Privacy Policy ForPatientApp

Data protection is important to us. We take it very seriously. We count on trusting cooperation with you, and make every effort to ensure that you are completely satisfied. This also applies, of course, to working with your personal data. We process your personal data in adherence to the data protection laws of the Federal Republic of Germany and the European General Data Protection Regulation (GDPR). Personal data are all data which reference you personally, such as name, address, email addresses and user behaviour. We would like to inform you in this privacy policy declaration how your personal data will be processed when using ForPatientApp (FPA). Our Privacy Policy supplements the use provisions of the ForPatientApp.

Adherence to data protection legal provisions is monitored by the data protection officers at the hospital. App administrators are trained in working with personal data and are obligated to adhere to data protection regulations.

Changes to this Privacy Policies may become necessary as part of the further development of our apps and implementation of new legal regulations, new technologies or in order to improve our service for you. You will be informed the next time you use the app if changes are made to the data protection declaration. If this occurs, you must agree to the new data protection declaration before you can continue to use the app.

The hospital on whose platform you registered and from which you have received a registration code is responsible. (Hereinafter referred to as the “hospital” or “we”)

B. Braun SE 
Carl-Braun-Straße 1
34212 Melsungen
and affiliated companies(Hereinafter “B. Braun”)

Liquid State Pty Ltd.
11/96 Cleveland Street,
Greenslopes,
Queensland 4151
AUSTRALIA (Hereinafter “Liquid State”)

When you download the ForPatientApp, you will transfer the required information to the app store you are using, in particular your user name, email address and customer number for your account, time of the download, payment information and your individual device identifier. The hospital and B. Braun have no influence on this data gathering, and are not responsible for it. FPA processes the data only to the degree that it is necessary to download the app to your mobile end-user device. Please therefore become familiar with the respective operator’s data protection declaration in the app store about working with your personal data. 

This app supports you before and after your surgical procedure. You will find information in this app about your surgery and the time before and after. This should help you to be well-informed about your treatment process. Your hospital can see where you are currently on your treatment path. In addition, this app offers the opportunity to digitally pose questions about your state of health as related to your treatment before and after the surgery. The results of the questions are digitally conveyed to the hospital. 

You will see information in the app about your surgery, preparation for as well as the time after your surgery. In addition, this app offers the opportunity to send digital questionnaires about your state of health (scores). You will be asked to fill out the digital questionnaires. The results of the questionnaires can be seen in the hospital by the treatment team in software associated with the app. The treatment team will require a password in order to log in to the software. Your hospital is responsible for selecting the questions. As a rule, you will fill out questionnaires over the app which you would otherwise have received on paper from your hospital. Thanks to the app and platform, the hospital has the benefit of digitally collecting all the necessary data and having it saved in your profile. Answers from the questionnaires as well as the data that you and the hospital saved during registration (first and last name, date of birth, surgical procedure, email address and mobile phone number) help your hospital to assess your state of health.

If you use the ForPatientApp, we collect the following data. This is technically required for us in order to offer you the app’s functions, and to guarantee its stability and security:

Our legal basis for processing your personal data lies in our previously described legitimate interest (app functions, stability and security (Article 6, paragraph 1 (f) GDPR). 

The hospital will register you on the platform so you can use the app. This is only possible if you grant your voluntary consent. This is obtained beforehand by the hospital. Only then can the hospital enter the following information onto the platform as part of initial registration: first and last name, date of birth, surgical procedure, email address and mobile phone number. You will then receive an access code via SMS or email which you can then use to log onto the app. When registering, your access code, email address and a password that you assign yourself are required. You must accept the terms of use and this privacy declaration before you can use the app. You will receive a verification code by email after completing registration as part of two-factor authentication. After confirming verification, you can optionally enter your gender, height and weight in the app. These data complete your profile, which the hospital also possesses. 

The functions of the app will be available to you after successful registration. The app is protected by a password you give yourself in order to ensure protection of your data stored in the app. The password must have at least eight characters, and contain at least one capital letter and one number. No spaces may be used. 

Your personal data will be processed within the context of ForPatientApp use based on your voluntary consent (Article 6 paragraph 1 (a) and 9 paragraph 2 (a) GDPR). You can withdraw your consent at any time with future effect. 

All of your profile data (first and last name, date of birth, surgical procedure, email address and mobile phone number and, if you have entered, your gender, height and weight) will be hosted in encrypted form on Liquid State data servers after initial registration. Liquid State uses Amazon Web Services, Inc. for server storage. Your data is only stored in encrypted form on servers within the Federal Republic of Germany (Frankfurt am Main). Transfer to third countries, for example with a cloud computing service, is expressly excluded. This ensures a high level of data protection.

External service providers are used in order to provide you with all app functions. These are carefully selected and commissioned in writing. Corresponding contractual agreements and organisational measures have been concluded with these service providers in accordance with applicable law for personal data. This guarantees the security of your personal data. They will process personal data exclusively in adherence to instructions (order processing) and as shown in this data protection declaration. The service providers are also checked on a regular basis. These service providers will not pass on your data to third parties unless they are legally obligated to do so.

The external service providers are:

Personal data that is no longer required to fulfil the aforementioned purposes will be deleted in accordance with data protection regulations. As a result, your data will be deleted if:

unless there are statutory retention periods. Only then may your data be permanently deleted. 

In addition, you have the right to have your personal data deleted as long as your data is not required by the hospital to fulfil a legal purpose. The data is blocked instead of being deleted if deletion cannot be performed for reasons stipulated by law. Please inform the hospital about the deletion of your profile.

Alternatively, you can request deletion directly in the app's settings. As the hospital is responsible, it will enter the request for deletion on the platform. As the app provider, B. Braun will automatically receive information about this. This information contains only your pseudonym, so that B. Braun cannot make any personal reference. B. Braun forwards the request to the app developer, Liquid State, over the platform. This processes the request and implements the deletion. The following diagram describes the request’s process flow:

You always have the right to:

You also have the right to object to processing your personal data at any time if this is performed on the basis of a legitimate interest of the responsible person (in accordance with Article 6 paragraph 1 (f) of the GDPR). As a result, processing of your data will be stopped unless this is contrary to legal requirements or legitimate interests in continuing the processing. This is the case, for example, if personal data are still required in order to enable enforcement of legal claims.

Without prejudice to any other administrative or judicial remedies, you have the right to lodge a complaint with a data protection supervisory authority. You can contact the data protection supervisory authority at your usual place of residence, or any other data protection supervisory authority.

If you have any questions regarding processing your personal data, you can contact the hospitals Data Protection Officer or his team directly. They are also available in cases of requests for information, applications or complaints.

In addition to data protection, data security is also very important to us. Our high IT security standards include numerous measures: all communication between the app and the back-end system is done using SSL encryption. Data stored in the back-end system is also encrypted. The back-end system itself is set up following the hospital’s security design, which is also used for other hospital systems. In addition, there are physical and organisational protective measures, such as access provided only to responsible employees. Your personal data is therefore secured against unauthorised access. 

You can and must also contribute to data security. In particular, a password must have at least eight characters, and contain at least one capital letter and one number. 

We would like to point out that data transmission over the Internet (such as when communicating by email) can have security gaps. We try to protect your data from unauthorised access by third parties by taking precautions such as pseudonymisation, data economy, observing deletion periods and taking into account the current state of the art. We cannot completely rule out unlawful processing by third parties, however, despite these protective measures.

The apps can contain links to third-party websites. The hospital has no influence on these. You leave the hospital’s area of responsibility after clicking on such a link.

We use analytics technology from Mixpanel Inc. (​​​​​​​www.mixpanel.com) to track app user behaviour. This provides collection and storage of usage data via an assigned user ID (“pseudonym”). We use this analysis to optimise our app’s usability and continuously improve it for you. The data are not used to identify visitors to this app, and are not compared to other data relating to the owner of a pseudonym. The legal basis for this processing is your voluntary consent when registering which you must give within the app for tracking. You can also revoke your consent to tracking for your device at any time at the following Internet address:  https://mixpanel.com/optout/

You can find details on Mixpanel Analytics’ English data protection provisions at: https://mixpanel.com/legal/privacy-policy/.

You can access this data protection declaration in the app under 'settings’.

Date created: 13/08/2020