Data Privacy Policy

Data Privacy Policy

Contact details of the company

vivamind – Gesellschaft für Präventivmedizin und Psychologie mbH
Lindemannstr. 6a, 44137 Dortmund
Phone number: ++49 231 477 684 3
E-mail address: info@vivamind.de
Represented by:
Dr. Rüdiger Beck, managing partner
Prof. Dr. Stefan Diestel, managing partner
Marion Beck, managing partner

Data protection officer’s contact details

Attorney Ulf Haumann LL.M.
Specialist attorney for IT law/ specialist for data protection 
Kaiserstr. 21-23, 44135 Dortmund 
Phone number: +49 231 108 77 89 8 
E-mail address: datenschutz@vivamind.de

We take the protection of your personal data very seriously and adhere strictly to the rules of data protection laws. We take conscientious precautions to protect your data from loss, manipulation and unauthorized access. The precautions taken correspond to the state of technological development. The following explanation gives you an overview of how we guarantee this protection and what kind of data is collected for what purpose.

Basic principles governing the processing of personal data

We process your personal data in compliance with the statutory provisions on data protection (Data Protection Basic Regulation (DSGVO), Federal Data Protection Act (BDSG-New)).
Your data will be handled exclusively for contractually justified purposes and on the basis of your voluntary consent and applicable legal provisions.
Personal data will not be passed on to third parties without your express consent, unless it is absolutely necessary for the processing of business transactions to provide the service or to execute the contract. In that case, the data will be limited to the required minimum.
Personal data is any information relating to an identified or identifiable natural person. This includes all kinds of information that can be traced back to a person, directly or indirectly (i.e. in conjunction with other data).  This includes information such as name, address, email address. Personal data is only processed by vivamind if this is legally permitted or if you have agreed to the collection of data.
By order of the competent authority, we may in individual cases provide information about this data if this is necessary for the purposes of criminal prosecution to avert danger, to fulfil the legal tasks of the constitution protection authorities or the military counterintelligence service or to enforce intellectual property rights.

User registration and provision of fee-based services

You can generally use the my.vivamind website without having to register with us. The use of the services within the application “my.vivamind”, however, requires a prior registration (creation of an account) and thus requires further processing of personal data.
After registration you will receive an e-mail asking you to confirm that you truly wish to create the account. If you do not confirm this within 24 hours, the account will be deleted. For example, if you wish to use the services and benefits offered on our website, the following data about you will be processed regularly:

1. User (e-mail address)
2. Optional mobile number, if 2-factor authentication is required.

Informations 1-2 are procecessed for the following purposes:
1. Authentication; legal basis: sec. 6 subs. 1 lit. b) DSGVO
2. Contact; legal basis: sec. 6(1)(b) DSGVO

SMS transmission via gatewayapi

A two-factor authentication via SMS can be activated during registration – or later in the profile. Upon registration and login, a random, one-time valid numerical code is then generated and sent to your mobile phone via this provider by SMS. During this process, this code and the mobile phone number of the user are transmitted to the provider.
By activating the two-factor authentication, you consent to the transfer of personal data. Gatewayapi is operated by OnlineCity ApS, Buchwaldsgade 50, 5000 Odense C, Denmark.

The data entered in the course of registration will be processed exclusively for the above-mentioned purposes. The data is stored exclusively within the scope of the period required for the contractual relationship or in accordance with legal requirements (e.g. retention periods in accordance with sec. 147 of the German Fiscal Code).
When you register on our site, we will also save your anonymized IP address (shortening the last three digits) and the date and time of your registration.
This information is no longer personal data.
Purpose of such processing:
In the event that a third party misuses your data and registers on our site with this data without your knowledge, this serves as a safeguard on our part; legal basis sec. 6 subs. 1 lit. f DSGVO.
Eine Weitergabe an Dritte erfolgt nicht. A comparison of the data collected in this way with data that may be collected by other components of our site is not carried out either.
We would also like to point out that personal data is transmitted to the server via the website in encrypted form using “Secure Sockets Layer (SSL)”. You can recognize the activation of the SSL encryption by the address line of the browser. The transfer of data is only encrypted when the regular display changes from “http://” to “https://”. Only transfer your data if SSL encryption has been activated.

Personal data within the account

If you use one or more of the services offered within your protected my.vivamind account, further processing of your personal data will be necessary for the purpose of providing the respective service (creation of concrete health profiles with preventive objectives as a basis for individual patient consultation) and for payment processing. Which personal data is processed within the scope of payment processing depends on the payment method you have selected. By using this method, you automatically agree to the transfer of data to the respective payment provider (see also below “Use of Klarna as payment method” and “Use of SecurionPay as payment method”).
Which other personal data are processed in detail for the purpose of providing the respective service depends on the specific service you have selected and the associated input screen.
The legal basis for this data processing is sec. 6 subs. 1 lit. b DSGVO and, in the case of payment processing and the processing of health data, your express consent pursuant to sec. 6 subs. 1 lit. a DSGVO.
Data is also stored exclusively for the duration of the contractual relationship or in accordance with legal requirements (e.g. retention periods according to sec. 147 of the German Fiscal Code).
For each application you choose, you can also give your further consent for your data to be processed anonymously by vivamind for the purpose of statistical evaluation for health epidemiological questions.
If you give your consent to this, any claim for deletion is limited to the data within the my.vivamind application. Anonymized data that has been included in a statistical evaluation can no longer be assigned to an account and therefore do not allow any conclusions to be drawn about specific individuals.

System operator and logging

For technical reasons, your end device automatically transmits the following information to our web server every time you access our Internet site and every time you call up a file, which is stored in a log file for a limited time:
 • IP address of the end device
    • Browser type/version
    • Operating system used
    • Date and time of the server request,
    • Name (URL) of the site requested

This data is processed exclusively for the purpose of legal protection (e.g. against hacker attacks) and the optimization of our website by means of statistical evaluation of this information (e.g. access errors, average time spent on the site, Internet browsers and operating systems used). The processing is thus carried out for vivamind on the basis of legitimate interests pursuant to sec. 6 subs. 1 lit. f) DSGVO.
Such data will be deleted automatically after 7 days.
Notwithstanding this, we reserve the right, in the event of suspected illegal use of our website, to subsequently check the data and pass it on to authorized third parties,

Cookies

We use so-called cookies on our site to recognize multiple use of our offer by the same user/internet connection owner. Cookies are small text files that your internet browser places and stores on your computer. They serve to optimize our Internet presence and our offers.

Session Cookies

Name: vivamind_session
Valid: During a user’s session
Description: User’s logon data

Functional cookies

Name: XSRF-TOKEN
Valid: 30 minutes
Description: Prevention of XSRF attacks (https://en.wikipedia.org/wiki/Cross-site_request_forgery
However, some of these cookies provide information in order to recognize you automatically. This recognition is based on the IP address stored in the cookies. The information obtained in this way serves to optimize our offers and make it easier for you to access our site.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website.

Matomo Web Analytics Tool

We use the web analytics service Matomo. Matomo is an open source software, which provides website optimization and also anonymously evaluates the access of website visitors via cookies. The information generated by the cookies about your use of this website is not used for personal evaluation or profiling and is also not passed on to third parties. The analysis serves exclusively to optimize our offer.
Should you use a browser extension that blocks advertising content and tracking services, i.e. a so-called ad blocker or tracking blocker such as AdBlock Plus, uBlock Origin or similar, we will of course respect this and will not make any attempts to disguise the use of Matomo on our site or otherwise hinder the functionality of your program. In this case, cookies will not be stored and the use of this website will not be tracked. You will also not be shown other information fields on the use of cookies.
If you do not use an advertising or tracking blocker, but still do not agree with the storage and anonymous evaluation of the data from your visit, you can object to the storage and use at any time. If you subsequently object to the processing of the data by mouse click, a so-called opt-out cookie is stored in your browser, which means that Matomo will not collect any session data. If you delete your cookies in your Internet browser, the opt-out cookie will of course be deleted as well. It must therefore be reactivated when you visit our website again.

Sentry stability testing and monitoring

Vivamind uses Sentry, a service of Functional Software Inc, Sentry, 1501 Mariposa St # 408, San Francisco, CA 94107, USA, for stability testing and applications monitoring. The following data is collected in the process:
    • Browser and version number
    • Operating system
    • Time and date
    • URL of the site that was accessed
With the collected data Vivamind is able to identify which display errors occurred when and under which operating systems. This serves the purpose of providing the services of Vivamind as error-free as possible and for fast error detection and elimination of detected errors.
Sentry is not being used as “software as a service”. Rather, vivamind operates the services as a local installation on its own server. This is to ensure that all data collected will remain with vivamind and are not transmitted to the producer of the software.
The legal basis for the processing is sec. 6 subs. 1 lit. f DSGVO. The above-mentioned purposes also represent the legitimate interest of vivamind in data processing in accordance with sec. 6 subs 1 lit. f DSGVO.
All data, e.g. details of the end device used and the time of an error is collected and stored anonymously and deleted immediately following the evaluation. At no time is it possible for vivamind to trace the stored data back to a specific or determinable person.
For more information, please refer to the Sentry privacy policy: https://getsentry.com/privacy/.

Other technologies

 In parts of this website, technologies that are widely used on the Internet, such as JavaScript, may be used to provide you with the desired information more conveniently. Under no circumstances are these technologies used by us to spy out personal data or to manipulate data on your computer. You can deactivate these script languages via your browser at any time for security reasons. Our websites remain navigable even without them, but some functions will then no longer be available.

Contact

When contacting vivamind (e.g. by e-mail), your data will be stored for the purpose of processing your request as well as in case follow-up questions arise.
Processing for these purposes is thus based on your voluntary consent in accordance with sec. 6 subs. 1 item a DSGVO. The storage period depends on the respective request. However, your data will be deleted at the latest when their storage is no longer required for the specific purpose and no statutory retention periods apply.
If you wish to contact us by e-mail, we would like to point out that the confidentiality of the transmitted information cannot be guaranteed. The content of e-mails can be viewed by third parties. We therefore recommend that you send us confidential information exclusively by post.We therefore recommend that you send us confidential information exclusively by regular mail.

Use of heidelpay as a payment method

The payment service provider heidelpay enables you to pay online by credit card, Sofort (https://www.klarna.com/sofort/), PayPal (https://www.paypal.com/de) and giropay (https: // www .giropay.de /). If you choose this payment method, the payment is processed by the service provider heidelpay GmbH, Vangerowstr. 18, 69115 Heidelberg.
In this case, you must enter your credit card number, your first and last name as well as the validity period and check digit of your credit card in a form integrated into the my.vivamind application. By submitting this form, you consent to this payment method and the associated data transmission to heidelpay (Art. 6 Para. 1 a) GDPR).
Your data will only be passed on for the purpose of payment processing with the payment provider heidelpay.
You can find more information on data protection at heidelpay at the URL https://www.heidelpay.com/de/datenschutz/

Minors

As a matter of principle, our offer is not directed at minors (sec. 6 in conjunction with 8 subs. 1 DSGVO). Anyone under 18 years of age may therefore not transmit any personal data to us without the written consent of their parents or legal guardians.  If we discover that a minor under the age of 18 has sent personal data to us without the consent of their legal guardian or the legal guardian approving the minor’s transfer of such personal data, we will delete the data immediately.

Recipients of the data

The access to your personal data stored at vivamind is limited to our employees and to the following service providers assigned by us:
1. Server hosting
DOKOM Gesellschaft für Telekommunikation mbH, Stockholmer Allee 24, 44269 Dortmund.
2. Technical support/maintenance
VisualAppeal GbR, Klippe 109, 42555 Velbert

These service providers process the data exclusively within the scope of the so-called processing of data by order (sec. 28 DSGVO). They have been selected carefully and will only have access to your data to the extent and for the period of time required to provide the services or to the extent to which you have consented to the processing and use of your data.

Rights of data subjects

1. Right of information and data transferability

You have the right at any time and free of charge to obtain information about the data we have stored about you without giving reasons (sec. 15 DSGVO). At your request, such information can also be provided electronically. If required, please send an e-mail to: Info@Ipreveo.de
You also have the right to data transferability (sec. 20 subs. 1 DSGVO), i.e. that you receive the personal data stored about you in a structured, common and machine-readable format, or that such data be transferred to a third-party system. You therefore have a right to direct forwarding of your data.

2. Right of rectification, restriction and deletion

Furthermore, in accordance with sec. 16 to 18 DSGVO, you can demand that vivamind correct, restrict (block) or delete your personal data if the data has been incorrectly processed by us, if there is a reason to restrict further data processing, or if data processing has become unlawful for various reasons, or if its storage is not permitted for other legal reasons. Please note that your right to deletion may be restricted by legal retention periods.

3. Right of cancellation:

If data processing is based on consent, you may revoke this consent at any time with effect for the future.

4. Right of objection

If the processing of the data is based solely on our legitimate interest pursuant to sec. 6 subs. 1 lit. f) DSGVO, you have the right to object to this processing (sec. 21 DSGVO). vivamind will stop processing your data in this case, unless we can prove reasons for processing worthy of protection, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim.

5. Right of complaint

In addition, you have a general right of complaint. The competent supervisory authority for complaints regarding the data processing of vivamind is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestr. 2-4, 40213 Düesseldorf [State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia].

6. Contact for exercising your rights

To exercise your rights (1-4) you can send us an informal message to the following contact details: datenschutz@vivamind.de  

Likewise, please address the revocation of your consent, stating which declaration of consent you would like to revoke, to the following contact data: datenschutz@vivamind.de
Changes to our privacy policy

Changes to our privacy policy

This privacy policy may be updated over time (e.g. due to changes in relevant legislation). We will notify you of changes to this privacy policy in writing by e-mail or by posting a notice on this website before the change takes effect. A printout or storage of the respective valid data protection declaration will be possible at any time.