Privacy Policy

v.2.0

Effective Date: 29 August 2021

Introduction​

Detrauma (“Detrauma”, “us”, “we” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy describes how we collect, store, use and distribute personal data through our software, website, mobile application (“App”), documentation, and related services (together, the “Services”). In this Privacy Policy, references to “you” means the person whose personal data we collect, use and process. Please read this Privacy Policy carefully to understand our treatment and use of personal data. We will use your personal data only for the purposes and in the manner outlined below, and in compliance with applicable laws. Please note that by using the Services, you acknowledge that you have read and understand this Privacy Policy.

All Detrauma platforms

When you create a user account you will be asked to provide an email address and password so that we can identify you across devices and comply with any potential request to delete or access your data. We may also ask for a referral or access code, which we may use to track your participation in special programs, described in more detail below. On certain versions of the Services, you may be able to skip account creation and create an account locally on your device: note that without an account, you will not be able to recover your data or log in on a different device.

iOS and Android apps

We use your email to create a user account. We use your time zone to personalize the experience.

Identity of the controller of personal information​

The data controller for the Services is Horseshoe UG (haftungsbeschränkt), a company registered in Germany and having its registered office address at August-Bebel-Strasse 86, 14482 Potsdam.

Contact details of the Data Protections Officer / Representative​

Detrauma’s Data Protection Officer can be contacted at: Email Address: privacy@detrauma.com Address: August-Bebel-Strasse 86, 14482 Potsdam, Germany

When does this privacy policy apply?​

The Privacy Policy applies to personal data that we collect, use and otherwise process about you in connection with your use of the Services.

Processing of your personal data

How and why do we process your personal data? When you use the Services, we may collect and process different personal data about you. The personal data we process, the basis of processing and the purposes of processing are detailed below. Sometimes, these activities are carried out by third parties (see “Sharing of Personal Data” section below). We encourage you to supply only the information you are comfortable with.

Personal dataLegal basis of processingPurpose of processing
Account information:   Personal data (which may include your name and other similar personal data you provide to us), password, referral or access code for participation in special programs, and email address. Some of this data may be considered “Protected Health Information” under the Health Insurance Portability and Accountability Act.Contractual necessity – Consent  This is required to provide the Services, to maintain our customer/visitor lists, to respond to your inquiries or provide feedback, for identification and authentication purposes, for service improvement, and to address issues like malicious use of the Services.
Your communications with us:   Your email address, full name, platform, operating system version, communications with us, and any attachments you submit.Contractual necessity – Consent – Legitimate interestWe collect this information when you request information about our services, register for our newsletter, request customer or technical support, or otherwise communicate with us.   You can unsubscribe at any time by clicking the unsubscribe link in each email or by contacting us via the methods described in “Contact Us” below.
Conversation data:   Information, participation data, text, graphics, responses to treatment and satisfaction surveys, or other materials generated through your interactions with Detrauma. Some of this data may be considered “Protected Health Information” under the Health Insurance Portability and Accountability Act.Contractual necessity – Consent – Legitimate interestWe collect this information to enable us to administer and improve our Services to you.
Hardware Diagnostic and login information:   Crash reports, along with logging information from your system documenting the error. Information regarding your operating system version, hardware, browser version, and your email address, if provided. Additionally, certain login information may be maintained in a cookie stored locally on your device in order to streamline the login process.Contractual necessity – Legitimate interestWe collect this information to enable us to administer and improve our Services to you.
Your use of our Services: Analytics information collected through the use of cookies, log files and web beacons (such information may include standard information regarding your mobile device, browser type, browser language, operating system, Internet Protocol address, and the actions you take on our website (such as the web pages viewed and the links clicked) or while using the Services.Contractual necessity – Legitimate interestWe collect this information to enable us to administer and improve our Services to you. We may also use your Analytics Information in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Services, for the Services’ technical administration, to increase the Services’ functionality and user-friendliness, and to verify users have the authorization needed for the Services to process their requests.
Product surveys, promotional activities and social media content.Contractual necessity – Consent – Legitimate interestWithin or outside the App, we may offer the ability to participate in surveys or run sweepstakes or contests to promote the Services. Contact information you provide may be used to reach you about the sweepstakes or contest and for other promotional, marketing and business purposes, as permitted by law. In some jurisdictions, we are required to publicly share information about winners. We may offer forums, blogs, or social media pages. Any content you provide on these channels will be considered “public” and is not subject to privacy protections.

Information from other sources

We may obtain information about you from other sources, including through third party services and organizations to supplement information provided by you. For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect information about you from that third-party application that you have made available via your privacy settings. This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you with the Services and information about our business and products.

Analytics vendors

We may also use Google Analytics and other service providers to collect information regarding visitor behavior and visitor demographics on our Services. For more information about Google Analytics, please visit Google Privacy. You can opt out of Google’s collection and processing of data generated by your use of our website by clicking this link: Opt-Out of Google Analytics.

Use of de-identified and aggregated information

We may use personal data and other data about you to create de-identified and aggregated information, such as general location information, information about the computer or device from which you access our Services, or other analyses we create. We may share this information with the parties listed in “Sharing of Personal Data” below or as required or permitted by applicable law.

Where does Detrauma obtain my personal data from?​

Most of the personal data we process is obtained from you when, through the application you register for a Detrauma account, interact with the App and exchange email messages with Detrauma. Other types of personal data may be obtained from third parties.

Sharing of personal data with third parties

We do not share your personal data with third parties, except as provided below.

1. Service providers

We use third party service providers who provide technical and support services to help us provide and improve the product and Services. In providing the Services, these third party service providers may have limited access to databases of user information or registered member information solely for the purpose of helping us to improve the product and they will be subject to contractual restrictions prohibiting them from using the personal data of our members for any other purpose.

2. Disclosures to third parties for special programs​

If you participate in the special program, we will share the outcome of your participation in the program (as measured, for example, by your survey responses, engagement and satisfaction metrics) with the program partner, which may include your employer, certification authorities, or other medical and academic partners who help conduct the study. The results of your study do not contain your email messages with Detrauma. Note that your participation in special programs may be governed by terms outside of this Privacy Policy.

3. Disclosure to other third parties​

In certain circumstances, we share and/or are obliged to share your personal data with third parties for the purposes described above and in accordance with applicable law, including if we, in good faith, believe doing so is required or appropriate to comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; assist with an investigation or prosecution of suspected or actual illegal activity or as otherwise allowed under applicable law. These third parties include:

  • administrative authorities (tax or social security authorities)
  • financial institutions
  • insurance companies
  • police, public prosecutors, regulators
  • external advisors

We may also disclose your personal data in connection with a corporate reorganization, a merger or amalgamation with another entity, a sale of all or a substantial portion of our assets or stock, including any due diligence exercise carried out in relation to the same, provided that the information disclosed continues to be used for the purposes permitted by this Privacy Policy by the entity acquiring the information.

Transfer outside the European Economic Area, Switzerland, or the UK

Your personal data may be transferred, stored and processed in one or more countries outside the European Economic Area (“EEA”), Switzerland, or the UK, for example, when one of our service providers use employees or equipment based outside the EEA or UK. For transfers of your personal data to third parties outside of the EEA or UK, we take additional steps consistent with applicable law. We endeavor to put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we will endeavor to establish an adequate level of data protection through EU Standard Contractual Clauses based on the EU Commission’s model clauses.

How is my personal data secured​

Detrauma operates and uses appropriate technical and physical security measures to protect your personal data. We have, in particular, taken appropriate security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Access is only granted on a need-to-know basis to those people whose roles require them to process your personal data. You are also responsible for helping to protect the security of your personal data. For instance, safeguard your email, password and personal credentials when you are using the Services, so that other people will not have access to your personal data. Furthermore, you are responsible for maintaining the security of any device on which you utilize the Services. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any personal data you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.

Storage of personal data​

We will keep your personal data for as long as it is necessary to fulfil the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations. If you would like further information about our data retention practices you can ask for this at any time (see “Contact Us” section below).

Your rights

You may have various rights under data protection legislation in your country (where applicable). These may include (as relevant):

  1. The right of access enables you to check what type of personal data we hold about you and what we do with that personal data and to receive a copy of this personal data;
  2. The right to rectification enables you to correct any inaccurate or incomplete personal data that we hold about you;
  3. The right to erasure enables you to request that we erase personal data held about you in certain circumstances;
  4. The right to restrict or object to processing of your personal data by us in certain cases, including if you believe that the personal data held about you is inaccurate or our use of the personal data is unlawful; and
  5. The right to data portability enables you to receive your personal data in a structured, commonly used and machine readable format and to have that personal data transmitted to another data controller.
  6. The right to receive confidential communications containing your Protected Health Information by alternative means, such as requesting that we contact you at a different email address or phone number;
  7. The right to receive an accounting of disclosures we have made of your Protected Health Information for a specified time period;
  8. The right to name a personal representative;
  9. The right to withdraw your consent; and
  10. The right to receive a paper copy of this Privacy Policy.

We will process your request in accordance with applicable laws. Note that we will require you to take steps to verify your identity in accordance with applicable law. If you wish to exercise any of the above rights, please contact us (see “Contact Us” below).

For Android and iOS apps​

To request your data, you can contact us by emailing privacy@detrauma.com from the email address you used to register with the app. You will be sent an email that contains a .zip file containing your personal data files.

Supplemental California Privacy Notice

This Supplemental California Privacy Notice only applies to our processing of personal data that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA provides California residents with the right to know what categories of personal data Detrauma has collected about them and whether Detrauma disclosed that personal data for a business purpose (e.g., to a service provider) in the preceding 12 months. California residents can find this information below:

Category of Personal Data Collected by DetraumaCategories of Third Parties Personal Data is Disclosed to for a Business Purpose
IdentifiersService providers 
Personal information categories listed in Cal. Civ. Code § 1798.80(e)Service providers
Protected classification characteristics under California or federal lawService providers
Commercial informationService providers
Internet or other electronic network activityService providers 
Inferences drawn from other personal information to create a profile about a consumerService providers

  The categories of sources from which we collect personal data and our business and commercial purposes for using personal data are set forth above. Additional Privacy Rights for California Residents   “Sales” of Personal Data under the CCPA. For purposes of the CCPA, Detrauma does not “sell” personal data, nor do we have actual knowledge of any “sale” of personal data of minors under 16 years of age. Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA. Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal data. To designate an authorized agent, please contact us as set forth below. Verification. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative, which may include confirming the email address associated with any personal data we have about you. If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth below. We will process such requests in accordance with applicable laws.

Email Communications

If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms or this Privacy Policy). We process requests to be placed on do-not-mail, do-not-phone, and do-not-contact lists as required by applicable law.

Mobile Devices

We may send you push notifications through our mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device.

“Do not Track”

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

Cookies

You may stop or restrict the placement of some of the technologies we use (e.g., cookies) on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our Services may not work properly.

Children’s information

The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal data from children. If you learn that your child has provided us with personal data without your consent, you may contact us as set forth below. If we learn that we have collected any personal data in violation of applicable law, we will promptly take steps to delete such personal data and terminate the child’s account.

Third-Party Websites/Applications

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal data to third-party websites or applications is at your own risk.

Your right to lodge a complaint with a supervisory authority​

If you are unhappy about any aspect of the way we collect, share or use your personal data, please let us know using the contact details below. If you are located in the European Economic Area, Switzerland,  or the United Kingdom, you also have a right to complain to your local Data Protection Authority if you prefer. Contact details for Data Protection Authorities in the EU are available here.

Changes to this policy​

We may need to make changes to this Privacy Policy at any time. If we make any material changes to how we collect your personal data, or how we use or share it, we will post or provide appropriate notice in accordance with applicable law. In order to ensure fairness of the processing, we encourage you to review the content of this Privacy Policy regularly.

Contact us​

For further information, to exercise your rights, or if you have any questions or queries about this Privacy Policy, please contact Detrauma’s Data Protection Officer: email: privacy@detrauma.com postal: August-Bebel-Strasse 86, 14482 Potsdam, Germany