Privacy policy

Status: February 2024

In the following, we provide information about the processing of personal data when using our website (www.aware.app ) and the Aware app. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behaviour. In this way, we would like to inform you about our processing operations and at the same time fulfil our legal obligations, in particular those arising from the EU General Data Protection Regulation (GDPR).

1. Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is

Aware Health GmbH

c/o Maschinenraum GmbH

Zionskirchstraße 73a

10119 Berlin

support@aware.app

In the following, Aware Health GmbH is also referred to as "the operator" of the websites or the app.

2. Data Protection Officer

If you have any questions about this privacy policy or the protection of your data by the operator, you can also contact the operator's data protection officer at any time:

By e-mail to datenschuetzer@aware.app

or

by post at the above address with the addition "Data Protection Officer".

3. What data is processed and for what purpose?

3.1. Website

3.1.1. General website use

When using the websites, the following technically required data is processed:

  • IP address of the end device used
  • Date and time of retrieval
  • Contents of the retrieval (page visited, files retrieved)
  • Amount of data transferred
  • Access status/HTTP status code
  • Browser type and version and the operating system you are using
  • Language and version of the browser software used
  • Referrer URL
  • Requesting provider
  • Screen resolution

The processing of the data described is technically necessary in order to display the website to you and to ensure stability and security. The operator also analyses this information for statistical purposes and to improve these websites without creating personal user profiles.

The legal basis is Art. 6 (1) (f) GDPR. The legitimate interest lies in the provision of a functional and user-friendly website.

3.1.2. Technically necessary cookies

The operator uses cookies that are necessary for the operation and display of functions in order to make the use of this website secure and user-friendly. Only in this way can users navigate the web pages and operate the modules and functions of the website. Without these cookies, the use of the website may not be possible or only possible to a limited extent. For some functions, it is necessary for the browser to be recognised even after a page change.

The data collected with the help of these necessary cookies is not used to create user profiles. The following data is stored and transmitted in the cookies:

  • Current session ID
  • Utilisation of certain website content, for example frequency or scope of use
  • Taking note of certain website content

As websites have no memory, cookies inform the server which pages should be displayed to the visitor. This has the advantage that the visitor does not have to remember everything or navigate through the entire page again.
The technically and functionally necessary cookies used are mostly session cookies. The data stored in them is automatically deleted at the end of your visit.

In addition, the following technically necessary cookies are set, which are automatically deleted after a specified period, which varies depending on the cookie ("persistent cookies"). You can view the cookies set and the duration at any time in your browser settings and delete the cookies manually.

We use the following necessary, persistent cookies:

  • Fs-cc: Contains information on the storage of users' cookie consent declarations. Storage period: 6 months
  • Wf_auth: This cookie is set by Webflow to track authentication and access to the website. Storage period: 6 months

The processing of data using technically and functionally necessary cookies is carried out on the basis of Art. 6 (1) (f) GDPR to safeguard the legitimate interest in the error-free provision of the website.

3.1.3. Optional cookies

The operator also uses optional cookies. These cookies are only used if you have previously given your consent via the so-called cookie consent tool. The corresponding functions are only activated with your consent and can be used in particular to enable us to analyse and improve the use of our website, make it easier for you to use it via different browsers or end devices, recognise you when you visit or place advertisements (possibly also to tailor advertisements to your interests, measure the effectiveness of advertisements or show you interest-based advertising).

We use the following optional cookies for statistical purposes:

  • _ga: Contains information to distinguish the users of the site. Collects data about users' visits, e.g. which pages are relevant. Storage period: 2 years
  • _ga_QT4N3FMBQ1: Contains information to distinguish the users of the page. Collects data about user visits, e.g. which pages are relevant.

The legal basis for this processing is your consent in accordance with Art. 6 (1) (a) GDPR. You can change your cookie settings at any time on the page under "Cookie Consent" at the bottom of the website and revoke your consent once given with effect for the future.

3.1.4. Contact us

The operator's offer also enables you to contact the operator. This is possible, for example, by using the telephone number provided or by sending an e-mail. If you use the contact options, the operator will process your personal and contact data, such as

  • Surname, first names
  • address
  • E-mail address and telephone number

Depending on the individual case, we process data comparable with the above-mentioned categories.

The information you provide when contacting us will be stored in order to process your enquiry and any subsequent correspondence. If the enquiry is assigned to a contract, we delete the data after the contract period, otherwise after storage is no longer required, or we restrict processing if there are statutory retention obligations.

The processing of the aforementioned data is carried out for the implementation of pre-contractual measures or for the fulfilment of the contract in accordance with Art. 6 para. 1 letter b) GDPR. In addition, the data may also be processed to safeguard the operator's legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR. In the event of unlawful use of this website, this data is also used to clarify possible legal violations.

3.1.5. Social media plugins

Buttons ("plugins") from various social networks (Instagram, Twitter, LinkedIn) are used on this website, which you can use to access Aware's pages ("fan pages"). Various functions are provided with these plugins. These are determined by the providers of the social networks. By clicking on the social media buttons, you consent to the transfer of your data (not your app data) to the respective network. Social media providers based in the USA may have a different level of data protection than in the EU member states, among other things due to the legal access rights of authorities.

Please note that Aware is not a provider of the social networks and has no influence on the data processing by the respective service providers. Further information on the individual plugins can be found on the websites of the respective providers.

3.1.6. Recipients of personal data

As part of the use of the website, we use processors who receive the data required for the respective service:

  • Telecommunications services
  • Intercom Inc.
  • Webhosting
  • AWS Europe
  • Surveys and contact forms
  • Typeform SL
  • Personnel applications
  • Kenjo GmbH
  • Web analytics
  • Google Analytics (Google LLC)
  • Simple Analytics
  • Cookie banner
  • Finsweet

3.2. Use of the Aware app

3.2.1. Advertising tracking under iOS

In iOS, you have various options for largely restricting advertising and tracking. Tracking is generally carried out via the so-called "Advertising Identifier" (IDFA). This is a unique, but non-personalised and non-permanent identification number for a specific end device, which is provided by iOS. The data collected via the IDFA is not linked to other device-related information. We use the IDFA to provide you with personalised advertising and to evaluate your usage. If you go to the "Privacy" option in the iOS settings, you can largely deactivate advertising analyses under "Tracking". If you activate the "Allow apps to request tracking" function, our app will ask you the first time you use it whether you agree to advertising measures and you can activate or deactivate advertising. In addition, you can select the "Apple advertising" option in the "Privacy" option and deactivate "Personalised advertising". In the "Analysis & Improvements" option, you can also deactivate the "Share iPhone analysis" and "Improve Siri & dictation" function, which means that no statistical information about your use of iOS is transmitted to Apple. We would like to point out that you may not be able to use all the functions of our app if you restrict the use of IDFA.

The legal basis for this processing is your consent in accordance with Art. 6 (1) (a) GDPR. You can change your cookie settings at any time on the page under "Cookie Consent" at the bottom of the website and revoke your consent once given with effect for the future.

3.2.2. Registration / User account

In order to be able to book the services available via the Aware app, it is necessary to set up a user account. The following master data must be processed for this purpose:

  • First name, surname
  • Gender
  • Date of birth
  • Home address/postal address
  • Telephone/mobile phone number
  • E-mail address

The processing of the described data is necessary for the fulfilment of the user contract in accordance with the terms of use stored in the registration process.

The legal basis is therefore a contract pursuant to Art. 6 (1) (b) GDPR.

3.2.3. Booking and processing of tests

If you book a service (e.g. blood test) via the app, the following data will be processed for this purpose:

  • Type of test
  • Time and place of the test
  • Master data of the data subject
  • Health data of the data subject such as (previous) illnesses, blood group, state of health, medical information on the results of the service performance (in particular findings that have arisen during the examinations)
  • Payment data

The operator uses the data to book sampling appointments with Aware Heilpraktiker GmbH and makes it available to the latter for this purpose and for sampling.

When taking the sample, Aware Heilpraktiker GmbH may process further test-specific information.

After the sample has been taken, Aware Heilpraktiker GmbH will send the sample together with the above-mentioned information to a contract laboratory commissioned by the operator for analysis. The contract laboratory is MDI Labor Limbach Berlin GmbH (Aroser Allee 84, 13407 Berlin).

The laboratory then sends the test results back to the operator, who makes them available to the person commissioning the test in their respective user account via the Aware app. The results are only available for you to view. Before you can access them in the app, you must identify yourself using a code. The data will remain accessible via the Aware app until you delete the data or revoke your consent.

Further information on data protection can be obtained from the respective co-operation partner.

The legal basis for the processing is your express consent pursuant to Art. 9 (2) (a) GDPR in conjunction with Art. 6 (1) (b) GDPR.

3.2.4. Secondary use for research purposes

If you have given us your separate consent to do so, we will use the results of the services you have requested in pseudonymised form to conduct studies and statistical analyses. This processing and transfer to anonymisation is based on your consent in accordance with Art. 9 (2) (a) GDPR. Your personal data, including health data, will be pseudonymised in such a way that it cannot be traced back to you.

3.2.5. Use of your photos or other data

If you grant the Aware app access to your photo libraries, the operator will only use this data to provide you with the functions and services you have requested, such as uploading photos to the app or displaying photos in the preview. We do not collect any personal data from your photos and do not transfer any of your photos to third parties. We treat your data confidentially and use it exclusively for the purposes for which it was provided to us.

The legal basis for the processing is Art. 6 (1) (b), in the case of health data your consent pursuant to Art. 9 (2) (a) GDPR in conjunction with Art. 6 (1) (b) GDPR.

3.2.6. Location data

The app offering includes so-called location-based services, with which the operator provides you with special offers that are customised to your respective location. You can only use these functions after you have agreed via a pop-up that we can collect your location data using GPS and your IP address in anonymised form for the purpose of providing the service. You can authorise or revoke the function at any time in the settings of the mobile app or your operating system by accessing it under "Settings". Your location will only be transmitted to the operator if you use the mobile app functions that it can only offer you if it knows your location.

The legal basis for the processing is Art. 6 (1) (a) GDPR.

3.2.7. User profiles

We create usage profiles for the purposes of analysing usage, designing the offer to meet requirements and detecting errors if you consent to this when using the mobile app. This data is not merged with other personal data.

The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR.

3.2.8. User surveys ("user research")

If you give us your consent, we will conduct user research with you in the form of interviews. In this way, we want to determine your satisfaction with our app, our services and the health checks provided. For this purpose, we process the personal data you have stored in our app (in particular your contact details for contacting us and information about services used) as well as the personal data (including health data) provided during an interview. With the interview or user research request, we inform you about the purposes for which we process the personal data (including health data) obtained in the interview or questionnaire.

The processing is based on your consent in accordance with Art. 6 (1) (a), Art. 9 (2) (a) GDPR.

3.2.9. Recipients of personal data

When using the Aware App, in addition to the co-operation partners specifically named above, we also use processors who receive the data required for the respective service:

  • Telecommunications services
  • Twilio Ireland Limited
  • Auth0 (Okta Inc.)
  • Sendgrid(Twilio Ireland Limited)
  • Firebase (Google LLC)
  • Intercom Inc.
  • Payment service provider
  • Stripe Payments Europe, Limited (SPEL)
  • Analytics
  • Matomo (InnoCraft Ltd)
  • Error analysis
  • Sentry (Functional Software, Inc. d/b/a Sentry)
  • Cloud services
  • AWS Europe

4. Newsletter

We offer a newsletter with which we regularly inform you about new developments, offers and recommendations. The newsletter also contains advertising. You will receive the newsletter if you either register directly in the newsletter form on our website or use a typeform form there or if you agree to receive our newsletter as part of the account creation process. In this context, we process the personal data you provide (in particular your name and email address).

This processing is based on your consent in accordance with Art. 6 (1) (a) GDPR.

5. International transfers of personal information

If personal data is transferred to countries outside the European Economic Area, we only transfer it to third countries for which the EU Commission has confirmed an adequate level of protection or in which we can ensure the careful handling of personal data through contractual agreements (standard contractual clauses) or other suitable guarantees, such as certifications or proven compliance with international security standards. You can obtain information on this from us on request.

6. Automated decision making

Data from visits to this website or the use of the Aware app will not be used for automated decision-making within the meaning of Art. 22 GDPR.

7. Deletion of the data

Unless otherwise stated, the operator deletes or anonymises your personal data as soon as it is no longer required for the purposes for which it was processed.

Data in the Aware app is generally stored for the duration of the usage or contractual relationship.

Data may be stored beyond the specified period in the event of an (impending) legal dispute with you or other legal proceedings.

Third parties engaged by the operator will store your data on their system for as long as is necessary in connection with the provision of the service for us in accordance with the respective order.

Legal requirements (e.g. in § 257 HGB or § 147 AO) for the storage and deletion of personal data remain unaffected by the above. If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

8. Your rights

You have the following rights vis-à-vis the operator with regard to your personal data:

  • Right to information,
  • Right to rectification or erasure,
  • Right to restriction of processing,
  • Right to data portability,
  • Right to object to the processing,
  • Right to revoke consent given with effect for the future. All you need to do is send a message to datenschuetzer@aware.app or to the above address.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

This website uses cookies
We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
Some of the cookie providers are located in third countries (outside the EU/EEA), which are not considered adequate by the EU Commission, as they do not provide a sufficient level of protection for data. If you still agree to cookies, you consent to the transfer of your data to third countries. Please consider also our Privacy Policy.