Privacy Policy

Privacy Policy - Web

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data refers to all information that can be used to identify you personally.

1.2 The controller responsible for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is Sascha Albrecht, Marienburger Str. 41, 38642 Goslar, Germany, Tel.: +4953217469115, Email: kontakt@symptolog.de. The controller is the natural or legal person who determines, alone or jointly with others, the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website for informational purposes only – i.e. without registering or otherwise providing information – we only collect the data that your browser transmits to the server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website:

  • The website you visited
  • Date and time of access
  • Amount of data sent (bytes)
  • Referrer/source from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used (possibly anonymized)

The processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. No disclosure or other use of the data takes place. However, we reserve the right to review the server log files retrospectively if specific indications of illegal use arise.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can identify an encrypted connection by the "https://" in your browser’s address bar and the padlock symbol.

3) Contacting Us

When contacting us (e.g., via contact form or email), personal data is collected. The data collected in each case depends on the form used. This data is stored and used exclusively for the purpose of responding to your inquiry and for technical administration.

The legal basis for processing this data is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your inquiry aims to conclude a contract, the legal basis is Art. 6(1)(b) GDPR. Your data will be deleted after final processing of your request unless statutory retention periods prevent this.

4) Rights of the Data Subject

4.1 Under the applicable data protection law, you have the following rights regarding the processing of your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to notification (Art. 19 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)
  • Right to lodge a complaint (Art. 77 GDPR)

4.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. PROCESSING MAY CONTINUE, HOWEVER, IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING. IF YOU EXERCISE THIS RIGHT, WE WILL STOP PROCESSING YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES.

5) Duration of Storage of Personal Data

The storage duration of personal data depends on the legal basis, purpose of processing, and statutory retention periods (e.g., commercial and tax-related).

Where processing is based on explicit consent pursuant to Art. 6(1)(a) GDPR, the data is stored until you withdraw your consent.

If statutory retention periods exist for data processed under Art. 6(1)(b) GDPR (e.g., contractual or pre-contractual purposes), the data will be deleted after such periods expire, unless it is still required for contract performance or initiation or unless we have a legitimate interest in continuing storage.

Where processing is based on Art. 6(1)(f) GDPR, the data is stored until you exercise your right to object under Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or where processing serves legal claims.

Where personal data is processed for direct marketing pursuant to Art. 6(1)(f) GDPR, storage continues until you object under Art. 21(2) GDPR.

Unless otherwise stated in this policy, personal data is deleted when it is no longer necessary for the purposes for which it was collected or processed.

Privacy Policy - App

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are using our app and thank you for your trust. Below, we inform you about how we handle your personal data when you use our app. Personal data refers to all information that can be used to identify you personally.

1.2 The controller responsible for data processing in this app in accordance with the General Data Protection Regulation (GDPR) is Sascha Albrecht, Marienburger Str. 41, 38642 Goslar, Germany, Tel.: +4953217469115, Email: kontakt@symptolog.de.

2) Data Processing in the App

2.1 The app processes personal data exclusively locally on the user’s device. Data is only transmitted to us or third parties if the user actively performs certain actions (e.g., sharing data, cloud backups, retrieving weather information).

2.2 The app uses an SSL/TLS encrypted connection whenever data is transmitted over the internet (e.g., generating a share link or during cloud backups).

3) App Permissions

3.1 Network Access (INTERNET, ACCESS_NETWORK_STATE)
Required for retrieving weather data via our website, sharing data, and cloud backups. No automatic background transmission takes place.

3.2 Location Data (GPS or manual location)
If the user grants location permission, the app uses the current GPS location or a manually entered ZIP code / fixed location to obtain weather data.
When using the GPS feature, the location is repeatedly retrieved as long as the weather feature is actively used.
The location or ZIP code is transmitted exclusively to our own website to retrieve or calculate weather data.
No data is passed on to third parties.
Location data is not stored permanently; there is no tracking, no background location, and no creation of movement profiles.

3.3 Camera and Microphone
These permissions are only used when the user actively uses corresponding features (e.g., taking photos). No background recordings occur.

3.4 Storage Access
The app can create local backups, import/export files, and load media. This only occurs following user action.

3.5 Notifications and Alarms
These permissions are used to execute reminders or schedules within the app. No data is used for advertising or tracking purposes.

4) Processing of Health and Symptom Data

Health- or symptom-related data entered by the user is stored exclusively locally on the device. There is no automatic transmission. We do not have access to locally stored data.

5) Share Function (Share Link)

Users can manually transmit their data to our server to generate an encrypted share link.
The transmitted data is stored encrypted and can only be viewed using the ID and password. Without these, access is not possible.
We cannot view this data. Users decide for themselves whether and with whom they share the link.

6) Backups

6.1 Local Backup
Backups can be created locally on the device. They never leave the device.

6.2 Cloud Backup (e.g., Google Drive)
Only executed when the user actively selects it. Data is transferred encrypted. Google Ireland Limited is responsible for processing data stored in Google Drive.

7) Anonymous Usage Statistics

The app may store anonymous location information such as city or ZIP code (e.g., "Goslar") for statistical purposes. No GPS coordinates, IP addresses, device identifiers, or other identifiable information are stored. No association with individuals takes place. This data is not personal and does not fall under the GDPR.

8) No Analytics, Tracking, or Advertising Services

The app uses no tracking tools, no analytics software, no advertising services, no telemetry, and no background transmission. No user profiles are created.

9) Rights of the Data Subject

9.1 Users have the following rights:

  • Right of access pursuant to Art. 15 GDPR
  • Right to rectification pursuant to Art. 16 GDPR
  • Right to erasure pursuant to Art. 17 GDPR
  • Right to restriction of processing pursuant to Art. 18 GDPR
  • Right to notification pursuant to Art. 19 GDPR
  • Right to data portability pursuant to Art. 20 GDPR
  • Right to withdraw consent pursuant to Art. 7(3) GDPR
  • Right to lodge a complaint pursuant to Art. 77 GDPR

10) Storage and Deletion

All locally stored app data can be deleted by the user. Uninstalling the app removes all local data.
Share links for manually uploaded data have a validity period selected by the user. After expiration, the associated data is automatically deleted and no longer accessible. Manual deletion is not required or provided.
Location or ZIP code data is not stored permanently.

11) Security

All transmitted health data is encrypted. Without ID/password, access to shared data is not possible. No data is passed on to third parties.