This privacy policy (“Privacy Policy”) describes how INCARE GmbH (Maximilianstr. 13, 80539 Munich, Germany, hereinafter “we”) collects and processes personally identifiable information (“Personal Data”) about you (“you”) in connection with your use of our Service that is made available to you via the INCARE App. Please read this Privacy Policy carefully before you register for or access the Service.

What information do we collect?

• Registration: YBefore you may access the Service, we need to confirm that your employer has authorised you to do so. In this regard, we will ask you to identify yourself by registering for the Service in the Appin the App and providing us with your name and corporate e-mail address. If the information you input matches the information provided to us by your employer, you will be asked to create a secret password, after which you will be able to use the Service. You are not obliged to provide this information, but providing these data is a requirement for accessing the App, i.e. you cannot use the App without it.
• Health assessments: If you elect to complete one of the health assessment modules available in the App, to enable us to provide you with assessment results that are relevant to you, we will need to know a little more about you. In this regard, we will ask you to provide us with the necessary Personal Data for the relevant analysis or test. Again, you are not obliged to provide these data, but providing these data is a requirement for using the App functionalities, i.e. without them the App will remain without function. Some of the information that we collect may be of a personal and sensitive nature. You should only provide information that you are comfortable revealing. Note, however, that by not answering questions you may limit our ability to generate assessment results or the results may be less informative.
• Feedback: We will also collect information about your opinions in connection with any feedback you provide us about the Service, and surveys or polls that you complete in the App.
• Other processing of data: In all other cases, before we process Personal Data about you, we will: (i) identify the Personal Data we require in order to provide the related Service, (ii) describe how we will use the information you provide, and (iii) outline the purpose and legal basis for such processing. The Service is only available to individuals who are at least 18 years old. As such, we do not collect any information about minors in connection with the Service.
• Legal basis: Legal basis for the processing of your data as described above is Article 6(1)f) of the European General Data Protection Regulation (GDPR), i.e. contract performance and pre-contractual steps.

How is this information used and for what purpose?

In addition to the purposes noted above, the information you provide us relating to your profile and use of the Service will be used to:

• tailor the Service to your stated preferences;
• bring to your attention editorial content and information regarding new Service functions and features that may be of interest to you;
• send e-mails to your corporate e-mail address relating to technical support or to encourage and support your goal of achieving better health and well-being;
• contact you if we need to resolve support issues;
• conduct polls and surveys, which help us better understand the needs and interests of all users of the Service;
• help us develop new features and services; and
• generate anonymised and aggregated statistical data relating to all users of the Service.

Legal basis for the corresponding processing of your data are Article 6(1)b) GDPR (contract performance and pre-contractual steps) as well as Article 6(1)f) GDPR (balancing of interests – based on our legitimate interest, to present the best possible offering to the users of our Service).

Do we share your information?

We do not share your Personal Data with marketers or other third parties.

We control and manage the servers on which your Personal Data will reside. These servers are located at an external hosting facility in the European Union and maintained in accordance with the security standards described below. The third-party hosting service provider is not authorised to access your data except as, and only to the extent, necessary to maintain the server environment.

Your employer will not have access to your Personal Data stored on our systems. If, however, your employer offers an incentive plan which rewards employees that complete health assessments, at your request we will inform your employer of which assessments you have completed. The results from your assessments will not be disclosed to your employer.

We aggregate all of the data we obtain from our users for statistical analysis and research purposes. This aggregated data is strictly anonymous. It may be used by us or provided to your employer or third parties to enable them to track trends such as how much exercise people living in one country take in comparison to people living in another country. This aggregated data cannot be used to identify you as an individual.

We do not share your Personal Data with our partners and do not transfer your Personal Data outside of the European Union.

How do we protect your information?

We implement technical and organisational measures to protect the information you provide us against unauthorised or unlawful processing and accidental loss or destruction.

In particular, we contractually require the third-party service provider that hosts our servers to take appropriate technical and organisational measures to provide an adequate level of protection in relation to all data on the server.

The App and the Service are embedded into a secure infrastructure to ensure additional protection and prevent access by unauthorised parties. The Service is protected by various means including a secure network topology design, use of industry standard firewall products, implementation of security policies, and use of intruder monitoring applications.

We use encryption for data, network and server security and access authentication. Please note, however, that we cannot be responsible for security issues generated by the devices you use to access the Service, or certain circumstances beyond our reasonable control such as hacker attacks, denial of service attacks, the effect of viruses or other harmful or malicious programs or vandalism of services.

Furthermore, we note that we have no way of controlling the security of any e-mails we may send to your corporate e-mail system over the Internet.

You will be required to create an account with a password on your initial use of the App and the Service, ensuring you have unique identification and a private password. We also provide encryption services to ensure all information you transmit to us across the Internet is protected from being viewed by any third party.

Deleting your information from our systems

We only retain your Personal Data for as long as is necessary to provide you with the Service and your employer pays for your access to the Service. When your employer instructs us to terminate your access to the Service or you inform us, in the App or otherwise, that you wish to stop using the Service, we will delete your Personal Data from our system. We will merely continue to keep any aggregated data that does not identify you as an individual, which may have been originally compiled based in part on information you provided when using the Service.

Keeping your information accurate and up to date

As the accuracy of your Personal Data is vital to the provision of personalised service, we provide you with the ability to view and amend the information we hold about you in the App. It is your responsibility to keep your information up-to-date.

Your rights

Upon request, we will inform you whether and which data we have stored about you.

As far as the legal requirements are met, you have the right to correct, block, or delete the data stored about you.

You also have the right to receive from us in a structured, commonly used and machine-readable format the personal data you have provided to us; you have the right to transmit (or have transmitted) those data to another controller.

You also have the right to lodge a complaint with the competent supervisory authority for data protection matters.

Who should you contact if you have questions about this Privacy Policy of our privacy practices?

If you should require any further information or want to enquire about your data then please contact our Data Protection Officer by e-mail: service@in-care.eu

You can also write a letter to the following address:
INCARE GmbH
Data Protection Officer
Maximilianstr. 13
80539 Munich
Germany