Vila Health

Privacy Policy of Vila Health UG (haftungsbeschränkt)

Version: 2. Juli 2019

Please read this policy carefully before using the services of Vila Health UG (haftunsbeschränkt).
(To use our services, you must be 16 years of age or older.)

In the following, Vila Health UG (haftungsbeschränkt) ("Vila Health", "us", "our" or "we") gives you an overview of what data we collect for what purpose and how we ensure the protection of your data when using our website and services. We take the protection of your privacy and personal data very seriously and treat them strictly confidentially in accordance with the statutory data protection regulations and this data protection guideline.

Your (health) data is encrypted using the latest technology and can generally only be associated with you if you provide us with your personal access passwords.

When you visit the Vila Health website at (our "Website") and use our application in the login area (our "Services"), you will be asked to confirm your acceptance of and consent to the practices described in this Policy.

Responsible is Vila Health UG (haftungsbeschränkt), c/o Factory Works GmbH. Rheinsberger Str. 76/77, 10115 Berlin, registered in the commercial register of the local court Charlottenburg (Berlin, Germany) under HRB 208413, represented by Managing Director Laura Korcik.


For inquiries and further questions regarding the processing of personal data, please contact Our data protection officer is Julia Kraus.

Personal data and processing purposes

Personal data is any information about an identified or identifiable natural person, such as a name or e-mail address.

Personal data will only be collected, used and/or passed on by us if this is legally permissible or if you explicitly give your consent. In particular, the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the repeal of Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data ("General Data Protection Regulation", GDPR) as well as the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG) apply.

Your data will be used for the following purposes:

to provide you with the functionality and benefits of Vila Health,

to answer any questions you may have,

to implement this privacy policy and to fulfill the contractual relationship with you,

to analyze your use of our services and improve our services with our legitimate interests in quality assurance, technical and content development, and marketing,

when health data is processed, to provide you with Vila Health's services and to analyze that data with your explicit consent to improve our products and for research purposes, or

as otherwise explained in this Privacy Policy or in a notice from us.

Registration and use of services

When using the app, we collect the personal data described below in order to enable convenient use of the functions. If you wish to use our services, we collect the following data, which is technically necessary for us to be able to offer you the functions and guarantee stability and security (legal basis is Art. 6 (1) f. GDPR): IP address, unique device ID, country and region, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred, app usage data, operating system and its interface language.

To avoid associating this information with your identity (including your email address), we create a random and unique identifier that we cannot associate with your account.

In addition, we need your first name, gender, date of birth, information about your illness, your current (professional) status and your e-mail address to create and manage your account, provide you with the Services, process your requests and contact you if necessary. The legal basis for our data processing of personal data is Art. 6 (1) b. GDPR on the basis of the existing contract with us. The processing of health data is carried out on the basis of your expressed consent to the use of the services and their analysis for the improvement of our products and for research purposes on the legal basis of Art. 9 (2) a. GDPR.

You can delete and change the data entered in your App account at any time.

Further use of the services

During your continued use of the Services, you will also be asked to provide us with certain additional information. This information includes the following: Your feedback about our services, your knowledge of Vila Health, your billing information and any information you create and submit to us while using the services of the App (i.e. while doing the Vila program).

If the data processed for the purpose of providing the "Services" are considered personal data, such data processing is based on Art. 6 (1) b. or f. GDPR for the purpose of providing our Service and analyzing such data on the basis of our legitimate interest in improving our products and for research purposes. Health data will be processed on the basis of your expressed consent. Their analysis is used to improve our products and for research purposes on the basis of Art. 9 (2) a. GDPR.

You have the right to revoke your consent to the use of this health data at any time with effect for the future. For such a revocation please send us an e-mail to or delete your entire data/account via the corresponding button in the settings of the service. However, we would like to point out that in this case you will no longer be able to make full use of the functions of the services on this website.

Analysis of data

We use the information collected, including your personal data, to track your use of our services on the basis of Art. 6 (1) b. and f. GDPR or TMG, to ensure the technical operability of our services and to fulfill contractual or pre-contractual obligations (based on Art. 6 (1) b. GDPR or TMG and as otherwise stated in this Privacy Policy). With regard to the data processing according to Art. 6 (1) f. GDPR, we pursue the legitimate interests of quality assurance and marketing.

We will never share your personal information (or any other information you provide to us) with third parties, but we reserve the right to share information that has been anonymized and/or aggregated. You acknowledge and agree that we are the owner of all rights, title and interest in and to any derived data or aggregated and/or anonymous data collected or generated by us.

Contact; sending messages

When you contact us, your data will be processed with your consent for the purpose of processing the request and, if applicable, subsequent questions on the legal basis of Art. 6 (1) a. GDPR or the fulfilment of your request on the basis of Art. 6 (1) b. GDPR.

On the basis of Art. 6 (1) b. or f. GDPR, TMG or UWG, we may also contact you by e-mail if this is important for the use of the app or similar services and if you have not objected to these messages.

In addition, your data will be processed by us with your expressed consent to the sending of newsletters that you have subscribed to via the website.

Detailed overview of the data we process

Below you will find a detailed overview of the exact data we process, their use and the legal basis:

Your rights

You have certain rights with regard to the use of your personal data, which you can apply at any time and without any disadvantages:

You have the right to revoke your consent to the use of data at any time with effect for the future if such data processing is based on your consent.

You have the right to access the data stored by us and the right to correct your data if it is incorrect.

You have the right to object to the processing of your personal data, e.g. if your personal data is used for direct marketing purposes.

You have the right to request the deletion of your data.

You have the right at any time to request information about the stored data (in structured, up-to-date and machine-readable form) and can demand the correction or deletion of the data in the event of incorrect data storage.

You also have the right to file a complaint with a supervisory authority of your choice (e.g. for Berlin An overview of the European national data protection authorities can be found here:

Third party providers used by us

When using the website and services, data may be processed by third parties commissioned by us, e.g. cloud service providers.

For example, we use a hosting service provider Amazon Web Services, Inc.. The data we process with AWS (no personal health data) is physically located in Frankfurt, Germany. AWS is certified according to the EU-US Privacy Shield and complies with the data protection standards applicable in the EU.

You can find an overview of all third-party providers we use here (for more details on Google Analytics, see below)

In addition, your personal data will only be passed on to third parties within the scope of the statutory provisions, i.e. if we are obliged to pass on your data due to an official or court order or if necessary due to statutory provisions or if you give your express consent.

Deletion of data; retention periods

We will retain the above data for as long as necessary to provide the services to you, to address specific issues that may arise, or as otherwise required by law or by a responsible regulatory authority. As soon as your account is terminated or deactivated, we will delete the personal data relating to your account within one month. Some personal information may need to be retained longer to ensure that Vila Health can comply with applicable law and internal compliance procedures, including storing your email address to suppress marketing communications if you choose not to receive further marketing communications.

Storing periods are based on business requirements, and your data that is no longer needed is either irrevocably anonymized (and the anonymized data can be retained) or securely deleted.

Data security and encryption

We have taken adequate measures to ensure data and IT security and we also work with a third party that specializes solely in the secure and encrypted storage of health data (see The website services are operated via a secure TLS connection which encrypts the connection from your device to our servers.

Information on cookies, analytics and social media


Vila Health uses cookies to differentiate you from other users. This helps us provide you with a good user experience when using our website and enables us to improve our services. Please note that it is possible to disable cookies that are stored on your computer by changing your browser settings. However, our website may not function properly or some features may not be available to you if you disable cookies.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is activated on this website, Google will shorten your IP address beforehand within member states of the European Union or in other signatory states to the Agreement on the European Economic Area.

Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available at the following link:

Google Fonts

Our website uses the "Google Fonts" service from Google LLC, Mountain View, CA, USA to integrate and display text on the website. To this end, Google may process your data (including your IP address) on servers located in the United States. If the IP address is processed, the data will be processed on the basis of Art. 6 (1) f. of the German Data Protection Act. GDPR or TMG, whereby our legitimate interests (or the legitimate interests of third parties commissioned by us) in quality assurance or statistical analysis of user behavior are pursued. If your browser does not support Google fonts, your device will use a default font. We would like to point out that the integration of Google and an existing Google account can lead to automated decision making ("profiling").

Social media & networks

We also use social networking sites such as Facebook, Twitter and Instagram to provide you with more ways to contact us. However, we never share data or information with these networks. We would therefore like to point out that we have no influence on the terms of use and data processing of these providers when you interact with our pages there.

Changes to this Privacy Policy

We reserve the right to change the provisions of this Privacy Policy at any time, subject to applicable laws and data protection provisions.

In order to optimize our website for you and to continuously improve it, we use Cookies.

OK Further information