With the Data4Life offering, which you can use by using the web app, D4L data4life gGmbH (in the following “Data4life”, “we”, “our” and “us”) enables you to securely store and manage your health data digitally and participate in studies and other health programs. Please note that the Data4Life offering does not provide any diagnostic or medical services and expressly does not replace treatment and/or advice from a doctor. This information describes how Data4Life handles your personal data. Sections 1 to 3 inform you about your legal rights and Sections 4 to 8 explain how your personal data is processed when you register for and use the Data4Life offering, using the web app.
1. Controller and data protection officer
The controller pursuant to Art. 4 para. 7 of the General Data Protection Regulation (GDPR) for the frontend, e.g., web app, the backend, e.g., authorization/authentication, databases, and the infrastructure, e.g., servers, data storage, is
D4L data4life gGmbH
c/o Digital Health Center (DHC) im Hasso-Plattner-Institut (HPI)
You can reach our data protection officer at firstname.lastname@example.org or our postal address by writing to the attention of "The data protection officer".
2. Your rights
You have the following rights regarding personal data concerning you:
- Right to access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR; “Right to be forgotten”)
- Right to limitation of processing (Art. 18 GDPR)
- Right to object to the processing (Art. 21 GDPR)
- Right to data transferability (Art. 20 GDPR)
You also have the right to complain about our processing of your personal data to a data protection supervisory authority in the member state where you are located, at your place of work or at the location of the alleged infringement if you believe that the processing of your personal data is unlawful. The supervisory authority responsible for us is:
Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht
Stahnsdorfer Damm 77
Telephone: 0049 (0)33203/356-0
Telefax: 0049 (0)33203/356-49
If you have given us consent to the processing of your data, you can revoke it at any time with effect for the future. The lawfulness of processing your data until revocation remains unaffected by this.
You can contact us at any time using the contact channels listed in Section 1 above and/or the contact information listed in our imprint for the assertion of your rights or for other data protection concerns.
3. Supplementary note about your right of objection
Please note that if your personal data is processed on the basis of a legitimate interest within the scope of the balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data at any time. You can indicate your objection by contacting us at any time using the contact channels listed in Section 1 and/or the contact information in our imprint.
4. Purposes and legal bases of the processing of your personal data
Data4Life processes your health data in the Data4Life offering either end-to-end-encrypted or in a pseudonymized form. End-to-end encryption is an encryption method that guarantees that only you can see the answers you provide. Pseudonymization is a method of altering data, for example, by replacing your name with a unique random number, so that it cannot be linked to you without the use of additional information. Your identity is therefore protected.
a. Usage of web app
When the web app is used, the following data is automatically transferred to the web server of Data4Life:
- IP address of the device used for the retrieval
- Web address (URL) of the page from which the file was requested (referrer)
- Date and time of the request
- Amount of data transmitted
- Description of the type of web browser used
The processing of this data, which contains a (pseudonymized) personal reference via the IP address, is technically necessary and is carried out in order to provide you with the Data4Life offering. The legal basis for the aforementioned processing is Art. 6 para. 1 sentence 1 lit. b GDPR (processing is necessary for the fulfillment of a contract with the data subject).
To avert threats to the security of Data4Life’s infrastructure and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack, e.g. in a DDOS attack, the data mentioned above is generally stored in log files for a period of seven days. In the event of an attack, log data is retained for the purpose of preserving evidence until the respective incident has been resolved. The legal basis of this processing is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to safeguard the legitimate interests of the controller). Data4Life’s legitimate interest is to provide sufficient security and stability to our web servers.
b. Registration for the Data4Life offering using the web app
You can register for the Data4Life offering using our web app. In order to register for the Data4Life offering you are required to provide your email address, a password of your choice, and a mobile phone number for two-factor authentication. If you have forgotten your password, please use the personal recovery key displayed at the end of registration to regain access to your account. Note that the recovery key is the only possibility to restore your password.
We use the double opt-in procedure for registration. This means that after your registration we will send you an email message to the email address you provided, in which we will ask you to confirm your registration.
The legal basis for the aforementioned processing is Art. 6 para. 1 sentence 1 lit. b GDPR (processing is necessary for the fulfillment of a contract with the data subject).
After successful registration you can access the Data4Life offering with your credentials and use the functionalities.
We store data related to your user account for as long as you actively use the account. Your user account will automatically be deleted by us when you have not logged into your account for two years. Before the account is deleted Data4Life will send you emails reminding you of the upcoming deletion.
c. Submitting user feedback
You have the ability to submit feedback to improve Data4Life applications in your user account.
We use your suggestions, feedback, and bug reports internally to optimize our application and fix bugs. The legal basis of this processing is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to safeguard the legitimate interests of the controller). Our legitimate interest is to improve Data4Life applications. You have the option to send your feedback anonymously or together with your email address. In the latter case, you are consenting to be contacted by us in case of further questions or to be informed of progress on the aspects you have mentioned in your feedback. Your personal user feedback will be anonymized twelve months after its receiving date. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a GDPR (processing based on the consent of the data subject).
You can withdraw your consent with effect for the future at any time by contacting the customer service by sending an email to email@example.com.
d. Email newsletter subscription
With your consent, you can subscribe to our email newsletter, in which we inform you about Data4Life, its partners, and developments in health. To subscribe to the newsletter as a registered user of the Data4Life offering, you only need to click on the button in the respective newsletter subscription screen or activate the newsletter checkbox in your profile settings. We then process the email address you have confirmed during your registration for the purpose of subscribing you to the newsletter and sending you the newsletter.
The legal basis for the processing described above for the purpose of sending you our email newsletter is Art. 6 para. 1 sentence 1. lit. a GDPR (processing based on the consent of the data subject).
You can revoke your consent and unsubscribe from the newsletter at any time. You will not receive any newsletters from us after you have revoked your consent. To revoke your consent you can, for example, click on the unsubscribe link provided in every newsletter or send an email to firstname.lastname@example.org.
e. Data4Life waiting list
You can enter the Data4Life waiting list for scientific studies on the basis of consent. For this purpose, Data4Life collects your email address to send you invitations to participate in scientific studies. Each study contains its own consents and data protection notices, to which you will be referred separately. Data4Life will send you emails on a monthly or quarterly basis.
You can revoke your consent at any time in the preferences of your user account. If you revoke your consent we will stop using your email address to send you invitations to participate in scientific studies.
Optionally you can answer the registry questionnaire to help Data4Life identify relevant studies for the registry participants. We collect the following answers:
- Age (in age groups of 10 years, for example, 30 to 39 years)
- Gender to which you assign yourself
- First 3 digits of your postal code
- Research topics you are interested in
We process your answers from the questionnaire to analyze and aggregate potential study interests of registered persons. The answers cannot be linked to your IP or your email address. Data4Life cannot identify you from the given answers. The legal basis of this processing is Art. 6 para. 1 sentence 1 lit. a GDPR (processing based on the consent of the data subject).
f. Usage analytics
When you use Data4Life's offering, we collect data in pseudonymized form for statistical analysis to ensure Data4Life's internal product analysis and efficient internal organization. Data4Life controls the product development and internal organization among other things by target metrics, e.g. number of product users or number of participants in a study, which are verified based on the usage of the Data4Life offering.
The data collected does not contain health data. Also, contents of the respective events, e.g. answers to questionnaires in the application are never collected, but only the information whether and when an action was performed. This data will not be disclosed to third parties. Through aggregation and visualization Data4Life anonymizes the collected information. This information is used to share usage statistics with partners, for example, university clinics or other researchers that are involved in conducting studies.
The mentioned personal data is deleted two years after its collection.
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to protect the legitimate interests of the controller). Our legitimate interest is to make our business management efficient and to optimize the products we offer.
Technically we differentiate between two different methods of usage analysis, in the frontend and in the backend. Following you will find an excerpt of the events that are being analyzed in order to conduct the usage analysis and how to opt out of the specific usage analytics.
Usage analytics in the backend
For the analysis of your usage through the backend we store amongst others the following events including timestamps:
- Giving and withdrawing consent
- Joining and leaving studies
- Sent mails (for example, verification of email address)
- Information about registration, login and logout events, two-factor-authentication login
- Deletion of the account
- Provision and submission of questionnaires in study programs
Information on how to opt out of usage analytics in the backend you can find under section 3.
Usage analytics in the frontend
For the analysis of your usage through the frontend we store amongst others the following events including timestamps:
- Sharing of studies
- Editing, deleting and canceling of questionnaires
- Navigation through the apps
You can opt out of usage analytics in the frontend in the user settings of your user account.
When you contact us via one of our contact options, for example, email, post, or telephone, we process the data you provide (for example your email address and the content of your enquiry) necessary for us to answer your question. If your enquiry contains optional personal data, e.g., your name, we will process that data in order to provide improved support. The legal basis for this collection of data is Art. 6 para. 1 sentence 1 lit. b GDPR (processing is necessary for the fulfillment of a contract with the data subject) when we are in the process of entering into or already have a contractual relationship. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to safeguard the legitimate interests of the controller) if we do not have or do not plan a contractual relationship, for example, when the contact is of a general nature. Our legitimate interest in the latter case is to answer your inquiry by providing appropriate and useful information.
We anonymize the data arising in this context after the storage is no longer necessary (usually four weeks after we fully answered your request), or restrict the processing if there are legal storage obligations. The legal basis for the processing described above is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to safeguard the legitimate interests of the controller). Data4Life has a legitimate interest in collecting key performance indicators as part of a quality management system for continuous improvement of the services offered. For this purpose, we systematically evaluate the number of contacts and the reasons for them, the processing time of inquiries and other key figures.
5. Recipients or categories of recipients
For the purpose of sending you the SMS for two-factor authentication as part of your registration for the Data4Life offering your phone number will be disclosed to Sinch Sweden AB, Lindhagensgatan 74, 112 18 Stockholm, Sweden who supports us as a data processor. We have concluded a data processing agreement with Sinch pursuant to Art. 28 para. 3 GDPR including the EU Standard Contractual Clauses.
For the purpose of sending you emails, for example, for account registration or to send you our email newsletters your email address will be disclosed to Sendinblue – 7 rue de Madrid, 75008 Paris, France who support us as a data processors. We have concluded data processing agreements with Sendinblue pursuant to Art. 28 para. 3 GDPR.
For the purpose of facilitating email communication for customer support, contact emails (see section “j. Support/Kontaktaufnahme”) and contacting you regarding your user feedback, your contact information and content data, for example, email contents, are disclosed to our email service provider Heinlein Hosting GmbH, Schwedter Straße 9a, 10119 Berlin, Germany. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR with Heinlein Hosting.
For the purposes of authenticating your telephone number in data subject requests, e.g. request for the manual deletion of your account if you cannot access your user account, we share your telephone number with Commify Germany GmbH, Radeberger Str. 1, 01099 Dresden. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR with Commify Germany.
For the purpose of facilitating email communication for general requests and communication through the email address email@example.com, user research invitations and contacting you regarding your user feedback, Data4Life uses Google Workspace provided by our data processor Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google processes your contact information, for example, email address and the content of your email. Google stores your personal data on servers based in the European Economic Area (EEA). However, we cannot exclude that Google accesses and therefore transfers your personal data to the United States. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR and EU standard contractual clauses with Google.
For the purpose of managing contact and support requests and user feedback we disclose the feedback content, contact information and email content to our processor Zammad GmbH, Marienstraße 18, 10117 Berlin, Germany. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR with Zammad.
We regularly audit our processors on the level of protection provided by the standard contractual clauses and, if necessary, take additional measures to ensure an appropriate level of protection.
In all of the above mentioned cases, D4L data4life gGmbH remains responsible for the processing of personal data.
6. Use of logs and backups
Data4Life utilizes backups to be able to retrieve data in a loss event, e.g. the destruction of our primary data storage location. Please note that Data4Life regularly stores data backups, which also include your personal data, such as user account data and study-relevant data. This data is stored for up to 90 days in encrypted backups. After 90 days the data will be deleted.
Please note that when you request the deletion of your personal data or your account Data4Life does not delete your data from backups because the deletion of specific data from a backup requires an inadequate amount of time and resources versus deletion in the active dataset.
For the purpose of identifying and reacting to cyber attacks, Data4Life also stores audit log data. An audit log is a record of a security relevant event in an IT system. Those logs usually contain information on who has accessed, edited or deleted what data at what time. We store this data for up to 1.5 years.
The legal basis for the processing described above is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to safeguard the legitimate interests of the controller).
a) Cookies necessary for the web app functionality
We require cookies to provide the following functions:
- Maintaining the login status
- Ensuring system security/protection against cyber attacks
- Adoption of language settings
- Storage of cookie preferences
b) Cookies not necessary for the web app functionality
8. Analysis of user behavior and troubleshooting
a) Use of Matomo for analytics purposes
With your consent, we use the technology of the provider Matomo in our web offer for analysis purposes. Our web offering includes the website data4life.care as well as our web app at app.data4life.care and our authentication tool at auth.data4life.care.
The following data is collected by Matomo if you consent to the analysis:
- Page views
- Mouse clicks
- Movements of the mouse
- Current position of the cursor
- Changes in window size
- Zoom on mobile devices (smartphone, tablet)
- Change of website within our domain, for example, pop-up windows
- IP address
Your IP address is anonymized immediately after processing and before storage. The data collected using Matomo technology is processed exclusively on servers in Germany by Data4Life. The listed usage analysis of our products helps us to continuously optimize our products and improve your experience when using our web app. The mentioned personal data is deleted two years after its collection.
If you have set the "Do Not Track" setting in your browser, our website will be signaled that it should not create a usage profile about the visitor's activities. In this case, no tracking cookies are created either.
The legal basis for the use of Matomo is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can revoke your consent at any time with effect for the future under section 8 c.
b) Use of Sentry for troubleshooting
In order to understand the source and causes of potential errors and crashes in our services, to gain the knowledge necessary to reproduce and resolve such crashes, and to provide our users with the best possible experience when using our services, we use, with your consent, Sentry, which enables us to track errors in real time. In this context, and if you discover a bug or crash in our web app, user data, such as information about the device you are using and the time at which the bug or crash occurred will be collected and analyzed solely for the purpose of identifying the bug or crash and resolving it, and not for any other purpose, and then deleted once the bug or crash has been resolved. The data collected with the Sentry technology is processed exclusively on Data4Llife servers in Germany. Personal data collected through Sentry is deleted 90 days after its collection.
The legal basis for the use of Sentry is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can revoke your consent at any time with effect for the future under section 8 c.
c) Withdrawing and granting consent for cookies, usage analytics and error reporting
You can reject or grant the use of optional cookies, the use of Matomo and the use of Sentry at any time with effect for the future. To change your consent settings, click the button below.
Consent for cookies, bug reports & usage analysis is granted
Consent for optional cookies, bug reports & usage analysis is denied
Note: Withdrawing the consent does not delete cookies that have been previously set. You can delete existing cookies at any time in your browser settings.
Last updated: January 2023