Dear MEYDOC® - User,
1. Controller, Purpose and Main Function
The German company
MEYTEC GmbH Informationssysteme,
Contact of the data protection officer:
MEYTEC GmbH Informationssysteme
Data protection officer (private/confidential c/o)
Akazienstr. 13, D-16356 Werneuchen
Phone: +49 (0)33398 / 78-200
Fax: +49 (0)33398 / 78-299
(Hereinafter also "us" or "we") bear with the primary user a collective responsibility acc. to the Article 4 GDPR.
We provide the software based solution MEYDOC® primarily for utilization by medical specialists and their patients. MEYDOC® ensures bi-directional video communication by mutual consent. The primary responsibility for processing of your data is the primary medical user. We provide the solution and complementary technical support (for MEYDOC® software /app) to the primary medical user, to ensure secure communication per video and additional transfer of pictures and/or video files as well as chat messages via encrypted data channel.
The primary medical user (doctor) and you (patient) can utilize MEYDOC® (hereinafter synonym for Windows™ software and Android/iOS app.
The utilization of MEYDOC® can help avoid unnecessary visits to a doctor's practice and or other clinical centers. If your communication partners agree, you (the primary user) can add other user groups to the multi-point-conference, e.g. specialists, family doctors, therapists, paramedics etc. The virtual presence mediated by the video communication should provide a significant difference to a telephone call. The software provides features to allow virtual meetings in real time: chat*, data transfer and desktop* including application sharing within the conference*.
* with MEYDOC® Master-Software only.
Personal data is all information relating to an identified or identifiable natural person (hereinafter "data subject"); An identifiable person is a natural person who can be identified directly or indirectly, in particular by assigning an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
Processing is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, organization, storage, adaptation or modification, reading, querying, use, the disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.
Limitation of processing is the marking of stored personal data with the aim of restricting their future processing.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.
Data system is any structured collection of personal data that is accessible according to certain criteria, regardless of whether this collection is managed centrally, de-centrally or according to functional or geographical aspects.
Controller is a natural or juristic person, authority, institution or other body, who alone or together with others decides on the purposes and means of processing personal data; If the purposes and means of this processing are specified by European Union law or the law of the European Union Member States, the person responsible or the specific criteria for naming them can be provided in accordance with European Union law or the law of the European Union Member States.
Data processor is a natural or juristic person or other body, which process personal related data on behalf of a controller.
Recipient is a natural or juristic person, authority, institution or other body, to whom personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation mandate under European Union law or the law of the European Union Member States are not considered recipients; The processing of this data by the aforementioned authorities is carried out in accordance with the applicable data protection regulations in accordance with the purposes of the processing.
Third Parties is a natural or juristic person, authority, institution or other body, apart from the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or processor.
Permission is the data subject´s voluntary expression of will in the form of an explanation or other clear confirmatory act, in an informed manner and unequivocally, with which the data subject indicates that they consent to the processing of their personal data.
Main user the main user of MEYDOC® Master software is a doctor, who can use it to make a range of care available to interested patients via video telephony. An app client (Android / iOS) is used for communication with the patient.
MEYDOC® Master is a software-based solution for the organization and implementation of secure end-to-end video consultations. This allows the patient contacts to be managed (created, edited, deleted) and organized multi-point video-chats. A purchase of a user license is required to use MEYDOC® Master software.
MEYDOC® App-Clients (Android/iOS) is a counterpart for the software solution MEYDOC® Master. The users of MEYDOC® client app are invited by the doctor to participate in the video communication.
Address server or connection server these two terms are used synonymously in the text and refer to a server for checking the identity of MEYDOC® users, that enables the creation of a secure transport layer via the public Internet network.
3. Data processing operations and purposes
We use and process "follow" user data for the following purposes noted below:
Data processing by download:
When downloading the MEYDOC® client apps, the information required for the download process is sent to the app store of your choice (e.g. Google Play or Apple App Store). In particular, the user name, the email address, the customer number of your account, the time of the download and possibly payment information as well as the individual device code can be processed. This data is processed exclusively by the respective app store and is beyond our sphere of influence.
If the download takes place via the optional download area of MEYTEC GmbH (HiDrive-Cloud, STRATO, TÜV certified according to ISO 27001), log data (connection data) are automatically transmitted to the STRATO server.
For more information, please visit the website of the service provider at: https://www.strato.de/datenschutz.
When MEYDOC® is used for the first time, a communication ID (configuration file) is created and saved locally on the two end systems intended for establishing a connection and on the connection server.
To do this, the current IP address, the software version used, the display language and the operating system version of your system are recorded. This information is used, for example, to display the presence status (users online or ready to communicate), to manage their personal user account (e.g. change display name, password), to send a connection request to other registered communication partners, to forward encrypted data packets (connection relay ) and to carry out automatic software updates and call tests.
The use of MEYDOC® Master also requires the creation of a user account for the unique identification of users. A valid email address is required to register the user account. In addition to the points already mentioned above, this is part of the configuration file and is required for the confirmation of the account, the recovery of lost passwords and the provision of important information about your user account and is used exclusively for these purposes.
When using a MEYDOC® app client, a unique device identifier is also transmitted and saved, which enables the device to be woken up from standby mode when there is an incoming communication request (push token).
When using MEYDOC®, certain data is automatically collected and processed that is necessary for the use of the software. This includes: The version of your operating system and the time of access.
This data is automatically transmitted, but not saved, (1) to provide you with the service and the functions associated with it, (2) to improve the functions and features of the software and (3) to prevent misuse and to remedy and correct malfunctions remove.
Some services require user name and password authentication. Your password is generally only transferred and stored as a cryptographic hash so that your password cannot be determined.
To set up a communication channel (point-to-point connection), your IP address is transmitted to your communication partner. The information that the user is on standby even when the app is switched off can be transmitted from the connection server to other users as presence status.
A call list is only available to the registered user as a backup locally and only in the variant MEYDOC® Master. In addition to information about the date of the call, the date, time of the call, connection status (successful, missed or similar), the display name / ID and the encrypted communication ID of the contact partner are stored.
The information collected is stored for a maximum of the duration of the use of the service.
Any other data are not processed or stored.
Only the communication ID is stored locally on the computer with MEYDOC® Master, on the address server and on the end device with MEYDOC® app client. It does not contain any additional information about you, in particular no health data.
Data about the content of your communication is not recorded and is not saved. Through the use of point-to-point connections and end-to-end encryption between the communication partners, the content of the communication is generally not visible to us. Recording or saving is therefore excluded.
Only information about your willingness to communicate (presence status) and your current IP are forwarded to your communication partners via a server. This data is not processed or stored.
The MEYDOC® Master user can also exchange short messages (chat) with other MEYDOC® Master users. The chat history is only saved locally (app data folder) as a backup and is only available to registered users or the PC administrator.
To use the MEYDOC® app client for communication with your doctor, users need an activation code (PIN), which is generated directly by the doctor in their MEYDOC® Master application. You will be informed of this PIN either by email or telephone and must be entered in the app client. This is the only way to use MEYDOC® and thus an end-to-end encrypted point-to-point connection. When activated for the first time, a communication ID is automatically generated, which is saved on the end device and on the MEYTEC's own connection server (address server) housed in a certified German data center (ISO/IEC 27001:2013). This configuration data is valid until the app access is deleted by the doctor in his MEYDOC® Master application.
If more than one MEYDOC® Master installation uses identical contacts, the contact must be deleted from all systems with MEYDOC® Master so that the communication ID on the server is permanently deleted.
If several MEYDOC® Master installations use identical contacts and different user accounts are used, the contacts must be deleted from all systems with MEYDOC® Master so that the associated communication IDs are also permanently deleted on the server. If, on the other hand, a user account is used on several systems with MEYDOC® Master, it is sufficient to delete the data on only one workstation and to select the option "Delete this account permanently" in order to remove these contacts irrevocably. Please note this cannot be undone.
The user of the MEYDOC® Master software - usually your doctor - is responsible for this part of the data processing.
MEYDOC® user accounts
Only your data is stored on the connection server insofar as this is necessary to create a MEYDOC® user account. The connection server (address server) provides and manages the user accounts. The following data is transferred and saved to the MEYDOC® user accounts:
- - User name (Login)
- - Cryptographic hash of the password
- - Software product used (version / revision number)
- - Display name / user ID
- - E-mail address
- - User language
- - Time of creation
- - Time of the last login
- - Push token
- - Optional data that the user themself links to the MEYDOC® user account, e.g. Name, company, public signature key, insurance / patient ID or similar.
While you are logged in with your user account, your IP address is also temporarily stored on the connection server so that it can be reached by other contacts.
Log-data and protocols
Neither the app nor the connection server record that was communicated during a communication or conference. There is no tracking, no range measurement and no profile creation.
4. Legal basis for processing
The processing of your data takes place on the following legal bases:
- - your agreement acc. to Art. 6 para. 1 lit. a GDPR,
- - with execution of a contract with you acc. to Art. 6 para. 1 lit. b GDPR,
- - out of a legitimate interest acc. to Art. 6 para. 1 lit. f GDPR.
5. Legitimate interests
If we process your personal data based on legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR are such:
- - improvement of our services,
- - improvement of the product,
- - protection against abuse and
6. Data sources
We receive the data from you (including the devices you use). If we do not collect the personal data directly from you, we will also tell you from which source the personal data comes and, if applicable, whether they come from publicly accessible sources.
7. Recipient of data
We only transfer your personal data to third parties insofar as this is technically necessary for the provision of the service (data center for the operation of the connection server) and you or your legal representatives have given your consent. We rely on the following external companies and external service providers to provide our services:
BRAVIS International GmbH, Calauer Str. 70, 03048 Cottbus, Germany
- - Server administration, incl. security updates
- - Technical service and support
Data processing in third party countries (outside of the EU) doesn't take place.
8. Storage period
We only store your personal data for as long as it is necessary to achieve the processing purpose, the storage is subject to a statutory retention period or it is necessary for the establishment, exercise or defense of legal claims.
We save your data,
- - if you have given your consent to the processing, at most until you withdraw your consent,
- - if we need the data to carry out a contract, at most as long as the contractual relationship with you exists or legal retention periods are running,
- - if we use the data on the basis of a legitimate interest, at most as long as your interest in deletion or anonymization does not prevail.
9. Deletion of the stored data
The data on a desktop PC / tablet PC (Windows ™) is deleted by deleting the configuration folder "MEYTEC" in the user account of your PC. Deletion takes place on a mobile device by uninstalling the app or by using the functions provided by the operating system to delete an app´s memory.
If the MEYDOC® app client is uninstalled locally, the associated communication ID is only deleted locally. Your communication ID also remains stored on this local computer and on the connection server until your contact is removed from the local address book or the uninstallation of MEYDOC® Master.
We delete your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the preceding paragraphs.
10. Your rights
You have the right - sometimes under certain conditions* – to
- - request information about the processing of your data free of charge and to receive a copy of your personal data. You can provide information including demand about the purposes of the processing, the categories of personal data being processed, the recipients of the data (if it is passed on), the duration of storage or the criteria for determining the duration;
- - Correct your data. If your personal data is incomplete, you have the right to complete the data, taking into account the processing purposes;
- - Have your data deleted or blocked. Reasons for the existence of a right to deletion / blocking can include the revocation of the consent on which the processing is based, the data subject objects to the processing, the personal data has been unlawfully processed;
- - Restrict the processing;
- - Object to the processing of your data;
- - Revoke your consent to the processing of your data for the future and
- - Complain to the responsible supervisory authority (the state representative for data protection and for the right to access files, Stahnsdorfer Damm 77, 14532 Kleinmachnow) about an illegal data processing.
*The information is provided free of charge. In exceptional cases, however, data controllers may charge administrative costs to a reasonable extent, e.g. if the data subject requests copies or if the request is extensive (Art. 12(5) GDPR).
11. Further information about data protection
When installing MEYDOC®, the user is asked for permission to access the microphone and camera from their end device, as this is essential for video telephony as the main purpose.
The following permissions are required to use MEYDOC®:
Internet access: This is required to enable video, image and sound transmissions and to uniquely identify you or your device to the communication partner.
Microphone access: This is required to transmit audio streams to the communication partner(s).
Camera access: This is required to transmit video streams to the communication partner (s) and, if necessary, to record and transmit still images (screenshots). The screenshots are sent immediately and are not saved on your device.
Push notifications: The MEYDOC® app client also require authorization to send push notifications to the user. These are used to display missed calls.
Access to storage location with image / video recordings: MEYDOC® requires access to the storage location of your device in order to ensure smooth file transfers, among other things, to allow image or video files to other conference participants.
Further permissions, such as location information, are not requested.
MEYDOC® is active until the associated end device is either switched off or the software has ended as a process.
MEYDOC® App clients are permanently on standby to answer calls and are started automatically in the event of an incoming call. For this purpose, a unique device identifier is stored on the connection server in order to wake-up the app when a connection request is made via push notification.
When a communication ID is deleted, the device ID is also deleted.
Data transfer and data security
The software start triggers the check of your communication ID on the connection server. In the MEYDOC® Master application of the doctor, this shows that you are online and therefore reachable (presence status).
If you click on "Start" in your or your doctor´s MEYDOC® application, the other person will be shown the communication request optically, acoustically or by vibration, depending on the device setting. The IP address belonging to the contact is transmitted to the other communication partner. If the communication request is accepted, the end-to-end encrypted transmission of video and audio data takes place. The encrypted data transmission takes place with AES-256 encryption in counter mode (CTR). The keys are exchanged using the Diffie-Hellmann process based on Open SSL-DH with an RFC3526_3072. According to the BSI´s TR-02102 - TR-02102 (as of January 2019), key lengths with a minimum length of more than 3000 bits are considered safe beyond 2022.
MEYDOC® also offers true point-to-point communication in conferences with several participants. The keys used are only valid during communication, are not saved and therefore do not enable subsequent decryption of the communication (Perfect Forward Secrecy) if it was recorded without authorization. In addition, MEYDOC® uses dynamic conference keys, that are generated each time the conference participants change. This means that participants who have left a conference cannot listen to the further course. Likewise, a participant who joins later cannot decrypt the previous communication.
In addition to encryption, the data transmission channel is authenticated using an RSA signature with a key length of 4096 bits in order to rule out an attack of a "man-in-the-middle" type.
The property "system parameters [...] must be authentically exchanged in advance between the communication partners" required by the BSI in TR-02102-1 188.8.131.52 "is done" in MEYDOC® by this RSA signature and exceeds the recommended length. The keys for the authentication of MEYDOC® users are generated by the user themselves and are not dependent on an external body or on us. This means that the content of your communication is completely protected.
The key authenticity of the end user can also be checked in MEYDOC® during the connection by sending a short authentication string (SAS) - random letter / number combination and asking the remote station to read out the transmitted combination.
The connection to the exchange server is made via a secure hypertext transmission protocol (https), which is protected by a certificate.
Data backup in the connection server
The connection server is located in a certified data center (ISO 27001) of a German company in Germany and is administered by the manufacturer. The communication ID is stored encrypted there. The data center therefore has no insight into which patient is communicating with which doctor.
MEYTEC as a German software provider is subject to the strict German and European data protection law. Thanks to the point-to-point connection and the secure end-to-end encryption, no (even later) decryption of the video call is possible. There is no recording, no profile creation, no advertising, no sale of data, no storage of conversations, messages or other connection data, no collection or storage of location data and no storage of log data.
If you have any questions or comments about the general handling of our software, please contact our product manager Viacheslav Galchenko.
If you have any questions about our handling of your personal data or would like to exercise your rights as a data subject, please contact our data protection officer using the following contact details:
MEYTEC GmbH Informationssysteme
Data Protection Officer (personal/confidential) c/o
MEYTEC GmbH Informationssysteme, Akazienstr. 13,
Phone: +49 (0)33398 / 78-200
Fax: +49 (0)33398 / 78-299
As of 06/2021