SINOVO Color Stripe
Locale
Telefon Icon +49 6101 590 90 00 Mail Icon
Pfeil Icon

Privacy Policy

Privacy policy of SINOVO

SINOVO takes the protection of personal data very seriously. We base our data processing on the legal objective of only collecting, processing or utilising the personal data required for the sensible and economic use of our services. You will then find out when data is stored when you use our website, the SiDiary software and our services and how we use it. We have taken organisational measures to ensure that data protection regulations are complied with. If you do not agree with any aspect of our privacy policy, you may be entitled to legal claims, which are also described here in the appropriate place.

Scope of application

In this privacy policy, ‘we’, ‘our’, ‘us’ refer to:

  • SINOVO health solutions GmbH, Willy-Brandt-Straße 4, 61118 Bad Vilbel, Germany
  • SINOVO business Solutions GmbH, Willy-Brandt-Straße 4, 61118 Bad Vilbel, Germany

Personal data

SINOVO collects, processes and uses your personal data in compliance with the data protection laws of the Federal Republic of Germany and the data protection regulations of the European Union. Personal data is all information that relates to a natural person or can at least be related to a natural person and thus allows conclusions to be drawn about their personality.

Our online services can generally be used without disclosing your identity. If you participate in one of our personalised services, you will be expressly asked for the data required to process the services. It is your free decision to participate in these services and to enter the relevant data.

We expressly point out that the protection of data transmissions in open networks, such as the Internet, cannot be fully guaranteed according to the current state of the art. From a technical point of view, the information stored on the SINOVO servers or the Microsoft Cloud may also be viewed and modified by other participants on the Internet without authorisation. SINOVO or Microsoft have secured their servers against unauthorised access with faulty and customary systems.

Type and scope of the data collected and its use

When you visit our website https://diabetes.sinovo.net (and its subdomains), the browser used on your device automatically sends information to the server of our website. This information is stored for a limited period of time. stored in a log file. The following information is collected without any action on your part and stored until it is automatically deleted:

IP address of the requesting computer, date and time of access, name and URL of the retrieved file, website from which access is made (referrer URL), browser used and, if applicable, the operating system of your computer and the name of your access provider.

The aforementioned data is processed by us for the following purposes:

  • Ensuring a smooth connection to the website,
  • ensuring a comfortable use of our website,
  • analysing system security and stability and for other administrative purposes.

The legal basis for data processing is Art. 6 Para. 1 S. 1 t. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

We also use cookies and analysis services when you visit our website. You will find more detailed explanations below.

We also collect certain data about you when you access our website. You can find more information on this in the Log files section.

In order to analyse and continuously improve the quality of our website, we carry out statistical analyses of access to our pages. This is also done in part by using counting graphics on the pages of our website. However, the data obtained in this way is strictly anonymised and does not allow any conclusions to be drawn about the user's personal data or the user's person. Under no circumstances will your data be used to create user profiles of any kind.

The data collected is used for the following purposes:

  • Provision, maintenance, improvement and development of relevant functions, content and services.
  • Detection of and defence against fraudulent, abusive and prohibited activities as well as protection and our security services.

Data processing under the Swiss DSG

In principle, the use of our website is subject to the statutory provisions of the GDPR. If you also visit our website from Switzerland and insofar as the associated data processing also affects you as a Swiss citizen, these data protection provisions also apply to you in accordance with the Swiss Federal Act on Data Protection (‘Swiss FADP’ as amended on 1 September 2023), analogous to the GDPR.)

In principle, the Swiss DPA does not provide for a legal basis. Insofar as we only process your data from Switzerland if the processing is lawful, carried out in good faith and is proportionate in accordance with Art. 6 para. 6 para. 3 of the Swiss DPA.

In this context, please also note that although certain terms are formulated differently under the GDPR, they have the same legal meaning as under the Swiss DPA. For example, the GDPR terms ‘processing’ of ‘personal data’, ‘legitimate interest’ and ‘special categories of data’ used in this data protection notice correspond to the terms ‘processing’ of ‘personal data’, ‘overriding interest’ and ‘sensitive personal data’ used in the Swiss FADP.

The rights of data subjects set out here pursuant to art. 12 ff. GDPR can also be exercised by data subjects from Switzerland analogously to the regulations pursuant to art. 25 et seq. of the Swiss FADP.

Invitations in the SiDiary online version

You can use the SiDiary software to invite other people to become members and view your online data. The personal data collected will be used exclusively for the invitation and will not be used for any other purpose.

Protection and storage of personal data

To ensure the best possible protection of your personal data, SINOVO health solutions GmbH uses Microsoft's cloud services (Windows Azure) for the therapy and device data collected by the SiDiary software. This data is stored in Europe. The SiDiary online version cannot be used by customers in France.

We will only retain your data for as long as is necessary for the purposes set out in this Privacy Policy or for the time that your account with SINOVO health solutions GmbH or Microsoft is active and it is necessary to provide the services to you. If you no longer wish SINOVO health solutions GmbH to use your data to provide the services to you, you can close your account and SINOVO health solutions GmbH will delete the stored data, unless SINOVO health solutions GmbH is obliged to retain your data to comply with legal obligations or to resolve disputes.

If we have had no relevant contact with you for two years, we will delete your personal data from our systems unless we believe in good faith that we are required by law or other regulation to retain it (for example, because there is a request in connection with a prospective legal dispute).

Disclosure of personal data to other third parties

We do not pass on any personal data to other third parties. In particular, we do not pass on personal data to third parties for advertising purposes.

Forwarding of data:
Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

  • You have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 t. a GDPR,
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 t. f GDPR is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • in the event that the disclosure pursuant to Art. 6 para. 1 sentence 1 t. c GDPR there is a legal obligation, and
  • is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

Only anonymised data can be passed on to other third parties for evaluation purposes. Anonymisation is the modification of personal data in such a way that the individual details about personal or factual circumstances can no longer be attributed to a specific or identifiable natural person, or only with a disproportionate amount of time, cost and labour.

However, if you use other personalised services on our website, it may be necessary to collect personalised data and pass it on to third parties for the purpose of performing and processing the service. However, this data is only stored or passed on to the extent necessary for order processing. For this purpose, an explicit declaration of consent is required when completing the respective form.

Third parties to whom your data is passed on as part of order processing are also bound by the statutory regulations for the handling of personal data. Insofar as we are or become obliged to do so by law or by court order, we transmit data to the extent required by law to the bodies authorised to receive such information.

Right to cancellation, information, deletion and data portability, Rights of data subjects

You have the right:

In accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to notification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details; in accordance with Art. 16 GDPR, to immediately request the notification of incorrect or incomplete personal data stored by us;

in accordance with Art. Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims; or for the establishment, exercise or defence of contractual relationships with you;

in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you require it for the assertion, exercise or defence of legal claims or you require it in accordance with Art. Art. Art. Art. Art. Art. Art. pursuant to Art. 21 GDPR to object to the processing;

in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller;

in accordance with Art. 7 para. 3 GDPR, to revoke your consent to us at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future and,

to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can therefore contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

Right to object

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 t. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 6 para. 1 sentence 1 t. f GDPR. In accordance with Art. In accordance with Art. In accordance with Art. In accordance with Art. In accordance with Art. In accordance with Art. Pursuant to Art. 21 GDPR, you have the right to object to the processing of your personal data if there are particular grounds relating to your situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

If you wish to exercise your right of cancellation or objection, simply send an email to info@sinovo.de.

You have the right to revoke your consent to the collection, processing and use of your personal data at any time without giving reasons with effect for the future. You can exercise this right simply by calling SINOVO or by sending us your cancellation, e.g. in writing or by e-mail.

You are entitled to request comprehensive information from SINOVO at any time about the personal data stored about you.

You can also request SINOVO to report, delete and block individual personal data at any time.

If you wish, you are entitled to transfer your data from us to another controller. We will support you in this by transferring your data directly for you or by providing you with a copy in a standard machine-readable format.

SiDiary online version - Notes on data exchange with other persons

Users/patients can use SiDiary Online to exchange data with the persons authorised by them (e.g. doctor, trusted person). We would like to point out that the connection of personal data with health data must be technically possible in order to enable your doctor to assign the data to the patient. However, SINOVO health solutions GmbH will not link personal data with health data in such a way that anyone other than the authorised doctor can assign health data to specific persons. Employees of SINOVO health solutions GmbH are accordingly dependent and bound by these data protection regulations. No personal or health data will be passed on to third parties other than the doctor authorised by you or other third parties authorised by you or authorised to access the data. Access to the data contained in SiDiary Online is only possible after entering the user ID and password.

Doctors and trusted persons are only granted access to the data after you have authorised your doctor for access, they have logged in and confirmed their registration when logging in. Doctors and trusted persons can use the SiDiary software to exchange data with the patients who have authorised them to access the patient data. The authorisation of the doctor or a third party can be revoked at any time. No access for the respective doctor or third party will be granted upon revocation after entering the user ID and password.

Matomo web analysis service

We use Matomo without cookies as data protection-friendly web analysis software. Returning visitors are only recorded with the help of an encrypted identifier based on the anonymised IP address together with the visitor's browser settings. This identifier is changed every 24 hours. As a result, visitor movements within our website are recorded in such a way that it is not possible to draw conclusions about the identity of individual visitors. The data collected by Matomo is only processed by us and is not shared with third parties (matomo.org).

Use of cookies

The SiDiary Online services use cookies after you have logged in (with your user name and password), with which you can be identified for the duration of your visit. A cookie is stored on your computer. At the end of the session, the cookie expires automatically. You can save this cookie permanently using the ‘Log in automatically on this computer’ function for automatic login. The cookie then contains parts of your login data in encrypted form. However, automatic login on two different computers is not possible in this case.

Log files

Each time a page is accessed, access data is stored in a log file, the server log. The stored data record contains the following data:

  • Your IP address (by which your computer can be uniquely identified),
  • the remote host (name and IP address of the computer requesting the page),
  • the time, the status, the amount of data transferred and the website from which you arrived at the requested page (referrer), and
  • the product and version information of the browser used (user agent).

SINOVO health solutions GmbH uses the standardised log file format of the web server for this purpose. SINOVO health solutions GmbH uses the log data (logs) anonymised, even without allocation or reference to your person, for statistical evaluations. SINOVO health solutions GmbH can thus find out, for example, on which days and at what times the SiDiary Online offers are particularly popular and how much data volume is generated on the SINOVO websites. In addition, SINOVO health solutions GmbH can recognise possible errors through the log files, e.g. faulty links or programme errors, and thus use the log files for the further development of the SiDiary Online websites. SINOVO health solutions GmbH does not link the page views and usage stored in the server log to individual persons. However, SINOVO health solutions GmbH reserves the right to subsequently check the log files via the last known IP address of users who, based on certain facts, are suspected of using the SiDiary online websites and/or the SiDiary services in violation of the law or in breach of contract. This serves both the protection of mylife members, the security of SINOVO member data and the SINOVO websites and SiDiary services.

You can prevent the installation of cookies by changing your browser settings accordingly. If a corresponding browser setting is used, cookies will not be accepted.

Cookiebot

On our website, a web service of the company Cybot A/S, Havnegade 39, 1058 Copenhagen (hereinafter: cookiebot.com) is loaded. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to cookiebot.com. The legal basis for data processing is Art. 6 (1) (f) GDPR. The legitimate interest is in the error-free functioning of the website. The data will be deleted as soon as the purpose for which it was collected has been fulfilled. Further information on the handling of the transmitted data can be found in the privacy policy of cookiebot.com: https://www.cookiebot.com/de/privacy-policy/ . You can prevent the collection and processing of your data by cookiebot.com by deactivating the execution of script code in your browser or by installing a script blocker in your browser (these can be found e.g. www.noscript.net oder www.noscript.net).

The following information is stored in our cookiebot account:

  • The following information is stored in our cookiebot account.
  • Date and time of consent.
  • User's browser.
  • The URL from which consent was sent.
  • An anonymous, random, and encrypted key value.
  • The user's state of consent, which serves as proof of consent.

The key and consent status are also stored in the user's browser in the "CookieConsent" cookie, allowing the website to automatically read and respect the user's consent for all subsequent page requests and future user sessions for up to 12 months. You have the option of viewing and changing your level of consent at any time. You can find them further down on this page.

[Cookie Statement]

Children under 18 years of age

Participation in SiDiary online services is reserved exclusively for persons of legal age. Parents or guardians are responsible for protecting their children's privacy. Persons under the age of 18 should not submit any personal data to us without the consent of their parents or guardians. We do not solicit, collect, store or share personal information from children.

Links to other websites

Insofar as our websites contain links to the other service providers, we cannot guarantee or assume any liability for the fact that these websites also comply with the statutory provisions. Please inform yourself on the relevant pages with the help of the privacy policy of the respective provider about the applicable data protection standards. Please inform yourself on the relevant pages with the help of the privacy policy of the respective provider about the applicable data protection standards.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular the applicant of your place of residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint was lodged informed the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

The supervisory authority responsible for SINOVO is the Hessian Data Protection Commissioner.

Name and address of the responsible organisation

The responsible within the meaning of the General Data Protection Regulation is:

SINOVO Business Solutions GmbH & SINOVO Health Solutions GmbH

Willy-Brandt-Straße 4
61118 Bad Vilbel
Deutschland

Tel.: +49 61 09 500 39 00
E-mail: info@sinovo.de
Website: www.sinovo.de

Name and address of the data protection officer

The data protection officer of the responsible organisation is:

AGOR AG
Mr Sascha Hesse
Niddastraße 74 
60329 Frankfurt am Main 
Germany

Tel.: +49 6101 / 590 90 47
E-mail: Datenschutz@sinovo.de

Adjustments

This information is subject to the respective legal situation and may therefore require adjustments. For questions, suggestions or comments, please contact us by e-mail at info@sinovo.de

The current data protection declaration can be accessed and printed by you at any time on the website under  https://diabetes.sinovo.net/frmPrivacy.aspx.

Revision: March 2023