Version: 2. Juli 2019
Please read this policy carefully before using the services of Vila Health UG (haftunsbeschränkt).
(To use our services, you must be 16 years of age or older.)
In the following, Vila Health UG (haftungsbeschränkt) ("Vila Health", "us", "our" or "we") gives you an overview of what data we collect for what purpose and how we ensure the protection of your data when using our website and services. We take the protection of your privacy and personal data very seriously and treat them strictly confidentially in accordance with the statutory data protection regulations and this data protection guideline.
Your (health) data is encrypted using the latest technology and can generally only be associated with you if you provide us with your personal access passwords.
When you visit the Vila Health website at www.vila-health.com (our "Website") and use our application in the login area (our "Services"), you will be asked to confirm your acceptance of and consent to the practices described in this Policy.
Responsible is Vila Health UG (haftungsbeschränkt), c/o Factory Works GmbH. Rheinsberger Str. 76/77, 10115 Berlin, registered in the commercial register of the local court Charlottenburg (Berlin, Germany) under HRB 208413, represented by Managing Director Laura Korcik.
For inquiries and further questions regarding the processing of personal data, please contact firstname.lastname@example.org. Our data protection officer is Laura Korcik.
Personal data is any information about an identified or identifiable natural person, such as a name or e-mail address.
Personal data will only be collected, used and/or passed on by us if this is legally permissible or if you explicitly give your consent. In particular, the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the repeal of Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data ("General Data Protection Regulation", GDPR) as well as the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG) apply.
Your data will be used for the following purposes:
to provide you with the functionality and benefits of Vila Health,
to answer any questions you may have,
to analyze your use of our services and improve our services with our legitimate interests in quality assurance, technical and content development, and marketing,
when health data is processed, to provide you with Vila Health's services and to analyze that data with your explicit consent to improve our products and for research purposes, or
When using the app, we collect the personal data described below in order to enable convenient use of the functions. If you wish to use our services, we collect the following data, which is technically necessary for us to be able to offer you the functions and guarantee stability and security (legal basis is Art. 6 (1) f. GDPR): IP address, unique device ID, country and region, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred, app usage data, operating system and its interface language.
To avoid associating this information with your identity (including your email address), we create a random and unique identifier that we cannot associate with your account.
In addition, we need your first name, gender, date of birth, information about your illness, your current (professional) status and your e-mail address to create and manage your account, provide you with the Services, process your requests and contact you if necessary. The legal basis for our data processing of personal data is Art. 6 (1) b. GDPR on the basis of the existing contract with us. The processing of health data is carried out on the basis of your expressed consent to the use of the services and their analysis for the improvement of our products and for research purposes on the legal basis of Art. 9 (2) a. GDPR.
You can delete and change the data entered in your App account at any time.
During your continued use of the Services, you will also be asked to provide us with certain additional information. This information includes the following: Your feedback about our services, your knowledge of Vila Health, your billing information and any information you create and submit to us while using the services of the App (i.e. while doing the Vila program).
If the data processed for the purpose of providing the "Services" are considered personal data, such data processing is based on Art. 6 (1) b. or f. GDPR for the purpose of providing our Service and analyzing such data on the basis of our legitimate interest in improving our products and for research purposes. Health data will be processed on the basis of your expressed consent. Their analysis is used to improve our products and for research purposes on the basis of Art. 9 (2) a. GDPR.
You have the right to revoke your consent to the use of this health data at any time with effect for the future. For such a revocation please send us an e-mail to email@example.com or delete your entire data/account via the corresponding button in the settings of the service. However, we would like to point out that in this case you will no longer be able to make full use of the functions of the services on this website.
We will never share your personal information (or any other information you provide to us) with third parties, but we reserve the right to share information that has been anonymized and/or aggregated. You acknowledge and agree that we are the owner of all rights, title and interest in and to any derived data or aggregated and/or anonymous data collected or generated by us.
When you contact us, your data will be processed with your consent for the purpose of processing the request and, if applicable, subsequent questions on the legal basis of Art. 6 (1) a. GDPR or the fulfilment of your request on the basis of Art. 6 (1) b. GDPR.
On the basis of Art. 6 (1) b. or f. GDPR, TMG or UWG, we may also contact you by e-mail if this is important for the use of the app or similar services and if you have not objected to these messages.
In addition, your data will be processed by us with your expressed consent to the sending of newsletters that you have subscribed to via the website.
Below you will find a detailed overview of the exact data we process, their use and the legal basis:
You have certain rights with regard to the use of your personal data, which you can apply at any time and without any disadvantages:
You have the right to revoke your consent to the use of data at any time with effect for the future if such data processing is based on your consent.
You have the right to access the data stored by us and the right to correct your data if it is incorrect.
You have the right to object to the processing of your personal data, e.g. if your personal data is used for direct marketing purposes.
You have the right to request the deletion of your data.
You have the right at any time to request information about the stored data (in structured, up-to-date and machine-readable form) and can demand the correction or deletion of the data in the event of incorrect data storage.
You also have the right to file a complaint with a supervisory authority of your choice (e.g. for Berlin https://www.datenschutz-berlin.de/kontakt.html). An overview of the European national data protection authorities can be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
When using the website and services, data may be processed by third parties commissioned by us, e.g. cloud service providers.
For example, we use a hosting service provider Amazon Web Services, Inc.. The data we process with AWS (no personal health data) is physically located in Frankfurt, Germany. AWS is certified according to the EU-US Privacy Shield and complies with the data protection standards applicable in the EU.
You can find an overview of all third-party providers we use here (for more details on Google Analytics, see below)
In addition, your personal data will only be passed on to third parties within the scope of the statutory provisions, i.e. if we are obliged to pass on your data due to an official or court order or if necessary due to statutory provisions or if you give your express consent.
We will retain the above data for as long as necessary to provide the services to you, to address specific issues that may arise, or as otherwise required by law or by a responsible regulatory authority. As soon as your account is terminated or deactivated, we will delete the personal data relating to your account within one month. Some personal information may need to be retained longer to ensure that Vila Health can comply with applicable law and internal compliance procedures, including storing your email address to suppress marketing communications if you choose not to receive further marketing communications.
Storing periods are based on business requirements, and your data that is no longer needed is either irrevocably anonymized (and the anonymized data can be retained) or securely deleted.
We have taken adequate measures to ensure data and IT security and we also work with a third party that specializes solely in the secure and encrypted storage of health data (see Chino.io). The website services are operated via a secure TLS connection which encrypts the connection from your device to our servers.
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is activated on this website, Google will shorten your IP address beforehand within member states of the European Union or in other signatory states to the Agreement on the European Economic Area.
Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
Our website uses the "Google Fonts" service from Google LLC, Mountain View, CA, USA to integrate and display text on the website. To this end, Google may process your data (including your IP address) on servers located in the United States. If the IP address is processed, the data will be processed on the basis of Art. 6 (1) f. of the German Data Protection Act. GDPR or TMG, whereby our legitimate interests (or the legitimate interests of third parties commissioned by us) in quality assurance or statistical analysis of user behavior are pursued. If your browser does not support Google fonts, your device will use a default font. We would like to point out that the integration of Google and an existing Google account can lead to automated decision making ("profiling").