DoctorBox Logo New

Privacy Policy

Privacy policy for your DoctorBox account and app

In case of doubt, the original privacy policy of DoctorBox GmbH in German always apply

Effective date: 06.02.2023

Protecting your privacy is very important to us. Below we inform you about how we handle your data. Our collection, processing and use of personal data is carried out exclusively in accordance with the legal provisions of EU Regulation 679/2016 (DSGVO) and the supplementary Federal Data Protection Act. The operator of the app and responsible party in terms of data protection law is DOCTORBOX GmbH (" we"/" our"/" us") with its registered office at Lietzenburger Straße 107, 10707 Berlin, office@doctorbox.de.

Please read this Privacy Policy carefully before using our DoctorBox applications ("App"). By providing you with our App, we give you the ability to collect all of your health data centrally in one place, structure it, store and/or sync it locally on your device or securely in our cloud, and easily share it with your doctor and display personalized product recommendations to you(" Services"). By checking the box related to this Privacy Policy and the confirmation link sent to the email address you have provided, you acknowledge that you have read this Privacy Policy. If you do not wish to acknowledge this privacy policy, it is unfortunately not possible to use our app.

If you wish to use the app without having reached the age of 18, the consent of your legal guardian(s) is required. Please make sure that you have this consent. If we process personal data on the basis of your consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) DSGVO, you must ensure that your legal guardian or guardians also agree to this. We may ask you to provide appropriate proof or to explicitly confirm your consent to us. In any case, you will be liable to us if you use the app contrary to your statements without the consent of your legal guardian(s) or give specific consent to the use of your data without such consent.

1. collection, processing and use of your data

The collection, processing and use of data and information about you ("personal data") is necessary to provide our services. We use your personal data in accordance with Art. 6 (1) lit. b DSGVO exclusively to provide our services to you or based on your consent in accordance with Art. 9 (2) lit. a DSGVO if you voluntarily upload health data in the app.

1.1  Overview of App Authorizations, Purposes and Legal Bases for Processing

(1) Upon registration, we collect and store your first name, last name, date of birth and email address to ensure the use of the services of our app.

Art. 6 (1) 1 b) DSGVO: On the basis of the General Terms and Conditions for DoctorBox applicable between you and us.

Authorization for camera, data access, audio recording, and personalized health-related recommendations.

(2) You can store health and fitness data in your DoctorBox account. This includes information and documents with information about your findings, symptoms, health condition, doctor's appointments, medications, medical treatment, health insurance and billing ("Health Data") upload and store (as photo and video or file or audio data). We collect and process your Health Data solely to provide you with our services or at your express request. In addition, we process your health data with your express consent in order to be able to display personalized recommendations to you by means of our artificial intelligence ("AI") developed specifically for this purpose. You can find more information on this below under section 1.7.

Art. 6 (1) 1 a), Art. 9 (2) a) DSGVO: Consent by activating the camera function, data access, audio recording or tapping the consent button for personalized health-related recommendations after being notified accordingly in the app. You can revoke your consent at any time with effect for the future by deactivating the camera, data access ,audio recording authorization or the function via personalized, health-related recommendations in the settings in your app again.

Camera authorization

3) You can store COVID-19 test results and vaccination certificates in your DoctorBox account. We collect and process your health data solely to provide you with our services or at your express request.

Art. 6 (1) 1 a) or Art. 9 (2) a) DSGVO: Consent by turning on the camera function, file access or audio recording after request in the app. You can revoke consent at any time for the future by turning off your camera, file access audio authorization.

Contact access authorization

(4) You can store emergency contacts in your DoctorBox account. The collection and processing of this data by us takes place exclusively in order to provide you with our services or at your express request.

Art. 6 (1) 1 a) DSGVO: Consent by turning on contact access authorization after request in the app. You can revoke consent at any time for the future by switching off your contact access authorization.

Camera authorization

(5) You can request verification of your identity in your DoctorBox account via the transmission of ID data as a photo and videos. The collection and processing of this data by us is done exclusively to provide you with our services or at your express request.

Art. 6 (1) 1 a) DSGVO: Consent by performing the verification and accessing the camera authorization after request in the app. You can revoke consent at any time for the future by turning off your camera authorization.

Bluetooth and GPS authorization (approximate and exact location)

(6) You can keep an automated contact diary in your DoctorBox account - this requires the activation of Bluetooth and GPS authorization (approximate and exact location). The collection and processing of your localization data by us takes place exclusively in order to provide you with our services or at your express request.

You can keep an automated contact diary in your DoctorBox account - this requires the activation of Bluetooth and GPS authorization (approximate and exact location). The collection and processing of your location data by us takes place exclusively in order to provide you with our services or at your express request. 

1.1  Download Data, Contact Data and Payment Data 

Downloading our App from the App or Play Store requires the processing of certain data, namely your username, your email address, the customer number of your App Store account, the time of download and the individual device identification number (" Download Data").

When registering in our app, you must provide your email address and date of birth and set your username and a password (" Contact Data"). We need this data to set up your individual user account with DoctorBox that is only accessible to you (" DoctorBox Account"), through which we make our services available to you. We may also allow you to sign up through another service provider. However, this is voluntary and is merely an addition to the usual registration process. Should you make use of this offer, the use of this other service is subject to the terms of use of the respective provider and we have no influence on how they process your data. Therefore, please familiarize yourself with the service provider's privacy policy. For some particularly security-relevant functions of the app, verification of your DoctorBox account may be or become necessary. We will point this out to you separately in the app. If you wish to use this function, you must take a photo of your ID card on which the information printed on it is recognizable and upload it to the app. A function within the app is available for this purpose. The copy will be stored on our server recognizably marked as "copy" and will be used exclusively to verify your identity. This is done by making a video of yourself after uploading the image, in which you answer questions about the data printed on the ID card or hold your ID card up to the camera next to you ("Alive Check"). We will then manually match this video with the previously uploaded photo. After successful verification, the data will be deleted immediately. By uploading the photo, you consent to our use of it for the purpose of verifying your DoctorBox account. You may revoke your consent at any time by emailing us at datenschutz@doctorbox.de, in which case the features requiring DoctorBox account verification will not be available to you.

If our services are offered against payment in the future, we also require further information about the means of payment you use ("payment data"). We will inform you of the specific payment data required as soon as the services you use become subject to payment.

The collection and processing of your payment data by us is solely for the purpose of processing the payment transaction. 

1.3 Other personal data and health data.

You may also enter your gender, weight and height, medical conditions and allergies (" Other Personal Data") in your DoctorBox account. We collect and process your Other Personal Data solely to provide you with our Services.

You may upload and store in your DoctorBox account information and documents containing information about your findings, symptoms, health conditions, medical appointments, medications, medical treatment, health insurance and billing (" Health Data"). We collect and process your Health Data solely to provide our services to you.

By uploading the documents or inviting physicians or hospitals to upload them, you give your consent for us to store the affected Health Data in your DoctorBox account for you and to keep it available for you in accordance with this Privacy Policy. If you wish to withdraw this consent, you may delete the documents from your DoctorBox account at any time.

We use this data in anonymized form to evaluate and improve our services. An inference to your person is thereby excluded.

1.4 Home test results

Provided that you have ordered a test from DoctorBox Service GmbH for the collection of samples and their laboratory evaluation and have sent this to the participating laboratory in accordance with the General Terms and Conditions of DoctorBox Service GmbH, the results will be displayed to you by the laboratory via an interface in the app. 

1.5 Technical and other data

We only store access data, in particular your IP address (anonymized), browser version, operating system version and app version.

This data is used exclusively to enable you to access and use our services and is evaluated anonymously to improve our offering without allowing any direct inference to your person. This data will not be merged with other data provided by you. The use of the data for these purposes is justified to protect our legitimate interest in providing and improving our services in accordance with Art. 6 (1) lit. f DSGVO. We will delete this data as soon as it is no longer required for the purposes for which it was collected.

1.6 Cookies

We use cookies to verify your identity when you log in to the App. This is necessary to authenticate you when you use the App and to allow you to use the App after you log in. Cookies are small files that are stored on your device when you log in to the app and are deleted after you close your browser (session cookies)

1.7 Sending of Additional Information, Provision of Third Party Services and Consent

a) We may display to your email address or also directly in the App interesting additional information about new features of the App or also other Doctorbox products that we believe are relevant to you. If you no longer wish to receive such information, you can click on the corresponding "Opt Out" link in the respective message.

b) We may also offer you access to additional third party services within the App via an interface. In this case, these third parties are exclusively responsible for the processing of your personal data. We will inform you in a timely manner if a service of a third party is used and likewise of the data protection provisions of the third party that apply to this. If necessary, we will also ask for your consent in this context, if this is required for the use of the service. Unless we expressly inform you otherwise or obtain your consent, no personal data from the app will be transferred to the third party. If you expressly consent to this, certain data may be transferred to your DoctorBox account by the third party provider (e.g. a disease or allergy diagnosed by a third party based on a test or assessment). You can revoke this consent at any time by deleting the information concerned from your DoctorBox account.

c) If you wish, you can have personalized, health-related recommendations displayed in your app based on your contact data, other personal data and your health data. We will display such recommendations to you using AI that we have developed specifically for this purpose. For this purpose, certain general information (not individually tailored to you) is transmitted to your app by the DoctorBox servers with your consent pursuant to Section 25 (1) TTDSG and stored locally on your terminal device. The AI developed by us matches this information with your contact data, other personal data and your health data exclusively locally in order to be able to display personalized, health-related recommendations to you in the app on this basis. In this process, only generic information required for the personalized recommendation display is transmitted from the DoctorBox servers to your app or the terminal device you are using. For this purpose, we transmit a database with certain trigger values and related recommendations to your end device, for example, the information that special cancer screenings are recommended for persons of male gender above a certain age. This database is compared by the AI with the data you have stored in the app to check whether the respective trigger values for a particular recommendation have been reached. If this check is positive, the AI will display the corresponding personalized recommendation to you if you have decided to activate this function.

A transmission of the contact data, health data and other personal data stored on your end device to the DoctorBox servers does not take place for this purpose. The evaluation of the data by the AI developed by us takes place exclusively locally on your end device on the basis of the transmitted list. At no time will we gain knowledge of your diagnoses or findings and their contents or evaluate them. Your health data and other personal data remain visible only to you.

In order for us to be able to display these recommendations, which are individually tailored to you, in your app, we obtain your express consent in advance pursuant to Art. 9 (2) a) DSGVO, § 25 para. 1 TTDSG by means of a corresponding banner in the DoctorBox app. This consent is voluntary and can be revoked at any time with effect for the future in the consent tool of the app or by email to datenschutz@doctorbox.de.

 

If you give us your express consent in the app pursuant to Art. 9 (1) a) DSGVO, we may also read out certain content from your health record in order to provide you with specific offers or information based on this information. In this context, we evaluate, for example, the ICD value of the medical findings uploaded in your app. The ICD (International Classification of Diseases) is a list published by the WHO with classification codes for diseases, complaints, symptoms. Based on this ICD value, we can identify which products could help you in your specific situation. The ICD value or other information in your app is health data, i.e. a "special category of personal data" that is subject to special protection pursuant to Art. 9 DSGVO and may therefore only be processed by us under very narrow legal conditions. You can revoke your consent at any time with future effect by making a different decision in the app's consent tool.

d) Based on the health data you provide in the app, we may recommend suitable third-party services or products to you in the app. We cannot view these recommendations and do not store them, as the recommendations are calculated by an automatic process on your device itself. If you follow one of the recommendations, you will be redirected to the website of the provider. The third-party provider does not receive any information from your app, except for the fact that you are forwarded from the app to the provider. The respective provider can inform us in anonymized form about the number of users who were redirected from the app to its offer. We do not receive any further information about the interaction with the third-party provider, including whether you followed a particular recommendation. You leave the app when you are redirected and we no longer have any influence on what data the provider of the recommended product collects from you on its website. In this respect, please familiarize yourself with the privacy policy of the respective third-party provider.

The recommendation of suitable services or products from third-party providers on the basis of the health data you provide in the app is based exclusively on your previously given consent pursuant to Art. 9 (2) a) DSGVO, which you can revoke at any time with effect for the future via the consent tool in the app.

1.8 Matomo

We use the open source software Matomo to analyze the use of the app and thereby improve our offer and make it more interesting. We run Matomo on our own servers, so the analysis data is not shared with third parties. Matomo does not use cookies, JavaScript code or tracking pixels for analysis, but only information automatically transmitted by your device, such as the IP address, timestamp, referrer link, content accessed, frequency of access or language settings. However, the IP address is shortened before it is stored so that it is no longer possible to trace it back to your Internet connection. We do not combine the collected data with other data that we have collected from you.

The collection of the above data is based on our legitimate interest (Art. 6 (1) f) DSGVO. If you do not want your usage behavior to be analyzed, you can prevent this at any time: Opt-Out.

 

1.9 Sentry

We also use the Sentry service to evaluate and prevent software errors on the Platform in the future. We operate Sentry on our own servers so that the analysis data is not passed on to third parties. For this purpose, it is necessary that certain technical data of your end device is forwarded to us in the event of a malfunction. This data includes the IP address as well as the browser and operating system version of the end device. The transmitted IP address is not stored in full by Sentry and is not made available to us at any time. The collection and evaluation of this data is necessary to ensure the functionality and security of the platform (Art. 6 para. 1 lit. f) DSGVO).

2. disclosure to third parties

Your personal data will only be passed on to third parties if this is absolutely necessary for the provision and use of our services and for the processing of payments. These disclosures are necessary for the proper provision of our services and are in accordance with applicable data protection law.

2.1 App Store / Play Store

When downloading the app, the necessary information, the download data, is transferred to the App or Play Store. However, we have no influence on this data collection and are not responsible for it. We process this provided data as far as this is necessary for downloading the app to your device. They are not stored further beyond this.

2.2 Our service providers

We engage third party companies to perform tasks for the purpose of providing our services (" Processors"). Our Processors have access to personal data needed to perform their tasks. We require our Processors, to the extent required by law, to provide a declaration of consent to keep confidential all information disclosed to them and to use the information exclusively for the purpose of the contract.

2.3 Doctors selected by you

Only if you have released all or some of your health information and/or other personal information to a physician you have selected, thereby indicating your consent, will we share that health information and/or other personal information with that physician.

2.4 Emergency sticker

You may further decide yourself about the disclosure of certain data to third parties by means of our "emergency sticker". This is a physical sticker that you can obtain in doctor's offices. You can link an emergency sticker to your DoctorBox account and share certain data that you have stored in your DoctorBox account with third parties. In all cases, this requires active, case-by-case sharing of specific data by you. A sharing ID and PIN are printed on the emergency sticker. A third party to whom the emergency sticker is made accessible can, by entering this data, view the data you have stored via a website specified on the emergency sticker. This can be helpful, for example, if you have been in an accident and are unresponsive, to provide emergency physicians with allergies, medical conditions, or similar helpful information. However, any person who has access to your emergency sticker can access the information stored there, so you should be careful about who you allow to view the emergency sticker and what information you store. The use of the emergency sticker is your own responsibility. By setting up the emergency sticker, you give your consent for us to grant access to the data you have deposited to the persons who have the access data for the emergency sticker.

You can delete an emergency sticker that you have activated in the app at any time, so that the access data on an emergency sticker is no longer suitable for retrieving the stored data. You can also delete, change or add to the stored data at any time.

 3. german data security

Your personal data is encrypted during transmission via the Internet using Transport Layer Security / Secure Sockets Layer (TLS / SSL). The data stored on the end device is also encrypted and only accessible by you via password and/or fingerprint.

If you have selected the "Security Option Extreme", our app is loaded onto your device and can be used without accessing the Internet or the cloud function.

In the "Security Option Balanced", your personal data is stored by us exclusively on servers in Germany that are certified by the Federal Institute for Information Security (BSI).

We secure our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons.

4. storage period

We will only store your personal data for as long as is necessary to provide our services. We will immediately delete all of your data not required for these purposes. If you close your DoctorBox account, we will immediately delete all personal data stored about you. Deletion will be replaced by blocking, insofar as deletion is opposed by legal or contractual retention periods.

5. your rights

5.1 Right of revocation

You can revoke your consent to the collection and processing of your personal data by us at any time. For data that you yourself have provided in the app, you can exercise the revocation simply by removing the respective data from the app.

5.2 Right to information

In accordance with § 34 BDSG or Art. 15 DSGVO, you have the right to request information from us at any time about the data stored about you, also insofar as it relates to the origin of this data, as well as about the recipients or categories of recipients to whom your data is disclosed, and about the purpose of the storage.

5.3 Further rights

In accordance with Art. 16 DSGVO, you have the right to demand the correction of incorrect personal data and in accordance with Art. 17 DSGVO, the deletion or in accordance with Art. 18 DSGVO, the blocking or restriction of the processing of your personal data. Furthermore, pursuant to Art. 20 DSGVO, you may request the surrender of the personal data stored about you in a commonly used file format to yourself or a third party. If we process your personal data based on our overriding interests (Art. 6(1)(f) DSGVO), you may object to processing based on this in accordance with Art. 21 DSGVO, provided that there are overriding reasons for doing so that arise from your particular situation. You may also object to the sending of direct advertising. If you believe that we are not processing your data in accordance with applicable law, you may lodge a complaint with a competent supervisory authority, e.g. at your place of residence.

6. Privacy policy of price comparison

This document informs you about the processing of your personal data in connection with your visit to the Preisvergleich.Doctorbox.de website (the "Website").

The responsible party within the meaning of the EU General Data Protection Regulation (DSGVO) is:

DoctorBox GmbH

Lietzenburger Street 107

10707 Berlin

Telephone: +49 (0)3034 04 54 68

Fax: +49 (0)30 30 16 36

E-mail: office@doctorbox.de

Data protection officer: info@dsbplus.de

Connection data

When you access our website, technical information is automatically collected by your device. This information (server log files) includes, for example, the time of access, requested content, type of web browser, the operating system used, the domain name of your internet service provider, your IP address and similar ("connection data").

The connection data is processed in particular for the following purposes:

  • Ensuring a smooth connection setup of the website,

  • Ensuring the smooth use of our website,

  • evaluating system security and stability, and

  • for other administrative purposes.

We do not use your connection data to draw conclusions about you personally. Information of this kind is evaluated by us statistically and anonymously, if necessary, in order to optimise our website and the technology behind it.

The processing of the connection data is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in providing the website and improving the stability and functionality of our website.

The processing of the data may be carried out by technical service providers who act as processors for the operation and maintenance of our website.

Search queries

If you search for a medicine on the website in order to compare prices for that medicine, we also record your search input in order to show you the correct results. We do not combine your search input or the documents displayed to you with the other data we receive during your visit to the website.

The processing of search queries is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in providing the website and its functions.

Deletion

The connection data is deleted as soon as it is no longer required for the purpose of collection. This is generally the case when the respective browser session has ended.

  • Your data subject rights

  • You can exercise the following rights at any time using the contact details provided:

  • Information about your data stored by us and its processing (Art. 15 DSGVO),

  • Correction of incorrect personal data (Art. 16 DSGVO),

  • deletion of your data stored by us (Art. 17 DSGVO),

  • Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 DSGVO),

  • objection to the processing of your data by us (Art. 21 DSGVO) and

  • Data portability, insofar as you have consented to the data processing or have concluded a contract with us (Art. 20 DSGVO).

  • If you have given us consent, you can revoke this at any time with effect for the future.

You can lodge a complaint with a supervisory authority at any time, e.g. the competent supervisory authority in the federal state of your residence or the authority responsible for us as the controller.

A list of the supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

7. your contact person for data protection

For questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data and revocation of consents granted, please contact us by e-mail or by post at:

DoctorBox GmbH, Lietzenburger Straße 107, 10629 Berlin, [datenschutz@doctorbox.de] .

Data Protection Officer:

Dietmar Gätcke

Freedom 12A

12555 Berlin

Tel.: 030 / 56583509

Fax: 030 / 56700192

E-Mail: info@DSBplus.de