As a manufacturer of medical devices in the psychotherapeutic environment, we bear a special responsibility when it comes to data protection and information security.
elona therapy (Klasse I, MDD) und elona explore (Klasse I, MDR) sind CE-gekennzeichnete Medizinprodukte.
Elona Health is certified as a manufacturer of medical devices and digital solutions according to ISO 27001 by TÜV Süd.
Elona Health complies with the highest European data protection standards for health data in accordance with the GDPR.
elona therapy is a CE-marked class I medical device according to the MDD.
Elona Health is certified according to ISO EN 27001 by TÜV Süd. Our solutions meet the highest standards of the GDPR.
Elona Health meets the highest European data protection standards for health data.
Certified medical devices
Die Vertrauenswürdigkeit und Zuverlässigkeit unserer Produkte hat für uns höchste Priorität. Wir halten uns daher an EU-weite Standards und Vorschriften wie der Medical Device Regulation (MDR). elona therapy (Klasse I, MDD) und elona explore (Klasse I, MDR) sind als Medizinprodukte gekennzeichnet und im Rahmen der Konformitätsprüfung wurden die Sicherheit und Leistungsfähigkeit der Produkte geprüft.
Darüber hinaus führen wir regelmäßig Prüfungen und Bewertungen unserer Produkte im Rahmen der Post-Market Surveillance durch, bei der wir neueste Informationen aus der Fachliteratur, aus Sicherheitsdaten, aus eigenen klinischen Studien oder aus Nutzerrückmeldungen mit in die Entwicklung und Konformitätsprüfung einfließen lassen.
Health data are a valuable asset - especially when it comes to our mental health. We are committed to your personal data and believe that the sovereignty over your data should always be with you. Your personal data is immediately pseudonymized and encrypted on all products to ensure the highest possible data security. You always remain in full control.
Elona Health does not share your data with third parties at any time. If you choose to share your data, only your therapist can access certain information that is relevant to your treatment. The data is stored on servers in Germany that are specially secured for health data. No data is left unencrypted on your individual terminal device.
Our products are developed according to the principle of "privacy by design/default". This means that we always implement privacy-friendly technology design, data minimisation and organisational protection measures.
We only use proven methods (TLS, AES 128-bit encryption) for data transmission. The data is stored in ISO 27001, ISO 27701, BSI C5 and HIPPA certified data centres.
We separate user data from health information. Each type of data is stored separately on servers within the EU.
The audit trail ensures that every action on your data is thoroughly tracked and time-stamped to provide solid evidence of access, verification and signature.
Upon request, we can delete all personal data from our systems. However, data that is subject to a legal hold can only be deleted once the legal hold process has been completed.
To request data deletion, please contact our support team.
An excerpt from our safety programme
External experts and internal experts regularly check our processes and safety measures. This ensures that we comply with the relevant regulations and standards at all times.
We conduct regular risk analyses in which we assess potential security risks and proactively initiate measures to avert damage.
We regularly try to penetrate our own security architecture (e.g. through so-called penetration tests) in order to identify and remedy vulnerabilities.
Information security affects every team member. Therefore, we regularly conduct training and awareness-raising sessions with our employees.
Our partners and suppliers undergo an extensive safety check and commit to additional safety measures if required. We conduct a review of our partners at least once a year.
We are not satisfied with the status quo, but always follow the latest security standards and best practices.
IT & Information Security Manager
Data Protection Officer
Regulatory Affairs Manager, Manager für IT- & Informationssicherheit