For us, Carbomed Medical Solutions GmbH, Neue Stiftingtalstraße 2 / 2 .OG, 8010 Graz, as the responsible party for data processing, the protection of personal data is important. When using personal data, we therefore comply with all requirements of the General Data Protection Regulation and the Data Protection Adaptation Act and strive for the best possible transparency.
1. PURPOSE, LAWFULNESS AND CONSENT
We process personal data which we collect or generate within the framework of our business relationship with you or which you transmit to us in order to provide our contractual services (Art. 6 para. 1 lit b GDPR), namely that you can use our products.
The following categories of personal data are subject to processing:
• Master data when creating the user profile: E-mail address, year of birth, place of residence
• Measurement data when using our product: CO2 measurement data, cycle data (especially beginning of menstruation, length of cycle, cycle symptoms and complaints)
Since the measurement data generated are special categories of personal data as defined by Art 9 GDPR, it is necessary that you give us your consent (Art 6 para 1 lit a GDPR) to the processing. Your consent may be revoked at any time, which may make it impossible to conclude a contract or use our products. The revocation of your consent does not affect the lawfulness of the processing of your personal data until you revoke your consent. In the event of consent, the data will be processed exclusively for the stated purpose.
Legal obligations may also require the processing of personal data (Art. 6 para. 1 lit c GDPR). For example, we are subject to the accounting obligation under the Federal Tax Code, which obliges us to store invoice data for a period of 7 years.
The collected or generated data will not be sold or unfoundedly passed on to uninvolved third parties.
When selecting our contract processors, we ensure compliance with data protection regulations and have reached agreements with the contract processors to ensure that the personal data is processed confidentially and carefully.
If we commission third parties to process data on the basis of a so-called „contract processing contract“, this is done on the basis of Art. 28 GDPR. We do have this contract with the following third parties:
• Google Firebase
• Google Analytics
• Google Play Services
3. LIMITATION OF STORAGE PERIOD
The personal data will be stored for the duration of the business relationship as well as beyond that according to the legal retention periods.
The measurement data in your user profile will also be made available until you expressly request the deletion of your data by e-mail to the data protection officer.
4. AFFECTED RIGHTS AND CONTACT
You have a right to information about the personal data processed by us, their correction, deletion and restriction of processing, unless legal or contractual provisions oppose these rights.
Should you have any questions regarding the processing of your personal data, object to the processing of your data, wish to revoke your consent or feel that your data protection rights have been violated, please contact us:
Carbomed Medical Solutions GmbH
Neue Stiftingtalstraße 2 / 2 .OG, 8010 Graz
Data protection officer: Lisa Krapinger; +43 664 43 80 313
In addition, you have the right to appeal to the supervisory authority: Austrian Data Protection Authority, Wickenburggasse 8-10, 1080 Vienna, Mail: firstname.lastname@example.org.
5. DATA SECURITY AND CONFIDENTIALITY
Data security is very important to us. We have taken all necessary technical and organizational measures to ensure the security of data processing and to process your personal data in such a way that they are protected from access by unauthorized third parties. Our IT infrastructure complies with current security requirements and is checked regularly.
Employees who have access to your personal data have been subjected to secrecy regarding the information that has become known.