Privacy policy D4L Collect App
With the D4L Collect app provided by D4L data4life gGmbH (in the following “Data4Life”, “we”, “our” and “us”), you can engage in scientific studies. It's important to note that Data4Life’s offerings do not include diagnostic or medical services and explicitly do not replace treatment or advice from a doctor.
1. Controller and data protection officer
The controller pursuant to Art. 4 para. 7 of the General Data Protection Regulation (GDPR) for the mobile app is
D4L data4life gGmbH
c/o Digital Health Cluster (DHC) im Hasso-Plattner-Institut (HPI)
Rudolf-Breitscheid-Straße 187
14482 Potsdam
Germany
Email: we@data4life.help
You can also contact our data protection officer (DPO) by email dataprotection@data4life.help or by sending a letter to the controller’s postal address (to the attention of "the data protection officer").
2. Your rights
You have the following rights regarding personal data concerning you:
- Right to access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR; “Right to be forgotten”)
- Right to limitation of processing (Art. 18 GDPR)
- Right to object to the processing (Art. 21 GDPR)
- Right to data transferability (Art. 20 GDPR)
You also have the right to lodge a complaint regarding our processing of your personal data with a supervisory authority in the member state where you reside, work, or where the alleged infringement occurred if you believe that the processing of your personal data is unlawful. The supervisory authority responsible for us is:
Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht
Stahnsdorfer Damm 77
14532 Kleinmachnow
Germany
Telephone: 0049 (0)33203/356-0
Telefax: 0049 (0)33203/356-49
Email: poststelle@lda.brandenburg.de
If you have given us consent to process your data, you can revoke it at any time, affecting future processing. The lawfulness of processing your data until revocation remains unaffected.
You can contact us anytime using the communication channels listed in Section 1 above or the contact details provided in our imprint to exercise your rights or for other data protection concerns.
3. Supplementary note about your right of objection
Please be aware that if your personal data is processed based on legitimate interests within the scope of the balancing of interests according to Article 6(1)(f) GDPR, you have the right to object to such processing at any time. You can express your objection by contacting us using the channels listed in Section 1 above or the contact details in our imprint.
4. Purposes and legal bases of the processing of your personal data
Data4Life processes your personal data solely for conducting scientific research.
a. Usage of the mobile app
When you use the app, certain data is automatically transmitted to our partner’s web server, for example:
- Device IP address
- Date and time of the request
- Amount of data transmitted
- Description of the used client
The processing of this data, which contains a (pseudonymized) personal reference via the IP address, is technically necessary and is carried out in order to provide you with the offering. The legal basis for the aforementioned processing is Art. 6 para. 1 sentence 1 lit. b GDPR (processing is necessary for the fulfillment of a contract with the data subject).
The described data is stored in log files for seven days by our partners to safeguard their infrastructure security and assist law enforcement in case of cyberattacks, such as DDOS attacks. In case of an attack, log data is retained for evidentiary purposes until the incident is resolved. The legal basis for this processing is Article 6(1)(f) GDPR (processing is necessary for the legitimate interests pursued by the controller), aiming to ensure adequate security and stability of the web servers.
When installing the app for the first time, a passphrase consisting of 12 randomly generated words is created and securely stored within the app. This passphrase serves as your technical identity within the system and is crucial for utilizing the app's functions. It's imperative that you safeguard this passphrase in a secure location.
In the event of switching devices or re-installation of the app, you'll need to provide the passphrase to restore your account. Losing your passphrase means you need to create a new account and thereby generate a new identity in the system. As we do not retain any knowledge of your passphrase, we can not help you recover it once lost.
The legal basis for the aforementioned processing is Art. 6 para. 1 sentence 1 lit. b GDPR (processing is necessary for the fulfillment of a contract with the data subject).
b. Registration for scientific studies
You can register for scientific studies using the app.
If you want to participate in public studies, you can select them from the list of public studies obtained from our partners.
If you have been invited to a closed study, you will have received a QR code or a participation code from the respective study leader. You can participate in the respective closed study by scanning the QR code or entering the participation code.
Each study is unique, so you will find the details regarding the processing of your personal data in the respective study's privacy policy. Your consent to participate in a study may be required. The privacy policy and consent will be provided to you in writing or digitally within the app before you join the study. The study leaders are responsible for the content of the privacy policy and consent.
After registering for a study, you can access the offer and content of the study through our app and utilize its functionalities.
You can leave studies at any time without providing reasons.
The legal basis for the aforementioned processing is Art. 6 para. 1 sentence 1 lit. b GDPR (processing is necessary for the fulfillment of a contract with the data subject).
Last updated: September 2024
