Privacy Policy
With this privacy policy, we would like to inform you about how we process personal data. We are aware of the importance of processing personal data for the user and therefore comply with all relevant legal requirements. The protection of your privacy is of the utmost importance to us. It therefore goes without saying that we comply with the statutory provisions on data protection.
This privacy policy covers data processing on the website https://rx.sidekickhealth.com/de/, application procedures for a position at Sidekick Health Germany, inquiries and general communication with Sidekick Health Germany GmbH, our presence on social media and data processing in the initiation and execution of contracts (e.g. in the course of cooperations).
Data processing relating to our products and their websites can be found here:
zanadio Website: https://zanadio.de/datenschutz/
zanadio App: https://obs.eu-de.otc.t-systems.com/zanadio-django-prod/static/html/de/dataprivacy.html
diaxilo Website: https://diaxilo.com/de/datenschutz/
Name and contact details of the controller
Sidekick Health Germany GmbH
Managing Director: Henrik Emmert, Dr. Tryggvi Thorgeirsson
Represented by: Henrik Emmert, Dr. Tryggvi Thorgeirsson
Poststraße 20
20354 Hamburg
Data protection officer
If you have any questions about our data protection measures, the processing of your data or the protection of your rights as a data subject, you can contact us and our data protection officer as follows:
External data protection officer
ePrivacy GmbH
Represented by: Prof. Dr. Christoph Bauer
Große Bleichen 21, 20354 Hamburg
If you have any questions or concerns regarding your data, please contact datenschutz[at]sidekickhealth.com.
If you wish to communicate directly with our data protection officer (for example, because you have a particularly sensitive request), please contact them by post, as communication by e-mail can always have security gaps. Please state in your request that your concern relates to Sidekick Health Germany.
Personal data
Personal data is all information about the personal and factual circumstances of an identified or identifiable person. This includes the following categories of personal data that we process:
- Your contact details (such as first and last name, address, e-mail address, telephone number),
- Your correspondence with us,
- Log files with information about your visit to our website,
- Identification numbers (such as tax ID for invoices),
- Payment data (such as account number, credit card number, financial institution),
- Online identifiers (such as cookie IDs or IP addresses)
- Customer or business partner data (such as invoice data, user profiles, address, order history, payment data),
- Application data (such as references and certificates)
Intended purpose
We process your data for the following purposes:
- for correspondence with you,
- to process contracts with you,
- for advertising purposes, such as sending our newsletter,
- for quality assurance and statistics,
- for the provision of our service,
- for your participation in our events,
- for your participation in our surveys,
- for consideration of your application,
- to improve our service
Legal basis
We base the processing of your data on the following legal bases:
- Your consent, if you have given us such consent (Art. 6 para. 1 lit. a) GDPR),
- the initiation or performance of a contract with you (Art. 6 (1) (b) GDPR),
- the fulfillment of legal obligations (Art. 6 para. 1 lit. c) GDPR),
- the implementation of our legitimate interests (Art. 6 para. 1 lit. f) GDPR)
Legitimate interests
We pursue the following legitimate interests when processing your data:
- Improvement of our offer
- Protection against misuse
- Statistics
- Postal advertising
Requirement or obligation to provide data
Unless expressly stated, the provision of your data is not required or mandatory.
Data sources
If we do not receive the data from you or via the devices you use, it comes from the following sources:
- Master data of company websites
Storage duration
We store your data,
- if you have consented to the processing, at most until you withdraw your consent,
- if we require the data for the performance of a contract, at most for as long as the contractual relationship with you exists or statutory retention periods apply,
- if we use the data on the basis of a legitimate interest, at most as long as your interest in deletion or anonymization does not prevail.
In addition, there may be statutory retention obligations, for example retention obligations under commercial or tax law (e.g. German Commercial Code, German Fiscal Code). If such retention obligations exist, we will block or delete your data at the end of these retention obligations.
Data backup
We have taken extensive technical and organizational measures to protect your data against possible risks, such as unauthorized access, unauthorized disclosure, modification or dissemination, as well as against loss, destruction or misuse.
In order to protect your personal data from unauthorized access by third parties during transmission, we secure data transmissions using SSL encryption where necessary. This is a standardized encryption method for online services, especially for the web.
Logfiles
Each time our website is accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files. The stored data records contain the following data:
- Domain from which the user accesses the website
- Date and time of access
- IP address of the accessing computer
- Website(s) that the user visits as part of the offer
- Amount of data transferred, browser type and version
- Operating system used
- Name of the Internet service provider
- Message as to whether the retrieval was successful
These log file data records are evaluated in anonymized form in order to improve the offer and make it more user-friendly, to find and rectify errors and to control the utilization of servers.
Cookies
General information about cookies
Cookies are data records that are stored in the browser’s databases. For example, user identification numbers are stored here, which are transmitted to the user’s computer when the website is used and managed there. The data records are stored there for later access. Typical uses of cookies are, for example, language selection, consent documentation or user authentication.
Session cookies
Session cookies are stored for the duration of a website visit and then automatically deleted when the browser is closed. They ensure, for example, that video and audio files can be played, that your user input is temporarily stored during the input time and thus improve user-friendliness.
Persistent cookies
Persistent cookies remain on your end device even after you close your browser. These cookies can, for example, store your user preferences, such as language settings, and analyze user behavior on our website. The storage period for persistent cookies is set individually for each cookie. After this period has expired, they are automatically deleted.
You can find all information on the cookies used, their storage duration and the associated providers here:
You can also use the “Cookie settings” button to change your consent or withdraw your consent to the use of cookies.
Data recipients
When processing your data, we work together with the following service providers who have access to your data:
- Web hosting and web development provider,
- Service provider for IT development services,
- Marketing and advertising agencies,
- Distribution service provider,
- Payment service provider,
- Receivables management and debt collection service provider, if applicable,
- E-mail and newsletter provider,
- CRM system service provider,
- Cloud services,
- Conference and webinar software,
- Service provider for online surveys,
- Service provider for accounting and invoicing,
- Provider for external document management,
- Provider for application management software
Social networks
Facebook fan page
We operate a Facebook page (so-called “fan page”) on Facebook, a service of Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Ireland”).
When you visit our Facebook fan page, personal data is processed not only by us, but also by Meta Ireland, even if you do not have a Facebook profile or are not logged in. When you use our fan page, user data (such as contact data), content data (such as entries in forms), usage data (such as websites visited, interests in content, access times) and communication data (such as device information, IP addresses) are processed. On the one hand, this is done for the purpose of informing you and for communication, for example via contact requests and feedback forms, as well as for marketing purposes.
If you are logged in when you open our fan page, we can view the information contained in your public Facebook profile. Meta Ireland also provides us with statistics and insights that help us gain knowledge about the types of actions people take on our pages (“Page Insights”). We use these to improve the user experience. However, we do not have access to the usage data that Meta Ireland uses to compile the statistics, but only to summarized Page Insights.
We are jointly responsible with Meta for collecting data from visitors to our fan page and forwarding it to Meta (this includes creating the above-mentioned events and combining them into page insights, which are then made available to us by Meta Ireland). From this, interests can be derived and user profiles created, but we cannot draw any conclusions about individual users. Meta also uses the data to provide “Page Insights”, which can be used to gain insights into the interaction with the pages and the associated content. We have therefore concluded a joint controllership agreement with Meta regarding the processing of your data in accordance with Art. 26 GDPR. The agreement with Meta also sets out the security measures that Meta must observe. The rights of data subjects, such as information or other requests, must also be fulfilled by Meta. You can view the terms of this agreement concluded with Meta here. Further information on which personal data is processed within the scope of joint controllership can be found at https://www.facebook.com/legal/terms/businesstools_jointprocessing. Further processing by Meta is not carried out under our joint responsibility.
For more information on Page Insights and how to exercise your data subject rights, please refer to the “Information on Page Insights Data”. For more detailed information on how Meta processes personal data, including information on the legal basis and how to exercise your data subject rights against Meta, please refer to Meta’s Data Policy at https://www.facebook.com/about/privacy.
We operate an Instagram page (so-called “fan page”) on instagram, a service of Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Ireland”).
When you visit our Instagram fan page, personal data is processed not only by us, but also by Meta Ireland, even if you do not have an Instagram profile or are not logged in. When you use our fan page, user data (such as contact data), content data (such as entries in forms), usage data (such as websites visited, interests in content, access times) and communication data (such as device information, IP addresses) are processed. On the one hand, this is done for the purpose of informing you and for communication, for example via contact requests and feedback forms, as well as for marketing purposes.
If you are logged in when you open our fan page, we can view the information contained in your public Instagram profile. Meta Ireland also provides us with statistics and insights that help us gain knowledge about the types of actions people take on our pages (“page insights”). We use these to improve the user experience. However, we do not have access to the usage data that Meta Ireland uses to compile the statistics, but only to summarized Page Insights.
We are jointly responsible with Meta for collecting data from visitors to our fan page and forwarding it to Meta (this includes creating the above-mentioned events and combining them into page insights, which are then made available to us by Meta Ireland). From this, interests can be derived and user profiles created, but we cannot draw any conclusions about individual users. Meta also uses the data to provide “Page Insights”, which can be used to gain insights into the interaction with the pages and the associated content. We have therefore concluded a joint controllership agreement with Meta regarding the processing of your data in accordance with Art. 26 GDPR. The agreement with Meta also sets out the security measures that Meta must observe. The rights of data subjects, such as information or other requests, must also be fulfilled by Meta. You can view the terms of this agreement concluded with Meta here. Further information on which personal data is processed within the scope of joint controllership can be found at https://www.facebook.com/legal/terms/businesstools_jointprocessing. Further processing by Meta is not carried out under our joint responsibility.
For more information on Page Insights and how to exercise your data subject rights, please refer to the “Information on Page Insights Data”. For more detailed information on how Meta processes personal data, including information on the legal basis and how to exercise your data subject rights against Meta, please refer to Meta’s Data Policy at https://privacycenter.instagram.com/policy.
Processing of data for joint responsibility
Sidekick Health Germany GmbH, Sidekick Health ehf., Vallakor 4, 203 Kopavogur and PINK gegen Brustkrebs GmbH, Poststraße 20, 20354 Hamburg jointly process personal data as part of a joint responsibility agreement. This includes the care and maintenance of the website, the collection and analysis of data via cookies on the respective website, the implementation and evaluation of marketing campaigns and the management of social media accounts. The implementation of your rights as a data subject can be found in the respective privacy policy of the parties. It is ensured that a request for your data subject rights for the aforementioned processing by one of the three parties includes forwarding and implementation to the other two controllers. Further information on the controllers and the implementation of your data subject rights can be found here:
https://zanadio.de/datenschutz/
https://rx.sidekickhealth.com/en/privacy-policy/
https://pink-brustkrebs.de/datenschutzerklaerung/
https://diaxilo.com/de/datenschutz/
Rights of the person concerned
As the data subject, you have the following rights:
- to request information about the processing of your data and to receive a copy of your personal data. Among other things, you can request information about the purposes of the processing, the categories of personal data being processed, the recipients of the data (if it is passed on), the duration of storage or the criteria for determining the duration;
- to receive the personal data concerning you in a structured, commonly used and machine-readable format or to transmit those data to another controller;
- to rectify your data. If your personal data is incomplete, you have the right to complete the data, taking into account the purposes of the processing;
- to have your data deleted or blocked;
- to have the processing restricted;
- to object to the processing of your data;
- to withdraw your consent to the processing of your data for the future and to complain to the competent supervisory authority about unauthorized data processing.
Contact options
Sidekick Health Germany GmbH
Poststraße 20
20354 Hamburg
Telefon: 040 99 99 79 21
Telefax: 040 35 67 60 36
Automated decision-making including profiling
We do not carry out automated decision-making or profiling.
Status of this privacy policy: November 8th 2024
Older versions: