The protection of your data is important to us!

1. Data protection officer

1. Data protection officer

The data protection officer within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:

myritmo GmbH
Schlossstraße 12
22041 Hamburg
Email: service@myritmo.de

2. Data protection officer

The data protection officer is:

ARTANA Digital GmbH
Prof. Dr. Christian Rauda
Alstertwiete 3
20099 Hamburg

Tel. +49 40 537981260
Email: datenschutz@myritmo.de

3. Legal basis for the processing of personal data

We process some of your personal data on the basis of the following legal grounds:

a) Consent of the data subject
Insofar as we obtain the consent of the data subject for processing for a specific purpose, Art. 6 (1) (a) GDPR is the legal basis.

b) Fulfilment of contractual obligations
Where processing is necessary for the performance of a contract to which the data subject is party, the legal basis is Art. 6(1)(b) GDPR. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

c) Legal requirements and obligations
Where processing is necessary for compliance with a legal obligation to which we are subject, the legal basis is Article 6(1)(c) GDPR.

d) Performance of a task carried out in the public interest or in the exercise of official authority
Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, the legal basis is Article 6(1)(e) GDPR.

e) Protection of legitimate interests
If processing is necessary to protect our legitimate interests or those of a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, the legal basis is Art. 6 (1) (f) GDPR.

f) Processing of sensitive data (= special categories of personal data)
Insofar as we process health data on the basis of consent, Art. 9 (2) lit. a) GDPR is the legal basis.
4. Storage period and deletion of personal data

The personal data of the data subject will be deleted or blocked as soon as there is no longer any purpose for processing. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which we are subject. Personal data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is still a legal basis for processing.

5. Recipients of personal data

Only those departments that need personal data to fulfil their processing purposes process it. This also applies to the processors we use, such as service providers and vicarious agents. All departments and persons who work with personal data are bound to data secrecy and are instructed to handle such data sensitively.

Personal data will only be passed on to third parties if this is in accordance with data protection regulations. In particular, persons employed to carry out our business operations (e.g. banks, tax advisors, service providers for EDP and IT services) as well as government agencies/authorities, insofar as this is necessary to fulfil a legal obligation, may receive your personal data.

6. Data processing in third countries

For technical reasons, our services sometimes require the use of servers in third countries by our processors, which means that personal data is also processed in these countries; we explicitly point this out below. If personal data is processed outside the EU/EEA and there is no adequate level of data protection in accordance with European standards, which has been confirmed by the EU Commission by means of an adequacy decision pursuant to Art. 45 (3) GDPR, we will take appropriate measures to ensure that your personal data is protected. which has been confirmed by the EU Commission by means of an adequacy decision pursuant to Art. 45 (3) GDPR, we have concluded EU standard contractual clauses with the companies concerned in order to establish appropriate safeguards within the meaning of Art. 46 GDPR. A copy of the EU standard contractual clauses can be found

We are responsible for our website www.myritmo.de and its subpages (‘website’). Personal data is processed when you use our website. Below, we provide detailed information about the data processing that takes place.

1. Provision of the website and creation of log files

When you visit our website, data and information are automatically collected from the user’s device. The following personal data is processed:

– Browser type and browser version
– Operating system used on the device
– Referrer URL
– IP address of the user
– Date and time of access
– Host name of the accessing device

The data is stored in the log files of our system. This data is required to provide the website on the user’s device, to ensure its functionality and to analyse any malfunctions. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. The legal basis for this is Art. 6 (1) (f) GDPR. The collection of log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.

The log files are deleted within seven days at the latest.

To provide our website, we use the processor Elb-netz GmbH, Hegestraße 40, 20251 Hamburg, with whom we have concluded a processing agreement and who processes the above-mentioned personal data for the provision of the website exclusively on our behalf. No third-country processing of personal data takes place through this processor.

 

2. Use of cookies

We use cookies on our website. These are text files that are stored in or by the Internet browser on the user’s terminal device when visiting a website. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified the next time the website is accessed.

a) Technically necessary cookies
We do not use technically necessary cookies.

b) Optional cookies
We use optional analysis cookies on our website. These are used for functional, analytical or marketing purposes. The use of these cookies is based on the user’s consent, which they give us when they first visit the website and which includes the storage and retrieval of cookies as such, as well as the processing of the resulting personal data for analysis purposes. The legal basis for the storage and retrieval of analysis cookies is Section 25 (2) TTDSG; for the processing of the personal data generated in the process, it is Article 6 (1) sentence 1 lit. a GDPR. You can revoke your consent at any time by changing the settings in the consent manager available here. There you will also find all information about the cookies used, their purpose, the respective storage period and the recipients of the data processed by the cookies. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

To provide the consent manager, we use the processor Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, with whom we have concluded a data processing agreement and who processes user settings exclusively on our behalf. No third-country processing of personal data takes place through this processor.

3. Google services

We use several Google services. Our contractual partner is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’). Recipients of your data may include:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a processor pursuant to Art. 28 GDPR).
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA,
Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Insofar as Google processes data outside the EU/EEA and there is no level of data protection that complies with European standards, Google Ireland Limited has concluded EU standard contractual clauses in accordance with Art. 46 GDPR with its group companies Google LLC and Alphabet Inc., which are based in California, USA, in order to ensure an adequate level of data protection. A copy of the contractual clauses can be found here: https://policies.google.com/privacy/frameworks?hl=de&gl=de. The transfer of data to the USA and access by US authorities to data stored by Google cannot be ruled out. From a data protection perspective, the USA is currently considered a third country. You do not have the same rights there as you do within the EU/EEA. Under certain circumstances, you may have no legal recourse against access by authorities.

a) Google Tag Manager

If you have given your consent, Google Tag Manager is used on this website.

Google Tag Manager is primarily used to deploy other tools. Instead of loading a tool directly, it is loaded by Google Tag Manager. Google Tag Manager uses administrator cookies and transfers cookies associated with Tag Manager to Google. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

Due to the server connections between your Internet connection and Google’s servers, your IP address and network data such as the following are also processed:

approximate location (region)
technical information about the browser and the end devices used (e.g. language setting, screen resolution)
Internet provider
the referrer URL (via which website/advertising medium users came to this website)
The legal basis for data processing by Google Tag Manager is your consent in accordance with Section 25 (1) TTDSG in conjunction with Article 6 (1) (a) GDPR.

You can revoke your consent at any time with future effect by accessing the settings [HERE] and changing your selection there. There you will also find information about the cookies that are processed. The lawfulness of the processing carried out on the basis of your consent until revocation remains unaffected. The data collected via Tag Manager will otherwise be processed until you revoke your consent.

You can also prevent the storage of cookies from the outset by adjusting your browser software settings accordingly. However, if you configure your browser to reject all cookies, this may result in restrictions on the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by not giving your consent to the setting of the cookie.

For more information on the terms of use of Google Tag Manager and data protection at Google, please visit https://marketingplatform.google.com/about/tag-manager/ and https://policies.google.com/?hl=de.

 

b) Google Analytics

If you have given your consent, the web analytics service Google Analytics 4 is used on this website.

Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

IP anonymisation is enabled by default in Google Analytics 4. Due to IP anonymisation, your IP address is truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

During your visit to the website, your user behaviour is recorded in the form of ‘events’. Events can be:

Page views
First visit to the website
Start of session
Your ‘click path’, interaction with the website
Scrolls (whenever a user scrolls to the bottom of the page (90%))
Clicks on external links
Internal search queries
Interaction with videos
File downloads
Ads viewed/clicked on
Language setting

The following is also recorded:

Your approximate location (region)
Your IP address (in abbreviated form)
Technical information about your browser and the devices you use (e.g. language settings, screen resolution)
Your Internet service provider
The referrer URL (which website/advertisement brought you to this website)

Google will use this information on our behalf to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website.

Recipients of the data besides us are/may be:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a processor pursuant to Art. 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA,
Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Data that has reached its retention period is automatically deleted once a month.

The legal basis for this data processing is your consent in accordance with Section 25 (1) TTDSG in conjunction with Article 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings [HERE] and changing your selection there. There you will also find information about the cookies that are processed. The lawfulness of the processing carried out on the basis of your consent until revocation remains unaffected.

You can also prevent the storage of cookies from the outset by adjusting your browser software settings accordingly. However, if you configure your browser to reject all cookies, this may result in restrictions on the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by

• Do not give your consent to the setting of cookies or
  download and install the browser add-on to deactivate Google Analytics [HERE].
• For more information on the terms of use of Google Analytics and data protection at Google, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.

 

 

c) Google Marketing Platform

If you have given your consent, we use services from the Google Marketing Platform (formerly ‘DoubleClick’). These services use cookies to display ads that are relevant to users, to improve reports on campaign performance, or to prevent a user from receiving ads more than once. Campaign Manager 360 allows us to run ad campaigns and measure their performance. Display & Video 360 helps us manage display and video campaigns. Search Ads 360 is used to manage search campaigns across various search engines.

Google uses a cookie ID to determine which ads are displayed in which browser and can thus prevent them from being displayed more than once. Google can also use cookie IDs to track conversions, i.e. whether a user sees an ad and later visits the advertiser’s website to make a purchase. These cookies do not contain any personal information.

Your browser automatically establishes a direct connection to the Google server. According to Google, by integrating these services, Google receives information that you have accessed the relevant part of our website or clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

In addition, cookies enable us to track whether you perform certain actions on our website after seeing or clicking on one of our ads on Google or another platform (conversion tracking) (‘floodlight’). Google uses this cookie to understand the content you have interacted with on our websites so that we can send you targeted advertising later.

The legal basis for this data processing is your consent in accordance with Section 25 (1) TTDSG in conjunction with Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by calling up the cookie settings [HERE] and changing your selection there. There you will also find information about the cookies that are processed. The legality of the processing carried out on the basis of your consent until revocation remains unaffected.

In addition to the option of generally granting or revoking your consent to the use of analysis and/or marketing cookies via the settings at the top of this policy, you can prevent tracking by changing your browser software settings (e.g. deactivating third-party cookies), deactivating conversion tracking cookies by blocking cookies from the domain http://www.google.com/settings/ads/ in your browser settings, with regard to interest-based ads from providers that are part of the About Ads self-regulation campaign by clicking on the link http://www.aboutads.info/ choices or the link www.googleadservices.com. Please note that in this case you may not be able to use all functions of the website to their full extent.

 

4. Payment service providers

a) Stripe

We use the payment service provider Stripe (Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) to process payments initiated via our website. When Stripe provides services as a payment service provider (PSP), Stripe itself is the controller within the meaning of the GDPR. Payment processing via credit card is carried out directly by Stripe. We do not process this data for our own purposes.

If necessary, the exchange of data related to your respective booking may also be necessary in order to process payment processing differences between us and Stripe. These data transfers are carried out on the basis of a legitimate interest in accordance with Art. 6 (1) lit. f GDPR. Please note that Stripe, as a financial service provider and responsible body with regard to the processing of financial transaction data, may also pass on your personal data to credit agencies, affiliated companies and subcontractors, insofar as this is necessary to fulfil contractual obligations or on the basis of a legitimate interest, or if the data is processed on behalf of Stripe. It cannot be ruled out that Stripe may also transfer personal information to affiliated companies outside the EU or the EEA (e.g. in the USA).

Your data will be transmitted to Stripe in encrypted form and processed exclusively by Stripe for the purpose of payment processing. Stripe is legally obliged to process and verify this data.

For further information on data protection in connection with this payment service provider, please refer to Stripe’s privacy policy: https://stripe.com/at/privacy

If you pay for goods or services, we also pass on your data to our service providers in the areas of banking, taxes and tax consulting and, within the scope of legal requirements, to the tax authorities.

 

b) PayPal

We also use the payment service provider ‘PayPal’ (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) to process payments initiated via our website. When PayPal provides services as a payment service provider (PSP), PayPal itself is the controller within the meaning of the GDPR. Credit card payments are also processed directly via PayPal. We do not process this data for our own purposes.

If necessary, the exchange of data related to your respective booking may also be necessary in order to process payment processing differences between us and PayPal. These data transfers are carried out on the basis of a legitimate interest in accordance with Art. 6 (1) lit. f GDPR. Please note that PayPal, as a financial services provider and responsible body with regard to the processing of financial transaction data, may also pass on your personal data to credit agencies, affiliated companies and subcontractors, insofar as this is necessary to fulfil contractual obligations or on the basis of a legitimate interest, or if the data is processed on behalf of PayPal. It cannot be ruled out that PayPal may also transfer personal information to affiliated companies outside the EU or the EEA (e.g. in the USA).

Your data will be transmitted to Stripe in encrypted form and processed exclusively by Stripe for the purpose of payment processing. Stripe is legally obliged to process and verify this data.

For further information on data protection in connection with this payment service provider, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

If you pay for goods or services, we also pass on your data to our service providers in the areas of banking, taxes and tax consulting and, within the scope of legal requirements, to the tax authorities.

 

5. Vimeo

We embed videos on our website via the provider Vimeo, Inc., 555 West 18th Street, New York, New York 1001, USA (‘Vimeo’). For technical reasons, this results in calls to Vimeo’s servers. For information on the associated use of data from your browser or device, please refer to Vimeo’s privacy policy, as Vimeo is responsible for data processing there. Vimeo’s privacy policy can be found here: https://vimeo.com/privacy

The legal basis for the integration of Vimeo videos and the associated transfer of personal data to Vimeo, Inc. is Art. 6 (1) lit. b GDPR for users of this website who are in the process of entering into a contract with us. For other users, Art. 6 (1) lit. f GDPR is the legal basis for the transfer of technically necessary data to Vimeo. Our interest in embedding videos via an external service provider outweighs the interest of users of our website in the non-processing of personal data.

We have concluded the EU standard contractual clauses with Vimeo in the so-called ‘controller to controller’ variant. As a further protective measure, we always embed videos on Vimeo in the ‘Do Not Track’ variant, so that personal data is only transmitted to Vimeo to the extent necessary. In addition, Vimeo has committed to continuing to comply with the self-imposed obligations under the former so-called Privacy Shield Agreement. This ensures an adequate level of data protection when transferring data to the United States within the meaning of Article 46 GDPR.

You can communicate with us using a contact form, by email, telephone or letter. Your details from the enquiry, including the contact details you provide there, will be processed by us exclusively for the purpose of processing the enquiry and in the event of follow-up questions. The legal basis for the processing of the data is Art. 6 (1) (f) GDPR.

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. This is usually the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

If the communication is aimed at concluding a contract, the legal basis for processing is Art. 6 (1) (b) GDPR.

Personal data that you have provided to us via a contact form or a contact request (by email, telephone, letter or in person) or in any other way is processed and maintained by us using a customer relationship management system (CRM system). We use the Zoho customer relationship management system, a service provided by ZOHO CORPORATION B. V. (Hoogoorddreef 15, 1101 BA, Amsterdam, Netherlands). Zoho Corporation Pvt. Ltd. (Estancia IT Park, Plot No. 140 & 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, India) is involved in the provision of Zoho.

Please note that although India, as a third country, does not have an adequate level of data protection and there is no adequacy decision by the EU Commission, Zoho Corporation Pvt. Ltd has provided guarantees to ensure an adequate level of data protection. Specifically, we enter into a contract for order processing with ZOHO CORPORATION B. V. and Zoho Corporation Pvt. Ltd based on the EU standard contractual clauses for order processing in third countries. Details on data protection at Zoho and settings options for protecting your personal data can be found in Zoho’s data protection information at: https://www.zoho.eu/privacy.html

We use Microsoft Teams for video conferences. In doing so, we process the following data:

Communication data (e.g. your email address, if you provide this personal information)

Personal master data (if you provide this yourself)
Contents of the online meeting (if you appear personally with contributions in word and/or writing)
Authentication data
Log files, log data
Metadata (e.g. IP address, time of participation, etc.)
Profile data (e.g. your user name, if you provide it yourself)
Microsoft Teams is part of Microsoft Office 365. Microsoft Teams is a collaboration tool that also includes a video conferencing function. Microsoft Office is software from Microsoft Corporation. Our contractual partner is the European subsidiary Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (‘Microsoft’). The video conferencing function of Microsoft Teams allows us to offer you participation via video/audio. We use the following modes in Microsoft Teams: In normal Teams meetings, audio input and video recording are prevented by our Microsoft Teams settings. We process data on the basis of a legitimate interest pursuant to Art. 6 (1) f) GDPR. Our legitimate interest in data processing may be the initiation of a contract or a contractual relationship with you.

Microsoft Teams is part of the Office 365 cloud application, for which a user account must be created. Microsoft also reserves the right to process customer data for its own business purposes. This poses a data protection risk for users of Microsoft Teams. We have concluded data protection agreements and EU standard contracts with Microsoft to guarantee a minimum level of data protection. Please note that we have no influence over Microsoft’s data processing. To the extent that Microsoft Teams processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is an independent data controller for this use and, as such, is responsible for complying with all applicable laws and obligations of a data controller.

For more information on the purpose and scope of data collection and processing by Microsoft Teams, please refer to Microsoft’s privacy policy at https://privacy.microsoft.com/de-de/privacystatementund Microsoft Teams at https://docs.microsoft.com/de-de/microsoftteams/teams-privacy. There you will also find further information on your rights in this regard. Microsoft also processes your personal data in the United States. EU standard contracts with Microsoft for Office 365 and Teams have been concluded to guarantee an adequate level of data protection. You can access the EU standard contractual clauses at https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF.

Our website contains links to external websites.

We have no influence on externally linked content and accept no responsibility for it. The respective provider is responsible for the content of the linked pages. At the time of linking, we checked the pages for possible legal violations. At that time, we did not identify any illegal content. If we become aware of any legal violations, we will remove the relevant links immediately.

In accordance with the applicable data protection regulations pursuant to the GDPR and BDSG, we process some of your personal data in certain cases for the purposes and legal bases specified below.

The specific data processed about you depends on the services commissioned or agreed upon. We use personal information exclusively for the purpose for which it was provided to us. This includes, for example, personal details (name, address and other contact details such as email address, date and place of birth). In addition, this may also include order data (e.g. payment orders), data from the fulfilment of our contractual obligations (e.g. sales data in payment transactions), information about your financial situation (e.g. creditworthiness data), advertising and sales data, and other data comparable to the categories mentioned.

1. Purposes of processing

a) Fulfilment of contractual obligations (Art. 6, para. 1 lit. b GDPR)
We process your data primarily for the purpose of establishing and implementing our procurement and maintenance processes and thus purchase/work/service contracts.

In addition, your data is processed in part within the framework of ancillary contractual obligations or pre-contractual agreements.

b) Legitimate interests of the company (Art. 6, para. 1 lit. f GDPR)

We also process your data on the basis of our legitimate interests, which we list here as follows:
– Contact and communication management
– Economic efficiency checks
– Contract/project management
– Ensuring the operation of information and telecommunications systems.

c) Legal requirements and obligations (Art. 6, para. 1 lit. c GDPR)

As a company, we are bound by various legal obligations that must be complied with in accordance with applicable laws and regulations.
We process your data for the purpose of complying with tax and commercial law regulations, which we specify here by way of example as follows:
– Financial accounting
– Business correspondence

d) Consent of the data subjects (Art. 6, para. 1 lit. a GDPR)
If we have obtained your consent to process your data for specific purposes, we base the lawfulness of the processing on this consent.

2. Recipients of your data

Within our company, the departments that need your data to fulfil their processing purposes have access to it. This also applies to the service providers and vicarious agents we use. All departments and persons who work with your data are bound to data secrecy and have been instructed to handle personal data sensitively.

Your data will only be passed on outside the company if this is in accordance with data protection regulations. This is the case if the transfer is necessary to fulfil the purposes or if we have obtained your consent to the use and transfer of the data. The following categories of recipients may receive your data:

– Tax authorities
– Tax advisors / auditors
– Financial institutions
– IT service providers

We use the services of contract processors for data hosting, content provision, customer communication, technical administration of systems and their maintenance.

We do not transfer your data outside the European Union.

3. Storage period of your data

As a rule, your personal data will only be stored for as long as is necessary for the purpose of processing. Your data will be stored for longer if we are obliged to do so by law (e.g. retention obligations under tax law) or if this is necessary for the assessment or processing of legal claims.

 

4. Further information on collection and processing

If the legal basis for data collection is provided by a legal provision (e.g. tax regulations) or for the fulfilment of a contract (e.g. purchase contract), it may sometimes be absolutely necessary for the data to be provided by the data subject and processed by us. Without the provision and processing of this data, we may not be able to fully implement the legal or contractual requirements.

We do not use your personal data in any way for automated decision-making (e.g. profiling).

5. Data sources

We obtain your personal data primarily directly from you and, where necessary, also use public sources (websites, contact directories, etc.) for initial contact.

If we receive your data from other third parties (e.g. recommendations from other partners), we will inform you about these data sources when we first contact you.

We, dpv-analytics GmbH, are a company founded by doctors. They know that trust is important. That is why we would like to provide you with concise information below about what happens to your ECG data and what rights you have in this regard.

As a customer, you use the ‘ritmo’ device, a smart digital system for screening for atrial fibrillation or for recording a long-term ECG. It records your ECG data. This data is stored on the ‘ritmo’ device, medically evaluated on our systems after it is returned to us, and the results are recorded in a diagnostic report. After the data has been transferred to our systems, the data stored on the ‘rytmo’ device is completely deleted. The diagnostic report is forwarded to the attending physician.

We process your personal data only for the purpose of fulfilling the contract and in accordance with your consent (Art. 6 (1) (a), Art. 9 (2) (a) GDPR). You can revoke your consent at any time, but we will then no longer be able to provide our services. Revocation of consent does not affect the contractual payment obligation.

Your personal data will only be passed on to third parties if you have expressly consented to this (Art. 6 (1) (a) GDPR) or if data protection law permits such disclosure.

The ECG data collected using the ‘recorder’ attached to your skin is entered directly into dpv’s CE-certified IT system via a USB interface and diagnosed. We use the following processors for this purpose: IONOS SE, Microsoft Ireland Operations Ltd., Team Viewer Germany GmbH and Cardiologicum Hamburg GbR. The data is hosted exclusively on servers located in Germany. Every dpv employee is subject to medical confidentiality and is instructed accordingly. The diagnostic report on the evaluation of the ECG data is stored by dpv like a medical record for a period of ten (10) years, unless a longer statutory retention period applies. The data is not used by dpv for automated decision-making. Your consent is required for this data to be passed on to third parties. dpv uses ECG data in anonymised form as part of its own research to develop and improve its products.