Privacy Policy for the Navigate App


Below you will find information about how we handle your data, in accordance with Art. 12-14 of the General Data Protection Regulation (GDPR).


Data controller

The data controller for the data processing described below is OD-OS GmbH.

Address: Warthestraße 21, 14513 Teltow, Germany
Telephone number: 03328 31282100
Email address:  info@od-os.com


Registration on OD-OS websites for the Navigate app

Access to the Navigate app is restricted to a dedicated professional user group. Users need to register on OD-OS websites to apply for an account for the Navigate app. As a user of the Navigate app you can benefit from an interactive concept of teaching and learning medical decision-making for retinal laser treatments based on cases from clinical practice. We only use the data entered (job, city, country, title, first and last name, email address, user name and password of your choice) to check whether you are a user belonging to the specified user group and therefore qualify for our Navigate app as well as for registration purposes. The mandatory information requested during registration must be given in full. For important changes, such as the scope of the offer or for technically necessary changes, we use the email address provided during registration to inform you. The data entered during registration is processed on the basis of Art. 6(1) point (b) GDPR. The data collected during registration will be stored by us as long as you are registered for the app and will then be deleted. Statutory retention periods remain unaffected.

 

Usage data

We store the following data of your Navigate app usage as a log:

When you login to the Navigate app, an authentication request with date and time is sent to our user management system to check whether you are an authenticated user of the app. We store this data as a log for statistical purposes. This also enables us to log the total time of app usage.

The data collected during registration and usage of Navigate app will be stored by us as long as you are registered for the app and will then be deleted. Statutory retention periods remain unaffected. The legal basis for this data processing is our legitimate interest in statistics and identification of suspicious logins to our Navigate app (Art. 6(1) point (f) GDPR).


Remote access to a Navilas® Laser System

When you start the remote access function from Navigate app you will launch a special cloud application operated by FastViewer GmbH, Otto-Hahn-Ring 6, D-81739 Muenchen. The FastViewer communication server will not store your user data but try to establish a connection with a specific Navilas® Laser System. Remote access from Navigate app requires a special license on the Navilas® Laser System you wish to access. For more information, please visit: www.od-os.com/teleguidance.
 

Cookies

We use cookies on our website. Cookies are small text files that are saved on your end device and read from there. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies which are stored beyond the individual session. Cookies may contain data that make it possible to recognize the device being used. In part, however, cookies also simply store information about specific settings that cannot be associated with an individual.

We use session cookies and permanent cookies on our websites. Processing is carried out on the basis of Art. 6(1) point (f) GDPR and in the interests of optimizing and facilitating user navigation, adapting the appearance of our website and optimizing loading times.

You can set your browser in such a way that it informs you when you accept a cookie. This makes your use of cookies transparent. You can also delete cookies at any time and reject any new cookies by changing your browser settings as appropriate. Please note, however, that in this case our websites may not  appear at its best, and some of the functions may no longer be available for technical reasons.


App analytics

In order to understand how users discover and interact with the Navigate app, we collect pseudonymous user data with the aid of App Analytics. App Analytics is operated by Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. Data processing is carried out on the basis of our legitimate interest pursuant to Art. 6(1) point (f) GDPR. The purpose of data processing is our interest in learning how users discover and interact with the app, e.g. how often the app is downloaded in different regions. That purpose also constitutes our legitimate interest.

The information about your use of the app is usually transmitted to an Apple server in the USA and stored there.  

We have also concluded a commissioned data processing agreement pursuant to Art. 28 GDPR with Apple. Under this agreement, Apple will use all information strictly in accordance with the purpose of analyzing the use of our app and compiling reports about the app usage activities.

You may object to this processing at any time by adjusting the corresponding privacy settings of your iOS device; please note, however, that you may not then be able to use all of the functions of the app to their full extent.

We monitor the technical performance of Navigate App with the aid of Atatus diagnosis tools (www.atatus.com) operated by  NamLabs Technologies Private Limited, 78/132, 2nd Floor, Dr. Radhakrishnan Salai, Mylapore, Chennai, TamilNadu, India - 600 004. Atatus's service is hosted using Digital Ocean and Amazon Web Services (AWS). Data processing is carried out on the basis of our legitimate interest pursuant to Art. 6(1) point (f) GDPR. The purpose of data processing is to troubleshoot, fix and optimize the technical framework of Navigate app. That purpose also constitutes our legitimate interest.


Google reCaptcha

We use the Google reCaptcha service to establish whether a specific input on our registration form for a Navigate App account has been made by a person or a computer. Google checks by means of the following data whether you are a person or a computer: IP address of the end device used, the page of our website that you are visiting and into which reCaptcha is integrated, the date and duration of your visit, the recognition data for the browser and operating system used, your Google account if you are logged into Google, the mouse movements over the reCaptcha areas in which you have to identify images. The legal basis for the data processing described is Art. 6(1) point (f) of the General Data Protection Regulation (evaluation of interests based on our interest in ensuring the security of our websites).

 

Commissioned data processors

We transfer your data in the context of commissioned data processing pursuant to Art. 28 GDPR to service providers who support us in operating our website and the associated processes. Our service providers are strictly bound by our instructions and are under corresponding contractual obligations.

In some cases, we also transfer personal data to third countries outside the EU in this context. In doing so, we always ensure that there is an appropriate level of data protection:

We conclude the standard data protection clauses with service providers in third countries such as App Analytics (USA) and Amazon Web Serivces (USA). These provide suitable guarantees for the protection of your data with service providers in third countries. You can request a copy of this data protection agreement using the contact details given above. 


Data security

We take technical and organizational steps to protect your data as fully as possible against unauthorized access. We use an encryption process on our pages. Your details are transmitted from your computer to our server and vice versa

over the internet using TLS encryption. You can recognize this by the fact that the lock symbol on the status bar of your browser is closed and the address line begins with http://https://.


Your rights as a user

When your personal data is processed, the GDPR gives you certain rights as the user of an app or website:

1. Right to information (Art. 15 GDPR):

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed; and, where that is the case, you have the right to information about those personal data and to the information listed specifically in Art. 15 GDPR.

2. Right to rectification and erasure (Art. 16 and 17 GDPR):

You have the right to demand immediate rectification of incorrect personal data about you and, where appropriate, completion of incomplete personal data.

You have the right to demand that personal data about you are erased immediately if one of the grounds listed specifically in Art. 17 GDPR applies, e.g. if data are no longer required for the stated purpose.

3. Right to restriction of processing (Art. 18 GDPR):

You have the right to demand restriction of processing if one of the conditions specified in Art. 18 GDPR is met, e.g. if you have objected to processing in accordance with Art. 21 GDPR or for the duration of any period in which the precedence of our legitimate interests over your interests as the data subject is being verified.

4. Right to data portability (Art. 20 GDPR):

In certain cases that are listed specifically in Art. 20 GDPR, you have the right to receive personal data about you in a structured, commonly used and machine readable format or to demand transmission of those data to a third party.

5. Right to withdraw consent (Art. 7(3) GDPR):

If you have given us your consent, you may withdraw it at any time. In withdrawing your consent, the lawfulness of the processing carried out up to the point of withdrawal is not affected.

6. Right to object (Art. 21 GDPR):

If data are collected on the basis of Art. 6(1) sentence 1 point (f) GDPR (data processing to protect legitimate interests), you have the right to object to processing at any time for reasons resulting from your particular situation. We will then no longer process the personal data unless there are demonstrable, compelling, legitimate reasons for processing that override your interests, rights and freedoms, or if the purpose of processing is to assert, exercise or defend against legal claims.

7. Right to lodge a complaint with a supervisory body

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory body if you believe that processing of the data about you breaches the provisions of data protection law. The right to lodge a complaint may be exercised, in particular, with a supervisory authority in the Member State of your place of residence, place of work or the location of the alleged breach.


Contact details of the Data Protection Officer

Our Data Protection Officer will be happy to provide you with information and suggestions on the topic of data protection:

datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen. Germany

Web: www.datenschutz-nord-gruppe.de
Email: office@datenschutz-nord.de

Für Kunden Navilas® Academy