Version 1, 18th of October 2023
Dear Sir or Madam,
The protection of your personal data is of the utmost importance to us.
We would therefore like to inform you about whether and which data we process, and explain your rights. For data protection reasons, your data can only be processed if a legal basis permits this or you have given your consent as a patient. We treat your personal data confidentially and process your personal data in accordance with the General Data Protection Regulation (“GDPR”).
If you have any further questions after reading this information, please contact the person listed below.
(1) Name and contact details of the data controller
Responsibility for data processing:
Charité – Universitätsmedizin Berlin
Corporation under public law
Represented by the Chairman of the Board of Directors
Your data is primarily processed under the provisions of the General Data Protection Regulation of the European Union (“GDPR”).
(4) Types and purposes of data processing
The Solomiya app is programmed to process as little personal data as possible. There are no user accounts stored on the server system. In particular, your data will not be used for profiling or advertising purposes.
The data processed by the app can be classified into the following categories:
Each time the Solomiya app exchanges data via the internet with the server system of the Charité (hereinafter: server system), the server system processes so-called access data. This is necessary so that the app can retrieve current data or transmit certain data stored on the smartphone to the server system. The access data include the following data:
Date and time of the retrieval
Amount of data transferred (or packet length)
Message as to whether the data exchange was successful
The legal basis for the temporary storage of the personal data and the log files is Art. 6 Sect. 1 lit. f GDPR for the protection of the legitimate interests of Charité. The above-mentioned access data is processed in order to maintain and secure the technical operation of the app and the server system. You will not be personally identified as an app user and no usage profile will be created. The IP address is not stored beyond the end of the app usage.
We use the data protection-friendly open source tool “Matomo” for the analytical evaluation of usage data. This analysis tool is used on the basis of Art. 6 Sect. 1 lit. f GDPR. Matomo enables us to collect and analyze data about the use of the Solomiya app. This allows us to track, e.g., which screens and videos were viewed within the app (by storing a video ID) as well as the average time spent per screen/video. The purpose of these data analyses is to optimize the content and functionalities of the Solomiya app.
Matomo does not transmit data to servers that are outside the control of the Charité. We host Matomo exclusively on the Charité server system. Data about your usage behaviour (tracking) is processed anonymously by Charité and is generally only collected if you have given your explicit consent to do so. Consent can be revoked at any time.
Health data is any data that contains information about a person’s health status. As part of a monitoring feature (self-assessment), the Solomiya app collects your answers within specific questionnaires (Patient Health Questionnaire (PHQ-9) and Insomnia Severity Index (ISI)) to assess the severity of depressive symptoms and insomnia. These responses are processed anonymously, stored only locally on your device, and cannot be associated with IP addresses or user profiles at any time.
Moreover, users can enter and save emergency contacts in the Solomiya app – including names, descriptions, contact images and telephone numbers of the relevant contact persons. This data is not sent to the server system, but is stored locally on the user’s device.
(5) Recipients of the above data As the technical service provider commissioned with the development of the Solomiya app, Bornholdt Lee GmbH are granted access to the Charité server and the above-mentioned data which remain anonymized at all times and are not processed by Bornholdt Lee GmbH.
(6) Duration of storage As soon as the Solomiya app is uninstalled, your data that was stored locally on your device for the duration of use (e.g. questionnaire answers, emergency contacts) will also be permanently deleted. The log files – including your IP address – are deleted from the server system after fourteen days. Only usage data which was collected through Matomo and cannot be traced back to individual users is not automatically deleted.
(7) Data subject’s rights regarding personal data
You have the following rights in the context of the processing of your data:
Right to withdraw consent for personal data processing, Art. 7 GDPR
Wenn Sie in die Verarbeitung über eine entsprechende Erklärung eingewilligt haben, können Sie die Einwilligung jederzeit für die Zukunft ohne Nachteile widerrufen.Die Rechtmäßigkeit der bis dahin erfolgten Verarbeitung bleibt davon unberührt.
Right to object to data processing, Art. 21 GDPR
You shall have the right, on grounds relating to your particular situation, to object, at any time, to the processing of your personal data which is based on Points (e) of (f) of Article 6(1) of the GDPR.
Right to access, Art. 15 GDPR
You have the right to obtain from the data controller at any time, and without having to make a payment, information about any personal data being held on you.
Right to rectification, Art. 16 GDPR
You have the right to request the prompt rectification of inaccurate personal data concerning you. Furthermore, and taking into account the purposes of the processing, you have the right to have incomplete personal data completed.
Right to erasure, Art. 17 GDPR
You have the right to request from the data controller the prompt erasure of any personal data on you if certain grounds for deletion exist. This is particularly the case if personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
Right to restriction of processing, Art. 18 GDPR
You have the right to request from the controller the restriction of processing. This means that albeit your data will not be deleted, it will be marked to restrict its further processing or use.
Right to data portability, Art. 20 GDPR
You have the right to receive personal data which you, as the data subject, provided to the controller, in a structured, commonly used and machine-readable format, if technically possible.
To exercise the aforementioned rights, please first contact the executing department using the contact details provided above. You can also direct any queries regarding data protection to Charité’s data protection officer using the contact details given above.
Right of complaint to a supervisory authority:
You also have the right to complain to a Data Protection Authority about the processing of your personal data. The complaint can be made informally to a supervisory authority of your choice. You can find the contact details of the Berlin Data Protection Authority, for example, here [Link]:
Berliner Beauftragte für Datenschutz und Informationsfreiheit