Data Privacy

Data Privacy

As of 7. April 2023

Data Privacy

As the operator of these pages, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations, in particular the General Data Protection Regulation (“GDPR”) and this privacy policy.

Responsible Person

XO Life GmbH, Agnes-Pockels-Bogen 1, 80992 Munich, Germany (hereinafter “XO Life”) is exclusively responsible for data processing. XO Life operates the ImpactMonitor platform (“Platform“) for the digital support of patients. The platform is accessible via the domains
www.xo-life.com, www.medwatcher.io and www.impactmonitor.io (“Websites“).

XO Life takes the protection of your personal data very seriously. The personal data that you provide to us will be processed by us confidentially and exclusively in accordance with the statutory data protection regulations and this privacy policy. In the following, we would like to inform you about how this is done.
If you have questions about data protection or would like information about the collection, processing or use of your personal data, as well as requests for correction or deletion of your personal data, please contact us at the above address or the following e-mail address: info@xo-life.com, info@medwatcher.io or info@impactmonitor.io. You can also reach our data protection officer at this address. We will then contact you without delay.

Purpose, type of data and duration of data processing

Through our websites and access portals, we offer various services to companies in the healthcare industry to provide, collect and analyze knowledge and information about diseases, healthcare topics and medicines as well as other healthcare-related products.

As a rule, it is possible to use the websites without providing personal data. In the course of the visit, however, user data may be collected. Further information on this data processing is provided in the section “Cookies”. Insofar as personal data (for example, name or e-mail address in the case of a contact request) is collected on our pages, this is only done on the basis of your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. This data will not be passed on to third parties without your express consent.

If you are a customer of our unpaid or paid services, we process personal data (name, email address, possibly also of employees). We process this data to implement the contractual relationship, Art. 6 para. 1 sentence 1 lit. b GDPR. In addition, it may be necessary to process further employee data that are not our direct contractual partners. In this case, we base the data processing on our legitimate interest, Art. 6 (1) sentence 1 lit. f GDPR.

Data transfer to third parties

As a rule, XO Life does not transmit any personal data to third parties. Only in the following cases may your personal data be transmitted to third parties:

  1. If you provide us with information about side effects of medications that you have experienced, we will forward this data to drug manufacturers only in pseudonymized form. Personal data about you will not be transmitted to drug manufacturers in such a
    case. Only if a medical contact is to be included at your request will your full name and date of birth be transmitted to him or her for identification purposes. This integration of a medical contact person only takes place with your consent. You can revoke this consent at any time. The legal basis for this is Art. 6 para. 1 p. 1 lit. a GDPR.
  2. XO Life transfers your personal data to cloud service providers whose services are necessary for the functioning of the website. The legal basis for this is Art. 6 para. 1 p. 1 lit. f GDPR.
  3. In addition, your personal data may be transferred in other cases. You can find more information on this below under “External service providers”.

Cookies

We use so-called cookies to design our website according to your needs. Cookies are small files that are stored on your terminal device by means of your Internet browser and help to make our websites more attractive for you. Cookies are also used to generate so-called dynamic content on our web pages that may be of interest to you; furthermore, to generate statistics about the number of visitors to our web pages and to determine at what time such actions were carried out. The processing of this data is based either on our legitimate interest, Art. 6 (1) sentence 1 lit. f GDPR or on your consent, Art. 6 (1) sentence 1 lit. a GDPR. We may also use cookies to determine the popularity of certain content on our websites. You can find more information about this data processing in the following sections. Most Internet browsers contain instructions on how to prevent cookies from being stored on your terminal device, for example, as part of the help function of an Internet browser. If you prevent the use of cookies, some parts of our websites may not function.

We do not combine information generated from cookies with other personal data without your consent, nor do we use cookies to collect or store health-related information about you. We do not transfer information generated from cookies to third parties.

Types of cookies used

There are the following three types of cookies:

Necessary cookies:
These cookies are necessary for the operation of the site and for the fulfillment of our contractual obligations. These include, for example, stability testing and monitoring by the Sentry service.

Statistics cookies:
In order to further improve our offer and our websites, we collect anonymized data for statistics and analyses. With the help of these cookies, we can, for example, determine the number of visitors and the effect of certain pages of our website. This includes, for example, Google Analytics cookies.

Comfort-Cookies:
We use these cookies to make it easier for you to use the site. This includes, for example, the functions offered by Hubspot such as registration and email newsletters.

External service provider

We use the following external service providers, which have different functions.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.

In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google. The data sent by us and linked to cookies, user identifiers (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Google Analytics is only used with your consent. You can revoke your consent at any time. The legal basis for the use of Google
Analytics is Art. 6 para. 1 sentence 1 lit. a GDPR.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by
downloading and installing the browser plugin available under the following link.

More information on the handling of user data with Google Analytics can be found in Google’s privacy policy. We have concluded an order processing agreement with Google and fully implement the strict requirements of the European data protection authorities when using Google Analytics.

HubSpot

We use HubSpot for our online marketing activities. This is an integrated software solution that we use to cover various aspects of our online marketing.

These include:

  • Reporting (e.g. traffic sources, accesses, etc. …)
  • Contact management (e.g. user segmentation & CRM)

Our sign-up service allows visitors to our website to learn more about our company, download content, and provide their contact information and other demographic information. This information, as well as our website content, is stored on servers operated by our software partner HubSpot. It may be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. Hubspot is only used with your consent. You can revoke your consent at any time. The legal basis for the use of Hubspot is Art. 6 para. 1 sentence 1 lit. a GDPR. All information we collect is subject to this privacy policy. We use all collected information exclusively to optimize our marketing measures. HubSpot is a software company from the USA with a branch office in Ireland (contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500). HubSpot is subject to TRUSTe ‘s Privacy Seal as well as the
“U.S. – Swiss Safe Harbor” Framework.

If you generally do not want Hubspot to collect data, you can prevent the storage of cookies at any time by changing your browser settings. We have concluded an order processing contract with HubSpot and fully implement the strict requirements of the European data protection authorities when using HubSpot.

Stability testing and monitoring through the Sentry service

To improve the technical stability of our service by monitoring system stability and identifying code errors, we use the Sentry service. Sentry serves these purposes alone and does not evaluate data for advertising purposes. Usage data such as metadata (device ID, device data, IP address) are used as processing data. With Sentry, the information about the device or the time of the error is collected anonymously, used in a non-personal manner, and then deleted immediately. Furthermore, the ID address is hidden (so-called “IP masking”). Sentry is a software company from the USA (contact: Functional Software Inc, Sentry, 132 Hawthorne Street, San Francisco, California 94107, USA).

Information on Sentry’s safeguards for data transfers to third countries can be found in Sentry’s privacy policy: https://sentry.io/privacy/

Matomo for Web analysis

We use the service “Matomo” (www.matomo.org) of the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand in our web services. The software sets a cookie (a text file) on your computer, through which your browser can be recognized. If subpages of our websites are accessed, the following data is stored:

  • The IP address of the user, shortened by the last two bytes (i.e., anonymized),
  • the called subpage and time of the call,
  • the page from which the user has reached our web pages (referrer),
  • which browser is used with which plugins, which operating system and which screen resolution,
  • the length of stay on the website, as well as
  • the pages that are accessed from the called sub-page.

The data collected with Matomo is stored on our own servers. It is not passed on to third parties. Matomo is only used with your consent. You can revoke your consent at any time. The legal basis for the use of Matomo is Art. 6 para. 1 sentence 1 lit. a GDPR.

Contact form

If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

Registration for Publisher Account

If you send us information and content via the contact form to register for a publisher account on the platform, your information and content from the form, including the contact data you provide, will be stored by us for the purpose of processing the registration and in the event of follow-up questions. We do not pass on this data without your consent.

We process and store the personal data provided during registration solely to enable you to access your Publisher Account. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.

User account registration

The use of some websites (or individual sections thereof) may require the creation of a user account through prior registration. For example, this is the case if you visit websites whose content is only accessible to registered users. When registering, you must provide, among other
things, your name, e-mail address, address, company or organization, descriptions, access data and, if applicable, your license or similar credentials.

We process and store the personal data provided during registration solely to enable you to access and use the website. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.

Rights as a user

In accordance with the GDPR, we draw your attention to the following rights in relation to the processing of your data:

Information

You have the right to access your data, to receive information about your data and to correct it. In accordance with your right to information, you can obtain from us at any time complete information about what data we have stored about you, where it came from, to whom it is disclosed and for what purpose it was stored. You also have the right to request the correction, blocking and/or deletion of your data in accordance with the statutory provisions. Please inform us of any requests for information or revocation of consent at info@xo-life.com,
info@medwatcher.io or info@impactmonitor.io.

Correction, deletion or restriction of processing

If you wish to change or delete your data, please contact us at the above contact address or email. All personal data deposited by you will be deleted upon request, provided that there are no legal obligations to retain data.

Data portability

You may request the relevant personal data that you have provided to us in a structured, common and machine-readable format and have this data transferred to another controller without hindrance from us; you may also have the right to request that we transfer the personal data directly to another controller, insofar as this is technically feasible.
 
Refusal and revocation of consent
 
You have the right to refuse consent or – without affecting the lawfulness of the data processing carried out before the revocation – to revoke your consent to the processing of your personal data at any time.
 
Automated decisions
 
You have the right to object to a decision based on automated processing, including profiling, if such decision produces legal effects concerning you or similarly affects you.
 
Objection to the processing
 
For reasons that may arise from your particular situation, you have the right to object to the processing of your data.
 
Right of appeal
 
You have the right to communicate with and, if necessary, complain to the competent data protection supervisory authority.

Storage duration

We only store personal data for as long as it is required to achieve the purposes for which the data was collected or, if statutory retention periods exist that go beyond this (e.g. in the German Commercial Code and the German Fiscal Code), for the duration of the legally prescribed retention period. Subsequently, your personal data will be deleted by us. Only in exceptional cases can your data be stored beyond this period. For example, if the data is required for the enforcement and defense of legal claims in favor of XO Life. As already described above under “Rights as a user”, you have the option to request the complete deletion of your personal data at any time.

Data security

In order to provide you with a particularly high level of data security, XO Life has implemented technical and organizational measures that protect your personal data during data transmission and the acquisition of knowledge by third parties. These measures are checked and updated at regular intervals. In addition, your personal data is hosted exclusively on German servers. However, we would like to point out that absolute data security cannot be achieved on the Internet, even with extensive technical precautions.

Change of privacy policy

XO Life reserves the right to make changes to the Privacy Policy at any time with effect for the future. When such an update is made, the date of the last change noted below will also be updated. Any changes made to our Privacy Policy will always be available at this location so that XO Life users are always aware of the information we collect and our potential use and disclosure of that information. Therefore, we recommend that you check back regularly using the most current Privacy Policy.