Hope Applications GmbH
All rights reserved. Powered by Hope Applications GmbH
1. Data ProtectionData protection is of paramount importance to us. The collection and processing of your data always happens with respect to the data protection regulations in force, especially the General Data Protection Regulation (GDPR). We collect and process your personal data to offer to you our website and our app services. Pursuant to Art. 13 GDPR, in this declaration we describe to you for what purpose and to what extent we use your data and what your options and rights in regard to the use of your personal data are.
The responsible body for all purposes regarding data protection compliance on our website and in our application is Hope Applications GmbH, represented by Alina Latus, Eggerstedtstraße. 51, 22765 Hamburg.
Data protection supervisor
We appointed Urs Preukschat as data protection supervisor. We are available for all enquiries regarding data protection. For these purposes you have the following contact options:Tel.: +49 (0) 176 61 50 77 69E-Mail: firstname.lastname@example.org
2. Data processing
Download and use of the Hope App „alone“
No personal data is generally collected or processed during download and use of the Hope App. No authorizations are necessary in order to use the app. The app is saved on your terminal device and does not establish a connection to us.In case personal data is entered into the app by the user that data is not accessible to us.
Download and use of the Hope App in conjunction with a fertility clinic
It is possible to use the app in conjunction with a fertility clinic. This happens upon consultation with the respective partner fertility clinic. The clinic issues a QR code which is eventually scanned on the terminal device by the patient. In the following section we will explain how such a process takes place from a data protection standpoint:The connection between the clinic and the terminal device is secured by an asymmetrical encryption. A random, anonymous channel ID is requested from our API in the clinic by the clinic software. The clinic locally generates a pair of keys. The patient receives the channel ID together with the public key of the clinic and a randomly generated one-time-password (so-called „challenge“) in the shape of a QR code. The channel ID cannot be traced back to a particular person. An allocation is only possible in the clinic.In case the patient scans the QR code with the Hope App, a pair of keys is locally generated on the terminal device. The public key is then transferred to the clinic through our API („application programming interface“). The QR code challenge serves as an authentication in order to verify that the request is made by an authorized person. When a connection is established, the secure channel is activated and cannot be connected to any other terminal device. Under no circumstances Hope can read data that is sent over the API - no matter the direction - because the private keys never leave the terminal device or the clinic. The Channel ID that is used in order to allocate messages can only be traced back to personal data in the clinic. For this purpose separate agreements between patient and clinic exist.
C) Use of third-party services
We have concluded a data processing agreement with rapidmail in which rapidmail promises to protect user data and not to submit data to third parties.A termination of the newsletter subscription is possible at all times. If you don’t wish to receive an analysis via rapid mail, your termination is required. You can find a link for unsubscription in each newsletter mail sent by us. An unsubscription is also possible via our website or via e-mail to us. In case a newsletter subscription gets terminated all of your data is deleted in our systems as well as in rapidmail’s systems.For more information on rapidmail’s data protection standards see https://www.rapidmail.de/datenschutz gg) DataDogOut platforms use services by DataDog. DataDog is a monitoring system by Datadog, Inc., 620 8th Ave, 45th Floor, New York, NY 10018 United States of America.The system notifies our development team regarding possible errors in our application. For this reason log data is transferred to DataDog Inc. This may contain data like the browser, time of access, viewed sites, IP address etc. This serves our legitimate interest of guaranteeing the functionality and security of our services.For more information regarding the collection and processing of data by DataDog Inc. see www.datadoghq.com/legal/privacy/ hh) DatoCMSWe use services by DatoCMS by the provider DatoCMS, Dato Sri, Via Francesco Botticini 3, 50143 Firenze, Italy.DatoCMS provides data for certain functions of our Hope App and in relation to our Hope API. For this purpose, DatoCMS collects some data. This contains for example a User ID. This serves the legitimate interest of provision and functionality of our services.DatoCMS claims to follow GDPR-Standards. For more information about DatoCMS’ data protection standards see: https://www.datocms.com/legal/privacy-policyii) hCaptchaIn order to protect our contact forms against unrequested automated messages (spam) we use the services of hCaptcha by Intuition Machines, Inc. , 350 Alabama Street #10, San Francisco, CA 94110, United States of America.This service is used to verify whether message requests on our contact forms stem from real people or from bots. This is supposed to prevent automated spam messages. hCaptcha analyzes certain user behaviours on the website in order to determine if a user is a bot. If a part of the website with activated hCaptcha is reached information is analyzed, e.g. IP adress and duration of the website or app visit. The collected data is transmitted to hCaptcha. This data processing is based on Art. 6 (1) (f) GDPR: We have a legitimate interest to prevent abuse of our services as well as spam.hCaptcha’s provider acts as data processor that acts in the name of its customers as defined in the GDPR and as a „service provider“ within the means of the California Consumer Privacy Act (CCPA). For more information on hCaptcha and its data protection standards see: https://hcaptcha.com/privacy/ and https://hcaptcha.com/terms .jj) DigitalOceanWe use a cloud platform for virtual servers by Digital Ocean LLC, New York. The respective server is located in Frankfurt in a data center in which DigitalOcean rents spaces. DigitalOcean processed data when the platforms are accessed. This can, amongst others, contain date and time of access, the internet browser and the IP address. We have a data processing agreement with DigitalOcean. An example form which matches the agreement we concluded can be found publicly under https://www.digitalocean.com/security/gdpr/data-processing-agreement/ .For more information concerning DigitalOcean’s data security see https://www.digitalocean.com/security/ .jj) All-Inkl.ComWe use services by All-inkl.com. The service is provided by All-Inkl.com, Hauptstraße 68, D-02742 Friedersdorf, Germany. All-Inkl.com is our website hoster. All data is hosted in a high security level computer centre in Germany. The basis for the usage of this service is Art. 6 (1) (f) GDPR. We have a legitimate interest that our website is reliably displayed at all times. We have a data processing agreement with All-inkl.com which takes into account the provisions of the GDPR and which determines that All-Inkl.Com is only allowed to use the personal data of our users according to our instructions.For more information regarding the data protection regulations of All-Inkl.com see https://all-inkl.com/datenschutzinformationen/
4. Data protection rightsRight of access by the data subject, Art. 15 GDPR:
You have the right to request a confirmation on whether we process your personal data from us. If this is the case, you can request information on your personal data and on the following information: the purpose of processingThe categories of personal data being processedThe recipients and categories of recipients to whom personal data have been disclosed or will be disclosed in the future, especially recipients in third countries or at international organizationsIf possible, the planned duration of the personal data storage or, if not possible, the criteria for how the duration period is decidedThe existence of a right to rectification or erasure of the personal data concerning yourself or the right to restriction of data processing or the right to objection against data processingThe existence of a right of action in front of the supervisory authoritiesIf personal data is not directly raised from you, all available information about the origin of data - the existence of automated decision making including profiling according to Art. 22 (1) and (4) GDPR and meaningful information about the logic and desired effects of such a processing for the person concerned
Right to Rectification Art. 16 GDPR
You are entitled to request rectification without undue delay of inaccurate personal data stored with us as well as to have incomplete data completed, including by means of a supplementary statement
Right to erasure Art. 17 GDPR
You are entitled to request erasure of personal data stored with us insofar as one of the following grounds applies:the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processedYou withdraw consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processingyou object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPRThe personal data have been unlawfully processedThe personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subjectThe personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR. In this case we are obliged to remove the data, insofar as the processing is not required for purposes of freedom of speech and information, for reasons of public interest or for the exercise of legal claims
Right to restriction of processing Art. 18 GDPR
You have the right to obtain from us restriction of processing where one of the following applies:the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;We no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;You have objected to processing pursuant to Article 21(1) pending the verification whether our legitimate grounds override yours.
Right to data portability, Art. 20 GDPR
You have the right to receive the personal data concerning yourself, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and the processing is carried out by automated means
Right to Object, Art. 21 GDPR
You have the right to object, on grounds relating your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data is no longer processed for such purposes.
Right to Withdrawal of Consent, Art. 7 GDPR
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. It is as easy to withdraw as to give consent.
Right to Complaints in front of the supervisory authorities
You have the right to complain in front of a supervisory authority, regardless of a possible administrative or right to apply to the courts, especially in the Member State of your ordinary place of stay, your place of work or the location of our company office (Germany) in case you are of the opinion that the processing of your personal data infringes the GDPR. You can also make use of your rights per mail via email@example.com .
5. Data SecurityThis app uses encryption according to the best available technology in order to ensure security and protect sensitive information. When the encryption is active, data submitted to us cannot be read by third parties. Moreover, we have established security mechanisms in technical and organizational form in order to prevent your data from being randomly or deliberately manipulated, partial and complete loss, destruction and the unauthorized access of third parties.