Data Privacy Statement

<p align="center"><strong>Data Privacy Statement for the Website VitaDock Online</strong></p> <p/> <u><strong>Data Privacy Statement</strong></u> <p/> <strong>Section 1 Information about the collection of personal data</strong> <p/> (1) Below, please find the information about the collection of personal data during the use of our website. Personal data is all data that is personally available to you, e.g. name, address, e-mail addresses, user behaviour. <p/> (2) Responsible pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is Medisana GmbH, Jagenbergstrasse 19, 41468 Neuss, <a href="mailto:info@medisana.de">info@medisana.de</a>, <a href="https://www.medisana.de/Impressum-oxid/">www.medisana.de </a> (see our legal notice). Our Data Protection Officer can be reached at <a href="mailto:datenschutz.ne@medisana.de">datenschutz.ne@medisana.de </a>or our postal address with the addition "Der Datenschutzbeauftragte". <p/> (3) When you contact us by e-mail or through a contact form, the information you provide (your e-mail address as well as your name and telephone number, if applicable) will be stored by us so that we can answer your questions. We either delete the data that arises in this context after the storage is no longer required or limit the processing of this data if statutory retention requirements apply in this regard. <p/> (4) If we rely on commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective procedures. In doing so, we will also inform you of the specified criteria for the duration of storage. <p/> <p/> <strong>Section 2 Your rights</strong> <p/> (1) With respect to your personal data, you have the following rights in your relationship with us: <p>&ndash; the right to information, <p>&ndash; the right to rectification or deletion, <p>&ndash; the right to restriction of the processing, <p>&ndash; the right to object to the processing, <p>&ndash; the right to data portability. <p/> (2) You also have the right to complain to a data protection supervisory authority regarding our processing of your personal data. <p/> <p/> <strong>Section 3 Collection of personal data when visiting our website</strong> <p/> (1) In the case of merely informative use of the website (i.e. if you do not register or otherwise do not provide us with information), we will only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data which is technically necessary for us to display our website as well as to ensure stability and security (the respective legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR): <p>&ndash; IP address <p>&ndash; Date and time of the request <p>&ndash; Time zone difference to Greenwich Mean Time (GMT) <p>&ndash; Content of the request (specific webpage) <p>&ndash; Access status/HTTP status code <p>&ndash; Respectively transmitted amount of data <p>&ndash; Website from which the request comes <p>&ndash; Browser <p>&ndash; Operating system and its interface <p>&ndash; Language and version of the browser software. <p/> (2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and by which the body that sets the cookie (here through us) receives certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and overall effective. <p/> (3) Use of cookies: <p/> a) This website uses the following types of cookies, the scope and operation of which are explained below: <p>&ndash; Transient cookies (see b) <p>&ndash; Persistent cookies (c). <p/> b) Transient cookies are automatically deleted when you close the browser. These particularly include the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser. <p/> c) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time. <p/> d) You can configure your browser setting according to your wishes and, for example, decline the acceptance of third-party cookies or all cookies. Please be aware that if you do so, you may not be able to use all the features of this website. <p/> e) If you have an account with us, we use cookies in order to be able to identify you for follow-up visits. Otherwise, you would have to log in again for each visit. <p/> f) The Flash cookies that are used are not detected by your browser, but rather by your Flash plug-in. Furthermore, we use HTML5 storage objects which are stored on your end device. These objects store the required data regardless of your utilised browser and do not have an automatic expiration date. If you do not want Flash cookies to be processed, you have to install an add-on, such as "Better Privacy" for Mozilla Firefox (<a href="https://addons.mozilla.org/de/firefox/addon/betterprivacy/">https://addons.mozilla.org/de/firefox/addon/betterprivacy/</a>) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using the private mode in your browser. In addition, we recommend that you regularly delete your cookies and the browser history manually. <p/> <p/> <strong>Section 4 Other functions and offers on our website</strong> <p/> (1) In addition to the purely informative use of our website, we offer various services that you can use if you are interested. To do this, you will generally need to enter other personal information that we use to provide the service and to which the aforementioned data processing principles apply. <p/> (2) In some cases, we use external service providers to process your data. These external service providers have been carefully selected and commissioned by us, are bound by our instructions and are subject to regular reviews. <p/> (3) Furthermore, we may disclose your personal data to third parties if we offer campaign participations, competitions, contract conclusions or similar services together with our partners. You can find more information in this regard by stating your personal data or looking below in the description of the offer. <p/> (4) If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer. <p/> <p/> <u><strong>Section 5 Use of the VitaDock&reg; Online services</strong></u> <p/> (1) With VitaDock&reg; Online, we offer you the use of a platform for transferring and sharing vital signs that are collected using devices which are compatible with VitaDock&reg;. Depending on the module of the VitaDock&reg; application that is used, these are activity levels and activity protocols, sleep-related data, blood sugar or blood glucose levels, blood pressure, oxygen saturation, body temperature or weight. In order to access the login area of this platform and to be able to use the VitaDock&reg; online service, you have to register yourself by entering your e-mail address as well as your own password and to create a user account. <p/> We use the so-called double-opt-in procedure for registration, i.e. your registration is only completed once you have previously confirmed your application via a confirmation e-mail, which is sent to you for this purpose, by clicking on the link contained therein. If your confirmation is not received within 24 hours, your registration will automatically be deleted from our database. The above-mentioned data is obligatory; you can provide all further information voluntarily by using our portal. <p/> (2) We will treat all of your provided personal data for the creation of the user account confidentially and will not disclose such information to third parties without your consent.Exceptions exist only for the transfer of your data to government institutions and authorities according to law. We only use your personal data to answer your questions and for the internal production of statistics until you finally delete your access. Furthermore, the data you have voluntarily provided will be stored by us for the time of your use of the portal, unless you delete it beforehand. All of the information can be managed and changed in the protected customer area. The respective legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. <p/> (3) No personal evaluations of your data are performed. When using the VitaDock&reg; Online services, only the default address of your Internet service provider, such as IP address or URL, the name of the website from which you have visited us, the website that you visit us as well as the date and duration of your visit are saved. These anonymised surveys are only processed internally and not disclosed to third parties. Moreover, no personal user profiles are created. <p/> (4) Other personal data, such as name, address and e-mail address, are stored separately in the context of setting up a user account. In this process, the corresponding so-called mandatory fields which are to be completed are marked. All the information that is requested beyond this period may be provided optionally and will also be stored by us until you finally cancel your access. <p/> (5) The vital signs you provide will be stored separately from your other personal information and may be retrieved by the mobile devices you have activated and third parties you have authorised pursuant to the <a href="https://cloud.vitadock.com/public/Nutzungsbedingungen.pdf">Terms of Use</a>. For the security of your data, we use the Open Authentication (OAuth) procedure, which is also described in more detail in the Terms of Use. The data is always transferred anonymously. The assignment of your retrieved personal data takes place via the account for the respective third-party application. By authorising the third party, you provide your consent in this regard. <p/> <p/> <strong>Section 6 Objection to or revocation of the processing of your data</strong> <p/> (1) If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation will affect the admissibility of the processing of your personal data after you have given it to us. <p/> (2) If we base the processing of your personal data on the balance of interests, you may object to the processing. This is particularly the case if the processing is not required to fulfil a contract with you, which we describe respectively in the following description of the functions. In the event of such an objection, we ask that you please explain the reasons why we should no longer process your personal data as we had previously been doing. In the event of your substantiated objection, we will review the facts and will either discontinue/adapt the data processing or show you our compelling legitimate reasons why we will continue to process it. <p/> (3) Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising under the following contact data: [all contact data]. <p/> <p/> <strong>Section 7 Newsletter</strong> <p/> (1) With your consent, you can subscribe to our newsletter, by means of which we will inform you about our current interesting offers. The advertised goods and services are identified in the declaration of consent. <p/> (2) To register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send to the e-mail address you have specified an e-mail in which we will ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we will store your IP addresses and times of registration and confirmation. The purpose of the procedure is to verify your registration and, if necessary, to be able to clarify any possible misuse of your personal data. <p/> (3) The only information needed for the sending of the newsletter is your e-mail address. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The respective legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. <p/> (4) You can revoke your consent to the sending of the newsletter and unsubscribe from the newsletter at any time. You can declare the revocation by clicking on the link provided in each newsletter e-mail, by sending an e-mail to <a href="mailto:m-news@medisana.de">m-news@medisana.de</a>. <p/> (5) Please note that upon sending the newsletter, we evaluate your user behaviour. For this evaluation, the e-mails which are sent include so-called web beacons or tracking pixels that represent one-pixel image files that are stored on our website. For the evaluations, we link the data mentioned in Section 3 and the web beacons with your e-mail address and an individual ID. Links included in the newsletter also contain this ID. <p/> With the data obtained in this way, we create a user profile to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters and which links you click on, and from this information we derive your personal interests. We link this data with actions that you perform on our website. <p/> You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us thereof via another means of contact. The information will be stored as long as you continue to subscribe to the newsletter. After you log out, we store the data in purely statistical and anonymous form. <p/> <p/> <strong>Section 8 Social media and YouTube</strong> <p/> 1. Use of social media plug-ins. <p/> (1) We are currently using the following social media plug-ins: Facebook, Instagram. We use the so-called two-click solution. In other words, when you visit our website, no personal data is initially transferred to the providers of the plug-ins. You can identify the provider of a plug-in by the marking on the box above its initial letter or logo. We provide you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and activate it does the plug-in provider receive the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned under Section 3 of this Data Privacy Statement will be transmitted. In the case of Facebook, the IP address is anonymised immediately after collection according to the respective providers in Germany. By activating the plug-in, personal data will be transmitted by you to the respective plug-in provider and stored there (for US providers, in the USA). Since the plug-in provider collects information particularly through cookies, we recommend that you delete all cookies via the security settings of your browser before clicking on the greyed-out box. <p/> (2) We do not have any influence on the collected data or data processing operations, nor are we aware of the full extent of the data collection, the purposes of processing or the retention periods. We also do not have any information about the deletion of the data collected by the plug-in provider. <p/> (3) The plug-in provider stores the data collected about you as usage profiles and uses this information for the purposes of advertising, market research and/or the demand-driven design its website. Such an evaluation is performed in particular (including for users who are not logged in) for the presentation of demand-driven advertising as well as to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles by contacting the respective plug-in provider. Through the plug-ins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f GDPR. <p/> (4) The data transfer takes place regardless of whether you have an account with the plug-in provider or are logged in there. If you are logged into the plug-in provider, your data which is collected by us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and, for example, if you link the webpage, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, and particularly before activating the button, since this will prevent you from being associated with your profile by the plug-in provider. <p/> (5) Further information about the purpose and extent of the data collection and its processing by the plug-in provider is described in the data privacy statements of these providers. There, you will also find further information about your rights and settings options for the protection of your privacy. <p/> (6) Addresses of the respective plug-in providers and URL with their privacy notices: <p/> a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; <a href="http://www.facebook.com/policy.php">http://www.facebook.com/policy.php</a>; for more information about data collection: <a href="http://www.facebook.com/help/186325668085084">http://www.facebook.com/help/186325668085084</a>, <a href="http://www.facebook.com/about/privacy/your-info-on-other#applications">http://www.facebook.com/about/privacy/your-info-on-other#applications</a> as well as <a href="http://www.facebook.com/about/privacy/your-info#everyoneinfo">http://www.facebook.com/about/privacy/your-info#everyoneinfo</a>. Facebook is subjected to the EU-US Privacy Shield: <a href="https://www.privacyshield.gov/EU-US-Framework">https://www.privacyshield.gov/EU-US-Framework</a>. <p/> b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; <a href="https://twitter.com/privacy">https://twitter.com/privacy</a>. Twitter is subjected to the EU-US Privacy Shield, <a href="https://www.privacyshield.gov/EU-US-Framework">https://www.privacyshield.gov/EU-US-Framework</a>. <p/> 2. Integration of YouTube videos (1) We have integrated YouTube videos into our online offering, which are stored on <a href="http://www.YouTube.com/">http://www.YouTube.com</a> and are directly playable from our website. These are all integrated in the "extended privacy mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos is the data mentioned in paragraph 2 transmitted. We do not have any control over this data transfer. <p/> (2) By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned under Section 3 of this Data Privacy Statement will be transmitted. This happens regardless of whether YouTube provides a user account that you are logged into or whether there is no user account. When you are logged into Google, your data will be assigned directly to your account. If you do not want this assignment to your profile on YouTube to occur, you have to log out before activating the button. YouTube stores your data as usage profiles and uses the data for the purposes of advertising, market research and/or demand-driven design of its website. Such an evaluation is particularly performed (even for users who are not logged in) to provide appropriate advertising as well as to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles by contacting YouTube. <p/> (3) For more information about the purpose and scope of your data collection and processing by YouTube, please refer to the Data Privacy Statement. From there, you will also receive more information about your rights and privacy settings: <a href="https://www.google.de/intl/de/policies/privacy">https://www.google.de/intl/de/policies/privacy</a>. Google also processes your personal information in the USA and has submitted to the EU-US Privacy Shield: <a href="https://www.privacyshield.gov/EU-US-Framework">https://www.privacyshield.gov/EU-US-Framework</a>.