 hours, the account will be deleted again. Thus, if you want to use the benefits and services offered on our website, we will regularly process the following data from you:
1. user (e-mail address)
2. optional mobile number, if 2-factor authentication is requested.
Purposes of processing the data 1-2 are:
1. authentication; legal basis: Art. 6 para. 1 lit. b) DSGVO.
2. contacting; legal basis: Art. 6 para. 1 lit. b) DSGVO
SMS transmission via gatewayapi
During registration, or later in the profile, a two-factor authentication via SMS can be activated. When registering and logging in, a random, once-valid, numerical code is then generated and sent to your cell phone via SMS through this provider. During this process, this code and the user’s mobile phone number are sent to the provider.
By activating the two-factor authentication, you agree to the transmission of personal data. The operating company of gatewayapi is OnlineCity ApS, Buchwaldsgade 50, 5000 Odense C, Denmark.
The data entered in the course of registration will be processed exclusively for the above purposes. Your data will only be stored for the period of time required for the contractual relationship or in accordance with legal requirements (e.g. retention periods in accordance with § 147 of the German Tax Code).
With your registration on our site, we will also store your anonymized IP address (shortening of the last three digits) and the date and time of your registration.
This information is no longer personal data.
Purpose of this processing:
This serves as a safeguard on our part in the event that a third party misuses your data and registers on our site with this data without your knowledge; legal basis Art. 6 para. 1 lit. f DSGVO.
Your data will not be passed on to third parties. A comparison of the data collected in this way with data that may be collected by other components of our site also does not take place.
In addition, we would like to point out that personal data is transmitted to the server in encrypted form via the website using “Secure Sockets Layer (SSL)”. You can recognize the activation of SSL encryption in the address bar of the browser. Only when the regular display changes from “http://” to “https://” is the data transfer encrypted. Only transfer your data when SSL encryption is activated.
Personal data within the account
If you make use of one or more of the services offered within the scope of your protected my.vivamind account, further processing of data related to your person will be necessary for the purpose of providing the respective service (creation of concrete health profiles with preventive objectives as the basis for individual patient counseling) as well as for its payment processing. Which personal data is processed in the context of payment processing depends on the payment method you have chosen, whereby you automatically agree to the corresponding data transfer to the respective payment provider when using this method (see also “Use of Klarna as payment method” or “Use of SecurionPay as payment method” below).
Which personal data is processed in addition in detail for the purpose of providing the respective service, results in turn from the specific service selected by you and the associated respective input mask.
The legal basis for this data processing is Art. 6 para. 1 lit. b DSGVO and, in the case of payment processing and the processing of health data, your express consent pursuant to Art. 6 para. 1 lit. a DSGVO.
In this case, data is also stored exclusively for the period of the contractual relationship or in accordance with legal requirements (e.g. retention periods in accordance with Section 147 of the German Fiscal Code).
We only evaluate personal data in anonymized form for statistical purposes in order to obtain findings for health epidemiological issues and health science. This enables us, for example, to further develop algorithms that form the basis for measuring and evaluating health data. These evaluations cannot be linked to our dataset and thus individually classified. According to Art. 1 DSGVO, the anonymized evaluation is not subject to the Basic Data Protection Regulation because the data can no longer be assigned to a natural person in the course of the evaluation.
System operator and logging
For technical reasons, your end device automatically transmits the following information to our web server each time you access our Internet site and each time you retrieve a file. This information is stored in a log file for a limited period of time:
– IP address of the end device
– browser type/version
– operating system used
– Date and time of the server request,
– designation (URL) of the requested page
This data is processed exclusively for the purpose of legal protection (e.g. against hacker attacks) and the optimization of our web presence by means of statistical evaluation of this information (e.g. access errors, average dwell time, Internet browsers and operating systems used). The processing is thus carried out for vivamind on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f) DSGVO.
Deletion of this data takes place automatically after 7 days.
Notwithstanding this, we reserve the right to subsequently check the data and pass it on to authorized third parties in the event of suspicion of unlawful use of our website,
We use so-called cookies on our site to recognize multiple use of our offer, by the same user / Internet connection owner. Cookies are small text files that your Internet browser stores on your computer. They serve to optimize our Internet presence and our offers.
Valid: Duration of the user’s session
Description: Login data of the user
Valid: 30 minutes
Description: Prevention of XSRF attacks (https://de.wikipedia.org/wiki/Cross-Site-Request-Forgery)
Valid: 1 year
Description: The pll_language cookie records which language the user used on the last page.
However, in some cases, these cookies provide information to automatically recognize you. This recognition is based on the IP address stored in the cookies. The information obtained in this way is used to optimize our offers and provide you with easier access to our site.
Web analysis tool Matomo
If you do not use an advertising or tracking blocker, but still do not agree with the storage and anonymous evaluation of the data from your visit, you can object to the storage and use at any time. If you subsequently object to the processing of the data by mouse click, a so-called opt-out cookie will be stored in your browser, with the result that Matomo will not collect any session data. If you delete your cookies in your internet browser, this will result in the opt-out cookie also being deleted, of course. When you visit our website again, it must therefore be activated again.
Sentry Stability Testing and Monitoring
Vivamind uses Sentry, a service provided by Functional Software Inc, Sentry, 1501 Mariposa St # 408, San Francisco, CA 94107, USA, as part of the applications for stability testing and monitoring purposes. The following data is collected in this process:
– Browser and version number
– operating system
– Time and date
– URL of the page that was called up
The data collected enables Vivamind to identify which display errors occurred under which operating systems and when. This serves to provide Vivamind’s services as error-free as possible and to quickly detect errors and eliminate the detected errors.
Sentry is not deployed as “software as a service”. Rather, Vivamind operates the service as a local installation on its own servers. This ensures that all collected data remains with Vivamind and is not transmitted to the manufacturer of the software.
The legal basis for the processing is Art. 6 para. 1 lit. f DSGVO. The purposes outlined above also constitute Vivamind’s legitimate interest in data processing pursuant to Art. 6 (1) lit. f DSGVO.
All data, e.g. details of the terminal device used and the time of an error, are collected and stored anonymously and deleted immediately after evaluation. At no time is it possible for Vivamind to trace the stored data back to a specific or identifiable person.
When contacting vivamind (for example, by e-mail), your information will be stored for the purpose of processing the request and in the event that follow-up questions arise.
The processing for these purposes is thus based on your voluntary consent in accordance with Art. 6 para. 1 item a DSGVO. The storage period depends on the respective request. However, your data will be deleted at the latest when its storage is no longer necessary for the specific purpose and no legal retention periods apply.
If you wish to contact us by e-mail, we would like to point out that the confidentiality of the information transmitted cannot be guaranteed. The content of e-mails can be viewed by third parties. We therefore recommend that you send us confidential information exclusively by post.
Use of Braintree as payment method
The payment service provider Braintree allows you to pay online by credit card, Sofort (https://www.klarna.com/sofort/), PayPal (https://www.paypal.com/de) and giropay (https://www.giropay.de/). If you choose this payment method, the payment will be processed by the service provider Braintree, a service of PayPal (Europe) S.à r.l. et Cie, S.C.A. is duly licensed as a Luxembourg GmbH.
In this case, you must enter your credit card number, your first and last name as well as the validity period and check digit of your credit card in a form integrated in the my.vivamind application for this purpose. By submitting this form, you consent to this payment method and the associated data transfer to Braintree (Art. 6 para. 1 lit. a) DSGVO).
The transfer of your data takes place exclusively for the purpose of payment processing with the payment provider Braintree.
You can find more information about Braintree’s data protection at the URL www.paypal.de.
As a matter of principle, our offer is not directed at minors (Art. 6 in conjunction with 8 para. 1 DSGVO). Persons under the age of 18 may therefore not transmit any personal data to us without the written consent of their parents or legal guardians. If we discover that a minor under the age of 18 has sent personal data to us without the consent of the parent or guardian himself or herself or without the consent of the minor, we will delete the data immediately.
Recipients of the data
Access to your personal data stored by vivamind is limited to our employees and the following service providers contracted by us:
1. server hosting
DOKOM Gesellschaft für Telekommunikation mbH, Stockholmer Allee 24, 44269 Dortmund.
2. technical support/maintenance
VisualAppeal GbR, Klippe 109, 42555 Velbert, Germany
These service providers process the data exclusively within the scope of the so-called processing of data on behalf (Art. 28 DSGVO). They have been carefully selected and are only given access to your data to the extent and for the period required to provide the services or to the extent that you have consented to the data processing and use.
Data subject rights
1. right to information and data portability
You have the right to receive information about the data we have stored about you free of charge at any time without giving any reason (Art. 15 DSGVO). Upon your request, the information can also be provided electronically. If necessary, send an e-mail to: Info@Ipreveo.de
In addition, you have the right to data portability (Art. 20 (1) DSGVO), i.e. to receive the personal data stored about you in a structured, common and machine-readable format, or to have it transferred to a third party system. You therefore have a right to direct forwarding of your data.
2. right to rectification, restriction and deletion
Furthermore, in accordance with Art. 16 to 18 DSGVO, you can demand that vivamind correct, restrict (block) or delete your personal data if the data was processed incorrectly by us, if there is a reason to restrict further data processing, or if the data processing has become unlawful for various reasons, or if its storage is inadmissible for other legal reasons. Please note that your right to deletion may be limited by legal retention periods.
3. right of revocation
If the data processing is based on your consent, you can revoke this consent at any time with effect for the future.
4. right of objection
If the processing of data is based exclusively on our legitimate interest pursuant to Art 6 (1) (f) DSGVO, you have the right to object to this processing (Art. 21 DSGVO). Vivamind will stop processing your data in this, unless we can demonstrate legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of a legal claim.
5. right of complaint
In addition, you have a general right of complaint. The competent supervisory authority for complaints regarding data processing by vivamind is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf, Germany.
6. contact to exercise your rights
To exercise your rights (1-4), you can send us an informal message to the following contact details: firstname.lastname@example.org.
Likewise, please direct the revocation of your consent, stating which declaration of consent you wish to revoke, to the following contact details: datenschutz@email@example.com