Privacy Policy

Provides information on how your personal data is processed when you visit and use this website.

1. Introduction

We take the protection of your personal data (hereinafter referred to as ‘data’) seriously and comply with the applicable data protection laws.

With this privacy policy, we fulfil our information obligations under Art. 12 ff. of the General Data Protection Regulation (hereinafter referred to as ‘GDPR’). This is intended to give you an overview of how we handle your personal data that is processed when you use our services.

In addition to the coobi.health web platform, the range of services also includes the coobi clinic dashboard web dashboard and the coobi care app (collectively referred to as the ‘platform’).

Please read our privacy policy in conjunction with our General Terms and Conditions of Use. The current version of our General Terms and Conditions of Use can be accessed at any time at https://www.coobi.health/terms-conditions.

2. Definitions

‘Controller’ means the natural or legal person, public authority or other body which determines the purposes and means of the processing of personal data. The controller is responsible for the processing and must ensure that data protection regulations are complied with.
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’).
‘Processing’ means, according to Art. 4 No. 2 GDPR, all possible types of data processing. This includes, in particular, the collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, linking, restriction, erasure or destruction of personal data.
‘Data subject’ means, in accordance with Art. 4 No. 1 GDPR, the natural person to whom the data processed by the controller can be directly or indirectly attributed.
‘Recipient’ means, in accordance with Art. 4 No. 9 GDPR, the person to whom personal data is disclosed, regardless of whether they are a third party or not.
‘Third party’ means any person other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process personal data.
‘Special categories of personal data’ means, in particular, health data of the data subject. These data require a higher level of protection.
‘Health data’ means personal data related to the physical or mental health of the data subject and revealing information about the data subject's health status.
‘Consent’ means, in accordance with Art. 4 No. 11 GDPR, any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action (e.g. by checking a box provided for this purpose), signifies agreement to the processing of personal data relating to him or her.
‘Pseudonymisation’ means, in accordance with Art. 4 No. 5 GDPR, that personal data is processed in such a way that it can no longer be attributed to a specific individual without the use of additional information. This additional information must be kept separately and measures must be taken to ensure that the data cannot be attributed to an identified or identifiable individual.
‘Anonymisation’ describes, in accordance with DIN EN ISO 25237, the process by which personal data is irreversibly altered, either by the data controller alone or in cooperation with another party, in such a way that the data subject can no longer be identified, either directly or indirectly.

3. Information about the controller

The controller responsible for data processing within the meaning of Art. 4 No. 7 GDPR is

Stigma Health GmbH

Barmbeker Str. 33

22303 Hamburg

represented by the management.

If you have any questions regarding the processing of your data or the exercise of your rights as a data subject within the meaning of the GDPR, please contact us at any time by email at service@coobi.health. This also applies if any term used in this privacy policy is unclear to you.

4. Information about the data protection officer

Alternatively, you can also contact our data protection officer (DPO) with any enquiries.

You can reach them at the following contact details:

Kasimir Friederich

service@coobi.health

If you have any questions or technical problems with our platform, you can contact us by email at info@coobi.health.

5. Competent supervisory authority

You can contact the supervisory authority responsible for data protection at any time.

You can reach them at the following contact details:

The Hamburg Commissioner for Data Protection and Freedom of Information

Ludwig-Erhard-Str. 22

20459 Hamburg

Further information and the current contact details can be found on the supervisory authority's website at https://datenschutz-hamburg.de/.

6. Your rights

As a ‘data subject’ within the meaning of Art. 4 No. 1 GDPR, you have certain inalienable rights (data subject rights). We are obliged to guarantee these data subject rights and must also contractually oblige any processors we use to support us in implementing these rights to the best of their ability. In this respect, you have the following data subject rights:

Right to information (Article 15 GDPR): You have the right to obtain information from us as to whether we process personal data relating to you and, if so, what data is processed and for what purpose.
Right to rectification (Article 16 GDPR): You have the right to have inaccurate or incomplete personal data that we have stored about you corrected.
Right to erasure (Article 17 GDPR): Under certain circumstances, you have the right to request that we erase your personal data. This right applies, for example, if the data is no longer necessary for the purposes for which it was collected or if you have withdrawn your consent.
Right to restriction of processing (Article 18 GDPR): You have the right to restrict the further processing of your personal data under certain circumstances. This right applies, for example, if you dispute the accuracy of the data or if the processing is unlawful.
Right to data portability (Article 20 GDPR): You have the right to obtain a copy of your personal data from us in a structured, commonly used and machine-readable format. You can also have this data transferred to another controller, provided that this is technically feasible.
Right to object (Article 21 GDPR): You have the right to object to the processing of your personal data for reasons arising from your particular situation. We will then no longer process your data unless there are compelling legitimate grounds for the processing.
Right to withdraw consent (Article 7(3) GDPR): If we process your personal data on the basis of your consent, you may withdraw this consent at any time. The lawfulness of the processing until the withdrawal remains unaffected by this.
Right to lodge a complaint with a supervisory authority (Article 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection regulations.

7. Disclosure of data to third parties

We and the processors we employ will only disclose your data to third parties within the meaning of Art. 4 No. 10 GDPR if

you have given your express consent to the disclosure in accordance with Art. 6 para. 1 letter a) GDPR and/or Art. 9 para. 2 letter a) GDPR;
the disclosure is necessary for the initiation or performance of a contractual relationship between you and us in accordance with Art. 6 para. 1 letter b) GDPR;
we are legally obliged to disclose the data in accordance with Art. 6 para. 1 letter c) GDPR, or
the transfer is necessary in accordance with Art. 6 para. 1 letter f) GDPR on the basis of our legitimate interest in asserting, exercising and defending legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

You can exercise your rights as a data subject at any time by notifying us in writing or electronically using the contact details provided in the sections ‘Information on the controller’ or ‘Information on the data protection officer’ of this privacy policy. In this context, we reserve the right to verify your identity using a suitable procedure.

8. Data transfer to third countries

Under certain circumstances, we use service providers as processors who are based in a third country or are part of an international organisation based in a third country. A third country is a country outside the European Union (EU) or the European Economic Area (EEA) and is therefore not subject to the provisions of the GDPR. These third countries may have data protection laws that do not offer the same level of protection as the GDPR. According to Article 44 of the GDPR, the transfer of data to third countries is only permitted under certain legal conditions.

Normally, the permissibility of data transfers to third countries is based on an adequacy decision between the EU Commission and the third country concerned in accordance with Article 45 of the GDPR. An adequacy decision confirms that the level of data protection in that third country is equivalent to that of the GDPR. If no adequacy decision has been made, the data transfer may alternatively be based on the conclusion of a contract between us and the relevant service provider based on the standard contractual clauses adopted by the EU Commission, in accordance with Article 46(2)(c) of the GDPR. These clauses ensure that the service provider offers adequate guarantees for compliance with data protection regulations, including the enforceability of data subjects' rights under the GDPR.

We will expressly inform you in this privacy policy if a service provider has such a third-country connection. In this case, by giving your consent, you agree that your personal data may be transferred to this company.

9. Information on data security

In order to ensure the best possible protection of your data, it is secured during transport using Secure Socket Layer encryption (SSL encryption) in conjunction with Transport Layer Security encryption (TLS encryption). This form of encryption ensures that the data cannot be read, redirected or modified by unauthorised third parties during transmission.

If we store your data, it will be stored exclusively in appropriately security-certified data centres within the European Union (EU) within the scope of the GDPR. We expressly reserve the right to involve external service providers for the storage and processing of your data, who will, however, act exclusively on our behalf and in accordance with our instructions (processors). The processors we use are contractually obliged to take technical and organisational measures (TOMs) that are appropriate according to the current state of the art to ensure that your data is processed in accordance with data protection regulations.

Under no circumstances will your data be passed on or sold to third parties by us or a processor we use without a legal basis.

10. Downloading the coobi care app, app store

If you wish to use our coobi care app, you must first download it from the app store on your device. The app is currently available for download from the Apple App Store and Google Play Store. When you download the application, certain personal data is transmitted to the respective app store.

Processed data:

Store account username
Email
Content of the request
Operating system of the device

Purposes of processing:

The above data is required by the operator of the respective app store in order to make the application available for download. This data is processed exclusively by the operator of the respective app store and is therefore beyond our control.

Recipients of the data:

The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the operator of the app store through which you download the application. Please take into account the provisions on data protection stored in the app store in connection with the legal basis for the processing of your data and with regard to the storage period.

Information on data protection in connection with the Google Play Store can be found at https://policies.google.com/privacy

Information on data protection in connection with the Apple App Store can be found at https://www.apple.com/legal/privacy/data/en/app-store/

We use the provider Amazon Web Service (AWS) (Amazon Web Services Emea Sàrl, 38, avenue John F. Kennedy, L-1855 Luxembourg) to provide the coobi care app. In this context, AWS acts as a processor for us within the meaning of Art. 4 No. 8 GDPR and has been obliged on the basis of a processing agreement (AV agreement) to set up and maintain appropriate technical and organisational measures (TOMs) to protect your data.

Storage period:

The data collected and transmitted automatically by your end device will be stored for no longer than the purpose of data processing. The purpose ceases to apply at the latest when the user agreement between you and us is terminated.

11. Use of the coobi care app, access data

When you use the coobi care app, your end device automatically transmits technical data to the server on which the app is operated. This data is necessary to ensure the functionality of the app. Since no personal data is processed and the transmitted data has no connection to an identifiable natural person, the use of the app does not fall within the scope of the GDPR pursuant to Art. 2 (1) GDPR.

12. Use of the coobi.health web platform, access data

As soon as you access the coobi.health web platform, the browser you are using automatically transmits access data (so-called log files) to the hosting provider on whose servers the coobi.health web platform is hosted. These log files contain, among other things, personal data.

Processed data:

IP address
Browser type/version
Operating system of the end device
Website from which the request originates (known as the referrer URL)
Content of the request (specific page on the platform)
Date and time of the request
Time zone
Access status/http status code
Amount of data transferred

Purposes of processing:

The log files are absolutely necessary to ensure the technical functionality of the coobi.health web platform. In particular, the transmission of your IP address is necessary to enable the coobi.health web platform to be displayed on the device you are using. The data stored in the log files is neither merged with other data sources nor used to identify individual users of the platform. In particular, the transmitted data is not evaluated for marketing purposes.

Lawfulness of processing:

We base the lawfulness of this data processing on Art. 6 (1) (f) GDPR. We base the necessary ‘legitimate interest’ on our desire to offer you a secure and trouble-free experience when using our platform. Otherwise, you would not be able to use our coobi.health web platform.

Recipients of the data:

The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the hosting provider of our coobi.health web platform WIX, on whose servers it is operated.

The provider of WIX (Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel) acts as a processor for us in this context within the meaning of Art. 4 No. 8 GDPR and has been obliged on the basis of a processing agreement to set up and maintain appropriate technical and organisational measures (TOMs) to protect your data.

Storage period:

The log files are automatically deleted after 14 days at the latest or anonymised in such a way that it is no longer possible to assign this data to you.

13. Registration and use of the user account, app

In order to use the services we offer you within the coobi care app, you must first register a user account. With your user account, you can then log in to the password-protected area of the coobi care app, manage your account details and use the services. After successfully logging in, you have the option of activating additional security features, such as biometric authentication (e.g. fingerprint or facial recognition) and a PIN code.

Processed data:

Access code (provided by the institution that enables you to participate in coobi care)
Security question
User name (may contain personal information about the user)
Gender
Age
Type of addiction
Goal of therapy
Information about consumption behaviour and previous therapy, if applicable
Information about previous illnesses, if applicable
Biometric data, if set up, if applicable.

Purposes of processing:

The processing of the data you provide during the registration process is necessary to enable you to create a user account, which gives you access to our range of services. The activation of additional security features such as biometrics or a PIN code serves to make access to the app more secure and user-friendly.

Lawfulness of processing:

The lawfulness of this data processing is based on Art. 6 para. 1 letter a) GDPR in conjunction with Art. 9 para. 2 letter a) GDPR. As biometric and health data are also processed as special categories of related data, your express consent to the processing of this data is required. You give your express consent during the registration process by ticking the appropriate checkbox. In order to create your user account, it is mandatory to consent to the General Terms and Conditions of Use and to the data processing in accordance with this privacy policy in order to complete the registration process.

Recipients of the data:

The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the hosting provider of the application's backend, Amazon Web Service (AWS) (Amazon Web Services Emea Sàrl, 38, avenue John F. Kennedy, L-1855 Luxembourg). In this context, AWS acts as a processor for us within the meaning of Art. 4 No. 8 GDPR and has been obliged on the basis of a processing agreement to establish and maintain appropriate technical and organisational measures (TOMs) to protect your data.

Storage period:

The data collected from you during the registration process and stored in your user account will only be stored by us for as long as is necessary to fulfil the aforementioned purposes, but no longer than until you revoke your consent. You can revoke your consent at any time within your user account. Please note that revoking your consent will also result in the deletion of your user account. Your data will then be deleted by us, provided that there are no legitimate interests on our part or legal storage obligations that prevent this.

You can also revoke your consent directly in your user account by clicking on the corresponding button in the menu bar. We would like to point out once again that revoking your consent will also result in the deletion of your user account. It is not possible to use the content offered on the platform without valid consent.

14. Registration and use of the user account, therapist access

In addition to the user account for patients, coobi offers the option of creating a separate account for therapists to enable access to the coobi clinic dashboard. For this purpose, a clinic admin account is set up, which adds professionals via their email addresses and assigns them to centres. As an employee, you will receive an invitation by email with a link to create an account, where you can set a password and activate your access. In this context, personal data is processed.

Processed data:

Email address
Password

Purposes of processing:

The processing of this data is necessary to enable access to the coobi clinic dashboard and to ensure the secure management of patient data and effective therapy planning and monitoring.

Lawfulness of processing:

The lawfulness of this data processing is based on Art. 6 (1) (b) GDPR as it is necessary for the performance of the joint contract.

Recipients of the data:

The recipients of the personal data are the hosting provider Render (Render Services, Inc., 525 Brannan Street, Suite 300, San Francisco, CA 94107, USA) and Amazon Web Service (AWS), which is used to provide servers and databases. Both providers act as processors within the meaning of Art. 4 No. 8 GDPR and have been obliged on the basis of a processing agreement to implement appropriate technical and organisational measures (TOMs) to ensure the protection of your data.

Storage period:

The data processed within the dashboard account will only be stored for as long as necessary to fulfil the purpose or until the account is deactivated.

15. Use of the coobi care app, onboarding

After completing the registration of your user account, you will undergo a medical onboarding process within the application. The application can only fulfil its medical purpose on the basis of your health-related data. Accordingly, the content of the application will be individually tailored to your specific situation based on this data.

Processed data:

Gender
Age
Type of addiction
Goal of therapy
If applicable, information on consumption behaviour and previous therapy
If applicable, information on previous illnesses
If applicable, name of an emergency contact
Biometric login information

Purposes of processing:

The processing of the above data is necessary so that the application can select and display content on the topic of addiction that is appropriate for you. The aim is to support you in dealing with your addiction.

Lawfulness of processing:

The lawfulness of this data processing is based on Art. 6 para. 1 letter a) GDPR in conjunction with Art. 9 (2) (a) GDPR. As health data is also processed as a special category of data, your express consent to the processing of this data is required. You give your express consent during the registration process by ticking the checkbox provided for this purpose.

Recipients of the data:

Storage period:

The data you provide during the onboarding process will be stored and kept in your user account until you revoke your consent or delete your user account. Please note that your revocation means that the services offered within the application will no longer be available to you.

Information about your rights as a data subject:

You can revoke your consent at any time with future effect in accordance with Art. 7 (3) GDPR. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

16. Anonymisation of data, further processing for research purposes

The usage data collected within the scope of the application will be further processed in anonymised form in order to gain valuable insights for addiction research. Anonymisation involves changing the data in such a way that it can no longer be attributed to a specific person, thereby completely removing any personal reference. This anonymised data is used exclusively for research purposes and contributes to promoting the understanding and prevention of addictive behaviour. This means that this data does not fall within the scope of the GDPR.

Processed data:

Anonymised usage data

Purposes of processing:

We require the anonymised usage data in order to gain valuable insights for addiction research. From the data obtained, we can draw conclusions about addictive behaviour and use these for scientific studies and the further development of preventive measures.

Lawfulness of processing:

We base the lawfulness of data processing on Art. 6 (1) (a) GDPR. You give your consent separately from the other consents during the registration process by ticking the checkbox provided for this purpose. As the data is subsequently completely anonymised and no longer refers to any individual, it is not subject to the provisions of the GDPR.

Recipients of the data:

The recipient of the anonymised data is Amazon Web Service (AWS) (Amazon Web Services Emea Sàrl, 38, avenue John F. Kennedy, L-1855 Luxembourg), which acts as a hosting provider and provides technical infrastructure. As no personal data is processed, this does not constitute processing within the meaning of data protection law.

Storage period:

Your usage data will be anonymised at the latest upon revocation of your consent. Please note that once anonymised, data may be stored for an unlimited period of time.

17. Receipt of newsletters, promotional information, HubSpot

As part of our range of services, we offer you the option of subscribing to our newsletter. The creation, dispatch and evaluation of our newsletter requires the processing of your personal data.

Processed data:

Email address
Anonymised usage data (e.g. open and click rates)
Time of registration and confirmation
IP address
Log data

Purposes of processing:

The processing of the aforementioned data is necessary so that we can send you personalised newsletters and information and measure the success of our newsletters in terms of click and open rates in an anonymised form.

Lawfulness of processing:

We base the lawfulness of this data processing on Art. 6 para. 1 letter a) GDPR. You can give your consent to receive our newsletters and information on our website.

Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with someone else's email address. Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements.

Recipients of the data:

The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the service Hubspot (HubSpot Ireland Ltd., European Headquarters, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland). The provider of Hubspot acts as a processor for us in this context and has been obliged by us, on the basis of a processing agreement, to set up and maintain appropriate technical and organisational measures (TOMs) to protect your data.

Storage period:

The data processed by us in this context will be stored by us at the latest until you revoke your consent to receive our newsletter and information. You can revoke your consent to receive our newsletter and information at any time in the footer of the newsletter and information you receive from us or by sending an email to info@coobi.health.

18. Use of support chat, Intercom

You have the option of contacting customer service via chat within the application or website. The processing of your enquiries or messages via chat requires the processing of personal data transmitted by you.

Processed data:

Communication content
Health data, if part of the communication
Access code
Security question and answer
User

Purposes of processing:

The data you provide in the chat will be processed exclusively for the purpose of processing and responding to your enquiries or messages. We use this communication channel to enable you to contact us quickly and easily and to ensure efficient service.

Lawfulness of processing:

The lawfulness of this data processing is based on Art. 6 para. 1 letter a) GDPR in conjunction with Art. 9 para. 2 letter a) GDPR. As health data is also processed as a special category of data, your express consent to the processing of this data is required. You give your express consent during the registration process by ticking the checkbox provided for this purpose.

Recipients of the data:

The recipient of your personal data in accordance with Art. 4 No. 9 GDPR is the hosting provider of the application Amazon Web Service (AWS) (Amazon Web Services Emea Sàrl, 38, avenue John F. Kennedy, L-1855 Luxembourg), the hosting provider of our coobi.health web platform WIX (Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel) and the provider of the chat tool Intercom (Intercom R&D Unlimited Company, 124 St Stephen's Green, Dublin 2, DC02 C628, Ireland). The aforementioned service providers act as processors for us in this context within the meaning of Art. 4 No. 8 GDPR and have been obliged on the basis of a processing agreement to set up and maintain appropriate technical and organisational measures (TOMs) to protect your data.

Storage period:

The processed data will only be stored by us for as long as is necessary to achieve the purposes for which it was processed. After completion of the communication, the data will be deleted unless there are legal obligations to retain it.

19. Use of coobi Chat, therapy and aftercare

In addition to the support chat, a separate chat is available for communication between users and, if necessary, with treating therapists. This chat is intended in particular to support aftercare and group therapy.

Processed data:

Communication content
Health data, if part of the communication
User

Purposes of processing:

The data transmitted in the therapy and aftercare chat is processed exclusively for the purpose of enabling communication between users and therapists and supporting the recovery process through targeted interventions. This chat promotes sustainable aftercare and helps to prevent relapses and strengthen patients in crisis situations.

Lawfulness of processing:

The lawfulness of this data processing is based on Art. 6 para. 1 letter a) GDPR in conjunction with Art. 9 para. 2 letter a) GDPR, as health data can be processed as special categories of personal data. Your express consent is obtained during the registration process.

Recipients of the data:

The recipient of your personal data in accordance with Art. 4 No. 9 GDPR is the hosting provider Amazon Web Service (AWS). The service provider acts as a processor within the meaning of Art. 4 No. 8 GDPR and has been obliged on the basis of a processing agreement to implement appropriate technical and organisational measures (TOMs).

Storage period:

The processed data will only be stored for as long as is necessary to achieve the purpose. After completion of the therapy phase or communication, the data will be deleted unless there are legal storage obligations.

20. Data transfer, coobi clinic dashboard

As part of our range of services, we offer medical facilities the coobi clinic dashboard. The dashboard supports your effective outpatient addiction treatment and aftercare and offers the option of ongoing, personalised support from your therapists when using the coobi care app. Personal data is processed in this context.

Processed data:

Pseudonymised user data from the coobi care app
Aggregated statistics on usage behaviour and therapy progress
Pseudonymised information on types of addiction, goals and consumption behaviour

Purposes of data processing:

The processing of the aforementioned data within the coobi care app and the coobi clinic dashboard aims to provide medical professionals with optimal support in accompanying and assisting patients with addiction disorders. The processing of the data therefore serves to improve the quality of addiction treatment, promote the self-activity and social interaction of those affected, and ensure effective aftercare. At the same time, the app supports communication between patients and practitioners in order to enable individualised and needs-based care.

Lawfulness of processing:

We base the lawfulness of this data processing on your express consent in accordance with Art. 9 (2) (a) GDPR. You give your consent by agreeing to and selecting the types of data you wish to share in your settings.

Recipients of the data:

The recipients of your personal data within the meaning of Art. 4 No. 9 GDPR and Art. 4 No. 15 GDPR are exclusively authorised medical professionals in clinics and therapy facilities who use the coobi clinic dashboard, as well as technical staff of Stigma Health GmbH who are responsible for maintenance and support of the dashboard.

Storage period:

The data will be stored for the duration of your use of the coobi care service. After termination of use or revocation of consent, the data will be deleted unless there are legal retention periods that prevent this. In this case, the data will be blocked for the duration of the legally prescribed retention period and deleted after its expiry.

21. Processing of technical enquiries, Linear

We use Linear's ticketing system to process technical problems. Personal data is processed in this context.

Processed data:

Contact information
Problem description
Communication history regarding the problem

Purposes of processing:

The processing of this data enables us to efficiently record, track and resolve technical problems in order to ensure the smooth operation of our services.

Lawfulness of processing:

The lawfulness of this data processing is based on Art. 6 para. 1 lit. b GDPR, as it is necessary for the fulfilment of our contractual obligations, in particular for processing technical problems and ensuring the proper functioning of the app we provide.

In addition, we rely on Art. 6 (1) lit. f GDPR, as we have a legitimate interest in efficiently recording, tracking and resolving technical problems in order to ensure the quality of our services and optimise the user experience.

Recipients of the data:

The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the provider of the Linear ticketing system (Linear Orbit Inc., 2261 Market St STE 10632 San Francisco, CA 94114, USA). In this context, Linear acts as a processor for us within the meaning of Art. 4 No. 8 GDPR and has been obliged, on the basis of a processing agreement (PA), to implement and maintain appropriate technical and organisational measures (TOMs) to protect your personal data.

As a precaution, we would like to point out that data transfer to third countries cannot be completely ruled out in connection with Linear. However, Linear has committed itself to taking appropriate measures to prevent such data leakage by incorporating the standard contractual clauses of the EU Commission (SSC). For more information, please refer to the section ‘Data transfer to third countries’ of this privacy policy.

Storage period:

The data will be stored until the end of the contract period at the latest, unless there are legal retention obligations that prevent deletion.

22. Data transfer, interfaces

Our app uses interfaces to securely transfer your data collected by wearables and mobile devices to a central platform for further processing and use.

The data is transferred via the following interfaces:

Apple Health
Health Kit
Garmin Connect

Processed data:

Vital signs
Activity data

Purposes of processing:

Your personal data is processed exclusively for the secure transmission of data between wearables, mobile devices and our coobi care app.

Lawfulness of processing:

We base the lawfulness of this data processing on your express consent (cf. Art. 9 para. 2 letter a GDPR). You give your consent by ticking the appropriate checkbox during the registration process.

Recipients of the data:

The data is transmitted exclusively in encrypted form. The providers of the interfaces and the hosting provider themselves have no access to the data.

The data collected via the interfaces is received and processed by the coobi care app. Access to the data is restricted to authorised recipients who have been authorised by you.

Storage period:

The data is only temporarily stored for transmission and then deleted.

23. Use of cookies

In addition to the aforementioned access data (log files), cookies may be used within the coobi.health web platform and the coobi clinic dashboard web dashboard. Cookies are small text files that are automatically stored by your browser and saved on your device. These do not contain any malicious software.

It is important to note that the use of certain cookies may be necessary for technical reasons, for example to ensure the correct functionality of the platform. These cookies, referred to as ‘technically necessary cookies’, are to be distinguished from those that serve other purposes, such as analysing usage behaviour, and are considered ‘technically non-necessary cookies’. Cookies are used on the coobi.health web platform to analyse the use of the site and to make targeted optimisations.

Data processed by coobi.health:

Number of visitors
Duration of visit
Origin of visitors
IP address

Data processed by coobi clinic dashboard:

Form data (e.g. log-in information)
Language settings
History data (e.g. search terms entered)

Purposes of processing:

The analysis of the web platform data serves to optimise the website and improve the user experience.

The processing of this data is necessary to ensure secure and personalised use of the dashboard and to guarantee access to relevant content and functions.

Lawfulness of processing:

We base the lawfulness of the data processing of the web platform on Art. 6(1)(a) GDPR. Your consent is obtained via a cookie banner that is displayed when you first visit the website. The lawfulness of the data processing of the dashboard is based on Art. 6 para. 1 letter f) GDPR (legitimate interest), as these cookies are necessary to ensure the technical functionality and security of the dashboard.

Recipients of the data:

The recipients of your personal data in accordance with Art. 4 No. 9 GDPR are the hosting provider of our coobi.health web platform WIX (Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel), on whose servers it is operated, and the hosting provider of the web dashboard coobi clinic dashboard, Render (Render Services, Inc., 525 Brannan Street, Suite 300, San Francisco, CA 94107, USA) and AWS (Amazon Web Services Emea Sàrl, 38, avenue John F. Kennedy, L-1855 Luxembourg), which is used to provide servers and databases.

Both providers act as processors in accordance with Art. 4 No. 8 GDPR and have been contractually obliged to implement appropriate technical and organisational measures (TOMs) to protect your data.

Storage period:

You can prevent the use of cookies by disabling or restricting the automatic setting of cookies in your browser settings. You can also manually delete cookies stored on your device. However, please note that disabling cookies may result in the platform no longer functioning fully or at all.

24. Services for usage analysis

We use the services LogRocket and Amazon Web Services (AWS) to analyse usage behaviour and to ensure the functionality and security of our platform. These services enable the collection and evaluation of usage data as well as error detection and correction. This requires the processing of personal data.

Processed data:

User ID
Device information (e.g. operating system, OS version)
Time and date of access
Application version
Session ID
Usage statistics and performance metrics

Purposes of processing:

The processing of the aforementioned data enables us to analyse and evaluate the use of the platform across different devices. This allows us to identify potential improvements to the platform, optimise user-friendliness and continuously improve the user experience. Our goal is to tailor the platform and the services we offer to the needs of our users as best as possible. This data processing helps us to continuously improve the quality and functionality of our platform and thus ensure optimal service for our users.

Lawfulness of processing:

We base the lawfulness of this data processing on Art. 6 para. 1 letter a) GDPR. You give your consent by agreeing to the collection of data for the purpose of usage analysis during the registration process by ticking the checkbox provided for this purpose. Consent is purely optional and is not related to the possibility of using the platform.

Recipients of the data:

The recipients of your personal data within the meaning of Art. 4 No. 9 GDPR are the providers of usage analysis services LogRocket (LogRocket, 87 Summer St, Boston, MA 02110, USA) and AWS (Amazon Web Services Emea Sàrl, 38, avenue John F. Kennedy, L-1855 Luxembourg).

The aforementioned providers act as processors for us in this context within the meaning of Art. 4 No. 8 GDPR and have been obliged to establish and maintain appropriate technical and organisational measures (TOMs) to protect your personal data on the basis of a data processing agreement (DPA).

Storage period:

Your usage data is linked exclusively to a user ID, which makes it difficult to directly associate the data with your person. This form of pseudonymisation enables us to immediately sever the link between the user ID and your personal data if you delete your user account on the platform or revoke your consent to the analysis of usage data. By removing the user ID, the usage data collected about you is anonymised and can no longer be assigned to you. Once anonymised, the usage data is stored by us for an unlimited period of time.

25. Use of local Google web fonts

In order to improve the presentation of the platform, we use locally hosted web fonts (fonts) from Google (Google Web Fonts). In order to display these fonts, it is necessary for the browser you are using to send your data to the hosting provider whose servers host our platform. This includes personal data.

Processed data:

IP address
Browser type/version
Operating system of the end device
Website from which the request originates (so-called referrer URL)
Content of the request (specific page of the platform)
Date and time of the request
Time zone
Access status/http status code
Amount of data transferred

Purposes of processing:

The processing of the aforementioned data, in conjunction with the use of locally hosted Google Web Fonts, enables us to display the content of our platform uniformly in different browsers and on different end devices.

Lawfulness of processing:

We base the lawfulness of this data processing on Art. 6 para. 1 letter f) GDPR. We base the necessary ‘legitimate interest’ on our desire to offer you a secure and trouble-free user experience on our platform.

Recipients of the data:

The recipient of your personal data in accordance with Art. 4 No. 9 GDPR is the hosting provider of the Amazon Web Service (AWS) application (Amazon Web Services Emea Sàrl, 38, avenue John F. Kennedy, L-1855 Luxembourg), the hosting provider of the web dashboard coobi clinic dashboard, Render (Render Services, Inc., 525 Brannan Street, Suite 300, San Francisco, CA 94107, USA) and the hosting provider of our coobi. health web platform WIX (Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel). The aforementioned providers act as processors for us in this context within the meaning of Art. 4 No. 8 GDPR and have been obliged on the basis of a processing agreement to set up and maintain appropriate technical and organisational measures (TOMs) to protect your data.

Storage period:

The stored data will be deleted immediately after you have finished using our platform.

26. Contacting the controller

You can contact us at any time, including via the platform, by email or using the contact form to send us enquiries. In order to process your enquiry(s), we need to take note of the personal data you provide to us in your enquiry.

Data processed:

Email address
Date and time of the enquiry
Content of the enquiry

Purposes of processing:

The data you provide when contacting us will be processed by us exclusively for the purpose of recording, processing and responding to your enquiry. Please note that product-related complaints may be used by us as part of market observation in order to evaluate the quality and safety of the services offered (feedback management).

Lawfulness of processing:

We base the lawfulness of this data processing on Art. 6 (1) (f) GDPR or Art. 6 (1) (b) GDPR, provided that you contact us in the context of initiating or executing a contract between you and us (e.g. user agreement for the use of the services offered). Our legitimate interest arises from our desire to respond to your enquiries comprehensively and in a targeted manner and to resolve any problems with the services we offer as quickly as possible. If you submit your enquiry via a contact form provided on our platform, we base the lawfulness of the data processing on Art. 6 para. 1 letter a) GDPR. You give your consent by agreeing to the processing of your data in accordance with this privacy policy before submitting your enquiry via the contact form by ticking the checkbox provided for this purpose.

Recipients of the data:

The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the provider of the email software used by us to receive and process emails. This is Google Mail (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

In addition, we use the chatbot of the provider Intercom (Intercom R&D Unlimited Company, 124 St Stephen's Green, Dublin 2, DC02 C628, Ireland), which also functions as a contact form.

The aforementioned providers act as processors for us in this context and have been commissioned by us on the basis of a data processing agreement to set up and maintain appropriate technical and organisational measures (TOMs) to protect your data.

Storage period:

The processed data will only be stored by us for as long as is necessary to process and respond to your enquiry. The data will then be deleted by us, provided that there are no legal obligations to retain it.

Information about your rights as a data subject:

You have the right to object to this processing at any time in accordance with Art. 21 GDPR for reasons arising from your particular situation. Unless we can demonstrate compelling legitimate grounds for the processing of your data which override your interests, rights and freedoms as a data subject or the processing serves to assert, exercise or defend legal claims, we must cease processing. However, this only applies if the processing of your data is based on the legal basis of Art. 6 para. 1 letter f) GDPR (legitimate interest).

27. Updating this privacy policy

We reserve the right to update this privacy policy with future effect in order to respond appropriately to changes in the law, changes in case law or changes in economic circumstances. We will notify you in good time of any changes to this privacy policy that we intend to make. Your rights as a data subject within the meaning of the GDPR will never be restricted by a change to this privacy policy.

Privacy Policy

Provides information on how your personal data is processed when you visit and use this website.

1. Introduction

2. Definitions

3. Information about the controller

4. Information about the data protection officer

5. Competent supervisory authority

6. Your rights

7. Disclosure of data to third parties

8. Data transfer to third countries

9. Information on data security

10. Downloading the coobi care app, app store

11. Use of the coobi care app, access data

12. Use of the coobi.health web platform, access data

13. Registration and use of the user account, app

14. Registration and use of the user account, therapist access

15. Use of the coobi care app, onboarding

16. Anonymisation of data, further processing for research purposes

17. Receipt of newsletters, promotional information, HubSpot

18. Use of support chat, Intercom

19. Use of coobi Chat, therapy and aftercare

20. Data transfer, coobi clinic dashboard

21. Processing of technical enquiries, Linear

22. Data transfer, interfaces

23. Use of cookies

24. Services for usage analysis

25. Use of local Google web fonts

26. Contacting the controller

27. Updating this privacy policy

coobi

Menu

Social Media

Contact

Privacy Policy

Provides information on how your personal data is processed when you visit and use this website.

1. Introduction

2. Definitions

3. Information about the controller

4. Information about the data protection officer

5. Competent supervisory authority

6. Your rights

7. Disclosure of data to third parties

8. Data transfer to third countries

9. Information on data security

​

10. Downloading the coobi care app, app store

11. Use of the coobi care app, access data

12. Use of the coobi.health web platform, access data

13. Registration and use of the user account, app

14. Registration and use of the user account, therapist access

15. Use of the coobi care app, onboarding

​

16. Anonymisation of data, further processing for research purposes​

17. Receipt of newsletters, promotional information, HubSpot​

18. Use of support chat, Intercom

19. Use of coobi Chat, therapy and aftercare​

20. Data transfer, coobi clinic dashboard​

21. Processing of technical enquiries, Linear​

22. Data transfer, interfaces

23. Use of cookies

24. Services for usage analysis

25. Use of local Google web fonts

26. Contacting the controller​

27. Updating this privacy policy​

coobi

Menu

Social Media

Contact

16. Anonymisation of data, further processing for research purposes

17. Receipt of newsletters, promotional information, HubSpot

19. Use of coobi Chat, therapy and aftercare

20. Data transfer, coobi clinic dashboard

21. Processing of technical enquiries, Linear

26. Contacting the controller

27. Updating this privacy policy