Elona Health GmbH (hereinafter: "we", "us", "our" and "Elona Health") respects your privacy and is committed to protecting your personal data. "Personal data" means any information relating to an identified or identifiable natural person.
You must be 18 years or older to use our services. It is expressly prohibited for minors under the age of 18 to create, register or use an elona therapy account.
PLEASE READ THIS POLICY CAREFULLY BEFORE USING THE APP.
2. important information & about us
elona therapy is a digital health application that supports patients in outpatient psychotherapy in the treatment of mental illness (depression, anxiety/panic disorders, somatoform disorders) by intelligently delivering therapeutic content between regular therapy sessions. With elona therapy, psychotherapists can assign interventions, helpful activities, exercises, and psychoeducational resources that provide patients with information and treatment techniques related to their mental illness and are available beyond the regular therapy session via the elona therapy app. The content is based on current and evidence-based psychotherapeutic treatment methods. Through the use of psychometric questionnaires and exercises, elona therapy adapts the content individually to the needs of each patient. The application is designed to strengthen the patient's active cooperation and participation in outpatient psychotherapy and the integration of therapeutic content into the patient's daily life, thus increasing adherence to outpatient psychotherapy, reducing the patient's symptomatology and improving quality of life.
Elona Health GmbH
(Local court: Düsseldorf HRB 94043)
(hereinafter also referred to as "the Controller").
Elona Health GmbH has appointed a Data Protection Officer ("DPO") who is responsible for overseeing our privacy practices and issues related to this Policy. If you have any questions about this Policy, including requests to exercise your rights (as described below), please contact the DPO using the contact details provided below.
You can find our contact details in the "Contact Information" section.
3. scope of the processing of personal data
We process your personal data only to the extent necessary to provide you with a functional service. Personal data is regularly processed only with the consent of the data subject or on the basis of other legal provisions that permit data processing (for more information, see the section "Legal basis").
Your personal data can be either manually or automatically integrated into the app or collected directly through the app.
Personal data or personal information is any information about a person from which that person can be identified. This does not include data where the identity has been removed (anonymous data).
We may collect, process, store and transfer various types of personal data about you, which we have summarized as follows:
Type of data: Examples of data sets
Identification data: title; first name, last name, IP address; user ID; e-mail address; telephone number (private); licence to practise; name and address of the psychotherapeutic practice; telephone number (business).
Biometric data: Profile picture
Usage data: App session data; settings data
3.1 Special categories of data
We do not collect any special types of personal data about you.
3.2 Aggregated and anonymous data
We also collect, process and share aggregated/anonymous data such as statistical evaluations if you consent to this. The process of anonymization constitutes data processing that requires a legal basis, so we only anonymize your personal data if you give your consent. We use the anonymized data for research purposes and for statistical evaluation.
The anonymized data, in turn, no longer falls within the scope of data protection laws, as it no longer has any personal reference. Anonymous data does not reveal your identity, either directly or indirectly. The resulting aggregated data is to be considered anonymous, as it will not be possible to identify the individuals concerned.
We only process so-called "technical cookies" in our app, which enable us to recognise you as a user each time you access the app. This data is not passed on to third parties.
4) How is your personal data collected?
We use various methods to collect information from and about you, including through:
Direct Interactions. You may provide us with your personal information (including sensitive information) by filling out forms/questionnaires or by contacting us by mail, phone, email or other means. This includes personal information that you provide when you:
- Using our products or services: when you use our services, we may receive or collect information or data about or relating to you, such as usage data or other data.
- Create an account in our app: You must provide login information to use our Services and create an account to access the features of our Services, which may include your nickname and email address.
- Giving us feedback or contacting us: any information you provide to our customer service team, from correspondence you send to us, from any communications you have with us and from any feedback you give us.
Automated Techniques or Interactions. When you interact with our App, we automatically collect technical data about your devices, browsing activities, and behavior patterns. We collect this technical data using cookies and other similar technologies. We may also obtain technical data about you when you visit other websites that use our cookies.
Third Parties. We may receive personal information about you from third parties, such as healthcare professionals associated with your account.
5. processing purposes and legal basis
In the table below you will find a description of all the ways in which we may process your personal data and the legal basis that allows us to do so. For these purposes, we may share your personal data with other parties (see the "Sharing" section for more information).
Providing access to our app and its basic functions for the intended use of the elona therapy digital health app by end users.
Type of data
- Identification data
- Personal data
- Usage data
The processing of personal data is based on your consent (Art. 6 (1) (a) DSGVO), on the necessity for the performance of the contract with you (Art. 6 (1) (b) DSGVO) and on the legitimate interest in the efficient performance of the service (Art. 6 (1) (f) DSGVO).
We are constantly striving to provide the best possible user experience. Therefore, we may use your personal data to analyse, develop and improve technical features and to ensure the security of our services.
Type of data
- Usage data
The processing of personal data is based on our legitimate interest in developing/improving, ensuring the technical functionality and security of our services (Art. 6 (1) (f) DSGVO).
5.1 Other processing purposes
Safety and security
Processing and defense of legal claims
If necessary, we may use your personal data to administer and defend legal claims, e.g. in connection with a dispute or legal proceedings. In such a case, we will process the personal data collected that is necessary for the processing and defense of the legal claim in question. The processing is based on our legitimate interest to process and defend legal claims. Your personal data will be stored for this purpose for as long as is necessary for the processing or defense of the legal claim.
For this purpose, we may also share certain information with other parties as described below.
Fulfillment of legal obligations
Finally, we use your personal data to fulfill legal obligations, e.g. accounting requirements or obligations under data protection laws. In such a case, we will process the collected personal data to the extent necessary to fulfill the respective legal obligation. Your personal data will be stored for as long as necessary to fulfill the respective legal obligations.
5.2 Change of the purpose of processing
We will only process your personal data for the purposes for which we collected it, unless we consider that we need to use it for another purpose and that this purpose is compatible with the original purpose. If you would like an explanation of how processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for another purpose, we will inform you and explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent in compliance with the above rules if required or permitted by law.
6. disclosure of personal data
We will only share your personal information in connection with its original purpose.
In general, we do not share your personal information with third parties unless you have given your consent or unless otherwise stated in this policy.
In certain circumstances, we may disclose or share your personal information with third parties only in the ways described in this policy, including as follows:
- In certain circumstances, we may be required to disclose personal information in response to lawful requests from government authorities, including to meet national security or law enforcement requirements. We may disclose your personal information (i) to a government agency as part of an investigation to determine whether we are complying with applicable laws, rules or regulations (including privacy laws, rules and regulations), (ii) in response to a court order, subpoena, discovery request or other lawful judicial or administrative proceeding, (iii) if otherwise required or permitted by an applicable law, rule or regulation, (iv) in good faith, that we must disclose your personal information, (iv) in good faith to protect or defend the rights or property of Elona Health and other users, and (e) if Elona Health is involved in a merger, acquisition or sale of all or a portion of its assets, you will be notified by email and/or by a prominent notice on our website of any change in ownership or use of your personal information and of the choices you have regarding your personal information;
- Third Party Service Providers: We may use third party service providers to provide certain data processing services to us (acting as our Authorised Data Processors), such as for the development, data storage, operational provision and administration of the elona therapy App. When acting as our authorised data processors, they are obliged to process data only in accordance with our instructions and in compliance with this Policy, and are subject to appropriate confidentiality and security obligations.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only allow them to process your personal data for specific purposes and in accordance with our instructions.
The personal data collected above will also be processed by our employees, who will act on specific instructions regarding the purposes and modalities of such processing.
We may share anonymous, aggregated or general data with third parties. In these cases, however, we do not share information that could be used to identify you personally.
7. international data transmission
We do not transfer your personal data outside the European Economic Area (EEA). Your personal data is stored in Germany.
8. data protection and security
We have implemented adequate security measures to prevent the accidental loss, unauthorized use or access, alteration or disclosure of your personal information. In addition, we restrict access to your personal data to those employees, agents, contractors and other third parties who need it for business reasons. They will process your personal data only on our instructions and are bound to confidentiality.
We have taken reasonable steps to deal with any suspected data breach and will notify you and any relevant supervisory authorities of a breach to the extent we are required to do so by law.
We keep your data safe by using best practices and the highest security standards.
We take various measures to protect your personal information from unauthorized access, use or alteration, and from unlawful destruction or disclosure, such as:
- We use encryption technologies for the transmission and storage of your personal data;
- We restrict access to your personal information on a strict need-to-know basis (e.g., Elona Health employees engaged in non-product related tasks do not have access to health-related information);
- We have physical, electronic and procedural safeguards in place that meet industry standards.
Please note that despite our best efforts, we cannot guarantee that unauthorized access will be prevented, as no method of transmitting or storing information is completely secure.
All data processing is carried out in accordance with the DSGVO.
We endeavor to limit the collection of personal data to that which is directly relevant and necessary to achieve the purposes set out above (data minimization principle)
9. retention period
We delete your personal data as soon as the purpose or legal basis for the storage ceases to apply. This is usually the case when you delete your user account with us.
Your data will also be deleted if you explicitly request us to do so or if you revoke your consent. Uninstalling the app from the respective end device does not necessarily lead to a deletion of your data. You can access your user account again after reinstallation.
Storage may also take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is provided for by legal regulations to which we are subject as the responsible party (e.g. § 257 HGB, § 147 AO). If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
10. your rights
In certain circumstances, you may be entitled to exercise certain rights in relation to your personal data in accordance with data protection legislation. If you wish to exercise your rights, please contact us at: firstname.lastname@example.org
We will endeavor to respond in a timely manner upon receipt of privacy-related communications.
You have the right:
- To obtain access to your personal data: You have the right to request access to your personal data and to request a copy of your personal data held by us. If you have created a user account, you can view certain information directly through our services on your user interface.
- update your personal data: You have the right to request that inaccurate or incomplete personal data be corrected or completed. If you have created a user account, you can update certain information directly in your account.
- delete your personal data (right to be forgotten): You can request that your user account be deleted at any time. You also have the right to request the deletion of your personal data in certain circumstances. However, we may need to retain your personal data if we are required to retain certain data to comply with legal obligations or to administer or defend legal claims.
- Restrict the use of your personal data: You have the right to request the restriction of the use of your personal data under certain circumstances. If you have requested the restriction of the use of your personal data, please note that you will not be able to use the App during the period in which the use of your personal data is restricted.
- To object to the use of your personal data: The processing of certain personal data is based on our legitimate interest or the legitimate interest of others. You have the right to object to the use of your personal data based on a legitimate interest on personal grounds. In such a case, we will stop using your personal data if the use is based on a legitimate interest, unless we can demonstrate that the interest in processing the data outweighs your personal data protection interest or that the use of your personal data is necessary to administer or defend legal claims.
- The right not to be subject to a decision based solely on automated decision making: You have the right not to be subject to such automated decision making about you unless: (a) you have given us your explicit consent to use your personal data for our automated decision making; (b) we are legally authorised to carry out our automated decision making; or (c) our automated decision making was necessary for us to enter into a contract with you.
- Transfer your personal data (data portability): You have the right to receive a copy of certain information you have provided to us in a structured, machine-readable format that allows you to transfer the data to another recipient.
- Revoke your consent at any time: If the processing of your personal data is based on your consent, you have the right to revoke your express consent at any time. However, this does not affect the lawfulness of the processing that took place before you withdrew your consent. If you withdraw your consent, we may no longer be able to provide you with certain products or services. We will inform you when you revoke your consent.
In order to ensure your right to access your personal data (or exercise your other rights), we may require certain information from you to confirm your identity. This is a security measure to prevent personal data from being disclosed to people who do not have the right to receive it. We may also contact you to ask for more information related to your request so that we can respond more quickly.
We make every effort to respond to all legitimate inquiries in a timely manner. If your request is particularly complex or you have made multiple requests, it may take longer to process. In this case, we will notify you and keep you informed.
11. responsible body and contact information
Full name of the company: Elona Health GmbH
E-mail address (data protection): email@example.com
Data Protection Officer: Laura Sophie Everding, firstname.lastname@example.org
E-mail address (general): email@example.com
Postal address: Schirmerstraße 61, 40211 Düsseldorf, Germany (Registry Court: Düsseldorf HRB 94043)
This version was last updated on 27 November 2022.