The Controller in accordance with the relevant data protection regulations is imito AG (hereinafter referred to as "Provider"). For details on the summonable address and authorized representation, please refer to the imprint.
According to art. 37 GDPR, the controller has appointed a Data Protection Officer.
Email: dpo@imito.io
Tel: +41 44 521 73 74
For us, the protection of personal data has the highest priority. Therefore, we would like to inform you at this point about which data we collect and when and how we handle your personal data. This privacy policy describes the collection and use of personal data when using our apps, regardless of the type of device and operating system (hereinafter, collectively: "App").
We process personal data only to the extent necessary to provide a functional app. The processing of personal data takes place regularly only with the consent of the data subject or on the basis of other legal provisions that permit data processing.
A distinction must be made between two categories of personal data:
Patient data also includes personal data of a special category in accordance with Art. 9 GDPR (hereinafter "sensitive data").
Unless otherwise stipulated elsewhere, the following applies to the legal basis for data processing:
In order to use our App and the services provided through it, you enter into a contract with us by accepting our terms and conditions. We collect and process your personal data for the purpose of fulfilling the contract in accordance to Art. 6 para. 1 b) GDPR.
In addition, we process personal data: as far as this is necessary to fulfill a legal obligation, which we are subject to, in accordance to Art. 6 para. 1 lit. c) GDPR; insofar as this is necessary to safeguard the legitimate interests of our company or a third party and does not outweigh the interests, fundamental rights and fundamental freedoms of the person concerned, in accordance to Art. Art. 6 para. 1 f) GDPR.
We do not collect patient data. You may only integrate patient data into our App on a suitable legal basis, regardless of whether this is done manually or automatically. The legal basis for the processing of personal data is, among others, from Art. 6 GDPR “Necessary for the performance of the contract” and “Legitimate interests”. If the consent of the data subject is required, you must obtain it. Furthermore, you are obliged, among other things, to inform the data subjects whose data you integrate into our app, in accordance with. Art. 13 - 14 GDPR.
We process patient data mainly as a processor based on the basis of the agreement concluded with you pursuant to Art. 28 GDPR.
In principle, unless otherwise stated, your personal data will only be stored until the purpose of the collection and storage no longer applies. In accordance with your consent, data may also be stored for longer, as long as you do not withdraw your consent.
Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
In the event of termination - for whatever reason - of the contract between the user and the provider, the provider shall keep all content, information and (personal) data uploaded by the user available for retrieval by the user for a further 60 days after termination. After expiry of this period, the aforementioned content will be irrevocably deleted or anonymized in accordance with data protection regulations.
Unless otherwise stated, all data processing takes place within the EU, the EEA countries or in Switzerland. The data transmission to Switzerland, as well as the data processing in Switzerland, are based on the appropriateness decision of the European Commission 2000/518 / EC.
Data processed for billing purposes (name, surname, username and financial identification data) and for analytics purpose (device, OS and app information) are processed via third party providers. Such data may be transferred outside of the EU geographical area and can be processed partially or completely in the countries of the respective branch and according to the respective data protection regulations.
A transfer of personal data outside the EU or the EEA will only take place on the basis of an adequacy decision of the European Commission, or in accordance with standard contractual clauses of the European Commission.
When you register within the app, we collect the following user data: first name, last name, organisation’s name, e-mail address, password.
We collect this data to ensure that our App is available to you.
If you access patient data via the App, we store this information for a limited period of time in the log files, as far as this is necessary for security purposes.
These purposes also include our legitimate interest, which justifies data processing in accordance to Art. 6 Par. 1 f) GDPR.
We only use so-called "technical cookies" in our app, which allow us to recognize you as a user with each access. Such data is not passed on to third parties.
For Apps on iOS and Android we use Google’s Firebase and Google Analytics for Mobile. User data is transmitted in an anonymized form to Google. Our Apps use identification for mobile devices, including the Google Advertising ID (“GAID”) and the ID for Advertising for iOS (“IDFA”), as well as technologies similar to cookies for the use execution of the Analytics for mobile service.
We use Firebase and Google Analytics to analyze and constantly improve the use of our Product. Through the statistics we are able to improve our service and make it more interesting for users. We also use Zoho Desk and Zoho Campaigns for processing support tickets. In those special cases in which personal data is transmitted to the USA, it is based on the Standard Contractual Clauses (SCC) of the European Commission.
If we have collected your e-mail address as part of the purchase of our services, we may send you email newsletters for our offers that are similar to the services you have already purchased from us, provided you have not objected to receiving such newsletters. The legal basis for this is § 7 Abs. 3 UWG. For example, those newsletters may include updates on new product features, additional services we propose in the field of the product you’re using or events on which updates or product demonstrations will be held.
You can object to receiving newsletters from us at any time, without any costs other than the transmission costs according to the basic tariffs (i.e. the costs of your internet provider, for example). We will inform you about the right to object when we collect your email address and in the respective newsletter.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights in relation to the controller:
You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing is carried out, you may request information from the data controller about:
You have the right to request information about whether the personal data relating to you is transferred to a third country or an international organization. In this regard, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
You have the right to obtain from the data controller the rectification and/or integration of any personal data processed concerning you if it is incorrect or incomplete. The data controller shall make the correction without delay.
You may request the controller to erase your personal data without delay and the controller is obliged to erase such data without delay if one of the following grounds applies:
If the controller has made public your personal data and is obliged to delete them in accordance to Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to these personal data or copies or replications of these personal data.
The right of erasure does not exist insofar as the processing is necessary
You may request the limitation of the processing of your personal data under the following conditions:
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of establishing, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, the controller shall inform you before the restriction is lifted.
If you have exercised the right to rectify, erase or restrict the processing, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the controller.
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the controller for providing the personal data, provided that
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another controller, where technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller.
You have the right to object at any time, for reasons that arise from your particular situation, against the processing of your personal data, which is carried out on the basis of Article 6 paragraph 1 letter e or f of the GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing is for the purposes of establishing, exercising or defending legal claims.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
You have the right to withdraw your expressed consent at any time. The consent withdrawal does not affect the legality of the processing carried out previously on the basis of the consent.
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State in which you are domiciled, place of work or place of alleged infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 of the GDPR.
Due to the dynamic development of the Internet, new technologies and opportunities are constantly evolving. In order to allow you to enjoy these opportunities and technologies as well, we reserve the right to change this privacy policy for the future when introducing new, additional, or changing or extending existing services or service elements.
A change of the privacy policy, which refers to the use of the already collected data, takes place only if this is reasonable for you. If and to the extent that changes to the privacy policy relate to the use of the data already collected, we will notify you in good time by email, on our App or in any other form. If no objection occurs within the specified period, the amended privacy policy shall be deemed to have been accepted by you. In the notification we will inform you of your right of objection and the significance of the objection period.
We use cookies to give you the best browsing experience possible.
Learn more about our privacy policy