ForPatientApp2.0

1.1. Name And Address Of The Data Controller

The clinic on whose platform you registered and from which you have received a registration code is responsible. (Hereinafter referred to as the “clinic” or “we”)
 

1.2. Name And Address Of The App Owner

B. Braun SE 
Carl-Braun-Straße 1
34212 Melsungen
Germany
and affiliated companies (Hereinafter “B. Braun”)

1.3. Name And Address Of The App Developer

Liquid State Pty Ltd.
11/96 Cleveland Street,
Greenslopes,
Queensland 4151
AUSTRALIA 
(Hereinafter “Liquid State”)

For Patients

When you download the ForPatientApp, you will transfer the required information to the app store you are using, in particular your username, email address and customer number for your account, time of the download, payment information and your individual device identifier. The Hospital and B. Braun have no influence on this data gathering and are not responsible for it. ForPatientApp processes the data only to the degree that it is necessary to download the app to your mobile end-user device. Please therefore become familiar with the respective operator’s data protection declaration in the app store about working with your personal data. 

For Healthcare Personnel

We will process your personal data to the extent necessary to assist you in providing optimized and personalized communication, support and patient care during the treatment of specific medical conditions. When you open the Dashboard you will transfer the required information to the Dashboard, in particular your username, email address, time of entering and your individual identifier. In the ForPatientApp you first register on the dashboard with your email address and mobile phone number via an access code sent to your email account or mobile phone number. ForPatientApp processes the data only to the degree that is necessary to login to and use the dashboard.

For Patients

This app accompanies you in the preparation before as well as in the time after a surgical intervention. In this app you will find information about your surgery, the time before and after. This is to keep you as well informed as possible about the course of your treatment. Your treating Hospital can see which phase of the patient journey you are in. In addition, your Hospital can, for example, ask digital queries about your state of health in relation to your treatment before and after the intervention. The results of the queries are transmitted digitally to the Hospital and processed for the purpose of your treatment. Furthermore, your data will be processed in pseudonymised form by B. Braun for continuous confirmation of the product quality and possible improvement of the treatment quality. However, it is not possible for B. Braun to draw any conclusions about your person.
 

For Healthcare Personnel

The ForPatientApp Dashboard is designed to provide a centralized platform for organizing patient management. It acts as a digital bridge to your patients, allowing you to monitor their treatment progress and view relevant content and questionnaire responses. The dashboard also helps you filter patients according to your defined criteria to better monitor their treatment pathways and to exchange documents.

For Patients

Within the app, you will see information about your surgery, about your preparation for surgery, and about the time until rehabilitation. In addition, the app offers the possibility for your Hospital to send you digital queries about your health status via questionnaires (scores). You will be asked to complete the digital questionnaires. The results of the questionnaires can be viewed by your treatment team in the software belonging to the app in the Hospital. For this, the treatment team must log into the software via a password. The selection of the queries is up to your Hospital. As a rule, you fill out questionnaires via the app that you would otherwise receive in paper form from your Hospital. Through the app and platform, the Hospital has the benefit of having all the required data digitally collected and stored in your profile. The answers from the questionnaires, as well as the data that you and the Hospital have stored during registration (first name, last name, date of birth, surgical intervention, email address, and mobile phone number), help your Hospital to assess your health status. You also have the possibility to exchange documents and media with your treating hospital. Your hospital could also enable a digital signature functionality weblinks for services like digital signature or online appointments.

When using ForPatientApp Move

ForPatientApp Move is the training and rehabilitation module that is embedded in the ForPatientApp mobile application. FPA Move is used to provide you with exercise plans selected for you by the clinic. When carrying out the exercises, you receive information about the exercises and feedback on how to carry out the exercises from a digital assistant in the form of sound and images. For this purpose, You need to allow the ForPatientApp the use of the camera on your mobile device to be used for this purpose. The app records your movement in order to be able to evaluate your movement sequences. However, no video of you will be recorded and stored.

ForHealthcare Personnel

The ForPatientApp dashboard offers a comprehensive, centralized platform for managing the patient pathway. You can provide your patients with a treatment pathway that includes content, questionnaires, videos, and links defined by you. The ForPatientApp provides updates on treatment progress and access to informative content as well as questionnaire responses from patients. The dashboard enables monitoring of patient treatment pathways and offers insights into their current phases. You can also exchange documents with your patients or direct them to weblinks. Additionally, you can categorize your patients using filters defined by you.

When using ForPatientApp Move

ForPatientApp Move is the training and rehabilitation module that is embedded in the ForPatientApp mobile patient application. Patients and exercise plans are managed for clinic staff via the ForPatientApp dashboard. From this dashboard, a link takes you to individual patient management. This is where personalized exercise plans are created for patients. You can also gain insights into patients' exercise activities

For Patients

When you use the ForPatientApp, we collect the following data that is technically necessary for us to be able to offer you the functions of the app and to ensure its stability and security:

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Contents of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred in each case
• Website from which the request originated
• Browser
• Operating system and its user interface
• Language and version of the browser software
  
  

For Healthcare Personnel

When you use the Dashboard, we collect the following data that is technically necessary for us to be able to offer you the functions of the app and to ensure its stability and security:
 

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Contents of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred in each case
• Website from which the request originated
• Browser
• Operating system and its user interface
• Language and version of the browser software

For Patients

Your personal data will be processed in the context of using the ForPatientApp based on your voluntary consent (Art. 6 para.1 lit. a and 9 para. 2 lit. a GDPR). You can revoke your consent at any time with effect for the future.

In order to use the app, the Hospital will register you in the platform. This is only possible on the basis of your voluntary consent, which is therefore obtained in advance via the Hospital. Only then will the Hospital enter the following information into the platform as part of the initial registration: First name, last name, email address, mobile phone number, surgical intervention, surgery date, and optional data if required (address, date of birth, gender). You will then receive an access code by email, which you can use to log in to the app. When you log in, your access code, your e-mail address and a password are required to protect your app. You assign the password yourself and it must be at least 8 characters long, contain at least one capital letter and one number. No spaces are allowed. Before you can use the app, you must accept the Terms of Use and read the Privacy Policy. Optionally, you can agree to the analysis of usage behavior. After successful registration, the functions of the app are available to you.

For Healthcare Personnel

In order to use the Dashboard, B. Braun will register the hospital name and the name and email address of the hospital administrator. The hospital administrator will then be able to register on the Web browser based dashboard with his email address and phone number. You assign the password yourself and it must be at least 8 characters long, contain at least one capital letter and one number. No spaces are allowed. Before you use the dashboard you should be aware of the provisions of the agreement on cloud services between B. Braun and your hospital and read the privacy policy.

For Patients
All your data provided in the profile (first name, last name, date of birth, surgical intervention, email address and mobile phone number) and possible optional data (e.g., address, date of birth or gender) are hosted in encrypted form on data servers of Liquid State after initial registration. Liquid State uses Amazon Web Services, Inc. for storage on servers. Your data is stored exclusively in encrypted form on servers within the Federal Republic of Germany (Frankfurt am Main). A transfer to third countries, for example in the context of a cloud computing service, is explicitly excluded. This guarantees a high level of data protection.

For Healthcare Personnel

Your data indicated in the Dashboard (first name, last name, email address and mobile phone number) are processed by the listed external services.

In order to provide you with all functionalities in the app and dashboard, external service providers are used. These are carefully selected and commissioned in writing. Insofar as the processed data is personal data, appropriate contractual agreements and organizational measures have been made with these service providers in accordance with applicable law to ensure the security of your personal data. They process personal data exclusively in accordance with instructions (data processing agreements) and as described in this data protection declaration. In addition, regular monitoring of the service providers takes place. The service providers will also not disclose your data to third parties, unless there are legal obligations to disclose data in this regard.

Despite the security measures implemented by us, we would like to point out that these external service providers operate in countries with a lower level of data protection than in the EU. As a result, it is possible that your rights as a data subject according to the GDPR (6) may be restricted or not enforced at all and that there may be a possible loss of control over your data due to extensive monitoring options on the part of the authorities.

The external service providers are:

You always have the right to:
 

• Free information about your stored personal data, their origin and recipients and the purpose of the data processing, as well as its legal basis
• Correction of inaccurate or incorrect personal data
• Restricting data processing
• Deleting your data (see Section 8 for details)
• Receiving your data in a standardized electronic format
• Revocation of your consent to the processing of your personal data. Please note that the legality of the processing is not affected until your consent is withdrawn.
• Complaint to the responsible supervisory authorities
   

​​​​​​Objection To Processing On The Basis Of Legitimate Interest

You also have the right to object at any time to the processing of your personal data based on the exercise of legitimate interests (Article 6(1)(f) GDPR). As a result, the processing of your data will be terminated, unless legal requirements or interests worthy of protection in a continuation of the processing are opposed to this. This is the case, for example, if personal data is still required to be able to enforce legal claims, if necessary.
 

Right Of Appeal To The Supervisory Authorities

Without prejudice to any other administrative or judicial remedies, you have the right to lodge a complaint with a data protection supervisory authority. You can contact the data protection supervisory authority at your usual place of residence, or any other data protection supervisory authority.

If you have any questions regarding processing your personal data, you can contact the clinic Data Protection Officer or his team directly. They are also available in cases of requests for information, applications or complaints.

In addition to data protection, data security is also very important to us. Our high standard for IT security includes numerous measures: All communication between the app and the backend system takes place via SSL encryption. The data stored in the backend system is also encrypted. The backend system itself is set up in accordance with the clinic's security concept, which is also applied to the clinic's other systems. In addition, there are, among other things, physical protection measures and organizational protection measures such as access only for responsible employees. Your personal data is thus protected against unauthorized access.

You can and must also contribute to data security yourself. You must choose a password that is at least 8 characters long and must contain at least one capital letter and one number.

We would like to point out that data transmission on the Internet (e.g., communication by e-mail) can have security leaks. We try to protect your data from unauthorized access by third parties by taking precautions such as pseudonymization, data minimization, compliance with deletion periods and considering the current state of technology. Despite these protective measures, however, we cannot completely rule out unlawful processing by third parties.

Despite the security measures implemented by us, we would like to point out that these external service providers operate in countries with a lower level of data protection than in the EU. As a result, it is possible that your rights as a data subject according to the GDPR (6) may be restricted or not enforced at all and that there may be a possible loss of control over your data due to extensive monitoring options on the part of the authorities.

The apps can contain links to third-party websites. The clinic has no influence on these. You leave the clinic area of responsibility after clicking on such a link.

We use analytics technology from Mixpanel Inc. (​​​​​​​www.mixpanel.com) to track app user behavior. This provides collection and storage of usage data via an assigned user ID (“pseudonym”). We use this analysis to optimize our app’s usability and continuously improve it for you. The data are not used to identify visitors to this app and are not compared to other data relating to the owner of a pseudonym. The legal basis for this processing is your voluntary consent when registering which you must give within the app for tracking. You can also revoke your consent to tracking for your device at any time at the following Internet address:  https://mixpanel.com/optout/

You can find details on Mixpanel Analytics’ English data protection provisions at: https://mixpanel.com/legal/privacy-policy/.

For Patients - You can access this Privacy Policy in the app.
For Healthcare Personnel – You can access this Privacy Policy in the dashboard.