Privacy Policy - Virtual Waiting Room

Last update on 31/05/2022

1. Contact information

Responsible body in terms of data protection law

mementor DE GmbH
Karl-Heine-Straße 15
04229 Leipzig
Germany
info@mementor.de

Contact details of the data protection officer

Paul Schmude
Karl-Heine-Straße 15
04229 Leipzig
Deutschland
paul.schmude@mementor.de

2. Scope of application

Users receive with this privacy policy information about the type, scope and purpose of the collection and use of their data by the responsible provider.

This privacy policy is valid for the creation of a new account up to the entry of a DiGA code. Starting with the processing of the DiGA code, a different privacy policy is applicable.

2. Scope of application

Users receive with this privacy policy information about the type, scope and purpose of the collection and use of their data by the responsible provider.

This privacy policy is valid for the creation of a new account up to the entry of a DiGA code. Starting with the processing of the DiGA code, a different privacy policy is applicable.

3. Collection of general information

Each time you use somnio, a connection is established with the somnio server. Information is collected automatically.

Thereby the

  • IP address and

  • information about the device you are using

will be collected. Without this data, it would not be technically possible to use somnio. In this respect, the collection of the data is mandatory. In addition, we use the anonymized information for statistical purposes. They help us to optimize the offer and the technology. We also reserve the right to subsequently check the log files if we suspect illegal use of our offer. The legal basis for the temporary storage of the data or the log files is Art. 6 para. 1 lit. f GDPR, whereby the legitimate interest follows from the aforementioned purposes.

Deletion of the data, in particular the log files, takes place at regular intervals.

4. Registration

All data is stored and processed on servers in Germany by European providers. The operator of our servers is certified according to ISO 27001, and corresponding order data processing contracts are in place.

If a registration is made via the website http://www.somn.io or the health application somnio, the following personal data will be processed by mementor as part of the registration process:

  • E-mail address

The basis for the processing is your consent to our terms of use, our privacy policy and that you have read the exclusion criteria.

Registration allows access to services and content that are only available to registered users.

In this case, the processing of your data is based on your consent pursuant to Art. 6 para.1 p. 1 lit. a GDPR.

Deletion takes place after 12 months of inactivity, in which case you will receive a notice by e-mail 30 days before deletion.

5. Use of tracking data

For a better evaluation of marketing measures, we use so-called UTM parameters. These are additions in the called URL, which allow us to track from where the link was clicked. The parameters are defined and controlled by us. The parameters are:

  • medium: This parameter describes the medium in which the link is embedded. Examples: Email, social media or website

  • source: with this UTM parameter we define the source of the link. This can be newsletters, websites, apps or social media channels

  • campaign: this type of UTM parameter is used to identify the actual campaigns. For example, if we send a newsletter to you every month, the individual newsletters can be evaluated separately

  • term: keywords, so that the link can be identified better

  • content: within a campaign, we insert different elements to be tracked in order to identify them uniquely and evaluate them separately. Examples: Button, image or video.

These parameters are automatically collected when you visit the page and stored pseudonymously. We use our own tools for this and no third-party provider, so all data remains with us. The data is not passed on to third parties.

The processing is based on Art. 6 para. 1 p. 1 lit. f GDPR, our legitimate interest is that we want to know how successful marketing measures have been.

6. Contacting and support

If you contact mementor by e-mail or form, the information you provide (in particular your e-mail address) will be stored in order to answer your inquiry and to be able to ask possible follow-up questions.

In this case, the processing of your data is based on your (implied) consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR.

7. Cookies

somnio uses so-called cookies. These are text files that are stored on your device from the server. Cookies are used in somnio to store session data after logging into the program. We would like to point out that this may be associated with certain risks. To ensure that your session cannot be hijacked by third parties, we recommend that you log out after each use of somnio.

8. Your rights

In the following, you will find information on the rights of data subjects that the applicable data protection law grants you regarding the person responsible for processing your personal data:

a) The right to request information about your personal data processed by us in accordance with Art. 15 of GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, cancellation, restriction of processing or opposition, the existence of a right to appeal, the origin of your data, if not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on the details of such data.

b) The right, in accordance with Art. 16 GDPR, to demand without delay the correction of incorrect or incomplete personal data stored by us.

c) The right, in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

d) The right to demand, in accordance with Art. 18 GDPR, the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, if the processing is unlawful but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or if you have lodged an objection to the processing in accordance with Art. 21 GDPR.

e) The right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided us with in a structured, commonplace and machine-readable format or to request data transfer to another responsible party.

f) The right to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office mentioned above or, if applicable, that of your usual place of residence or work.

g) Right to revoke consent granted in accordance with Art. 7 (3) GDPR: You have the right to revoke at any time with future effect any consent you have given to the processing of data. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

h) If your personal data are processed by us on the basis of legitimate interests pursuant to the first sentence of Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the need to indicate a special situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to support@mementor.de.

9. Amendment of our privacy policy

In order to ensure that our data protection declaration always complies with the current legal requirements, mementor reserves the right to make changes at any time. This also applies in the event that the data protection declaration has to be adapted due to new or revised services, for example new services.