The protection of your personal data is very important to D4L data4life gGmbH (in the following “Data4life”, “we”, “our” and “us”). We treat this topic with a great deal of care and therefore inform you in the following about the handling of your personal data when visiting our websites data4life.care and d4l.io.
Personal data means any information relating to an identified or identifiable natural person, such as name, address and email address.
1. Controller and data protection officer
The responsible controller according to Art. 4 para. 7 of the General Data Protection Regulation (GDPR) is D4L data4life gGmbH, Charlottenstraße 109, 14467 Potsdam Germany, email@example.com.
You can contact our data protection officer by email (firstname.lastname@example.org) or by sending a letter to our postal address (to the attention of "the data protection officer").
2. Purpose and legal basis for the processing of personal data
a. When visiting our website
While visiting our website and if you do not register for our newsletter or contact us via our contact form, we only collect the data that your browser transmits to our server.
This is the following information required to display our website to you and to ensure stability and security: IP address, date and time of the request, content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, operating system and its interface, language and version of the browser software. Please note that we cannot draw any conclusions about individual persons on the basis of this data.The data is stored by us for technical security reasons, e.g. to prevent attacks on our web server; however, the data is anonymized after seven days at the latest by shortening the IP address at domain level, so that it is no longer possible to establish any reference to the individual website user.
Data4Life uses a content delivery network (CDN). The CDN allows you to load our website faster by connecting you to the server that can provide our website most efficiently. For this purpose, the browser you use connects to the CDN. Through this, the CDN obtains knowledge that our website was accessed via your IP address. Your data is only used for the aforementioned purpose and to maintain the functionality and security of the CDN.
The legal basis for the processing activities described above is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary in relation with the controller's legitimate interests).
b. Registering for our Newsletter
With your consent, you can subscribe to our email newsletter, in which we inform you about Data4Life, its partners, and developments in health. To subscribe to the newsletter as a registered user of the Data4Life offering, you only need to click on the button in the respective newsletter subscription screen or activate the newsletter checkbox in your profile settings. We then process the email address you have confirmed during your registration for the purpose of subscribing you to the newsletter and sending you the newsletter.
The legal basis for the processing described above for the purpose of sending you our email newsletter is Art. 6 para. 1 sentence 1. lit. a GDPR (processing based on the consent of the data subject).
You can revoke your consent and unsubscribe from the newsletter at any time. You will not receive any newsletters from us after you have revoked your consent. To revoke your consent you can, for example, click on the unsubscribe link provided in every newsletter or send an email to email@example.com or by contacting us by using the contact channels stated in our imprint.
When you contact us via one of our contact options, for example, email, post, or telephone, we process the data you provide (for example your email address and the content of your enquiry) necessary for us to answer your question. If your enquiry contains optional personal data, e.g., your name, we will process that data in order to provide improved support. The legal basis for this collection of data is Art. 6 para. 1 sentence 1 lit. b GDPR (processing is necessary for the fulfillment of a contract with the data subject) when we are in the process of entering into or already have a contractual relationship. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to safeguard the legitimate interests of the controller) if we do not have or do not plan a contractual relationship, e.g., when the contact is of a general nature. Our legitimate interest in the latter case is to answer your inquiry by providing appropriate and useful information.
We anonymize the data arising in this context after the storage is no longer necessary (usually four weeks after we fully answered your request), or restrict the processing if there are legal storage obligations. The legal basis for the processing described above is Art. 6 para. 1 sentence 1 lit. f. (processing is necessary to safeguard the legitimate interests of the controller). Data4Life has a legitimate interest in collecting key performance indicators as part of a quality management system for continuous improvement of the services offered. For this purpose, we systematically evaluate the number of contacts and the reasons for them, the processing time of inquiries and other key figures.
3. Recipients or categories of recipients
For the purpose of providing the necessary server infrastructure to run our website we use the services of our processor Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR and EU standard contractual clauses with Amazon Web Services.
For the purpose of enabling faster loading speeds of our website we use the CDN of our processor Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR and EU standard contractual clauses with Cloudflare.
For the purpose of sending you emails, for example to send you our email newsletters your email address will be disclosed to Sendinblue, 7 rue de Madrid, 75008 Paris, France and Mailjet SAS, 13-13 bis, rue de l’Aubrac, 75012 Paris, France who support us as a data processors. We have concluded data processing agreements with Sendinblue and Mailjet pursuant to Art. 28 para. 3 GDPR. We have also concluded EU standard contractual clauses with Mailjet.
For the purpose of facilitating email communication, e.g. for customer support and contact emails Data4Life uses Google Workspace provided by our data processor Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google processes your contact information, e.g. email address and the content of your email. Google stores your personal data on servers based in the European Economic Area (EEA). However, we cannot exclude that Google accesses and therefore transfers your personal data to the United States. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR and EU standard contractual clauses with Google.
For the purpose of managing contact and support requests we disclose the feedback content, contact information and email content to our processor Atlassian Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR and EU standard contractual clauses with Atlassian.
We regularly audit our processors on the level of protection provided by the standard contractual clauses and, if necessary, take additional measures to ensure an appropriate level of protection.
In all of the above mentioned cases, D4L data4life gGmbH remains responsible for the processing of personal data.
a) Cookies necessary for the website functionality
We require cookies to provide the following functions:
- Saving cookie preferences
- Correct display of the top banner
- Dividing website visitors into groups for functional A/B testing
b) Cookies not necessary for the website functionality
c) Cookie list
The following table provides an overview of the cookies set by Data4Life on the website. You will find cookies of the category "functional Cookies" (see section 3 a) and "analytics cookies" (see section 3 b).
|Cookie name||Processing purpose||Storage duration||Type of cookie|
|settings::acceptsTracking||Stores user consent decisions for usage analysis either via cookie banner or via browser "do not track" settings.||2 years||Functional cookie|
|settings::acceptsCookies||Stores user consent decision for storing settings in local browser via cookie banner.||2 years||Functional cookie|
|abgroup||Enables A/B testing which is used to enhance our product’s user experience.||Unlimited||Functional cookie|
|closedPageBanner||Notes the closing of the header banners to allow better navigation.||Session||Functional cookie|
|_pk_id||Stores details about the user such as the unique visitor ID.||1 month||Analytics cookie|
|_pk_ses||Stores session-specific data.||30 min||Analytics cookie|
4. Analysis of user behavior and troubleshooting
a. Use of Matomo for analytics purposes
With your consent, we use the technology of the provider Matomo in our web offer for analysis purposes. Our web offering includes the website data4life.care as well as our web app at app.data4life.care and our authentication tool at auth.data4life.care.
The following data is collected by Matomo if you consent to the analysis:
- Page views
- Mouse clicks
- Movements of the mouse
- Current position of the cursor
- Changes in window size
- Zoom on mobile devices (smartphone, tablet)
- Change of website within our domain, e.g. pop-up windows
- IP address
Your IP address is anonymized immediately after processing and before storage. The data collected using Matomo technology is processed exclusively on servers in Germany by Data4Life. The listed usage analysis of our products helps us to continuously optimize our products and improve your experience when using our web app.
If you have set the "Do Not Track" setting in your browser, our website will be signaled that it should not create a usage profile about the visitor's activities. In this case, no tracking cookies are created either.
The legal basis for the use of Matomo is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can revoke your consent at any time with effect for the future under section 4 c.
b. Error reporting using Sentry
In order to understand the source and causes of potential errors and crashes in our services, to gain the knowledge necessary to reproduce and resolve such crashes, and to provide our users with the best possible experience when using our services, we use, with your consent, Sentry, which enables us to track errors in real time. In this context, and if you discover a bug or crash in our website, user data, such as information about the device you are using and the time at which the bug or crash occurred will be collected and analyzed solely for the purpose of identifying the bug or crash and resolving it, and not for any other purpose, and then deleted once the bug or crash has been resolved. The data collected with the Sentry technology is processed exclusively on Data4Llife servers in Germany.
The legal basis for the use of Sentry is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can revoke your consent at any time with effect for the future under section 4 c.
c. Withdrawing or granting consent for cookies, usage analytics and error reporting
You can revoke or give your consent for the use of optional cookies as well as Matomo and Sentry at any time with effect for the future. To change your consent settings, click the button below.
Consent for cookies, bug reports & usage analysis is granted
Consent for optional cookies, bug reports & usage analysis is denied
Note: Withdrawing the consent does not delete cookies that have been previously set. You can delete existing cookies at any time in your browser settings.
6. Social media pages of Data4Life
In the following, we inform you about the handling of your personal data when visiting the social media pages of Data4Life on Facebook, Twitter, LinkedIn and Instagram. The processing of your personal data is carried out on the one hand by Data4Life and on the other hand by the respective social media platform.
a. Processing by Data4Life
As the operator of a social media site, we process the content you share on our sites, e.g. via posts, comments, direct messages, etc. In addition, we process the data from the stored information of your publicly viewable profile, e.g. your profile picture and name, if you leave a comment on one of our pages. We would like to point out that you should never share sensitive personal data, e.g. health data, with us via social media sites, as this simultaneously involves a transfer of the data to the respective social media platforms and the data may be transferred to unsafe third countries outside the European Union. The purposes of processing your profile and content data on our social media pages are the external presentation of Data4life and the provision of a contact opportunity with customers, partners and interested persons who want to learn more about Data4Life. The legal basis for the described processing activity is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to protect the legitimate interests of the controller). Our legitimate interest is to improve the user experience of our social media pages.
Data4Life uses the usage statistics provided by the operators of the social networks to improve the user experience when visiting our social media sites. This includes, but is not limited to, data such as the number and duration of your visits to the social media site, your interactions with us regarding our posts, and personal information such as your age, gender, and interests. We do not have access to the usage data used to compile these statistics. The legal basis for the described processing activity is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to protect the legitimate interests of the controller). Our legitimate interest is to improve the user experience of our social media pages.
b. Processing by the social media platforms.
The extent of the processing of personal data depends on the respective operator of the social network, may therefore differ and is not necessarily comprehensible to us. The details about the collection and storage as well as the type, scope and purpose of the use of your data by the operator can be found in the privacy statements of the respective operator:
- Facebook: https://de-de.facebook.com/about/privacy
- Twitter: https://twitter.com/de/privacy
- Instagram: https://help.instagram.com/519522125107875
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
The operators bear the primary responsibility for data processing on Data4Life social media pages. We therefore recommend that you assert your data subject rights directly with the respective operators. Alternatively, we will be happy to help you influence the data subject rights process of the social media platforms in exercising your rights, taking into account our options.
c. Notice regarding joint responsibility for data processing when operating the Data4Life Fanpage on Facebook.
Data4Life and Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (hereinafter: "Facebook") are jointly responsible for the processing of personal data of visitors to our Facebook Fanpage. When you visit the Data4Life Fanpage, Facebook collects information as described in Facebook’s data policy under "What kinds of information do we collect?".
The specific data processing depends on your particular use of the Facebook Fanpage, such as the types of content you view or interact with, or the actions you take (see under "Things you and others do and provide" in Facebook’s data policy), as well as information about the devices you use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under "Device Information" in Facebook’s data policy).
As explained in Facebook's data policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, called Page Insights, to Page operators to provide them with insights about how you interact with Facebook Pages and with connected content. The processing of personal data for Page Insights is subject to the Shared Responsibility Agreement (Page Insights Supplement Regarding Controller).
7. Your rights
You have the following rights with regard to personal data related to you:
- Right of access (Art. 15 GDPR),
- Right to rectification (Art. 16 GDPR),
- Right to erasure (Art. 17 GDPR, “right to be forgotten”),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object to processing (Art. 21 GDPR),
- Right to data portability (Art. 20 GDPR).
You also have the right to complain to a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement if you consider that the processing of personal data related to you is unlawful. The supervisory authority responsible for us is:
Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht
Stahnsdorfer Damm 77
Telephone: 0049 (0)33203/356-0
Telefax: 0049 (0)33203/356-49
If you have given us consent to the processing of your data, you can revoke it at any time with effect for the future. The lawfulness of processing your data until revocation remains unaffected by this.For the assertion of your rights or if you have any other data protection concerns, you can contact us at any time via the contact details listed in section 1 above and/or in our imprint.
8. Additional information on your right of objection
Please note that if your personal data is processed on the basis of a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR and/or if your personal data is processed for the purposes of direct marketing, you have the right to object to the processing of your personal data at any time.