Dear users of our Snorefox app,
respect for you and thus also for your data is very important to us. Therefore, when processing your data using our app, we always strive to make the relevant data processing as “fair” and as transparent as possible for you.
So that you can get an idea of how our app processes data, you should find out from us below how our app works in principle, which data we receive and store from you based on your use of the app. Furthermore, we also want to inform you about how and for what purposes we process the data you transmit to us. In addition, we also want to inform you about your rights and other information about our app that may be of interest to you.
If you have any questions about certain points of our declaration, we are at your disposal.
The following information is based on the legal requirements, in particular Art. 12 - 14 of the EU General Data Protection Regulation (hereinafter referred to as "GDPR") and §§ 19 et seq. of the Telecommunications Telemedia Data Protection Act (TTDSG).
Our Snorefox app is an app for iOS and Android smartphones for use in adult patients (18 years and older) to assess the risk of obstructive sleep apnea. With Snorefox we offer you a simple method for risk screening with regard to the dangerous and severely underdiagnosed sleep apnea without great effort.
Our service calculates the individual risk of a so-called obstructive sleep apnea based on a survey using validated questionnaires in combination with the classification of acoustic characteristics of the breath sounds registered in natural sleep.
Breathing sounds can be measured in the home sleeping environment during natural sleep. Snorefox is designed in such a way that this app can be used by non-medical people in a non-clinical setting, e.g. at home.
To use our app, you must first install the app, register and use the app to measure your sleep breathing sounds. This measurement is then transmitted to our server by the app and analyzed there.
Our Snorefox app is not used for direct diagnosis, but should be carried out by you as part of a preliminary examination (screening). The final diagnosis or the exclusion of a sleep-related breathing disorder is made exclusively by the doctor treating you as part of a guideline-based diagnosis.
1. Name and contact details of the person responsible for processing and the company data protection officer
Responsible for Snorefox and the related data processing is:
Diametos GmbH Opolestraße 2 14469 Potsdam Germany
Further information about Diametos GmbH can be found at [Imprint](www.diametos.com/impressum/)
We have appointed a data protection officer who you can reach at email@example.com.
2. Processing of your data (purposes of processing and legal basis)
The use of the Snorefox app includes communication between you or your smartphone with the Snorefox app and our high-security web server located in Germany. As with any communication, data is exchanged when using our app or new data is generated about the circumstances of the communication (so-called metadata).
Since you are a participant in this communication, all of this data theoretically allows a more or less direct conclusion to be drawn about your person and is therefore to be evaluated as “personal” or can be related to a person, which is why we must also observe the applicable data protection requirements.
Since this data relates to your person more or less directly, we would like to inform you below about which data we or our server receive from you and how and for what purposes we use this data.
a) Data in the context of communication between app and server
When using our app, data is sent from your smartphone to our web server. The data listed below is stored by our server (temporarily) in a so-called log file until it is automatically deleted:
● The date and time of the communication,
● an automatically generated sequential number assigned to the measurement
● Technical errors encountered while using the app
This data is processed by us for the following purposes:
● to ensure adequate system security
● to trace any attacks and their legal prosecution, etc.,
● for other, purely administrative purposes.
The processing of your data for these purposes finds its legal basis in Art. 6 para.1 p. 1 lit. c) DSGVO. This is because we are legally obliged to ensure the security of this service (cf. §§ 19 in conjunction with 25 para. 2 TTDSG). For this purpose, the data described above are an integral part.
Furthermore, our interest in ensuring adequate security and stability of this service is an interest that should correspond to your interest in the unhindered, secure use of our service.
We would like to point out that we do not process this data for purposes other than those mentioned above. In particular, this data is not used for marketing purposes or the like. In this regard, we adhere to the strict data protection regulations.
b) Data processing of the Snorefox app for profiling - analysis and risk calculation
In order for us to be able to carry out an analysis of your breathing pattern for you, it is necessary for a user profile to be created. For this it is necessary that you provide the necessary information about yourself.
For the purpose of the automated creation of a profile over time of your snoring noises and respiratory abnormalities as well as the calculation of the risk of the existence of a sleep-related breathing disorder (sleep medicine analysis), the following data will be processed from you:
● a) their e-mail address, which we do not store, however, but only require for the generation of a checksum (see next point).
● b) a checksum calculated from your e-mail address, which, however, does not allow any conclusion to be drawn about your e-mail address,
● c) your age, sex, height, weight, existing hypertension,
● d) your information on daytime sleepiness using a questionnaire,
● e) the audio data measured via the microphone of your smartphone from the start time to the end of the measurement,
● f) a profile over time of your snoring noises and respiratory abnormalities and the risk of having a sleep-related breathing disorder.
● g) in certain cases, information on health insurance affiliation.
It is of great concern to us to really only process the data from you that is necessary for the analysis and risk calculation. Furthermore, the corresponding data is pseudonymized as far as possible for risk minimization and further processed in this pseudonymized form.
The data for b), c), d) and f) will be stored by us until your account is deleted.
The data for e) will be deleted immediately after the end of the automatic analysis.
Your data will be processed on the basis of your voluntary consent, which may be revoked at any time, pursuant to Section 25 (1) TTDSG in conjunction with. Artt. 9 para. 2 lit. a), 7 DSGVO
If you do not give your consent to the processing of your data for the sleep medicine analysis, we are not authorized to analyze this data and therefore you cannot use this app to make use of any sleep medicine analysis.
You can voluntarily revoke your consent given to us at any time by sending an e-mail to firstname.lastname@example.org. Furthermore, you can also request the deletion of your user account at any time by sending a message to email@example.com. In the event of your revocation, we will no longer process your data for the above purposes. Rather, they will be blocked in accordance with the legal requirements.
c) For the purpose of further developing the automatic algorithms for calculating the risk of the existence of sleep disorders (medical research):
It is a great need for us to keep improving our app and data processing. However, for this it is also necessary that we can use part of the collected data for medical research.
For these purposes we need your voluntary consent, which can be revoked at any time.
If you give us your consent, we will use the following data anonymously for research purposes:
a) your information on age, gender, height, body weight, existing hypertension,
b) your information on daytime sleepiness using a questionnaire,
c) the audio data measured via the microphone of your smartphone from the start time to the end of the measurement.
The data mentioned are consistently processed anonymously to minimize risk.
If you do not give consent to the processing of your data for medical research, you can still make use of the sleep medicine analysis via this app. Of course, you can also revoke your consent at any time by emailing firstname.lastname@example.org.
d) For the purpose of sending you our newsletter:
In order to always keep you up to date with regard to our products, we regularly publish a Diametos newsletter, to which you can voluntarily subscribe and unsubscribe at any time.
In order for you to receive this, we need
a) Your email address
b) The first and last name you have provided (if provided).
We would like to point out that we strictly adhere to the principle of so-called purpose limitation when processing this data. For this reason, the processing of your data for sending our newsletter is always strictly separated from the processing of your data for the purpose of sleep medicine analysis and / or for the purpose of medical research.
If you do not give your consent to the processing of your data for our newsletter, you can still use the sleep medicine analysis via this app. You can revoke your consent at any time by sending an email to email@example.com.
e) Anonymization for quality assurance, troubleshooting, etc.
In order to guarantee you a constant quality of our service and to make our service more and more user-friendly for you, it may be necessary for us to anonymize the data of your usage and use it, for example, to create usage statistics, error corrections, etc. Due to the technologies we use, we have deliberately taken care to only use the data from you that is necessary to achieve these purposes and to keep the intensity of intervention as low as possible. Our legitimacy in this regard is derived from Art. 6 Para. 1 S. 1 lit. f GDPR. You can declare your objection to us at any time using the option described in Section 5.
3. (Potential) recipients of your data
As shown under 1.), it is very important to us not to disclose your usage data to external third parties, except:
● You agree to the disclosure,
● we are legally / legally obliged to transmit or
● it is technically implied.
Furthermore, we do not want to hide the fact that there can always be people / organizations who can understand communication on the Internet / by e-mail, over which we have no influence. However, we have tried to prevent this (unauthorized) knowledge as much as possible by using an encrypted connection to our server.
Service providers that we involve in the provision of our service, for example for hosting our server on which the analysis of your snoring sounds is to take place, are contractually bound in such a way that they can only process your data or take note of your data strictly in accordance with our instructions (so-called order processors). ### Firebase
Our app uses technology from Google Firebase. Google Firebase is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Firebase is a development platform and offers various services. You can find an overview of the services offered by Google Firebase at: https://firebase.google.com/terms/.
Some of the Google Firebase services use so-called "instance IDs". "Instance IDs" are uniquely assigned identifiers that are provided with a time stamp and enable the linking of different events or processes in connection with the app. This data is used to analyze and optimize user behavior, such as evaluating crash reports. According to Google, instance IDs do not process any personally identifiable data.
Further information on the "Instance IDs" used and on the management of the data concerned can be found at: https://firebase.google.com/support/privacy/manage-iids
We use the following services in connection with Google Firebase:
#### Firebase Analytics
We use the analytics service Firebase Analytics to monitor and evaluate the user behavior of this app. There are no cookies in mobile apps. Instead, identifiers (advertising IDs) are used that are issued by the operating system of the mobile device and can be reset by the user. We use these IDs to record user activities and use them to optimize the user experience.
When using Firebase Analytics in the standard version, the following data types are processed: number of users and sessions, session duration, operating systems, device models, region, first-time starts, app runs, app updates and in-app purchases.
For a complete listing of events and user properties automatically collected by Google Firebase, visit: https://support.google.com/firebase/answer/6318039
We process the data obtained through the use of Firebase Analytics due to our overriding interest in user behavior within the app to optimize the user guidance of our product in accordance with Art. 6 Para. 1 f) GDPR.
When using Firebase Analytics, it cannot be ruled out that processed data will also be transferred to the USA.
You can find more information on data protection at Google Firebase at: https://firebase.google.com/support/privacy/
We use Crashlytics a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Via Crashlytics, we collect data about the behavior of our app in case of crashes or errors. In the event of a crash, a crash report is generated and transmitted to Google's servers. This receives information about your use of our app and the state of your end device (app version, device type, operating system, operating system version device ID, location, time). This data is analyzed by us for troubleshooting, fixing problems and improving the app. We process the data thus obtained due to our overriding interest in the development of a functional app and the elimination of operational errors in accordance with Art. 6 (1) lit. f) DSGVO.
You can object to data collection by Google Crashlytics at any time with effect for the future by deactivating data collection for crash reports in the app settings.
Further information on data protection can be found at: https://policies.google.com/privacy?hl=de&gl=de
4. Your rights as a so-called "data subject"
Since we process your data as shown with your use of our app, you have certain rights against us by law, insofar as these cannot be limited or excluded in individual cases. In particular, these are the rights listed below:
● To request information about your personal data processed by us in accordance with Art. 15 GDPR;
● In accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
● In accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us;
● In accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data;
● In accordance with Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
Complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or that of our companies for this purpose. The supervisory authority responsible for data protection for our company is:
The state representative for data protection and the right to inspect files in Brandenburg
Stahnsdorfer Damm 77
A list of the contact addresses of all supervisory authorities in the Federal Republic of Germany, which you can also turn to, can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
5. Right to Object
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f) DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
If you do not agree with the use described in section 2 e), you have the option of declaring your objection at any time. If you declare your objection, this will mean that your data will no longer be aggregated anonymously by us for the above purposes. This will not result in any disadvantages for you and you can use the service as usual. Alternatively, you can send us your objection to firstname.lastname@example.org.
6. Data Security
As stated at the beginning, it is very important to us to protect your data as well as possible. For this reason, we have taken a variety of measures to protect your data as well as possible from unauthorized access.
We use what we consider appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously checked for their effectiveness in line with technological developments and improved if necessary.
7. Updating and changing this data protection declaration
We will draw your attention to any changes in the data protection declaration in a prominent place. Any changes in the new data protection declaration will also be highlighted.
You can call up the current data protection declaration at any time in our app.