Your data belongs to you and is controlled by you. Sharing your data with us and consenting to us processing it enables us to offer you the best possible therapeutic training.
Vivira Privacy Statement
As of 29 April, 2020
The protection of your data and your privacy are very important to us. We’re aware of the sensitive character of your health information. Therefore, the legislator refers to certain health data as “special personal data”. Such data is in particular need for protection.
At Vivira, we collect as little of your personal data as possible and protect it by the highest technical standards. This Privacy Statement explains in detail how we do this.
Our Privacy Statement answers the following questions:
You can read the sections of the manual by clicking on the respective heading.
Our objective is to support you in optimally conducting therapeutic training at home, as a complement to other treatment forms, while helping you as best possible in reducing your knee-, hip-, or back-pain. This includes the clinical validation of our product by research organizations using anonymized data.
The processing of your data by Vivira serves these purposes exclusively.
Vivira Health Lab GmbH (“Vivira”) is located at Kurfürstendamm 54/55, 10707 Berlin, Germany. Vivira collects and processes your personal data in connection with the Vivira-App (“App”) and the website www.vivira.com (“Website”). We’re “responsible” according to German Basic Regulation on Data Protection (Deutsche Datenschutz-Grundverordnung – “DSGVO”), which is in line with European Data Protection Law.
We process your data only to the extent necessary for the provision of the Vivira services requested by you, as long as you consent to the processing, or if we’re authorized to do so by data protection laws. For the processing of your health data, we separately ask for your consent. You can consent e.g. by activating the consent-slider. We will keep a record of your consent.
Requests can be sent to firstname.lastname@example.org at any time. For further information regarding our company, see www.vivira.com. You may also address questions to our data protection officer: mpP Group / yourprivacyfirst; Mike Peter, data protection expert; e-Mail: email@example.com
Personal data is especially protected by law. Such data refers to information that refers to an identified or identifiable person.
With the exception of your email address and your IP-address, we do not collect any data that allows direct identification of your person. Nevertheless, strictly confidential handling of all your data is of great importance to us. Therefore, we treat all data according to the same rules that apply to processing your personal data.
In case you do not wish to share necessary data with us, we’re unable to provide you with the services described in our terms and conditions.
Vivira consists of four main features, in each of which health data is collected. The collection of the data is required for serving the purpose of Vivira and for providing the services as described in our terms and conditions. The four main features are:
a) Activation, onboarding and registration
b) Movement test (functional self-assessment)
c) Personalised training program
d) Activity, steps, and wellbeing journals
By providing specific health data, you can enable the selection of your preferred Vivira program during activation and onboarding and will in addition receive general information about Vivira. This requires data about your demography (gender, age), your health condition (medical diagnosis, you problem areas, the severity of your pain, the duration of your pain, movement limitations), and possible on-going treatment (are you in physiotherapy treatment, are you taking pain medication).
The registration of a Vivira user account is required to be able to use Vivira. With your user account, you can use your Vivira program after signing out from the App and then signing back in, after deleting and then reinstalling the App (though not after deletion of your data), and you can use the App on multiple devices.
During registration, you will be asked for your email address and asked to define a personal password. This enables us to set up and protect your account. Your registration may be completed with a pseudonymous email address. For purposes of data security, we advise you to use a complex password with a combination of letters, numbers, and symbols.
Disclosure of your email address qualifies all data collected, processed and used by Vivira as “special personal data” pursuant to the DSGVO. It is protected accordingly as such.
The voluntarily movement test enables you to periodically visualize the condition of your musculoskeletal system and its functionality. The movement test puts you through a certain number of exercises. After each exercise, you will be asked to answer questions about your ability and the pain you may have experienced while completing the exercise.
The personalized training program enables you to support the recovery and development of your physical function and reduction of pain by constant, target-oriented practice. Every day, you will receive several exercises that are explained by video, as well as information regarding the exercises. After each exercise, we will ask you questions regarding your ability and the pain you may have experienced during the exercise. Answering these questions enables us to tailor your progression path so that each day, the exercises will be adapted based on the answers you provided.
Your answers regarding pain and function after each exercise are voluntarily. However, the program can only conduct a progression of exercises after you provide answers to these questions. Without your answers, the program will remain at the current level of difficulty and cannot be adapted according to the answers you provided.
The activity, steps and wellbeing journals, which are also voluntarily, enable you to record e.g. your activity (calories burned through activity), your pain development, your quality of life, and possible limitations in everyday life (e.g. on the job, at home and during leisure time), and to track progress over the time. Visualization of the data in the App enables you to better understand your progress and always keep an eye on it.
The technical data we collect informs us about the hard- and software you use to access our App and Website:
Within the App
- Platform (e.g., iOS or Android)
- Version of the Vivira-App
- Manufacturer and model of your device
- Version of the operating system of your end device
- The so-called „Identifier for Advertising in Apple“ for iOS devices
- The so-called „Advertising ID“ for Android devices
In the Web-Browser
- Version of the browser
- Manufacturer and model of your device
Data regarding use
The data regarding use that we collect informs us how and how often you use our services:
Within the App
- Time and frequency of use of App
- Area of App that is used
- Duration of use
- App-settings used (language settings, notifications)
- Feedback-data (incl. email-service)
- Location of use, if applicable
Within the web-browser
- Time and frequency of use of Website
- Area of Website that is used
- Duration of use
- Location of use, if applicable
We process your health data, technical data and data on use while you are using App and Website.
According to statutory data storage requirements, Vivira will store your data for a period of 3 years. The period starts with your consent to data processing, and ends after 3 years per the end of the calendar year. Anonymized data can be stored indefinitely for purposes of clinical validation.
We do not share your data with third parties, unless:
- we are obliged to do so by law
- it involves specific third party analytics providers that are required to deliver our service to you according to our AGB and are explicitly listed in Section 9 of this Data Privacy Statement
- it involves research organizations we partner with for purposes of clinical validation using anonymized data. To receive a list of our current research organization partners, please send an email to firstname.lastname@example.org
- you have given us your explicit and specific consent to do so
With your explicit and specific consent, we will transfer your data to certain doctors, therapists (“Providers”), Payors, or research institutions. In this case, Vivira acts as contract data processor pursuant to article 28 DSGVO and undertakes to comply with the legal regulations regarding data protection and data security.
In the context of use of third-party provider tools described in Section 9, your personal data may be transferred to these providers (also to the U.S.). In such cases, we will take appropriate actions to reasonably protect your data at all times. Transfer of data to the U.S. is only made to companies that hold a Privacy Shield certification. Therefore, the data transfer is lawful on the basis of the adequacy decision of the EU-Commission (Art. 45 DSGVO) dated 12 July 2016. For further information go to www.privacyshield.gov.
From the Vivira-App, you yourself can share your health data with a Provider of your choice and to enter into exchange on the basis of this. In this case, the App creates an overview of your personal health data which you can then send to your Provider, e.g. by email or printout.
To increase safety and provide the best possible user experience, we limit the data stored on your device to the following elements: E-mail address, current plan name, information if you are on a premium account, exercises on a active exercise day, feedback you provided after the exercises, steps and burnt calories (only relevant for early users), generated PDF reports. Your remaining data will merely be stored temporarily when needed in the cache of your device. All of your data will be stored on servers of Amazon Web Services („AWS“), our IT service provider in Frankfurt am Main (Germany). AWS processes the data on our behalf and on the legal basis of article 28 DSGVO. AWS undertakes to comply with all relevant legal regulations regarding data protection and data security.
We take precautions to ensure the safety of your data and to prevent misuse. The App and our server communicate through encoded connections via SSL (Secure Socket Layer) to prevent unauthorized third parties from reading your data.
Our servers and databases are protected by firewalls in order to protect against unwanted access. Our provider AWS is oriented according to ISO 27018, a code of conduct that focuses on the protection of personal data in the cloud.
Please be aware that it is prohibited to use the internet for private purposes during working hours in certain work environments. Some employers systematically monitor prohibited internet activity at the workplace. Also, multiple network surroundings may pose a risk of unwanted access.
To review Amazon Web Services data protection regulations, please see: https://aws.amazon.com/compliance/data-privacy/
Vivira contracts third-party providers for analysis and evaluation services relating to user behavior. We do this to be able to provide the services as described in our terms and conditions and/or constantly improve and develop App and Website further.
A transfer of your data to these external service providers takes place only in connection with legally permissible contract data processing.
When data is processed outside the European Union and the European Economic Area, an appropriate data protection level will also be assured by adequate guarantees for the protection of the right of personality and the exercise of related rights. This is assured by legal, technical and organizational measurements and periodical controls that third-party providers fulfil all provisions of the relevant data protection regulations.
We use the following third-party provider tools:
For data processing, Vivira uses services of Adjust GmbH, a provider from Germany for Mobile App Tracking and Analytics. Adjust provides App-marketers and -publishers with a solution to stay informed about the performance of their campaigns. The Adjust BI-platform shows understandable and practicable metrics, also on the In-App-behavior of users, e.g., to recognize promising marketing campaigns.
Data processing takes place on the basis of article 6 Abs. 1 lit. f DSGVO (“legitimate interests”). We assume a legitimate interest as we are able to significantly improve App and Website for all users on the basis of the findings from the data we receive from Adjust. You may object to the data processing at any time by proceeding as described in section 10 of this privacy statement and deleting your data. The lawfulness of any previously completed data processing remains unaffected by the objection.
For Adjust’s privacy statement, please see: https://www.adjust.com/privacy-policy/
The Vivira website uses Google Analytics, an analysis service of Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; „Google“). Use includes operating mode „Universal Analytics“. This enables to assign data, sessions and interactions via several devices to one pseudonymized user-ID and thus analyze user activities across multiple devices.
Google Analytics uses so-called „cookies“, text files that are saved on your device and that enable an analysis of your use of the Vivira website. Generally, information about your use produced by the cookies is transferred to and stored on a server of Google located in the US. In case of an activation of the IP-anonymization on the website, Google will shorten your IP-address in member states of the European Union and another contracting states of the European Economic Area. Only in exceptional cases will your full IP-Address be transferred to a server of Google located in the US and shortened there. The IP-address submitted by your browser within the scope of Google Analytics is not combined with other data from Google. On the request of Vivira, Google will use the data to evaluate your use of the Vivira website as well as the internet for Vivira. Vivira uses these evaluations to improve the Vivira user experience. This purpose constitutes our legitimate interest in the data processing.
Data processing takes place on the basis of article 15, Abs. 3 TMG or respectively article 6 Abs. 1 lit. f DSGVO (“legitimate interests”). We assume a legitimate interest as we are able to significantly improve App and Website for all users with the findings from the data provided by Google Analytics.
You may object to the data processing at any time by proceeding as described in section 10 of this privacy statement and deleting your data. The lawfulness of any previously completed data processing remains unaffected by the objection.
Data sent by us and linked to cookies, user names (e.g. user IDs) or advertising IDs are deleted after 14 months. Deletion of data that reached its storage period limit occurs automatically once a month.
Google holds a Privacy-Shield certification. This means that Google voluntarily fulfils the data protection requirements of the EU. For more information, please see: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
You may prevent the saving of cookies by activating a setting of your browser software; however, we point out that you might no longer be able to fully use all functions of the Vivira website in this case. You may also may prevent the collection of data generated by the cookie and linked to your use of the website (incl. IP-address) by Google as well as the processing of this data by Google, by downloading and installing the respective browser-add-on: https://tools.google.com/dlpage/gaoptout/
In order to prevent data collection by Universal Analytics on different devices, you need to carry out the opt-out in each system used.
For data processing, Vivira uses services of Mixpanel Inc., a provider from the U.S. that protocols page views and page activity during App use. On this occasion, user data is transferred to Mixpanel (and Mixpanel, Inc.) in the U.S.
Data processing takes place on the basis of article 6 Abs. 1 lit. f DSGVO (“legitimate interests”). We assume a legitimate interest as we can significantly improve Vivira for all our users on the basis of findings from data created by Mixpanel. You may object to the data processing at any time by proceeding as described in section 10 of this privacy statement and deleting your data. The lawfulness of any completed data processing remains unaffected from the objection.
Mixpanel holds a Privacy-Shield certification. This means that Mixpanel voluntarily fulfils all data protection requirements of the EU. For more information, please see: https://www.privacyshield.gov/participant?id=a2zt0000000TOacAAG
For further information on the use of your data, please see Mixpanel’s privacy statement: http://mixpanel.com/privacy
For data processing, Vivira uses services of Segment.io, Inc., a provider from the U.S. Segment enables the analysis of user data on mobile devices and in the internet and enables its transfer to third-party provider tools used by Vivira, e.g. for data analysis, marketing or data warehousing.
Data processing takes place on the basis of article 6 Abs. 1 lit. f DSGVO (“legitimate interests”). We assume a legitimate interest as we can significantly improve Vivira for all our users on the basis of findings from data created by Segment. You may object to the data processing at any time by proceeding as described in section 10 of this privacy statement and deleting your data. The lawfulness of any completed data processing remains unaffected from the objection.
Segment holds a Privacy-Shield certification. This means that Segment voluntarily fulfils all data protection requirements of the EU. For more information, please see: https://www.privacyshield.gov/participant?id=a2zt00000008WCkAAM&status=Active
You can find Segment’s privacy statement here: https://segment.com/docs/legal/privacy/
You have the right to delete your personal data by initiating deletion of your user account on the “Settings”-page in the Vivira App. Upon deletion, your personal data is deleted irrevocably from our database. From the moment of deletion onwards data will no longer be available to you. In this case, Vivira will no longer be able to create any reference to your account and accordingly will no longer be able to reproduce if you were a Vivira Premium user.
In case the deletion conflicts with other statutory, contractual, tax-based, or commercially-based storage requirements or other legislative reasons, your account may be closed but not deleted.
You have the right to information regarding the personal data stored with us. In case your personal data is stored at Vivira, we are happy to provide you with a copy of this data upon request to email@example.com. This includes information about purpose of storage, category of data stored, recipients of the data, accessors, as well as, if possible, period of data storage and criteria for determination of this period.
As user of our services, you may have, depending on certain conditions, the following rights:
Correction, deletion or limitation of processing
You have the right to request correction, deletion or limitation of processing of your personal data. In this case it is required that you delete your personal data by initiating deletion of your user account on the “Settings”-page in the Vivira App. Upon deletion, your personal data is deleted irrevocably from our database. From the moment of deletion onwards data will no longer be available to you. In this case, Vivira will no longer be able to create any reference to your account and accordingly will no longer be able to reproduce if you were a Vivira Premium user. This is applicable in cases where, e.g.,
a) data is incomplete or incorrect,
b) data is no longer required for the purpose it had been collected for,
c) the consent, on which the processing was based, has been revoked, or
d) you have successfully executed your right to object to the data processing.
In cases in which the data is processed by a third party, your request for correction, deletion or limitation of the processing will be transferred to such third party, except if this turns out to be impossible or involves an unreasonable amount of effort.
Limitations in processing your personal data initiated by you may have the consequence that Vivira is no longer able to perform its services as described in its terms and conditions.
Objection to processing
You have the right object to the processing of your personal data through Vivira for reasons that arise from your special situation or by revoking your consent. If you wish to do so, please write to: firstname.lastname@example.org.
Transferability of your data
You have the right to receive in a structured, common and machine-readable form all personal data related to you that is stored with us and to transfer this data to a third party without obstructions from our side; you may also request that we transfer personal data directly to a third party, insofar as this is technically feasible.
Refusal and revocation of consent
You may refuse your consent or – without any consequences to the lawfulness of data processing that took place before the revocation – to revoke your consent to the processing of your personal data at any time. This may have the consequence that Vivira is not able to perform its services as descried in its terms and conditions anymore. If you wish to do so, please write to: email@example.com.
Right of appeal
You have the right to communicate with the data protection supervisory authority and to complain to them where appropriate.
We reserve the right to amend this privacy statement under consideration of statutory data protection requirements. You can find the respective current version here or at another place on App and Website where it can be easily found.
In case of questions, suggestions or comments on the subject of data protection, you are welcome to contact our Data Protection Officer: Mike Peter, mpP Group / yourprivacyfirst; expert for data protection; Email: firstname.lastname@example.org.