Medability App – Privacy Policy
1. Introduction
1.1 Welcome to Medability APP (the „APP„), operated by Medability GmbH (“Company”, “we” “us”, or “our”). This Privacy Policy explains how we process personal data in connection with your use of the APP.
1.2 Personal data means any information relating to an identified or identifiable living person. Personal data that has been anonymized in such a way that the data subject cannot be identified or can no longer be identified (anonymous data) is no longer considered personal data.
1.3 We may need to amend or update this Privacy Policy from time to time. Therefore, please read this Privacy Policy at regular intervals.
2. Controller
2.1 For the purposes of this Privacy Policy, the controller is:
Medability GmbH
Geretsrieder Strasse 10A
81379 Munich
Germany
dataprivacy@medability.de
3. Description of the processing
| Categories of personal data | Processing purpose(s) | Legal basis of processing (and legitimate interest, if applicable) |
| (Only upon customer’s activation) “Usage Data” on access and usage of APP, including device type, operating system, IP Address, browser type, and usage patterns | Provide APP usage information for the customer/licensee. | Your consent |
| “Device Information”, i.e., technical information about your device, such as model, software version, and unique device identifiers | License validity checking (via service provider “licence spring”) | Performance of a contract |
| “Log Data”, i.e., user interactions, feature usage, and errors | Maintain security of APP | Our legitimate interest to secure the APP |
| Device Information, Log Data | To comply with legal obligations and enforce our rights | Legal obligation or our legitimate interest to protect our rights |
4. Data Sharing
4.1 We may transfer your personal data to third party recipients, such as
4.1.1 (only upon customer’s activation and with your consent) our customer, whose license you use to access the app, if it has requested to receive Usage Information
4.1.2 service providers for the operation of APP (e.g., hosting or service providers for data centre services, payment processing or IT security companies),
4.1.3 consultants and service providers as independent controllers or joint controllers (e.g., insurance companies or accounting service providers),
4.1.4 persons who are subject to professional secrecy or are obligated to maintain confidentiality, for example lawyers, tax consultants, and auditors,
4.1.5 government agencies/authorities, to the extent deemed necessary to comply with legal obligations,
4.1.6 recipients in the course of any reorganisations, mergers, disposals or other transfers of assets. We will ensure that the recipient of your personal data agrees to handle it in a manner that complies with applicable data protection law and is compatible with the original purposes of the processing. We continue to ensure the confidentiality of your personal data and inform you about the transfer to another controller.
4.2 Where we use third party service providers (including processors), these third parties are subject to contractual obligations (e.g., a data processing agreement). These processors will only process your personal data in accordance with our prior written instructions and must take measures to protect the confidentiality and security of your personal data.
5. Transfers of Data outside the EU/EEA
5.1 Due to the international nature of our business, it may be necessary for us to transfer your personal data to our affiliated companies within the meaning of Section 15 et seqq. German Stock Corporation Act (“Company Affiliates”) and/or to third parties outside the European Union (EU) and/or the European Economic Area (EEA) (“Third Countries”). Third Countries may have different laws and data protection compliance requirements than the country in which you are located and may not have the EU General Data Protection Regulation (“GDPR”) level of data protection. This can mean disadvantages such as an impeded enforcement of data subjects’ rights, a lack of control over further processing and access by state authorities. You may only have very limited legal remedies against this.
5.2 Insofar as we transfer your personal data from the EU/EEA to Third Countries that are not covered by an adequacy decision of the EU Commission, we achieve an adequate level of data protection by concluding standard contractual clauses of the European Commission or by means of binding corporate rules of our business partners and supplement these transfer mechanisms with further contractual, technical and organisational measures if necessary. Please contact our data protection officer to obtain a copy of transfer mechanisms.
6. Are you obligated to provide your personal data?
In principle, you are not obliged to provide your personal data. However, if you do not provide your personal data, we may only be able to provide you with limited services or not answer your enquiries. If the processing of your personal data is necessary for the fulfilment of a contract between you and us and you do not provide the required information, we may discontinue our contractual services. In this case, we will notify you in advance.
7. Duration of the processing
7.1 We will only process your personal data for as long as is necessary to achieve the above purposes. We retain Usage Data for 13 month and other data until deactivation of the license. We will delete or anonymise your personal data as soon after that period, unless we have no legal basis to further store your personal data.
7.2 For example, the retention period may be extended if we are subject to statutory retention and documentation obligations (for Germany these are up to ten years). The retention period may also be based on the statutory limitation periods (for Germany this is up to thirty years, with the regular limitation period being three years). In certain circumstances, we may also need to store your personal data for longer, e.g., in connection with authority or legal proceedings.
7.3 Regarding the use and retention period of cookies, please note Section 10.
8. Security Measures
We implement appropriate technical and organizational measures to protect your information from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
9. Cookies and other technologies
9.1 The APP uses cookies and other technologies (together “Cookies”). Cookies are used to make the APP user-friendly, effective and secure. Cookies are, for example, small text files that are stored on your terminal device and contain personal data such as personal settings and login information.
We use the following categories of Cookies:
- Performance Cookies: These Cookies allow us to track APP usage so that we can measure and improve the performance of the APP. They help us understand which pages are the most or least popular, or to record errors. All analysis based on this information is aggregated.
- Functional Cookies: These Cookies allow us to improve the functionality and personalization of the APP. Any analysis performed based on this information is aggregated.
- Strictly Necessary Cookies: These Cookies are necessary for the functioning and management of the APP and cannot be disabled in our systems. They are usually set based on your input, such as when you set your Cookie preferences, log in, or fill out forms.
We use only “Strictly Necessary Cookies”. These Cookies are necessary for the functioning and management of the APP and cannot be disabled in our systems. They are usually set based on your input, such as when you set your Cookie preferences, log in, or fill out forms.
9.2 We use first and third party Cookies. First party Cookies come from our platform and send information only to us; third party Cookies are placed on in the APP by third parties and send information about your device to other companies that recognise that Cookie. We use session Cookies, which are only stored for individual online sessions and are deleted when you close your browser; and persistent Cookies, which are deleted when they reach their expiry date or are deleted by the user.
9.3 We place Strictly Necessary Cookies in order to provide you with a tele media service or other equivalent information society service expressly requested by you. The subsequent processing of Strictly Necessary Cookies is based on our legitimate interest to provide you with a technically optimized, user-friendly and appropriate website or your consent (as applicable). We use other Cookies only with your consent. Where we rely on consent, you can withdraw your consent at any time with effect for the future, e.g. by managing your Cookie settings or by sending an e-mail to dataprivacy@medability.de.
9.4 The APP uses the following Cookies:
| Cookie category | Cookie name | Cookie purpose | First / third party | Cookie domain | Cookie lifetime |
| Analytics | unity.analytics.sessionId | Identifies user session for tracking session duration and behavior | Third party | unity.com | Session |
| Analytics | unity.analytics.userId | Pseudonymous user identifier for analytics aggregation | Third party | unity.com | Up to 2 years |
| Analytics | unity.analytics.deviceInfo | Stores anonymized device details (model, OS version) for analytics | Third party | unity.com | Session or longer |
| App Configuration | license.key | Stores the user’s license key for validation and re-use | First party | Local app sandbox | Until manually deleted / app uninstall |
9.5 We also use the following third-party technologies with your consent:
| Name | Description |
| Unity Analytics (if activated) | Logging of usage data |
| License Spring | Managing license |
You can also use the APP without Cookies, but you might not be able to use the APP to its full extent or to use certain functionalities.
10. Data Subject Rights
10.1 You have the following rights in relation to your personal data to the extent provided for by law:
- right to access and right to receive a copy of your personal data, Art. 15 GDPR,
- right to rectification, Art. 16 GDPR,
- right to erasure, Art. 17 GDPR,
- right to restriction of processing, Art. 18 GDPR,
- right to data portability, Art. 20 GDPR,
- right to object, Art. 21 GDPR, on grounds relating to your situation, if we process your personal data based on our legitimate interest or at any time if we process your personal data for direct marketing purposes,
- right to withdraw your consent, Art. 7 (3) GDPR (you can withdraw consent at any time with effect for the future by contacting us at dataprivacy@medability.de,
- right to lodge a complaint, Art. 77 GDPR (in the event of a (suspected) infringement of applicable data protection laws, you may lodge a complaint with a supervisory authority).
10.2 We do not make decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you (Art. 22 GDPR).
11. Questions, exercising your data protection rights, complaints
11.1 If you have any questions or complaints about the collection, use or retention of your personal data, or if you wish to exercise any of your rights in relation to your personal data, you can contact us at dataprivacy@medability.de.
11.2 We will investigate and attempt to remedy any complaint or dispute regarding the processing of your personal data.
11.3 You can also lodge a complaint with the competent data protection authority.