Data Privacy

Data Privacy

As of: 15. September 2020

Data Privacy

As operators of these pages we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations, in particular the Basic Data Protection Regulation („DS-GVO“) and this data protection declaration.

Responsible Person

XO Life GmbH, Agnes-Pockels-Bogen 1, 80992 Munich (hereinafter „XO Life“) is solely responsible for data processing. XO Life operates a free platform that aims to do its part to improve drug safety by reporting side effects. XO Life takes the protection of your personal data very seriously. The personal data that you provide to us will be processed confidentially and exclusively in accordance with the statutory data protection regulations and this data protection declaration. Below we would like to teach you how this is done.

If you have any questions about data protection or would like information about the collection, processing or use of your personal data, as well as requests for correction or deletion of your personal data, please contact the contact address given or the following e-mail address: info @ xo-life.com . You can also reach our data protection officer at this address. We will then contact you immediately.

Purpose, type of data and duration of data processing

Via xo-life.com, we offer companies in the health sector various IT services in order to collect, process and analyze information about pharmaceuticals in a targeted manner.

The xo-life.com website can generally be used without providing personal data. However, user data may be collected in the course of the visit. Further information on this data processing is available in the „Cookies“ section. Insofar as personal data (for example name or email address for contact inquiries) is collected on our website, this is only done on the basis of your consent, Art. 6 Para. 1 Clause 1 lit. a GDPR. These data will not be passed on to third parties without your express consent.

If you are a customer of our paid services, we process personal data (name, email address, possibly also of employees). We process this data to carry out the contractual relationship, Art. 6 Paragraph 1 Clause 1 lit. b GDPR. In addition, it may be necessary to process further employee data that are not our direct contractual partners. In this case, we base the data processing on our legitimate interest, Art. 6 Para. 1 Clause 1 lit. f GDPR.

Data transfer to third parties

As a rule, XO Life does not transmit personal data to third parties. Your personal data can only be transferred to third parties in the following cases: 

  1. If you provide us with information about any side effects you have experienced with drugs, we generally only forward this data to drug manufacturers in anonymised form. In such a case, personal data about you will not be transmitted to pharmaceutical manufacturers. Your full name and date of birth will only be sent to them for identification purposes if a medical contact person is to be included at your request. This integration of a medical contact person only takes place with your consent. You can revoke this consent at any time. The legal basis for this is Art. 6 Para. 1 S. 1 lit. a GDPR.
  2. XO Life transmits your personal data to cloud service providers whose services are necessary for the website to function. The legal basis for this is Art. 6 Para. 1 S. 1 lit. f GDPR.
  3. In addition, your personal data may be transmitted in other cases. More information can be found below under „External service providers“.

Cookies

We use so-called cookies for needs-based design. Cookies are small files that are stored on your device using your internet browser and help to make our website more attractive to you. Cookies are also used to generate so-called dynamic content on our website that may be of interest to you; also to generate statistics about the number of visitors to our website and to determine when such actions were carried out. The processing of this data is based either on our legitimate interest, Art. 6 Paragraph 1 Clause 1 lit. f DS-GVO or on your consent, Art. 6 Paragraph 1 Clause 1 lit. a GDPR. We can also use cookies to determine the popularity of certain content on our website. You can find more information about this data processing in the following sections . Most internet browsers contain instructions on how the storage of cookies on your device can be prevented, for example in the context of the help function of an internet browser. If you prevent the use of cookies, some parts of our website may not work.

We do not combine information generated from cookies with other personal data without your consent and we do not use cookies to collect or store health-related information about you. We do not transmit information generated from cookies to third parties.

Types of cookies used

There are three types of cookies:

Necessary cookies:
These cookies are necessary for the operation of the site and for the fulfillment of our contractual obligations. This includes, for example, the stability check and monitoring by the Sentry service. 

Statistics cookies:
To further improve our offer and our website, we collect anonymised data for statistics and analyzes. With the help of these cookies we can, for example, determine the number of visitors and the effect of certain pages on our website. This includes, for example, Google Analytics cookies.

Comfort-Cookies:
We use these cookies to make it easier for you to use the site. This includes, for example, the functions offered by Hubspot, such as registration and e-mail newsletters.

We do not combine information generated from cookies with other personal data without your consent and we do not use cookies to collect or store health-related information about you. We do not transmit information generated from cookies to third parties.

External service provider

We use the following external service providers who have different functions.

Google Analytics

This website uses Google Analytics, a web analysis service from Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; „Google“). Google Analytics uses so-called „cookies“. These are text files that are saved on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The data sent by us and linked to cookies, user identification (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Google Analytics is only used with your consent. You can withdraw your consent at any time. The legal basis for the use of Google Analytics is Article 6 Paragraph 1 Clause 1 lit. af GDPR.

You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install.

 

You can find more information on how Google Analytics handles user data in Google’s privacy policy . We have concluded an order processing contract with Google and fully implement the strict requirements of the European data protection authorities when using Google Analytics.

HubSpot

We use HubSpot for our online marketing activities. This is an integrated software solution with which we cover various aspects of our online marketing.

These include:

  • Reporting (e.g. traffic sources, accesses, etc. …)
  • Contact management (e.g. user segmentation & CRM)

Our registration service enables visitors to our website to find out more about our company, to download content and to provide their contact information and other demographic information. This information and the content of our website are stored on the servers of our software partner HubSpot. They can be used by us to get in contact with visitors to our website and to determine which services of our company are of interest to them.  Hubspot is only used with your consent. You can withdraw your consent at any time. The legal basis for the use of Hubspot is Art. 6 Paragraph 1 Clause 1 lit. a GDPR.All information we collect is subject to this privacy policy. We use all information collected exclusively to optimize our marketing measures. HubSpot is a software company from the USA with a branch in Ireland (contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, phone: +353 1 5187500). HubSpot is subject to the TRUSTe ’s Privacy Seal and the „US – Swiss Safe Harbor“ framework.

  • More information on HubSpot’s data protection provisions
  • You can find more information about the cookies used by HubSpot here & here.

If you generally do not want to be recorded by Hubspot, you can prevent the storage of cookies at any time through your browser settings. We have concluded an order processing contract with HubSpot and fully implement the strict requirements of the European data protection authorities when using HubSpot.

Intercom

Service requests are processed via the Intercom provider. In order to be able to process user inquiries faster and more efficiently (legitimate interest according to Art. 6 Para. 1 lit. f. GDPR), we use an external CRM system from Intercom Inc., 55 2nd to process service inquiries via our website St, 4th Fl., San Francisco, CA 94105, USA (“Intercom”). All data that we transmit via Intercom is sent with 256 bit encryption and stored in the USA.

Information on Intercom’s guarantees for data transfers to third countries can be found in Intercom’s data protection declaration: https://www.intercom.com/legal/privacy

Intercom only uses user data for the technical processing of inquiries and does not pass them on to third parties. To use Intercom, at least a correct e-mail address is required. A pseudonymous use is also possible. In the course of processing service inquiries, it may be necessary to collect additional data (name, address). The use of Intercom is optional and serves to improve and accelerate our customer and user service.

If users do not agree to data being collected and stored in Intercom’s external system, we offer them alternative contact options for submitting service inquiries by e-mail or telephone.

Stability testing and monitoring by the Sentry service

We use the Sentry service to improve the technical stability of our service by monitoring system stability and identifying code errors. Sentry serves these goals alone and does not evaluate any data for advertising purposes. Usage data such as metadata (device ID, device data, IP address) are used as processing data. At Sentry, the information about the device or the time of the error is collected anonymously, not used personally and then immediately deleted. The ID address is also hidden (so-called “IP masking”). Sentry is a software company from the USA (contact: Functional Software Inc., Sentry, 132 Hawthorne Street, San Francisco, California 94107, USA).Information on Sentry’s guarantees for data transfers to third countries can be found in Sentry’s data protection declaration: https://sentry.io/privacy/ .

Matomo Web analysis

We use the “Matomo” service (www.matomo.org) from InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, in our web services. The software places a cookie (a text file) on your computer through which your browser can be recognized. If subpages of our website are accessed, the following data is stored:

  • The user’s IP address, shortened by the last two bytes (i.e., anonymized),
  • The subpage accessed and the time of access,
  • The page from which the user came to our website (referrer),
  • Which browser is used with which plugins, which operating system and which screen resolution,
  • The time spent on the website, as well as
  • The pages that are accessed from the called subpage.

 

The data collected with Matomo are stored on our own servers. It will not be passed on to third parties. It will not be passed on to third parties. Matomo is only used with your consent. You can withdraw your consent at any time. The legal basis for the use of Matomo is Article 6 Paragraph 1 Clause 1 lit. a GDPR.

Rights as a user

According to the GDPR, we draw your attention to the following rights with regard to the processing of your data:

Information desk

You have the right to access your data, to receive information about your data and to correct it. In accordance with your right to information, you can receive complete information from us at any time about what data about you is stored by us, where it comes from, to whom this data is passed on and for what purpose it was stored. You also have the right to request the correction, blocking and / or deletion of your data in accordance with the statutory provisions. Please inform us of any requests for information or withdrawals of consent at info @ xo-life.com.

Correction, deletion or restriction of processing

If you want to change or delete your data, please use the contact address or email provided. All of your stored personal data will be deleted by you upon request, provided that there are no statutory retention requirements.

Correction, deletion or Data portability of processing

You can request the relevant personal data that you have provided to us in a structured, common and machine-readable format and have this data transmitted to another person responsible without hindrance from us; If necessary, you also have the right to request that we transfer the personal data directly to another person responsible, insofar as this is technically feasible.
 
Refusal and withdrawal of consent
 
You have the right to refuse your consent or – without affecting the legality of the data processing carried out before the withdrawal – to withdraw your consent to the processing of your personal data at any time.
 
Automated decisions
 
You have the right to object to a decision based on automated processing, including profiling, if this decision has legal effects on you or affects you in a similar way.
 
Objection to the processing
 
For reasons that may arise from your particular situation, you have the right to object to the processing of your data.
 
Right of appeal
 
You have the right to communicate with the responsible data protection supervisory authority and, if necessary, to complain to them.

Contact form

If you send us inquiries using the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

Registration of user accounts

In order to use some websites (or individual parts of them) it may be necessary to create a user account by registering beforehand. For example, this is the case when you visit websites whose content is only accessible to registered users. When registering, you have to provide your name, your email address, your address, your access data and, if applicable, your license to practice medicine or similar legitimation.

We process and save the personal data provided during registration exclusively to enable you to access and use the website. The legal basis for processing your personal data is Art. 6 Paragraph 1 lit. b) GDPR.

Storage period
The personal data will only be stored by us for as long as it is necessary to achieve the purposes for which this data was collected or, if there are additional statutory retention periods (e.g. in the Commercial Code and in the Tax Code), for the duration the legally prescribed retention. If a user account has no activities, e.g. a login, for 2 years, the personal data will also be deleted by us. Only in exceptional cases can your data be saved beyond this. For example, if the data is necessary for the enforcement and defense of legal claims in favor of XO Life. As already described above under „Rights as a user“.

Data security

In order to offer you a particularly high level of data security, XO Life has implemented technical and organizational measures that protect your personal data during data transmission and when third parties gain knowledge. These measures are checked and updated at regular intervals. However, we would like to point out that absolute data security cannot be achieved on the Internet, even with extensive technical precautions.

 

Change of privacy policy

XO Life reserves the right to make changes to the data protection declaration at any time with effect for the future. When such an update is made, the last modified date below will also be updated. All changes made to our data protection guideline will always be available at this point so that XO Life users are always aware of the data we collect and our possible use and disclosure of this data. We therefore recommend that you inform yourself regularly using the current data protection declaration.