Privacy policy

for the following websites

Last adjustment on 31.12.2023

1. Contact information

Responsible body within the meaning of data protection law

mementor DE GmbH
Karl-Heine-Strasse 15
04229 Leipzig

Contact details of the data protection officer

Paul Schmude
mementor DE GmbH
Karl-Heine-Strasse 15
04229 Leipzig

2. Scope

This privacy policy provides users with information about the nature, scope and purpose of the collection and use of their data by the responsible provider, with the exception of the use of digital health applications. You will find separate privacy statements for each of these

3. Collection of general information

With each access to this offer, mementor or the web space provider automatically collects information. This information, also known as server log files, is of a general nature and does not allow any conclusions to be drawn about you personally.

This includes, among other things: name of the website, file or subpage, date, amount of data, web browser and web browser version, operating system, the domain name of your internet provider, the so-called referrer URL (the page from which you accessed our offer).

Without this data, it would be technically impossible to deliver and display the contents of the website. In this respect, the collection of the data is absolutely necessary. In addition, we use the anonymous information for statistical purposes. They help us to optimize the offer and the technology. We also reserve the right to retrospectively check the log files if we suspect an illegal use of our offer. The legal basis for the temporary storage of the data or log files is Art. 6 para. 1 lit. f DSGVO.

4. Services offered on the website

4.1 Use of digital health applications

You have the opportunity to use digital health applications via our website. Separate privacy statements are valid for each of these, which you can view during registration or from the main screen of the application.

4.2 Contact and support

If you contact mementor by e-mail, form or telephone, the information you provide (in particular your e-mail address or telephone number) will be stored in order to answer your inquiry and to be able to ask possible follow-up questions. Your data will be stored as long as necessary for processing.

In this case, your data will be processed on the basis of your (inconsistent) consent pursuant to Art. 6 para. 1 S. 1 lit. f DSGVO.

4.3 Sending information to medical and psychotherapeutic professionals

In order to inform and clarify our offer, we send information material by post to medical and psychotherapeutic specialists (e.g. sleep laboratories, doctors and psychotherapists). mementor has a legitimate interest in marketing and providing information about the regulation and the use of our products. For shipping, the address is taken from publicly available sources. If you have any objections to the shipment, you can assert them either via support or in writing, in which case we will remove you from our mailing list.

The legal basis for this is Art. 6 para. 1 S. 1 lit. f DSGVO.

4.4 Use of data for sending flyers and test accesses

As a specialist, you have the opportunity to order test access and flyers for distribution to your patients. For this purpose, we need your address for sending the flyers or your e-mail address for sending the test access, as well as your contact details for feedback and any questions. The basis for the dispatch is your consent to data processing, which you can revoke at any time and without giving reasons.

The legal basis for this is Art. 6 para. 1 S. 1 lit. a DSGVO.

4.5 Sending postcards

You have the option of having a postcard sent to you with instructions on the regulation process. We need your address to send the postcard. Your data transmitted in this way will only be stored for the duration of the transmission and will not be used for any further purposes.

The legal basis for this is Art. 6 Abs. 1 S. 1 lit. b DSGVO.

4.6 Application

If you would like to apply to us, you have the opportunity to do so via our website We use the software personio, provided by the company

personio GmbH Rundfunkplatz 4 80335 München Germany.

With the help of this software, applications are forwarded directly to us. There is a contract for order data processing with personio. Alternatively, applications can also be sent directly to The processing of your data provided during the application process is absolutely necessary for the implementation of the application process.

The legal basis for this is Art. 88 para. 1 DSGVO i.V.m. § 26 BDSG.

4.7 Sending newsletters

We use Pipedrive to send newsletters, offered by the company

Pipedrive OÜ, Paldiski mnt 80, Tallinn 10617, Estonia.

The basis for sending the regular newsletter is your consent, you have the option to revoke the consent at any time and without giving reasons.

The legal basis for this is Art. 6 para. 1 S. 1 lit. a DSGVO.

4.8 Cashing in health insurance prescriptions (prescription concierge)

We offer you the possibility to upload your prescription with some additional information so that we can submit it to your health insurance for you. The offer is voluntary and is made only on the basis of your consent, which you can revoke at any time after granting and without giving reasons. The following information is necessary for the implementation:

  • Name, first name,

  • E-mail address,

  • postal address,

  • Health Insurance,

  • Image of the cash register prescription.

Optionally, the phone number can also be specified to clarify any queries more quickly.

The data will be stored on a server hosted in Germany by us until the DiGA code is redeemed, but for a maximum of 30 days. We check the completeness of the data and then forward it to the appropriate health insurance company.

The legal basis for this is Art. 6 para. 1 S. 1 lit. a DSGVO und Art. 9 Abs. 2 S. 1 lit. a DSGVO.

5. Cookies and external services

5.1 Social networks

We have online presences on the social media platforms of the following providers:

a) Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland; Datenschutzerklärung:
b) YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Datenschutzerklärung:
c) LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Datenschutzerklärung:
d) XING SE, Dammtorstraße 29-32, 20354 Hamburg, Deutschland; Datenschutzerklärung:
e) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA,

As a rule, personal data is processed on the company page in the respective social network for market research and advertising purposes. For this purpose, a cookie is set in your browser, which enables the respective provider to recognize you when you visit a website. Using the collected data, user profiles can be created. These are used to display advertisements within and outside the Platform that are believed to be relevant to your interests. Furthermore, data can also be stored in the usage profiles regardless of the devices you use. This is regularly the case if you are a member of the respective platforms and are logged in to them. The setting of the cookie can only be based on a consent acc. Art. 6 Abs. 1 S. 1 lit. a DSGVO.

We ourselves collect personal data if you contact us, for example, via the contact form or via a messenger service, such as Facebook Messenger. What data is collected depends on your details and the contact details you provide or share.

These are stored by us for the purpose of processing the request and in case of follow-up questions. Under no circumstances will we pass on the data to third parties without your consent. The legal basis for the processing of the data is our legitimate interest in answering your request pursuant to Art. 6 Abs. 1 S. 1 lit. a DSGVO and, if applicable, Art. 6 Abs. 1 S. 1 lit. a DSGVO, if your request is aimed at the conclusion of a contract.

Your data will be deleted after the final processing of your request, unless there are statutory retention obligations to the contrary. We assume a final treatment if it can be inferred from the circumstances that the matter in question has been finally clarified.

If your contact via a social network or other platform aims at the conclusion of a contract for the delivery of goods or the provision of services, for example the sending of a whitepaper, with us, we process your data for the fulfillment of the contract or for the implementation of pre-contractual measures or for the provision of the requested services. The legal basis for the processing of your data in this case is Art. 6 Abs. 1 S. 1 lit. a DSGVO. Your data will be deleted if they are no longer necessary for the execution of the contract or if it is established that the pre-contractual measures do not lead to a conclusion of a contract corresponding to the purpose of establishing contact. Please note, however, that even after the conclusion of the contract, it may be necessary to store personal data of our contractual partners in order to comply with contractual or legal obligations.

If you are asked by the respective providers of the platforms for consent to processing for a specific purpose, for example, to register for a newsletter, the legal basis for the processing is Art. 6 para. 1 lit. a., Art. 7 GDPR.

We embed videos from YouTube on our website, these are hidden and can only be viewed by clicking on the “Load Video” button. The privacy policy of YouTube, which is linked above the button, then applies.

Please note that by using the social media platforms, data processing may take place outside the EU and the European Economic Area, so that the European level of data protection cannot be guaranteed. This means that providers based in the EU may transfer your data to the USA for further processing. The processing of your personal data in social networks or platforms, including the transfer of your personal data to the operator of the platform in the USA, takes place on the basis of your (inconsistent) consent pursuant to Art. Art. 6 para. 1 sentence 1 lit. a and Art. 49 para. 1 sentence 1 lit. a GDPR.

mementor expressly points out that in the case of an insecure third country (USA), there is no guarantee that the processing of your personal data will comply with the data protection requirements of the General Data Protection Regulation. In particular, due to legal requirements in the respective third country, the operator may be forced to disclose your personal data to authorities and other government agencies

We have no influence on the processing and handling of your personal data by the respective providers. Nor do we have any information on this. For further information, please check the privacy statements of the respective providers already stated above.

5.2 Pipedrive

We use Pipedrive, offered by the company

Pipedrive OÜ, Paldiski mnt 80, Tallinn 10617, Estonia

as our customer relationship management tool (“CRM tool”) for processing and storing contact data. When contacting us (via the contact form), the user data is collected and processed in Pipedrive. Pipedrive allows us to process and respond to requests and messages faster. For this purpose, data is transmitted to Pipedrive and stored on Pipedrive servers.

We use the Pipedrive CRM system of the provider Pipedrive OÜ on the basis of our legitimate interests (efficient and fast processing of user enquiries, existing customer management, new customer business). An order data processing contract has been concluded with Pipedrive. The privacy policy of Pipedrive can be found here:

The legal basis for the use of Pipedrive is Art. 6 para. 1 lit. f. GDPR, our legitimate interest is in the fast and effective processing of contact requests and the organization of our CRM.

Further information on privacy at Pipedrive can also be found at:

5.3 Calendly

For the organization of our online seminars we use the company's Calendly

Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, United States.

Your data from the form will be transferred to my appointment account at Calendly after pressing the “Book an appointment” button. You will then receive a confirmation email with a link to the event.

Your data will be stored at Calendly until the purpose for which the data was stored no longer applies (date of completion) or you request us to delete it.

A “Data Processing Addendum” has been completed with Calendly. The latter obliges Calendly to protect the personal data collected by us and to process the data only in accordance with its data protection provisions on our behalf. Calendly undertakes not to disclose its data to third parties.

The legal basis for the use of Calendly is Art. 6 para. 1 lit. f., our legitimate interest lies in the effective organisation of our seminar dates.

For more information on data protection at Calendly, please visit .

5.4 Zoom

To conduct our online seminars, we use Zoom, provided by the

ZOOM Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113.

During a zoom meeting, the following data is collected:

video data (if your camera is used),

audio data (if your microphone is used),

Text data (if you use the chat function),

phone number (if you dial in by phone),

Information about the user:

Name of your choice,

IP address,

additional information in your Zoom account (if you have one).

In order to carry out the seminars, Zoom must necessarily obtain knowledge of these data, insofar as this is provided for in the contract data processing agreement. We don't record the seminars.

The legal basis for the use of Zoom is Art. 6 para. 1 lit. f., our legitimate interest lies in the realization of our seminar dates.

Further information on data protection at Zoom can be found at

5.5 Google Maps

We use the Google Maps service, provided by

Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

to display maps. The following data is automatically transmitted to Google when the map is displayed

  • IP address

  • Location data, if applicable

  • Search terms, if applicable

The transmission of the IP address is necessary for the function of the service. Location data is transmitted if your browser allows this. This is for your orientation and allows you to see your own location on the map. Any search terms you enter are transmitted and processed accordingly.

Data may be transferred to Google's servers in the USA.

The legal basis for the use of Google Meet is Art. 6 para. 1 lit. a). Google is certified in accordance with the Data Privacy Framework, which means that the EU has issued an adequacy decision for the transfer of data to the USA. You give your consent to the processing in the cookie banner. You can withdraw your consent at any time.

Further information on data protection at Google Meet can be found at Data Privacy Google Maps.

5.6 Google Meet

We use Google Meet services, provided by

Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

in order to be able to conduct meetings online. During such a meeting, the following data is processed:

Registration data

  • Registration data

    • name,

    • e-mail address,

    • telephone (if connected via telephone),

    • password,

  • Meeting data,

    • subject,

    • participant IP address,

    • device information,

    • video and audio data (if camera or microphone are being used),

    • text data (if you are using the chat function).

Google are required to obtain knowledge of this data in order to conduct the seminars, as far as provided for in the data processing agreement. We do not record the seminars.

A transfer of data to Google's servers in the USA may occur.

The legal basis for the use of Google Meet is Art. 6 para. 1 lit. f., our legitimate interest is the effective organization and implementation of online meetings.

Further information on data protection at Google Meet can be found at

5.7 Google Analytics

If you have given your consent, Google Analytics 4, a web analysis service of Google LLC, is used on this website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Nature and purpose of processing

We use Google Analytics 4 without the User ID and Google Signals functions.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.during your website visit, your user behavior is recorded in the form of "events". Events can be

  • Page views

  • First visit to the website

  • Start of the session

  • Websites visited

  • Your "click path", interaction with the website

  • Scrolls (whenever a user scrolls to the end of the page (90%))

  • Clicks on external links

  • Internal search queries

  • Interaction with videos

  • file downloads

  • Viewed / clicked ads

  • language setting

Also recorded:

  • Your approximate location (region)

  • Date and time of your visit

  • Your IP address (in abbreviated form)

  • Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)

  • your internet provider

  • the referrer URL (via which website/advertising medium you came to this website)

Purposes of processing

On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website.


Recipients of the data are/may be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)

  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Third country transfer

For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.

Storage period

The data sent by us and linked to cookies is automatically deleted after 14 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.

Legal basis

Legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 sentence 1 TTDSG.


You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by

a. Not giving your consent to the setting of cookies orb. Downloading and installing the browser add-on to deactivate Google Analytics HERE.

You can find more information on the terms of use of Google Analytics and on data protection at Google at and at

5.8 Microsoft Clarity

We use Microsoft Clarity from Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland to compile statistics and analyze user behavior. In order to improve the website, we examine the behavior of users on the website, which areas are visited for long periods of time and what the click behavior is like. The following data is processed:

  • IP address

  • Visited website/subpages

  • Date/time of access to the website

  • Clicks, scrolls, mouse movements

This data is only made available to us by Microsoft in anonymized form. A transfer outside the EU, especially to the USA, cannot be ruled out. Collected data is stored for a maximum of 3 months, the cookie set is automatically deleted after 1 year.

You consent to the use of Microsoft Clarity and the setting of a cookie as part of the cookie banner. The legal basis for the processing is Art. 6 (1) a) GDPR; you can withdraw your consent at any time.

Further information on data protection at Microsoft can be found at

5.9 Typeform

We use Typeform from the company TYPEFORM SL, Carrer de Pallars 108 (Aticco), 08018 Barcelona Spain to design our contact form and feedback forms.

When you use the contact form, your e-mail address, the content of your message and your name are transmitted to Typeform. The processing and transmission of data via the contact form only takes place if you accept the data protection provisions. The legal basis in this case is Art. 6 (1) lit. a) GDPR.

When using the feedback form, connection data in the form of IP address, time stamp and browser information is transmitted. The legal basis for this is Art. 6 (1) lit. a) GDPR; the legitimate interest lies in the secure and functioning operation of the website.

In any case, your data will only be stored for as long as is absolutely necessary for processing.

5.10 Cookies

mementor uses so-called cookies. These are text files that are stored on your computer by the server. They contain information about the browser, the IP address, the operating system and the Internet connection. This data is not passed on to third parties by mementor or linked to personal data without your consent.

Cookies fulfill two main tasks. They help mementor to make it easier for you to navigate through our website and enable the website and the program to be displayed correctly. They are not used to introduce viruses or launch programs.

Users have the option of accessing our website without cookies. To do this, the corresponding settings must be changed in the browser. Please use your browser's help function to find out how to deactivate cookies. The websites (USA) and (Europe) allow you to manage online advertising cookies.

5.9 Google Ads and Microsoft Ads

We use Microsoft Advertising from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA and Google Ads from Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043 to place ads on other websites and for remarketing. With remarketing, you are shown ads about our products on other sites after visiting our site. Hierzu wird in Ihrem Browser ein Cookie gesetzt, welches es dem jeweiligen Anbieter ermöglicht, Sie wiederzuerkennen, wenn Sie eine Webseite besuchen. Mittels der gesammelten Daten können Nutzungsprofile erstellt werden. Diese werden dazu verwendet, innerhalb und außerhalb der Plattform Werbeanzeigen, die mutmaßlich Ihren Interessen entsprechen, zu schalten. Ferner können in den Nutzungsprofilen auch Daten unabhängig der von Ihnen verwendeten Geräte gespeichert werden. Dies ist regelmäßig der Fall, wenn Sie ein Mitglied der jeweiligen Plattformen und bei dieser eingeloggt sind. Die Setzung des Cookies kann nur auf Basis einer Einwilligung gem. Art. 6 Abs. 1 S. 1 lit. a DSGVO erfolgen.

For more information on cookies and how to disable cookies in general, see Section 5.8.

6: Storage duration

Unless otherwise stated, mementor only stores personal data for as long as it is necessary to fulfill contractual or legal obligations. After that time, personal data will be deleted, unless we need the data until the end of the statutory limitation period for the purpose of providing evidence for civil law claims or due to statutory retention obligations.

Irrespective of the storage period, you have the option of triggering the deletion of the data at any time, provided that there are no legal storage obligations to the contrary.

7. Your rights

In the following, you will find information on the rights of data subjects that the applicable data protection law grants you regarding the person responsible for processing your personal data:

a) The right to request information about your personal data processed by us in accordance with Art. 15 of GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, cancellation, restriction of processing or opposition, the existence of a right to appeal, the origin of your data, if not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on the details of such data.

b) The right, in accordance with Art. 16 GDPR, to demand without delay the correction of incorrect or incomplete personal data stored by us.

c) The right, in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

d) The right to demand, in accordance with Art. 18 GDPR, the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, if the processing is unlawful but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or if you have lodged an objection to the processing in accordance with Art. 21 GDPR.

e) The right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided us with in a structured, commonplace and machine-readable format or to request data transfer to another responsible party. In the profile, you can export all your stored data in a machine-readable format. You also have the option of giving a clinical specialist (doctor / psychotherapist) access to an evaluation report. The report contains data from your sleep journal as well as data on your progress in the sleep training. The access cannot be triggered by the clinical professional himself, but only by an action from your profile in the application. Any access is only possible by explicit authorisation from you.

f) The right to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office mentioned above or, if applicable, that of your usual place of residence or work.

g) Right to revoke consent granted in accordance with Art. 7 (3) GDPR: You have the right to revoke at any time with future effect any consent you have given to the processing of data. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

h) If your personal data are processed by us on the basis of legitimate interests pursuant to the first sentence of Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the need to indicate a special situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to

8. Information on joint responsibility according to Art 26 par. Art. 2 GDPR

DiGA info GmbH & Co. KG and the app developers aidhere GmbH, mementor DE GmbH, Selfapy GmbH and ViViRA Health Lab GmbH work closely together in the context of the coordination of communication with medical practices regarding the distribution of the developers digital health applications. This includes the processing of your personal data. The following data will be collected and processed by the companies mentioned above

  • Contact details (esp. first and last names, addresses, e-mail addresses and telephone numbers of physicians);

  • Information on correspondence with physicians, addresses by letter and telephone from physicians, trial accounts for physicians;

  • Information on correspondence and participation concerning webinars and training for physicians.

  • Informationen zum Versand von Infomaterial/-paketen an Ärzte;

  • Information on correspondence with physicians in the context of trade fairs and congresses and information on their participation;

  • Customer data (esp. user profiles, addresses and order histories) and prescription history.

We have therefore concluded a joint responsibility agreement with the above-mentioned parties regarding the processing of your data in accordance with Art. 26 We have therefore concluded a joint responsibility agreement with the above-mentioned parties with regard to the processing of your data in accordance with Art. 26 GDPR. The agreement stipulates, among other things:

As part of their joint responsibility under the data protection law, the above mentioned parties have agreed which of them fulfills which obligations according to the. GDPR. This concerns in particular exercising the rights of the persons concerned and the fulfillment of the information obligations pursuant to Articles 13 and 14 of the GDPR.

The parties have agreed independently to store data concerning communication with physicians in their own systems. To make the communication more effective, the relevant contacts of the concerned parties are shared at regular intervals with DiGA info, which compares them with the data in its own system and updates it if necessary. Based on the updated information, DiGA info informs the other parties about past or future exchange with physicians.

Data subjects can exercise their data subject rights against each of the parties pursuant to Art. 15 et seq. GDPR. The parties will either respond themselves or forward the request to the competent party of the joint responsibility agreement.

You can find more information on the involved parties by clicking on the following links:

9. Change of our privacy policy

In order to ensure that our data protection declaration always complies with the current legal requirements, mementor reserves the right to make changes at any time. This also applies in the event that the data protection declaration has to be adapted due to new or revised services, for example new services.