Information from Declareme UG about the processing
personal data in accordance with Art. 13 DS-GVO
Responsible for the collection of data:
Declareme UG (limited liability) (hereafter: “we”)
Represented by the managing director Mrs. Victoria Noack
Phone +49 (160) 699-00-68
§1 General information on the processing of personal data by us
We collect and process personal data if you provide it to us when registering for App HealthMe, when contacting us, or via an input form in our App or on our website. In addition, we collect and process data that is generated when you use our website and app. The processing of your data is carried out in accordance with the provisions of the EU Data Protection Basic Regulation (DS-GVO), the Federal Data Protection Act and – if applicable – the Telemedia Act. Personal data is all information that relates to an identified or identifiable natural person. In the following we explain in detail how we collect which data and on which legal basis. In addition, we explain what rights you have and how long your data is stored. The purchase of a subscription to our App HealthMe via the AppStore or PlayStore is done via these stores. Their providers are also responsible for processing your personal data. Please contact the providers for information about the processing of your personal data.
§2 Processing of your personal data upon registration for our App
(1) Our App HealthMe can only be used by registered users. The use of HealthMe is only possible with registration, because it allows us to save the data you enter, e.g. about your allergies, so that you do not have to enter it again each time you open the app. It also allows you to use the app on multiple mobile devices on which you are logged into the AppStore or PlayStore with the same ID without having to re-enter all your data. Password protection also allows you to log out at any time, preventing access to your data by unauthorized third parties accessing your mobile device. The processing of the data as explained in the following paragraphs is therefore carried out on the basis of Art. 6 para. 1 sentence 1 b) DS-GVO because it is necessary for the purpose of fulfilling the contract.
(2) After purchasing the subscription and installing HealthMe on your mobile device you must enter the following data: Your first and last name, your email address and a password of your choice. You do not have to enter your first name and surname truthfully, but if you use a pseudonym, you must but your e-mail address must be accurate and up to date. We verify this by first sending you a confirmation e-mail with a link. Only after clicking on this link can you log in to HealthMe and use our app (so-called double opt-in procedure). To document your confirmation by clicking on the link, we also save the name of the file or resource accessed (confirmation of the e-mail address), date and time of access, message whether the access was successful and your complete IP address. We will also use your e-mail address in future for further contractual communication.
(3) Alternatively, you can also register with your Facebook account. In this case, we will learn your first and last name as you entered it on Facebook and your Facebook ID instead of your email address.
§3 Your consent to the processing of your health data
With HealthMe you can scan food to see what allergens it contains and their nutritional values. If you have previously indicated in your account which allergens are relevant to you, HealthMe can also tell you whether the food you are scanning is of concern or not. You will also be shown alternatives to the scanned food. The indication of allergens in your account is completely voluntary. If you disclose health data, e.g. because you have an allergy to a selected allergen, we will process it by storing it in our database based on your consent. Your consent also includes the storage of your data on the servers of one of our service providers (database provider, see also § 8), whereby we always store your information on allergens separately from your data listed in § 2, but only linked to a user ID so that we can also display the data in your account. You can revoke this consent at any time by deleting the selection of allergens in your account settings by removing the checkbox. Revocation of consent does not affect the legality of the processing that has taken place based on the consent until revocation.
§4 Storage of your scan and search history
Part of our service is to store your scan and search history in your account so that you can see which foods you have already looked at and retrieve the information about them without having to scan the food again. Therefore, the storage of your scan and search history is based on Art. 6 para. 1 sentence 1 b) DS-GVO because it is necessary for the purpose of fulfilling the contract.
§5 Processing of your personal data when contacting us
If you make personal data available to us by contacting us, e.g. via an input form, by e-mail or by other means, we process your data in accordance with Art. 6 Paragraph 1 Sentence 1 b) DS-GVO for the purpose of fulfilling the contract or carrying out pre-contractual measures in response to your enquiry or in accordance with Art. 6 Paragraph 1 Sentence 1 f) DS-GVO on the basis of our legitimate interest in responding to your enquiry. We process your data only for the purpose of processing your specific enquiry.
§6 Processing of data by means of log files
Both our website and App HealthMe use so-called log files on the basis of Art. 6 Para. 1 S. 1 f) DS-GVO, in which access data is stored with every page or app call. The data record stored in this way contains the following data when the website is accessed:
– Name of the retrieved file
– Date and time of retrieval
– Message whether the retrieval was successful
– The IP address
– Browser type
– Browser version and its language
– Operating system and its interface
– Reference URL
– Access status/http status code
– Type of the terminal device
When accessing App HealthMe, the stored data set contains the following data in addition to the data mentioned in § 2 paragraph 2:
– Application type and application ID
– Operating system and its interface
The protocol data (logs) are only stored anonymously, so that a personal reference can no longer be established. Temporary storage of the complete IP address can be done in individual cases, if we have to protect our website and app against attacks and abuse. This is also our legitimate interest for the storage. We do not use the log data for any other purposes.
Our Web site and App HealthMe are protected with SSL encryption, so personal information is transmitted only in encrypted form. We take technical and organizational measures to protect our Web site and App HealthMe and other systems against loss, destruction, access, alteration or distribution of your data by unauthorized persons.
§8 Categories of recipients of data; data transfers to a third country
Service providers and agents employed by us in connection with the Website, e.g. host providers, database providers and other IT service providers, may have access to your personal data. If these service providers and vicarious agents process data on our behalf, they act in accordance with our instructions and are contractually bound by us accordingly. This also applies in the case of data transfer to a third country. A data transfer to a third country (e.g. USA) takes place by using certain service providers. However, this data transfer only takes place if the requirements of Art. 44 ff. DS-GVO are met.
§9 Your rights
In accordance with Art. 15 DS-GVO, you have the right to request information free of charge about the personal data stored about you. Under Articles 16, 17 and 18 of the DS-GVO, you also have the right to correct incorrect data and to block and delete your personal data.
Under the conditions set out in Art. 20 DS-GVO, you are also entitled to receive the personal data relating to you that has been stored in a structured, common and machine-readable format and to transfer this data to another person responsible without hindrance from us.
In addition, you are entitled under Article 21(1) of the DS-GVO to object to the processing of personal data concerning you that is carried out on the basis of Article 6(1) sentence 1 e) or f) DS-GVO, including profiling, for reasons arising from your particular situation. If your personal data are processed for the purposes of direct advertising, you have the right to object at any time to the processing of your data for such advertising, including profiling, in so far as it relates to such direct advertising, in accordance with Art. 21(2) FADP.
We will comply with your aforementioned rights to the extent that the legal requirements for asserting the rights are met.
Every person concerned also has the right to lodge a complaint with a data protection supervisory authority regarding the processing of data by us.
§10 Duration of storage and routine deletion