The protection of your personal data is very important to D4L data4life gGmbH (in the following “Data4life”, “we”, “our” and “us”). We treat this topic with a great deal of care and therefore inform you in the following about the handling of your personal data when visiting our websites data4life.care and d4l.io.
Personal data means any information relating to an identified or identifiable natural person, such as name, address and email address.
1. Controller and data protection officer
The responsible controller according to Art. 4 para. 7 of the General Data Protection Regulation (GDPR) is D4L data4life gGmbH, c/o Digital Health Center (DHC) im Hasso-Plattner-Institut (HPI), Rudolf-Breitscheid-Straße 187, 14482 Potsdam, Germany, firstname.lastname@example.org.
You can reach our data protection officer at email@example.com or our postal address by writing to the attention of "The data protection officer".
2. Purpose and legal basis for the processing of personal data
a. When visiting our website
When you visit the website data4life.care, the following data is automatically transferred to the web server of Data4Life:
- IP address of the device used for the retrieval
- Web address (URL) of the page from which the file was requested (referrer)
- Date and time of the request
- Amount of data transmitted
- Description of the type of web browser used
The processing of this data, which contains a (pseudonymized) personal reference via the IP address, is technically necessary and is carried out in order to provide you with the Data4Life offering. The legal basis for the aforementioned processing is Art. 6 para. 1 sentence 1 lit. b GDPR (processing is necessary for the fulfillment of a contract with the data subject).
To avert threats to the security of Data4Life’s infrastructure and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack, e.g. in a DDOS attack, the data mentioned above is generally stored in log files for a period of two days. In the event of an attack, log data is retained for the purpose of preserving evidence until the respective incident has been resolved. The legal basis of this processing is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to safeguard the legitimate interests of the controller). Data4Life’s legitimate interest is to provide sufficient security and stability to our web servers.
b. Email newsletter subscription
With your consent, you can subscribe to our email newsletter, in which we inform you about Data4Life, its partners, and developments in health. To subscribe to the newsletter as a registered user of the Data4Life offering, you only need to click on the button in the respective newsletter subscription screen or activate the newsletter checkbox in your profile settings. We then process the email address you have confirmed during your registration for the purpose of subscribing you to the newsletter and sending you the newsletter.
The legal basis for the processing described above for the purpose of sending you our email newsletter is Art. 6 para. 1 sentence 1. lit. a GDPR (processing based on the consent of the data subject).
You can revoke your consent and unsubscribe from the newsletter at any time. You will not receive any newsletters from us after you have revoked your consent. To revoke your consent you can, for example, click on the unsubscribe link provided in every newsletter or send an email to firstname.lastname@example.org.
When you contact us via one of our contact options, for example, email, post, or telephone, we process the data you provide (for example your email address and the content of your enquiry) necessary for us to answer your question. If your enquiry contains optional personal data, e.g. your name, we will process that data in order to provide improved support. The legal basis for this collection of data is Art. 6 para. 1 sentence 1 lit. b GDPR (processing is necessary for the fulfillment of a contract with the data subject) when we are in the process of entering into or already have a contractual relationship. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to safeguard the legitimate interests of the controller) if we do not have or do not plan a contractual relationship, e.g., when the contact is of a general nature. Our legitimate interest in the latter case is to answer your inquiry by providing appropriate and useful information.
We anonymize the data arising in this context after the storage is no longer necessary (usually four weeks after we fully answered your request), or restrict the processing if there are legal storage obligations. The legal basis for the processing described above is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to safeguard the legitimate interests of the controller). Data4Life has a legitimate interest in collecting key performance indicators as part of a quality management system for continuous improvement of the services offered. For this purpose, we systematically evaluate the number of contacts and the reasons for them, the processing time of inquiries and other key figures.
3. Recipients or categories of recipients
For the purpose of providing the necessary server infrastructure to run our website and enabling faster loading speeds of our website we use the service IONOS Deploy Now from IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR with IONOS.
For the purpose of sending you emails, for example to send you our email newsletters your email address will be disclosed to Sendinblue, 7 rue de Madrid, 75008 Paris, France who supports us as a data processor. We have concluded data processing agreements with Sendinblue pursuant to Art. 28 para. 3 GDPR.
For the purpose of facilitating email communication for customer support, contact emails (see section “j. Support/Kontaktaufnahme”) and contacting you regarding your user feedback Data4Life discloses contact information and content data, e.g. email contents, to our mail service provider Heinlein Hosting GmbH, Schwedter Straße 9a, 10119 Berlin, Germany. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR with Heinlein Hosting.
For the purpose of facilitating email communication for general requests and communication through email addresses with the ".care" domain extension, Data4Life uses Google Workspace provided by our data processor Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google processes your contact information, for example, email address and the content of your email. Google stores your personal data on servers based in the European Economic Area (EEA). However, we cannot exclude that Google accesses and therefore transfers your personal data to the United States. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR and EU standard contractual clauses with Google.
For the purpose of managing contact and support requests and user feedback we disclose the feedback content, contact information and email content to our processor Zammad GmbH, Marienstraße 18, 10117 Berlin, Germany. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR with Zammad.
We regularly audit our processors on the level of protection provided by the standard contractual clauses and, if necessary, take additional measures to ensure an appropriate level of protection.
In all of the above mentioned cases, D4L data4life gGmbH remains responsible for the processing of personal data.
a) Cookies necessary for the website functionality
We require cookies to provide the following functions:
- Saving cookie preferences
- Correct display of the top banner
- Dividing website visitors into groups for functional A/B testing
b) Cookies not necessary for the website functionality
5. Analysis of user behavior and troubleshooting
a. Use of Matomo for analytics purposes
With your consent, we use the technology of the provider Matomo in our web offer for analysis purposes. Our web offering includes the website data4life.care as well as our web app at app.data4life.care and our authentication tool at auth.data4life.care.
The following data is collected by Matomo if you consent to the analysis:
- Page views
- Mouse clicks
- Movements of the mouse
- Current position of the cursor
- Changes in window size
- Zoom on mobile devices (smartphone, tablet)
- Change of website within our domain, e.g. pop-up windows
- IP address
Your IP address is anonymized immediately after processing and before storage. The data collected using Matomo technology is processed exclusively on servers in Germany by Data4Life. The listed usage analysis of our products helps us to continuously optimize our products and improve your experience when using our web app. The mentioned personal data is deleted two years after its collection.
If you have set the "Do Not Track" setting in your browser, our website will be signaled that it should not create a usage profile about the visitor's activities. In this case, no tracking cookies are created either.
The legal basis for the use of Matomo is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can revoke your consent at any time with effect for the future under section 4 c.
b. Error reporting using Sentry
In order to understand the source and causes of potential errors and crashes in our services, to gain the knowledge necessary to reproduce and resolve such crashes, and to provide our users with the best possible experience when using our services, we use, with your consent, Sentry, which enables us to track errors in real time. In this context, and if you discover a bug or crash in our website, user data, such as information about the device you are using and the time at which the bug or crash occurred will be collected and analyzed solely for the purpose of identifying the bug or crash and resolving it, and not for any other purpose, and then deleted once the bug or crash has been resolved. The data collected with the Sentry technology is processed exclusively on Data4Llife servers in Germany. Personal data collected through Sentry is deleted 90 days after its collection.
The legal basis for the use of Sentry is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can revoke your consent at any time with effect for the future under section 4 c.
c. Withdrawing or granting consent for cookies, usage analytics and error reporting
You can revoke or give your consent for the use of optional cookies as well as Matomo and Sentry at any time with effect for the future. To change your consent settings, click the button below.
Consent for cookies, bug reports & usage analysis is granted
Consent for optional cookies, bug reports & usage analysis is denied
Note: Withdrawing the consent does not delete cookies that have been previously set. You can delete existing cookies at any time in your browser settings.
6. Social media pages of Data4Life
In the following, we inform you about the handling of your personal data when visiting the social media pages of Data4Life on Facebook, Twitter, LinkedIn and Instagram. The processing of your personal data is carried out on the one hand by Data4Life and on the other hand by the respective social media platform.
a. Processing by Data4Life
As the operator of a social media site, we process the content you share on our sites, e.g. via posts, comments, direct messages, etc. In addition, we process the data from the stored information of your publicly viewable profile, e.g. your profile picture and name, if you leave a comment on one of our pages. We would like to point out that you should never share sensitive personal data, e.g. health data, with us via social media sites, as this simultaneously involves a transfer of the data to the respective social media platforms and the data may be transferred to unsafe third countries outside the European Union. The purposes of processing your profile and content data on our social media pages are the external presentation of Data4life and the provision of a contact opportunity with customers, partners and interested persons who want to learn more about Data4Life. The legal basis for the described processing activity is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to protect the legitimate interests of the controller). Our legitimate interest is to improve the user experience of our social media pages.
Data4Life uses the usage statistics provided by the operators of the social networks to improve the user experience when visiting our social media sites. This includes, but is not limited to, data such as the number and duration of your visits to the social media site, your interactions with us regarding our posts, and personal information such as your age, gender, and interests. We do not have access to the usage data used to compile these statistics. The legal basis for the described processing activity is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to protect the legitimate interests of the controller). Our legitimate interest is to improve the user experience of our social media pages.
b. Processing by the social media platforms.
The extent of the processing of personal data depends on the respective operator of the social network, may therefore differ and is not necessarily comprehensible to us. The details about the collection and storage as well as the type, scope and purpose of the use of your data by the operator can be found in the privacy statements of the respective operator:
- Facebook: https://de-de.facebook.com/about/privacy
- Twitter: https://twitter.com/de/privacy
- Instagram: https://help.instagram.com/519522125107875
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
The operators bear the primary responsibility for data processing on Data4Life social media pages. We therefore recommend that you assert your data subject rights directly with the respective operators. Alternatively, we will be happy to help you influence the data subject rights process of the social media platforms in exercising your rights, taking into account our options.
c. Notice regarding joint responsibility for data processing when operating the Data4Life Fanpage on Facebook.
Data4Life and Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (hereinafter: "Facebook") are jointly responsible for the processing of personal data of visitors to our Facebook Fanpage. When you visit the Data4Life Fanpage, Facebook collects information as described in Facebook’s data policy under "What kinds of information do we collect?".
The specific data processing depends on your particular use of the Facebook Fanpage, such as the types of content you view or interact with, or the actions you take (see under "Things you and others do and provide" in Facebook’s data policy), as well as information about the devices you use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under "Device Information" in Facebook’s data policy).
As explained in Facebook's data policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, called Page Insights, to Page operators to provide them with insights about how you interact with Facebook Pages and with connected content. The processing of personal data for Page Insights is subject to the Shared Responsibility Agreement (Page Insights Supplement Regarding Controller).
7. Your rights
You have the following rights with regard to personal data related to you:
- Right of access (Art. 15 GDPR),
- Right to rectification (Art. 16 GDPR),
- Right to erasure (Art. 17 GDPR, “right to be forgotten”),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object to processing (Art. 21 GDPR),
- Right to data portability (Art. 20 GDPR).
You also have the right to complain to a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement if you consider that the processing of personal data related to you is unlawful. The supervisory authority responsible for us is:
Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht
Stahnsdorfer Damm 77
Telephone: 0049 (0)33203/356-0
Telefax: 0049 (0)33203/356-49
If you have given us consent to the processing of your data, you can revoke it at any time with effect for the future. The lawfulness of processing your data until revocation remains unaffected by this. For the assertion of your rights or if you have any other data protection concerns, you can contact us at any time via the contact details listed in section 1 above and/or in our imprint.
8. Additional information on your right of objection
Please note that if your personal data is processed on the basis of a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR and/or if your personal data is processed for the purposes of direct marketing, you have the right to object to the processing of your personal data at any time.
Last updated: January 2023