Privacy Policy

Last update on 12.02.2021

1. Contact information

Responsible body in terms of data protection law

mementor DE GmbH
Jahnallee 14
04109 Leipzig
Germany
info@mementor.de

Contact details of the data protection officer

Paul Schmude
Jahnallee 14
04109 Leipzig
Deutschland
paul.schmude@mementor.de

2. Scope of application

Users receive with this privacy policy information about the type, scope and purpose of the collection and use of their data by the responsible provider.

3. Collection of general information

With each access to this offer, information is automatically collected by mementor or the web space provider. This information, also known as server log files, is of a general nature and does not allow any conclusions about your person.

Among other things, the following information is recorded: Name of the website, if applicable, file or subpage, date, amount of data, web browser and web browser version, operating system, the domain name of your internet provider, the so-called referrer URL (the page from which you accessed our offer).

Without this data, it would be technically impossible to deliver and display all of the content of the website. In this respect, the collection of data is necessary. Furthermore, we use the anonymous information for statistical purposes. They help us to optimise our offer and technology. We also reserve the right to subsequently check the log files if we suspect an illegal use of our offer. The legal basis for the temporary storage of the data or log files is Art. 5 (1) lit. f GDPR.

4. Use of digital health applications

You have the option to use digital health applications via our website. Separate privacy policies are effective for each of these, which you can view during registration or from the main screen of the application.

5. Contact and support

If you contact mementor by e-mail or contact form, the information you provide (especially your e-mail address) will be stored in order to answer your inquiry and to be able to ask possible follow-up questions.

In this case, your data will be processed on the basis of your (implied) consent in accordance with the first sentence of Art. 6 (1) lit. a GDPR.

6. Use of the data in social networks

If you interact with mementor via social networks (YouTube, Linked.in, Xing, Facebook) (e.g. communication, or liking a contribution), mementor can view the data you have provided on the respective platform. This includes, but is not limited to, your name and any personal information within the posts you have posted on the platform.

The basis of authorisation for this is the first sentence of Art. 6 (1) lit. a GDPR.

7. Sending information to medical and psychotherapeutic professionals

In order to inform and educate about our offer, we send information material by postal mail to professionals within the medical and psychotherapeutic services (e.g. sleep laboratories, physicians and psychotherapists). There is a legitimate interest of mementor in the form of marketing and providing information about the prescription and use of our products. For shipping purposes, the address is taken from publicly available sources. If you have objections to this shipment, you may assert them either by contacting our online support team or in writing, in which case we will remove you from our distribution list.
The authorization basis for this is Art. 6 (1) lit. a GDPR.

8. Use of data for sending flyers and test accesses

As a healthcare professional, you have the option of ordering a test access and information material in paper form for distribution to your patients. We require your postal address for sending the information material and your e-mail address for providing the test access, as well as your contact details for feedback and possible questions. The basis for the dispatch is your consent to data processing. The authorization basis for this is Art. 6 (1) lit. a GDPR.

9. Storage period

Unless otherwise stated, mementor only stores personal data for as long as it is necessary to fulfill contractual or legal obligations. After that time, personal data will be deleted, unless we need the data until the end of the statutory limitation period for the purpose of providing evidence for civil law claims or due to statutory retention obligations.

Irrespective of the storage period, you have the option of triggering the deletion of the data at any time, provided that there are no legal storage obligations to the contrary.

10. Social networks

We have online presences on the social media platforms of the following providers:

a) Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland; Privacy Policy: https://twitter.com/en/privacy

b) YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Privacy Policy: https://policies.google.com/privacy?hl=en

c) LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Privacy Policy: https://www.linkedin.com/legal/privacy-policy?_l=en_UK

d) XING SE, Dammtorstraße 29-32, 20354 Hamburg, Germany; Privacy Policy: https://privacy.xing.com/en/privacy-policy

e) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA, https://www.facebook.com/policy.php

As a rule, personal data on the company’s website is stored in the respective social network for market research purposes. For this purpose, a cookie is stored in your browser, which enables the respective provider to recognise you when you visit a website. User profiles can be created, using the collected data. These are used to place advertisements within and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the user profiles regardless of the devices you use. This is usually the case if you are a member of the respective platforms and are logged on to them. Cookies can only be set on the basis of consent in accordance with the first sentence of Art. 6 (1) lit. a GDPR.

We ourselves collect personal data when you contact us, e.g. via contact form or through a messenger service such as Facebook Messenger. Which data is collected depends on your details and the contact details you have provided or released.

These are stored by us for the purpose of processing your inquiry and in case of follow-up questions. Under no circumstances will we pass the data on to third parties without your consent. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 (1) lit. f GDPR, and, if applicable, Art. 6 (1) lit. b GDPR, if your request is aimed at the conclusion of a contract.

Your data will be deleted after the final processing of your inquiry, provided that this does not conflict with any statutory retention obligations. We assume that the data will be processed conclusively if the circumstances indicate that the matter in question has been finally clarified.

If your communication with us via a social network or other platform is aimed at the conclusion of a contract for the delivery of goods or the provision of services with us, we will process your data for the purpose of fulfilling the contract or for the implementation of pre-contractual measures or for the provision of the requested services. The legal basis for the processing of your data in this case is Art. 6 (1) lit. b GDPR. Your data will be deleted if they are no longer required for the execution of the contract or if it is clear that the pre-contractual measures do not lead to a conclusion of contract corresponding to the purpose of the contact. Please note, however, that even after conclusion of the contract it may be necessary to store personal data of our contractual partners in order to comply with contractual or legal obligations.

If you are asked by the respective providers of the platforms to give your consent to the processing for a specific purpose, the legal basis for the processing is Art. 6 (1) lit. a, and Art. 7 GDPR.

Please note that due to the use of the social media platforms, data processing may take place outside the EU and the European Economic Area, so that the European data protection level cannot necessarily be guaranteed. It cannot be ruled out that providers based in the EU may transfer your data to the USA for further processing. The processing of your personal data in social networks or platforms, including the transfer of your personal data to the operator of the platform in the USA, takes place on the basis of your (implied) consent in accordance with the first sentence of Art. 6 (1) lit. a and the first sentence of Art. 49 (1) lit. a GDPR.

mementor expressly points out that in the case of an insecure third country (USA), it cannot be guaranteed that the data protection regulations of the General Data Protection Regulation will be observed when processing your personal data. In particular, the operator may be forced to disclose your personal data to authorities and other state institutions due to legal requirements in the respective third country.

We have no influence on the processing and handling of your personal data by the respective providers. Likewise, we do not have any information on this. For further information, please check the data protection declarations of the respective providers mentioned above.

11. Pipedrive

We use Pipedrive, offered by the company

Pipedrive OÜ, Paldiski mnt 80, Tallinn 10617, Estonia

as our customer relationship management tool (“CRM tool”) to process and store contact data. When contacting us (via contact form), user data is collected and processed in Pipedrive. Pipedrive allows us to process and respond to requests and messages faster. For this purpose, data is transferred to Pipedrive and stored on the Pipedrive servers. We use the CRM system Pipedrive of the provider Pipedrive OÜ based on our legitimate interests (efficient and fast processing of user requests, existing customer management, new customer business). An order data processing contract has been concluded with Pipedrive. You can access Pipedrive’s privacy policy here: https://www.pipedrive.com/en/privacy. The legal basis for the use of Pipedrive is Art. 6 para. 1 lit. f. DSGVO, our legitimate interest is the fast and effective processing of contact requests and the organization of our CRM. For more information on data protection at Pipedrive, please also visit: https://support.pipedrive.com/en/article/pipedrive-and-gdpr

12. Mailchimp

We use Mailchimp, offered by the company

Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA30308, USA

to send newsletters. Your email address and your other details are stored on MailChimp’s servers in the USA. This data is used by Mailchimp on our behalf to send and evaluate the newsletters. MailChimp further reserves the right to use this data to improve its own services, e.g. to optimize the dispatch, as well as for economic purposes to determine from which countries the recipients come. However, Mailchimp does not use the data to contact you or share it with third parties. We have concluded an order data processing agreement with Mailchimp. The legal basis for the use of MailChimp is Art. 6 para. 1 lit. a. for sending newsletters, as well as Art. 6 para. 1 lit. f., our legitimate interest is to send the newsletter quickly and effectively. For more information on data protection, please visit https://mailchimp.com/legal/privacy/

13. Calendly

We use

Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, United States

to organize our online seminars. Your data from the form will be transferred to our appointment account at Calendly after pressing the “Book appointment” button. You will then receive a confirmation email with a link to the event. Your data will be kept by Calendly until the purpose for storing it (appointment made) no longer applies or you send us a request to delete it. A “Data Processing Addendum” has been concluded with Calendly. This obligates Calendly to protect the personal data collected by us and to process the data only in accordance with its data protection regulations on our behalf. Calendly undertakes not to disclose your data to third parties. The legal basis for the use of Calendly is Art. 6 para. 1 lit. f., our legitimate interest is the effective organization of our seminar dates.For more information on data protection at Calendly, please visit https://calendly.com/pages/privacy

14. Zoom

We use Zoom for our online seminars, offered by

ZOOM Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113.

During a Zoom meeting, the following data is collected:

  • Video data (if your camera is used),
  • Audio data (if your microphone is used),
  • Text data (if you use the chat feature),
  • Phone number (if you dial in by phone),
  • User details: user-selected name, IP address, other details in your Zoom account (if you have one).

Zoom requires this data in order to carry out the seminars, as far as it is provided for in the order data processing contract. We do not record the seminars. The legal basis for the use of Zoom is Art. 6 para. 1 lit. f., our legitimate interest is the implementation of our seminar appointments. For more information on data protection at Zoom, please visit https://zoom.us/en-us/privacy.html

15. Cookies

mementor uses so-called cookies. These are text files that are stored on your computer from the server. They contain information about the browser, IP address, operating system and internet connection. These data will not be passed on to third parties by mementor or linked to personal data without your consent.

Cookies fulfill two main tasks. They help mementor make it easier for you to navigate through our offer and enable the correct display of the website and the program. They are not used to infiltrate viruses or launch applications.

Users have the option of visiting our website without the use of cookies. To do this, the appropriate settings must be changed in the browser. Please refer to the help function of your browser to find out how to deactivate cookies. However, we would like to point out that this may impair some functions of somnio and limit the user experience. The pages http://www.aboutads.info/choices/ (USA) and http://www.youronlinechoices.com/uk/your-ad-choices/ (Europe) enable you to manage online ad cookies.

16. Your rights

In the following, you will find information on the rights of data subjects that the applicable data protection law grants you regarding the person responsible for processing your personal data:

a) The right to request information about your personal data processed by us in accordance with Art. 15 of GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, cancellation, restriction of processing or opposition, the existence of a right to appeal, the origin of your data, if not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on the details of such data.

b) The right, in accordance with Art. 16 GDPR, to demand without delay the correction of incorrect or incomplete personal data stored by us.

c) The right, in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

d) The right to demand, in accordance with Art. 18 GDPR, the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, if the processing is unlawful but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or if you have lodged an objection to the processing in accordance with Art. 21 GDPR.

e) The right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided us with in a structured, commonplace and machine-readable format or to request data transfer to another responsible party. In the profile, you can export all your stored data in a machine-readable format. You also have the option of giving a clinical specialist (doctor / psychotherapist) access to an evaluation report. The report contains data from your sleep journal as well as data on your progress in the sleep training. The access cannot be triggered by the clinical professional himself, but only by an action from your profile in the application. Any access is only possible by explicit authorisation from you.

f) The right to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office mentioned above or, if applicable, that of your usual place of residence or work.

g) Right to revoke consent granted in accordance with Art. 7 (3) GDPR: You have the right to revoke at any time with future effect any consent you have given to the processing of data. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

h) If your personal data are processed by us on the basis of legitimate interests pursuant to the first sentence of Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the need to indicate a special situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to support@mementor.de.

17. Amendment of our privacy policy

In order to ensure that our data protection declaration always complies with the current legal requirements, mementor reserves the right to make changes at any time. This also applies in the event that the data protection declaration has to be adapted due to new or revised services, for example new services.