Dear App user,
1. Controller, App Purpose and Main Function
As controller in terms of data protection law, the company MEYTEC GmbH Informationssysteme, Akazienstraße 13 15356 Werneuchen, Germany (“us” or “we”), provides you (data subject) with the “MEYDOC®” app to enable confidential conversations between physician and physician or between physician and patients via video telephony and, in addition, transmission of image and video data in encrypted form.
The app is intended to save you the visit to a physician, or another department. In doing so, video transmission is intended to enable the frequently essential visual contact in contrast to a phone call. Where the communication partner has given his/her consent, you can invite other conversation participants, e.g. medical specialists, therapists, surgeons, etc., to a video conference.
2. Information on the Processing of Your Data
Certain information will already be processed automatically once you use the app. The personal information processed in a given case is listed below:
2.1 Information Collected During the Download
When the app is downloaded, certain necessary information is transferred to the app store chosen by you (e.g. Google Play or Apple App Store). Data processed in this context may include, in particular, user name, e-mail address, your account customer number, download time, payment information, if applicable, and the individual device indicator. This data is processed exclusively by the respective app store and is beyond our control.
2.2 Information Collected Automatically
As part of your use of the app, we automatically collect certain data required to use the app. This includes the version of your operating system and time of access.
This data is automatically transferred to us, but not saved, (1) to make the service and the related functions available to you, (2) to improve the functions and performance features of the app and (3) to prevent and remedy misuse and malfunctions. Such data processing is justified by the fact that (1) processing is necessary for the performance of the contract between you as data subject and us acc. to point (b) of Art. 6(1) of the GDPR to use the app or (2) we have a legitimate interest in guaranteeing the operative readiness and error-free operation of the app and in order to offer a service in line with market requirements and interests, which overrides your rights and interests in the protection of your personal data within the meaning of point (f) of Art. 6(1) of the GDPR here.
3. Nature of Personal Data Processed by the App
a. Usage data: only a communication ID (configuration file) is processed and retained in the app and on the connection server which enables encrypted communication between the communication partners. It is used to display the presence status (whether your app is online and/or whether you are available for communication). The app does not process (save) any further data. In particular, no data about the use of the app is retained. No data is saved regarding when or how long and for the communication with whom the app is used.
b. Inventory data: only the communication ID is stored in the app as inventory data. Any further information concerning you is not stored in it, especially no data concerning health.
c. Content data: data about the content of your communication is neither collected nor retained. In particular, the chat history is not saved.
Such data processing is justified by the fact that (1) processing is necessary for the performance of the contract between you as data subject and us acc. to point (b) of Art. 6(1) of the GDPR to use the app or (2) we have a legitimate interest in guaranteeing the operative readiness and error-free operation of the app, which overrides your rights and interests in the protection of your personal data within the meaning of point (f) of Art. 6(1) of the GDPR here.
5. App Permissions
When the app is installed, the user is asked to consent to the app accessing the microphone and camera, since this is necessary for the video telephony as main purpose of the app.
The app requires the following permissions:
- Internet access: this is required to enable video, image and sound transmissions and to identify you and/or your device.
- Camera access: this is required to enable that the video camera to transmit video recordings and you to take still images (screenshots). You can send screenshots to your communication partners (other conference participants / your physician). The screenshots are only saved there and not on your device.
- The app requires permission to send notifications to the user. They are used to display missed calls.
- The app requires access to the photo album of your device to enable you to select image or video files from the photo album and send them to the other conference participants. The transmitted data is retained in the recipient’s app.
- Any further permission, e.g. location information, is not requested.
- The information that the user is also on standby when the app has been switched off can be transferred by the connection server to other users as presence status.
The app is permanently on standby to take calls and is automatically started when a call comes in. A unique device identifier is retained on the connection server to wake the app up via push notification when a connection is requested.
If a communication ID is erased, the device identifier, too, is erased.
Usage data is processed and used to provide the service. Such data processing is justified by the fact that processing is necessary for the performance of the contract between you as data subject and us acc. to point (b) of Art. 6(1) of the GDPR to use the app.
6. Access Data
To use the app to communicate with your physician, you need an activation code (PIN), which is directly provided to you by the physician in his/her “MEYDOC® Master” application and exclusively enables communication between you and the physician. Upon your activation of the app, a communication ID (configuration data) is generated and safely stored in your app and on a connection server in a secure and certified German computer centre. The configuration data will be valid until the physician erases your client access in his/her “MEYDOC® Master” application.
6.1 RECIPIENTS OF YOUR DATA
We transmit your personal data to third parties only if this is technically required to provide the app service (computer centre for the operation of the connection server), permitted by law or you have given your consent and/or your legal representatives gave one for you.
To provide our service, we are dependent on the following third-party companies and external service providers:
- myLoc managed IT AG, Am Gatherhof 44, 40472 Düsseldorf, Germany - computer centre operating the connection server
- BRAVIS International GmbH, Calauer Str. 70, 03048 Cottbus, as app producer - to administer the connection server
Any disclosure of the personal data is justified by the fact that (1) we have a legitimate interest in processing the data for administrative purposes and your rights and interests in the protection of your personal data within the meaning of point (f) of Art. 6(1) of the GDPR do not override our interest and (2) we have carefully selected, regularly audit and contractually obligated our third-party companies and external service providers as processors within the framework of Art. 28(1) of the GDPR to process all personal data exclusively in line with our instructions.
Data is not processed in third countries (outside the EU).
7. Data Transmission and Data Security
Using the app causes transmission of your communication ID (contact address) to the connection server of the company BRAVIS International GmbH in Germany. This informs the physician in his/her “MEYDOC® Master” application that you are online or available (presence status).
When you or, in turn, the physician in his/her “MEYDOC® Master” application, click on “Call” in the app, the communication request is indicated to the respective other communication partner visually, acoustically or by vibration, depending on the device setting. In this context, the IP address associated with the contact address is transferred and displayed to the respective other communication partner.
If the communication partner accepts the communication request, video and audio data is transmitted by end-to-end encryption to the IP address of the devices on which the “MEYDOC® Master” application or the “MEYDOC®” app is used. You can define whether the front or back camera of your device will be active during the video conference by clicking on the camera icon and change such setting during the communication at any time.
The communication partner at the “MEYDOC® Master” station can create a profile for you as a “client”, entering first name, surname or display name and, optionally, patient number. The access data (PIN) for the “MEYDOC®” app on your device is provided to the partner on his/her “MEYDOC® Master” station. He/she will send you the PIN or communicate it to you by phone. When you have enabled the “MEYDOC®” app on your device using the PIN, the contact address of your app is saved in the MEYDOC® Master” app in order to communicate with you in encrypted form. This part of data processing is the exclusive responsibility of the owner of the “MEYDOC® Master” application, generally your physician.
Due to the special security requirements of the physician/patient communication, special attention had been paid to data security when developing the software. Data is transmitted using end-to-end encryption, with AES-256 in counter mode (CTR). The key is exchanged with the Diffie Hellmann (DH) method based on Open SSL-DH with a RFC3526_372 (acc. to BSI version 2018, key lengths exceeding 2000 are deemed secure). Keys are always valid only during the communication, are not saved and thus do not enable any subsequent decryption of the communication (perfect forward secrecy) either if it has been recorded illegitimately. In addition to the encryption, the data transmission channel is authenticated via RSA signature with 4096-bit key length to exclude any “man-in-the-middle” attack. The connection to the intermediate server is ensured via Hypertext Transfer Protocol Secure (https) secured by a certificate.
8. Data Retention in the App and by Us
Only the communication ID (your name and configuration data incl. contact address for the “MEYDOC® Master” application) is stored in the internal memory, enabling encrypted communication between you and the “MEYDOC® Master” application owner. No other data is retained in the app, neither a profile picture or any other patient-related and/or diagnostics-related data concerning health nor information on date, time and duration of the communication. When you uninstall (erase) the app, the communication ID will be erased. The communication ID is not stored in the backup. If you want to communicate with a partner once again using the app after it had been erased, you need a new activation code from the “MEYDOC® Master” application user, generally your physician. Your contact address is retained in the “MEYDOC® Master” application. We only retain your device identifier in order to identify you as authorised user of the app and communication partner. If the communication ID is erased, the device identifier, too, is erased. We do not retain any further data concerning you.
We erase or anonymise your personal data once it is no longer necessary for the purposes for which we have collected or used it pursuant to the clauses above. As a rule, we retain your personal data for the duration of the usage and/or contractual relationship concerning the app, plus a period of seven days during which we retain back-up copies following the erasure, unless such data is still necessary for criminal prosecution or for the securing, establishment or enforcement of legal claims. The usage and/or contractual relationship concerning the app results from your patient status with the physician who created your communication ID in his/her “MEYDOC® Master” application. If your physician erases your communication ID from his/her “MEYDOC® Master” application, your data on the connection server is also erased.
9. Backup in the Connection Server
The connection servers are located in a secure and certified computer centre of a German company in Germany and are administered by the manufacturer. The communication ID is stored in encrypted form there. The computer centre thus has no indication regarding what patient communicates with what physician.
10. Log Data
Neither the app nor the connection server record when, who, with whom and how long or especially about what has (been) communicated. There is no tracking, reach measurement or profiling.
11.1 As a German software provider, MEYTEC is subject to the stringent German and European data protection legislation. The communication servers are located in certified computer centres of a German company in Germany. The strong end-to-end encryption ensures that the video call cannot be decrypted. There is no recording, profiling, advertising, sale of data, saving of conversations, messages or other connection data, collection or retention of location data, retention of log data and payment transaction data. No communication data or meta data is saved.
Any transfer of the personal data is justified by the fact that we have a legitimate interest in adapting our company form to the economic and legal conditions, where required, and your rights and interests in the protection of your personal data within the meaning of point (f) of Art. 6(1) of the GDPR do not override this interest.
12. Your Data Subject Rights
12.1 Right of Access
You have the right to obtain from us at any time, upon request, access to information about the personal data concerning you and processed by us to the extent stipulated in Art. 15 of the GDPR. To this end, you can file an application by mail or e-mail to the address indicated below.
12.2 Right to Rectification of Inaccurate Data
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you where such data is inaccurate. To this end, please use the contact addresses indicated below.
12.3 Right to Erasure
12.4 Right to Restriction of Processing
You have the right to obtain from us the restriction of processing in accordance with Art. 18 of the GDPR. This right applies, in particular, if the accuracy of the personal data is a matter of dispute between the user and us, for a period enabling us to verify the accuracy of the data, as well as in case that a right to erasure exists and the user opposes the erasure and requests restriction of use instead; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires it for the establishment, exercise or defence of legal claims, and if the successful exercise of an objection is still a matter of dispute between us and the user. To assert your right to restriction of processing, please use the contact addresses indicated below.
12.5 Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with Art. 20 of the GDPR. To assert your right to data portability, please use the contact addresses indicated below.
13. Right to Object
Acc. to Art. 21 of the GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based, inter alia, on point (e) or (f) of Art. 6(1). We will cease processing of your personal data, unless we are able to demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms or if the processing serves the establishment, exercise or defence of legal claims.
14. Right to Lodge a Complaint
Furthermore, you have the right to lodge complaints with a data protection supervisory authority. The supervisory authority in charge for us is:
The State Officer for Data Protection and for the Right of Access to Files
Stahnsdorfer Damm 77
If you have any questions or comments regarding our handling of your personal data, or if you want to exercise your rights as data subject, please contact Viacheslav Galchenko using the following contact details: MEYTEC GmbH Informationssysteme, Akazienstr. 13, D-16356 Werneuchen.
Our data protection officer can be contacted using the following contact details:
Data Protection Officer (personal/confidential) c/o
MEYTEC GmbH Informationssysteme, Akazienstr. 13, D-16356 Werneuchen, phone: +49 (0)33398 / 78-200, fax: +49 (0)33398 / 78-299
as of 7/2018