1. GENERAL INFORMATION
Der Verantwortliche für die Verarbeitung Ihrer Daten ist Betachek GmbH, Am Dorbach 12, 52076 Aachen, Deutschland.
1.1 The controller for the processing of your data is Betachek GmbH, Am Dorbach 12, 52076 Aachen, Germany.
As a data subject, you have the right to obtain information from us about the data concerning you (Art. 15 DS-GVO). You can have your data corrected in accordance with Art. 16 DS-GVO or deleted if certain conditions are met in accordance with Art. 17 DS-GVO. Pursuant to Art. 18 DS-GVO, you have a right to the restricted processing of your data. If you assert a special personal situation, you also have the right pursuant to Art. 21 DS-GVO to object to the processing of your data in general or in partial areas. For data that you have provided to us, you can request that it be returned in a common, machine-readable format. You have the right to revoke any consent you have given us to process your data at any time with effect for the future. This means that your revocation can only relate to future processing and processing that has already taken place thus continues to comply with data protection regulations.
You have the right to object to us using your contact and address data to send you advertising and information material by post if you have not expressly requested this.
To exercise your rights, please contact us via support(at)betachek.com or via any other means mentioned on our contact page.
You have the right to contact a supervisory authority with complaints about our processing of your data.
1.2 Our processing of your personal data as a customer or supplier
We collect data (via email, phone call, opinion survey, newsletter order) from individuals who contact us or belong to or represent a company with which we have a business relationship. This data includes your name, the name of your company, the address of your company and your business communication data such as e-mail address and telephone as well as your function in the company. The processing of your data is based on our legitimate interest in contacting you as a representative of our customer, as well as the legitimate interests of the company you represent in the establishment of the communication. Your counter-interests may prevail, for example, if you leave your company.
As a data subject, you are of course entitled to data protection rights, e.g. the right to revoke consent, the right to request information about the data stored about you, and other rights. Please see the section (1.1) Your rights regarding the data processed about you.
For contractual purposes, we process data of your company in our CRM and in the planning, manufacturing, logistics and financial modules of our ERP. According to your activity and responsibility at your company, this data may also include the above-mentioned data directly related to your person. However, the purpose of this processing of data does not relate to you as a person, but rather to your company as our business partner. Data protection law does not apply to purely business data that does not relate to a natural person.
2. PROCESSING OF YOUR DATA ON OUR WEBSITE
2.1 Web server log files
By providing our website for your use in your browser, our web server must collect data related to you fully automatically. Through your visit to our website, our servers store various access data in an electronic log (“log file”) by default. This data includes the IP address of your access, the website from which you visit us, the web pages that you visit on our site, as well as the date, the time of the page request and thus the duration of the visit. This data is collected fully automatically and used only for error analysis and technical improvement of our web service. The recipient of this data is the service provider that operates our website and, if necessary, IT service providers commissioned by us. The legal basis for this processing is our legitimate interest in maintaining proper operation of our websites. After three days at the latest, the log data is automatically overwritten.
Cookies are distinguished on the one hand according to the duration of their storage. So-called session cookies are automatically deleted when you close your browser. A session cookie can be used, for example, to ensure that our web server communicates with your PC. Permanent cookies, on the other hand, remain stored on your PC; your browser can provide information about the storage period. A permanent cookie can be read again the next time you visit our website. To prevent this, you can delete the permanent cookie after visiting our website. Permanent cookies can be used, for example, to analyze your use of our website.
On the other hand, cookies are distinguished according to their origin. So-called first-party cookies always come from the website that is indicated in the address bar of your browser. So-called third-party cookies originate from websites that you have not accessed directly, but which have been integrated via images or advertisements on the site of the initial provider. Your browser can tell you about the sources of cookies stored on your PC.
Most browsers are set to accept cookies. To turn this off, please change the appropriate settings of your browser. If your browser does not allow cookies, you may not be able to use all pages of our website without problems. Session cookies are automatically deleted when you close your browser.
Based on a legitimate interest, the cookies _ga, _gat and _gid use for the analysis of your usage behavior when visiting our site. More details in the section Analysis of the use of our websites by Google Analytics.
Possibility of objection
You can object to the setting of cookies our website by changing your browser settings for handling cookies.
2.3 Analysis of the use of our websites by Google Analytics
On the legal basis of a legitimate interest in improving our web offering, in conjunction with Section 15 (3) of the German Telemedia Act (TMG), our website uses Google Analytics, a web analytics service provided by Google Inc (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookies _ga, _gat and _gid about your use of this website (including your IP address) is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
Possibility of objection
Alternatively, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by clicking the following link (http://tools.google.com/dlpage/gaoptout?hl=de) available browser plugin and install it.
3. PROCESSING OF YOUR DATA ON LINKED WEBSITES
Our website contains links to pages of other providers, to which we refer here in detail.
Link to Youtube
2. Data processing from your use of the app
When you install and start our app on a mobile device, your IP address and other metadata that allow us to draw general conclusions in connection with the use of our app may be automatically collected and processed. The explanations under point 1 apply analogously. This also includes device-specific information (device ID, operating system, platform).
This data processing is based on the overriding legitimate interests of NDP (Art. 6 para. 1 f DSGVO) and enables us, among other things, to continuously improve the quality of our app and to provide the best possible service to our users.
Moreover, the app does not require any special permission from you, which is why we do not have access to personal information (e.g. the address book).
Entering personal identifying information is not required to use the app. You may choose to enter personal data to manage the uploaded results and to assist you in transferring these results via email. If you do not enter personal data, we will process your data as described in points 1 and 2.
3. What kind of data?
In the course of using the app, you may choose to enter the following information. Although this data is stored locally on your mobile device, it may be accessed by us for the purpose of providing the services of the App. The data we collect and process (in addition to the data mentioned in point 1):
- Your first name
- Last name
- Date of birth
- E-mail address
- IP address
4. On what legal basis and for what purpose is the data processed?
- For username, first name, last name, e-mail address: unique identification of the user.
- For IP address: Fraud prevention, blocking capability, country access tracking.
5. Advertising and your personal data
- No advertising is displayed in the app.
- No personal data is sold or shared with advertisers.
- No usage statistics, behavior patterns, or preferences for advertising are recorded.
6. Storage and deletion of personal data
Your personal identification data will only be stored by us for as long as we deem necessary within the reasonable scope for the execution of the app and as permitted by applicable law. In any case, we store the personal data as long as legal retention obligations exist or statutes of limitations for possible legal claims have not yet expired. If the storage of the data is no longer necessary for the purposes of the original collection (or within the scope of a legally permissible change of purpose) and there are no legal provisions to the contrary, we will arrange for the deletion of the data. For this purpose, we have implemented a deletion concept that protects all personal data.
7. Transmission of personal data by us
- Within our organization to those employees who need the data based on our legitimate interests.
- External contractors engaged by us when they need the data to provide their respective service for the development and maintenance of the App or related activities. All contractors are contractually obligated to keep your data confidential and to process it only in the course of providing services.
8. Uploaded test result data
When you use the app, your personal test results are sent from your Betachek® blood glucose meter to the app loaded on your mobile device. They can then be displayed and analyzed in tables and charts. The “test results” include the results of the blood glucose measurement with time, day, date, notes, symbols, batch number of the test cassette and expiry date.
- These uploaded test results are stored locally on your mobile device.
- They are not stored on our servers and they are not stored in the “cloud”.
- The test results are not transmitted to us and are not collected by us.
- The test results are not accessible to us.
Test results are uploaded from your Betachek® blood glucose meter to your mobile device via Bluetooth.
- Bluetooth pairing security: uploading can only occur after the two devices are “paired”. To pair the devices, the user must have control of both devices.
- Bluetooth results upload security: Results can only be uploaded from the Betachek® meter to the app when the two devices are actively operating at the same time.
Security measures to protect the meter from unauthorized pairing and/or unauthorized uploading to the app are in accordance with industry standards for equivalent devices using Bluetooth and require the simultaneous use of multiple devices in close proximity.
9. Your test result data: Transmission by you
When you use the app, you can choose to send your test results to your doctor or a healthcare professional. This can be done by email using your doctor’s or healthcare professional’s email address. This does not happen automatically. You must actively select this option and perform the email transfer each time you want to send your results.
If you select this option, your test results will be transferred from your mobile device to the email address of the recipient of your choice. NDP is not involved in this data transfer between your personal mobile device and your physician or healthcare professional via email. It is recommended that you only use this feature with the prior consent of your physician or healthcare professional.
10. Rights of the data subject
A central aspect of the data protection provisions is the possibility of deleting personal data even after it has been processed. For this purpose, a number of rights of the data subject are established. NDP will comply with your relevant requests to exercise your rights without undue delay. To exercise your rights, please contact us at the following e-mail address: email@example.com.
Specifically, the rights are as follows:
a. If you exercise your right to information and there are no legal restrictions, we will inform you in detail about how we process your data. To this end, we will send you (i) copies of the data as well as information about (ii) specifically processed data, (iii) purposes of processing, (iv) categories of data processed, (v) recipients, (vi) the retention period or criteria for determining it, (vii) the origin of the data, and (viii) other information, if any. Please note, however, that we cannot hand over documents that may affect the rights of other persons.
b. With the right to correction, you can request that we correct incorrectly recorded, inaccurate or incomplete data.
c. The right to (data) erasure may be exercised (i) in case of lack of necessity for processing purposes, (ii) in case of withdrawal of consent given by you, (iii) in case of specific objection, provided that the data processing in question is based on the legitimate interests of the NDP, (iv) in case of unlawful data processing, (v) in case of a legal obligation to erase and (vi) in case of data processing by minors under 16 years of age.
d. In special cases, there is an accompanying right to restrictions, after the exercise of which the data in question may be stored. In addition to the possibility of limiting the review period for data corrections, (i) unlawful data processing (if no deletion is requested) and (ii) the duration of the review of a special request for objection are covered.
e. With the right to data portability, you can request to receive the data in a structured, commonly used and machine-readable format and to transfer this data to another controller.
f. In addition, you have the right to object to data processing. However, this only applies if the processing is not based on NDP’s legitimate interests. You may also exercise your right to object to the supervisory authority.
g. Please also note that we may not be able to comply with your request for compelling legitimate grounds for processing (balancing of interests) or processing due to the assertion, exercise or defense of legal claims (on our part). The same applies in the case of excessive requests, whereby a fee may be charged here as well as for the processing of obviously unfounded requests.
11. Data security
NDP takes all appropriate technical and organizational measures to ensure that, by default, only personal data whose processing is absolutely necessary for business purposes is processed. The measures we take relate to the amount of data collected, the scope of processing, as well as its retention period and accessibility. Based on these measures, we ensure that personal data is only made available to a narrowly defined and necessary group of persons by default. Under no circumstances is access to personal data granted to other persons without the express consent of the data subject. In addition, we use various protection mechanisms (backups, encryption, etc.) to secure our app management systems. This is to best protect your (personal) data from loss or theft, destruction, unauthorized access, modification and dissemination.
All NDP employees have been adequately informed about all applicable data protection regulations, internal data protection provisions and data security measures and are obliged to keep confidential all information entrusted or provided to them in the course of their professional activities. The requirements of the GDPR are strictly adhered to and personal data is only made available to individual employees to the extent necessary with regard to the purpose of the data collection and our resulting obligations. Insofar as we use contractual partners, they are also obliged to comply with all applicable data protection provisions on the basis of specific framework agreements. In addition, they are strictly bound by our guidelines, in particular with regard to type and scope, when handling your (personal) data.
12. Right to appeal
If you believe that we are in breach of applicable data protection laws when collecting your data, you have the right to lodge a complaint with the competent national data protection authority. The requirements for such a complaint depend on the respective national implementation law of the GDPR, as the GDPR itself does not provide any regulation in this regard. However, we ask you to contact us in advance to clarify any questions or problems.
13. Contact details for data protection issues
If you have any questions or requests regarding our privacy practices, or if you wish to exercise your rights of access, correction, or deletion, please send us a written request outlining your wishes:
National Diagnostic Products Pty Limited
7-9 Merriwa Street,
Gordon, NSW 2072