Use of our mobile app

Section 1 Information about the collection of personal data

(1) In addition to our online offer, we provide you with the mobile app Hyperience®, which you can download to your mobile end device. Below, we will be informing you about the collection of personal data when using our mobile app. Personal data is all data that is personally available to you, e.g. name, address, e-mail addresses, user behaviour.

(2) Responsible pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is Medisana GmbH, Carl-Schurz-Str. 2, 41460 Neuss, info@medisana.de, www.medisana.de (see our legal notice). Our Data Protection Officer can be reached at datenschutz.ne@medisana.de or our postal address with the addition "Der Datenschutzbeauftragte".

(3) When you contact us by e-mail or through a contact form, your e-mail address and (if provided) your name and telephone number will be stored by us so that we can answer your questions. We either delete the data that arises in this context after the storage is no longer required or limit the processing of this data if statutory retention requirements apply in this regard.

(4) If we rely on commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective procedures. In doing so, we will also inform you of the specified criteria for the duration of storage.

Section 2 Your rights

(1) With respect to your personal data, you have the following rights in your relationship with us:

• the right to information,
• the right to rectification or deletion,
• the right to restriction of the processing,
• the right to object to the processing,
• the right to data portability.

(2) You also have the right to complain to a data protection supervisory authority regarding our processing of your personal data.

Section 3 Collection of personal data when using our mobile app

(1) When downloading the mobile app, the required information is transferred to the App Store, in particular the user name, e-mail address and customer number of your account, the time of download, payment information as well as the individual device code. We do not have any influence over this data transfer and are not responsible for it. We only process the data as far as is necessary for the mobile app to be downloaded to your mobile end device.

(2) When using the mobile app, we collect the personal data described below in order to enable the convenient use of the features. If you wish to use our mobile app, we collect the following data that is technically necessary for us to offer you the features of our mobile app as well as to ensure stability and security (the respective legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific webpage)
• Access status/HTTP status code
• Respectively transmitted amount of data
• Operating system and its interface.

(3) The mobile app Hyperience® does not use cookies.

Section 4 Supplementary information for special uses of the mobile app

(1) Use of your personal data

1. The app Hyperience® offers you the opportunity to download and use VR (Virtual Reality) content.
   
   In order to access the login area of the app and to be able to use this option, you have to register yourself by entering your e-mail address as well as your own password and to create a user account.
   
   For registration and log in we use a service named Auth0 (auth0.com). The Terms of Use and Privacy Policy for Auth0 can be found at:
   
   Terms Of Use: https://auth0.com/web-terms
   
   Privacy Policy: https://auth0.com/privacy
   
   When you use the Hyperience app, we collect and store the following data after you have provided your prior consent, which you either provide directly or generate by using Hyperience®:

• Date of birth
• Gender
• Height
• Information regarding downloaded and used VR content
• Information regarding content and subscriptions purchased through the Hyperience App (In App Purchases)

If you do not grant permission to use the aforementioned data, we will not use it. In that case, you will not be able to use the features of our app. You may grant or revoke your permission later in the settings of the app or operating system under "Personal Settings."

1. If you allow access to this information, the mobile app will only access your information and transfer it to our server if it is necessary for the provision of the functionality. Your data will be treated confidentially and deleted if you revoke the rights to use or if the data is no longer required in order to provide the services and no legal retention requirements apply.
   
   The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR and for the processing of health data Art. 9 para. 1, 2 a) GDPR.

(2) Collection of your location data, geolocation

1. Our offer includes so-called location based services, by means of which we offer you special offers that are tailored to your particular location. You can only use these functions after you have agreed via a pop-up that we can collect your location data by means of GPS and your IP address in anonymous form for the purposes of providing services.
   
   A so-called geo-localization, i.e. the assignment of a usage process to the place of the call, takes place exclusively on the basis of the anonymised IP address and only up to the geographical level of the federal states/regions. The geographic information obtained in this way can never be used to draw conclusions about the actual place of residence of the user.
   
   You can always allow or revoke the function in the settings of the app or of your operating system under "Settings". Your location will only be transferred to us if, when using the app, you use features that we can only offer you when your location is known.
   
   In particular this affects the use of wireless transmission technologies (Bluetooth LE) on the Android operating system, where location permissions are required by the manufacturer of the operating system.
   
   
2. Your location data will not be used to create motion profiles beyond your current location.

(3) Forum and support via Zendesk

To handle customer inquiries, we use the Zendesk ticket system, a customer service platform of Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102. For this purpose, necessary data such as your last name, first name, postal address, telephone number and e-mail address is collected via our app in order to respond to the informational needs of our users.

Zendesk is a certified participant in the "Privacy Shield Framework" and therefore meets the minimum requirements for legally compliant order data processing.

For more information about Zendesk's computing practices, please see Zendesk's Data Privacy Statement at http://www.zendesk.com/company/privacy. The Privacy Officer of Zendesk can be contacted at privacy@zendesk.com.

If you contact us by e-mail or via the form in the app, we will only use the personal information you submit in order to process the specific request. The provided data will be treated confidentially. The provided data as well as the message history with our service desk are stored for the sake of follow-up questions and subsequent contact. The processing of the data entered into the contact form is based upon your consent (Art. 6 para. 1 a GDPR).