Effective Date: 29 August 2021
All Detrauma platforms
When you create a user account you will be asked to provide an email address and password so that we can identify you across devices and comply with any potential request to delete or access your data. We may also ask for a referral or access code, which we may use to track your participation in special programs, described in more detail below. On certain versions of the Services, you may be able to skip account creation and create an account locally on your device: note that without an account, you will not be able to recover your data or log in on a different device.
iOS and Android apps
We use your email to create a user account. We use your time zone to personalize the experience.
Identity of the controller of personal information
The data controller for the Services is Horseshoe UG (haftungsbeschränkt), a company registered in Germany and having its registered office address at August-Bebel-Strasse 86, 14482 Potsdam.
Contact details of the Data Protections Officer / Representative
Detrauma’s Data Protection Officer can be contacted at: Email Address: firstname.lastname@example.org Address: August-Bebel-Strasse 86, 14482 Potsdam, Germany
Processing of your personal data
How and why do we process your personal data? When you use the Services, we may collect and process different personal data about you. The personal data we process, the basis of processing and the purposes of processing are detailed below. Sometimes, these activities are carried out by third parties (see “Sharing of Personal Data” section below). We encourage you to supply only the information you are comfortable with.
|Personal data||Legal basis of processing||Purpose of processing|
|Account information: Personal data (which may include your name and other similar personal data you provide to us), password, referral or access code for participation in special programs, and email address. Some of this data may be considered “Protected Health Information” under the Health Insurance Portability and Accountability Act.||Contractual necessity – Consent||This is required to provide the Services, to maintain our customer/visitor lists, to respond to your inquiries or provide feedback, for identification and authentication purposes, for service improvement, and to address issues like malicious use of the Services.|
|Your communications with us: Your email address, full name, platform, operating system version, communications with us, and any attachments you submit.||Contractual necessity – Consent – Legitimate interest||We collect this information when you request information about our services, register for our newsletter, request customer or technical support, or otherwise communicate with us. You can unsubscribe at any time by clicking the unsubscribe link in each email or by contacting us via the methods described in “Contact Us” below.|
|Conversation data: Information, participation data, text, graphics, responses to treatment and satisfaction surveys, or other materials generated through your interactions with Detrauma. Some of this data may be considered “Protected Health Information” under the Health Insurance Portability and Accountability Act.||Contractual necessity – Consent – Legitimate interest||We collect this information to enable us to administer and improve our Services to you.|
|Hardware Diagnostic and login information: Crash reports, along with logging information from your system documenting the error. Information regarding your operating system version, hardware, browser version, and your email address, if provided. Additionally, certain login information may be maintained in a cookie stored locally on your device in order to streamline the login process.||Contractual necessity – Legitimate interest||We collect this information to enable us to administer and improve our Services to you.|
|Product surveys, promotional activities and social media content.||Contractual necessity – Consent – Legitimate interest||Within or outside the App, we may offer the ability to participate in surveys or run sweepstakes or contests to promote the Services. Contact information you provide may be used to reach you about the sweepstakes or contest and for other promotional, marketing and business purposes, as permitted by law. In some jurisdictions, we are required to publicly share information about winners. We may offer forums, blogs, or social media pages. Any content you provide on these channels will be considered “public” and is not subject to privacy protections.|
Information from other sources
We may obtain information about you from other sources, including through third party services and organizations to supplement information provided by you. For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect information about you from that third-party application that you have made available via your privacy settings. This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you with the Services and information about our business and products.
We may also use Google Analytics and other service providers to collect information regarding visitor behavior and visitor demographics on our Services. For more information about Google Analytics, please visit Google Privacy. You can opt out of Google’s collection and processing of data generated by your use of our website by clicking this link: Opt-Out of Google Analytics.
Use of de-identified and aggregated information
We may use personal data and other data about you to create de-identified and aggregated information, such as general location information, information about the computer or device from which you access our Services, or other analyses we create. We may share this information with the parties listed in “Sharing of Personal Data” below or as required or permitted by applicable law.
Where does Detrauma obtain my personal data from?
Most of the personal data we process is obtained from you when, through the application you register for a Detrauma account, interact with the App and exchange email messages with Detrauma. Other types of personal data may be obtained from third parties.
Sharing of personal data with third parties
We do not share your personal data with third parties, except as provided below.
1. Service providers
We use third party service providers who provide technical and support services to help us provide and improve the product and Services. In providing the Services, these third party service providers may have limited access to databases of user information or registered member information solely for the purpose of helping us to improve the product and they will be subject to contractual restrictions prohibiting them from using the personal data of our members for any other purpose.
2. Disclosures to third parties for special programs
3. Disclosure to other third parties
In certain circumstances, we share and/or are obliged to share your personal data with third parties for the purposes described above and in accordance with applicable law, including if we, in good faith, believe doing so is required or appropriate to comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; assist with an investigation or prosecution of suspected or actual illegal activity or as otherwise allowed under applicable law. These third parties include:
- administrative authorities (tax or social security authorities)
- financial institutions
- insurance companies
- police, public prosecutors, regulators
- external advisors
Transfer outside the European Economic Area, Switzerland, or the UK
Your personal data may be transferred, stored and processed in one or more countries outside the European Economic Area (“EEA”), Switzerland, or the UK, for example, when one of our service providers use employees or equipment based outside the EEA or UK. For transfers of your personal data to third parties outside of the EEA or UK, we take additional steps consistent with applicable law. We endeavor to put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we will endeavor to establish an adequate level of data protection through EU Standard Contractual Clauses based on the EU Commission’s model clauses.
How is my personal data secured
Detrauma operates and uses appropriate technical and physical security measures to protect your personal data. We have, in particular, taken appropriate security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Access is only granted on a need-to-know basis to those people whose roles require them to process your personal data. You are also responsible for helping to protect the security of your personal data. For instance, safeguard your email, password and personal credentials when you are using the Services, so that other people will not have access to your personal data. Furthermore, you are responsible for maintaining the security of any device on which you utilize the Services. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any personal data you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.
Storage of personal data
We will keep your personal data for as long as it is necessary to fulfil the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations. If you would like further information about our data retention practices you can ask for this at any time (see “Contact Us” section below).
You may have various rights under data protection legislation in your country (where applicable). These may include (as relevant):
- The right of access enables you to check what type of personal data we hold about you and what we do with that personal data and to receive a copy of this personal data;
- The right to rectification enables you to correct any inaccurate or incomplete personal data that we hold about you;
- The right to erasure enables you to request that we erase personal data held about you in certain circumstances;
- The right to restrict or object to processing of your personal data by us in certain cases, including if you believe that the personal data held about you is inaccurate or our use of the personal data is unlawful; and
- The right to data portability enables you to receive your personal data in a structured, commonly used and machine readable format and to have that personal data transmitted to another data controller.
- The right to receive confidential communications containing your Protected Health Information by alternative means, such as requesting that we contact you at a different email address or phone number;
- The right to receive an accounting of disclosures we have made of your Protected Health Information for a specified time period;
- The right to name a personal representative;
- The right to withdraw your consent; and
We will process your request in accordance with applicable laws. Note that we will require you to take steps to verify your identity in accordance with applicable law. If you wish to exercise any of the above rights, please contact us (see “Contact Us” below).
For Android and iOS apps
To request your data, you can contact us by emailing email@example.com from the email address you used to register with the app. You will be sent an email that contains a .zip file containing your personal data files.
Supplemental California Privacy Notice
This Supplemental California Privacy Notice only applies to our processing of personal data that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA provides California residents with the right to know what categories of personal data Detrauma has collected about them and whether Detrauma disclosed that personal data for a business purpose (e.g., to a service provider) in the preceding 12 months. California residents can find this information below:
|Category of Personal Data Collected by Detrauma||Categories of Third Parties Personal Data is Disclosed to for a Business Purpose|
|Personal information categories listed in Cal. Civ. Code § 1798.80(e)||Service providers|
|Protected classification characteristics under California or federal law||Service providers|
|Commercial information||Service providers|
|Internet or other electronic network activity||Service providers|
|Inferences drawn from other personal information to create a profile about a consumer||Service providers|
The categories of sources from which we collect personal data and our business and commercial purposes for using personal data are set forth above. Additional Privacy Rights for California Residents “Sales” of Personal Data under the CCPA. For purposes of the CCPA, Detrauma does not “sell” personal data, nor do we have actual knowledge of any “sale” of personal data of minors under 16 years of age. Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA. Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal data. To designate an authorized agent, please contact us as set forth below. Verification. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative, which may include confirming the email address associated with any personal data we have about you. If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth below. We will process such requests in accordance with applicable laws.
We may send you push notifications through our mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device.
“Do not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
You may stop or restrict the placement of some of the technologies we use (e.g., cookies) on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our Services may not work properly.
The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal data from children. If you learn that your child has provided us with personal data without your consent, you may contact us as set forth below. If we learn that we have collected any personal data in violation of applicable law, we will promptly take steps to delete such personal data and terminate the child’s account.
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal data to third-party websites or applications is at your own risk.
Your right to lodge a complaint with a supervisory authority
If you are unhappy about any aspect of the way we collect, share or use your personal data, please let us know using the contact details below. If you are located in the European Economic Area, Switzerland, or the United Kingdom, you also have a right to complain to your local Data Protection Authority if you prefer. Contact details for Data Protection Authorities in the EU are available here.
Changes to this policy