Privacy Policy Limbach Patients App
Content
We take the
protection of your personal data very seriously and treat it confidentially
and in accordance with the statutory data
protection regulations and this privacy policy.
This data protection declaration applies to our mobile iPhone and Android apps
(hereinafter referred to as
"Limbach Patient App", "Patient App", "Findings App" or
"App" for short).
It explains the type, purpose and scope of data
collection in the context of APP use. We would
like to point out that data transmission on the Internet can have security gaps. Complete protection of the data
against access by third parties
is not possible.
As the responsible party within the meaning
of the applicable
data protection laws for this
application, we take,
MVZ Dr. Stein + Kollegen GbR
Tomphecke 45
41169 Mönchengladbach
Tel: 02161/ 8194 -0
Fax: 02161/ 8194 -50
takes all measures required by applicable data
protection law to ensure the protection
of your personal data. If you
have any questions regarding this privacy policy, please contact our data protection
officer.
2B Advice GmbH
Joseph-Schumpeter-Allee 27
53227 Bonn
E-Mail: stein@2b-advice.com
You can find further information about our company
in the imprint on our website https://www.labor-stein.de/impressum/.
The Limbach Patient App is provided to communicate laboratory test results , quickly and easily to those tested.
COVID-19
This APP is
provided to quickly and easily communicate test results, including
potentially COVID-19 test results, to those tested.
What is the range
of functions
The app enables the user
to make findings from laboratory orders digitally accessible within an app, provided that
the laboratory order was placed with one of
the participating laboratories of the Limbach Group SE.
When you use
our Patient App, we process the following
data for the provision of
the app and the findings, and to maintain security in the operation of
the app:
· E-mail address (Optional)
· Fingerprint and FaceID (Functional)
· Identifier and password (Functional)
· Device ID (Functional)
· APP ID (Functional)
· Health data
(findings*) (Functional)
· Laboratory order
number (Functional)
*The diagnostic
data remains on the Limbach Group SE's own servers, which are located in Germany, even if the
data is retrieved.
Unless you retrieve the data
from abroad, a transfer to third countries is not planned and is also not technically necessary. The connection between the app
and our servers is secured according
to the state of the art. We
would like to point out once again at this
point that the secure operation
of the Findings
app depends to a considerable extent on you keeping your
access data secret and not saving the access data
on the device with which you
use the Findings
app.
Very important:
Under no circumstances do we sell your personal data to third parties!
Functional:
The processing
of this personal data is necessary
to ensure the functionality of the APP. The legal basis for this data
processing is our legitimate interest within the meaning of
Art. 6 (1) lit. f DSGVO, - if
a contract has been concluded - the fulfillment of our contractual
obligations (Art. 6 (1) lit.
b DSGVO).
Optional:
You can enter
the optional personal data if, for example,
you want to contact support. This is not required to use the functionality of submitting your
findings to the app. The legal basis for this data
processing is our legitimate interest within the meaning of
Art. 6 (1) lit. f DSGVO, or,
if applicable, your consent within
the meaning of Art. 6 (1) lit. a DSGVO.
What permissions does the app need
In order
to provide our services via the APP, we require the
access rights listed below, which
allow us to access certain functions of your
device. Access to the device functions is necessary to ensure the functionality
of the APP. The legal basis for this
data processing is our legitimate
interest within the meaning of
Art. 6 (1) lit. f DSGVO, your
consent within the meaning of
Art. 6 (1) lit. a DSGVO and/or
- if a contract has been concluded
- the fulfillment of our contractual
obligations (Art. 6 (1) lit.
b DSGVO).
Camera
In order
to be able to assign the user
to the correct lab location, the user
must scan a QR code as a first step.
This is provided by the test
site, e.g. in the form of a flyer. By scanning the QR code, the lab ID is read
out and the user is assigned to the correct lab location so that the user's request
lands at the correct lab and so that the conditions are met for
this lab to ultimately be able to successfully
deliver the findings. The scan of the QR code within the app
by the app
user therefore temporarily requires authorization to use the camera sensor.
In the course of scanning a QR code, no image information
is stored other than the
aforementioned laboratory
ID. The authorization for using the camera
sensor is not required permanently and can be withdrawn
again via the system settings after the scanning
process has been completed without any restriction
on the further use of the
app. The same applies to the barcode scan;
here, too, no image information
is stored except for the
read barcode.
Push notifications
The app's
authorization to send push notifications
is not mandatory for using the
app; receiving findings is generally
also possible without this authorization. However, it is strongly
recommended that the user give
the app this
authorization, as it allows the
user to be informed about the presence of
the findings or also problems with the transmission.
Sufficient transmission of information cannot be guaranteed
without the authorization to send push messages.
Device identifier of your smartphone
When the user
registers in the laboratory information system, the device
ID is linked to the user's respective
laboratory order so that at a later time (when the findings
are completed) the findings can
be transferred to the user's app
via the device ID (as a unique feature).
PURPOSES OF THE PROCESSING OF PERSONAL DATA
AND VOLUNTARY DISCLOSURES
The primary
purpose of the app is
to provide the user with digital access to findings from laboratory orders within an app, provided that
the laboratory order was placed with one of
the participating laboratories of the Limbach Group SE. In order for the user
to retrieve findings, registration must take place. This serves two purposes:
Optional: If
you wish to contact support, you must provide an email address.
General storage
period of personal data Unless otherwise
stated or specified within this privacy policy,
the personal data collected by this
APP will be stored until you request
us to delete it, revoke your
consent to store it, delete the
app or the
purpose for storing the data
no longer applies. If there
is a legal obligation to store the data
or another legally recognized reason for storing
the data (e.g. legitimate interest), the personal data in question will not be deleted until the
respective reason for storing the
data no longer
applies.
INFORMATION, DELETION AND RECTIFICATION
You have the right to free information
about your stored data at any time.
personal data, their origin and recipients and the purpose of the
data processing, as well as
a right to correct or delete this
data. For this purpose as
well as
for further questions
on the subject of personal data, you can contact
us at any time at the address given
in the
Imprint to contact us at the address
provided. A deletion of this data
takes place under certain circumstances
in the following cases:
·
In
case of a reset of the
database for software and development reasons
·
Exercise of the user's right
to delete.
The application
creates a log file during use, which
contains, among other things, anonymous
usage data. This file is never
automatically sent to us or third
parties. At the current state, the log file is
created purely preventively and is neither evaluated nor does any
transmission take place. The background of the log file
is to have the possibility in the future, subject to reservation, to enable active troubleshooting in the event of
app misbehavior, e.g. app crashes, and thus to be able
to better track the misbehavior.
Your data will not be used for
commercial purposes at any time. The responsible laboratory within the Limbach Group SE only stores the information
that is necessary
to ensure the safe and functioning operation of the
application.
RECIPIENT / DISCLOSURE OF DATA
Data that
you provide in the app will generally
not be passed on to third parties, unless this is
necessary for the purpose of
processing the contract or providing
information.
However, service providers and processors may be used
for the operation
of this application
or for other
products. Here it may happen that a service provider obtains knowledge of personal data. Service providers are carefully
selected - particularly with regard to data protection and data security - all measures required by data protection
law for permissible
data processing are taken
Note: If you make use
of the option
to save or share your findings outside the Limbach Patient App, the findings data are
potentially unsecured from this point
on. At this point at the latest, you
as the user
are responsible for the data
protection of your findings data.
This is the case, for example,
if you save your findings on your end device or send them by
e-mail.
DATA PROCESSING OUTSIDE THE EUROPEAN UNION
Data processing
outside the European Union in the
context of using the app
does not take place as a matter of principle.
You can reach
the responsible data protection officer at:
2B Advice
GmbH
Joseph-Schumpeter-Allee 27
53227 Bonn
E-Mail: stein@2b-advice.com
YOUR RIGHTS AS AN AFFECTED PERSON
The GDPR grants
certain rights to data subjects whose
personal data is processed by us,
about which we would like to inform you here:
Revocation of your consent
to data processing
Many data
processing operations are only possible with your consent.
We will explicitly obtain this from
you before starting data processing.
You can revoke
this consent at any time. For this
purpose, an informal communication
by e-mail to it@labor-stein.de is sufficient.
The legality of the data processing
operations carried out until the revocation
remains unaffected by the revocation.
RIGHT TO OBJECT TO THE COLLECTION OF DATA IN
SPECIAL CASES
AND AGAINST DIRECT ADVERTISING
(ART. 21 DSGVO)
If data processing is carried out on the basis of
Art. 6 (1) (e) or (f) DSGVO, you
have the right to object to the processing
of personal data relating to you at any time for reasons
arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based
can be found
in this privacy policy. If you
object, we will no longer process
the personal data concerned unless we can demonstrate
compelling legitimate grounds for the
processing which override your interests,
rights and freedoms, or for the
processing to assert, exercise or defend
legal claims.
RIGHT OF COMPLAINT TO A SUPERVISORY AUTHORITY
In the event of violations
of the GDPR, data subjects have a right of appeal
to a supervisory authority.
You can find this at https://www.bfdi.bund.de/DE/.
The right of appeal is without
prejudice to other
administrative or judicial remedies.
CHANGES TO THIS PRIVACY NOTICE
This data
protection notice will be revised in the
event of changes to this application or other occasions that make this
necessary. You will always find the current version under the Data Protection tab in this application.
Status: 21.08.2023