As of 7. April 2023
XO Life GmbH, Agnes-Pockels-Bogen 1, 80992 Munich, Germany (hereinafter “XO Life”) is exclusively responsible for data processing. XO Life operates the ImpactMonitor platform (“Platform“) for the digital support of patients. The platform is accessible via the domains
www.xo-life.com, www.medwatcher.io and www.impactmonitor.io (“Websites“).
If you have questions about data protection or would like information about the collection, processing or use of your personal data, as well as requests for correction or deletion of your personal data, please contact us at the above address or the following e-mail address: firstname.lastname@example.org, email@example.com or firstname.lastname@example.org. You can also reach our data protection officer at this address. We will then contact you without delay.
Purpose, type of data and duration of data processing
Through our websites and access portals, we offer various services to companies in the healthcare industry to provide, collect and analyze knowledge and information about diseases, healthcare topics and medicines as well as other healthcare-related products.
As a rule, it is possible to use the websites without providing personal data. In the course of the visit, however, user data may be collected. Further information on this data processing is provided in the section “Cookies”. Insofar as personal data (for example, name or e-mail address in the case of a contact request) is collected on our pages, this is only done on the basis of your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. This data will not be passed on to third parties without your express consent.
If you are a customer of our unpaid or paid services, we process personal data (name, email address, possibly also of employees). We process this data to implement the contractual relationship, Art. 6 para. 1 sentence 1 lit. b GDPR. In addition, it may be necessary to process further employee data that are not our direct contractual partners. In this case, we base the data processing on our legitimate interest, Art. 6 (1) sentence 1 lit. f GDPR.
Data transfer to third parties
As a rule, XO Life does not transmit any personal data to third parties. Only in the following cases may your personal data be transmitted to third parties:
- If you provide us with information about side effects of medications that you have experienced, we will forward this data to drug manufacturers only in pseudonymized form. Personal data about you will not be transmitted to drug manufacturers in such a
case. Only if a medical contact is to be included at your request will your full name and date of birth be transmitted to him or her for identification purposes. This integration of a medical contact person only takes place with your consent. You can revoke this consent at any time. The legal basis for this is Art. 6 para. 1 p. 1 lit. a GDPR.
- XO Life transfers your personal data to cloud service providers whose services are necessary for the functioning of the website. The legal basis for this is Art. 6 para. 1 p. 1 lit. f GDPR.
- In addition, your personal data may be transferred in other cases. You can find more information on this below under “External service providers”.
Types of cookies used
There are the following three types of cookies:
These cookies are necessary for the operation of the site and for the fulfillment of our contractual obligations. These include, for example, stability testing and monitoring by the Sentry service.
In order to further improve our offer and our websites, we collect anonymized data for statistics and analyses. With the help of these cookies, we can, for example, determine the number of visitors and the effect of certain pages of our website. This includes, for example, Google Analytics cookies.
We use these cookies to make it easier for you to use the site. This includes, for example, the functions offered by Hubspot such as registration and email newsletters.
External service provider
We use the following external service providers, which have different functions.
This website uses Google Analytics, a web analytics service provided by Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.
In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google. The data sent by us and linked to cookies, user identifiers (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Google Analytics is only used with your consent. You can revoke your consent at any time. The legal basis for the use of Google
Analytics is Art. 6 para. 1 sentence 1 lit. a GDPR.
downloading and installing the browser plugin available under the following link.
We use HubSpot for our online marketing activities. This is an integrated software solution that we use to cover various aspects of our online marketing.
- Reporting (e.g. traffic sources, accesses, etc. …)
- Contact management (e.g. user segmentation & CRM)
“U.S. – Swiss Safe Harbor” Framework.
- You can find more information about the cookies used by HubSpot here & here
If you generally do not want Hubspot to collect data, you can prevent the storage of cookies at any time by changing your browser settings. We have concluded an order processing contract with HubSpot and fully implement the strict requirements of the European data protection authorities when using HubSpot.
Stability testing and monitoring through the Sentry service
To improve the technical stability of our service by monitoring system stability and identifying code errors, we use the Sentry service. Sentry serves these purposes alone and does not evaluate data for advertising purposes. Usage data such as metadata (device ID, device data, IP address) are used as processing data. With Sentry, the information about the device or the time of the error is collected anonymously, used in a non-personal manner, and then deleted immediately. Furthermore, the ID address is hidden (so-called “IP masking”). Sentry is a software company from the USA (contact: Functional Software Inc, Sentry, 132 Hawthorne Street, San Francisco, California 94107, USA).
Matomo for Web analysis
We use the service “Matomo” (www.matomo.org) of the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand in our web services. The software sets a cookie (a text file) on your computer, through which your browser can be recognized. If subpages of our websites are accessed, the following data is stored:
- The IP address of the user, shortened by the last two bytes (i.e., anonymized),
- the called subpage and time of the call,
- the page from which the user has reached our web pages (referrer),
- which browser is used with which plugins, which operating system and which screen resolution,
- the length of stay on the website, as well as
- the pages that are accessed from the called sub-page.
The data collected with Matomo is stored on our own servers. It is not passed on to third parties. Matomo is only used with your consent. You can revoke your consent at any time. The legal basis for the use of Matomo is Art. 6 para. 1 sentence 1 lit. a GDPR.
If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
Registration for Publisher Account
If you send us information and content via the contact form to register for a publisher account on the platform, your information and content from the form, including the contact data you provide, will be stored by us for the purpose of processing the registration and in the event of follow-up questions. We do not pass on this data without your consent.
We process and store the personal data provided during registration solely to enable you to access your Publisher Account. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.
User account registration
The use of some websites (or individual sections thereof) may require the creation of a user account through prior registration. For example, this is the case if you visit websites whose content is only accessible to registered users. When registering, you must provide, among other
things, your name, e-mail address, address, company or organization, descriptions, access data and, if applicable, your license or similar credentials.
We process and store the personal data provided during registration solely to enable you to access and use the website. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.
Rights as a user
In accordance with the GDPR, we draw your attention to the following rights in relation to the processing of your data:
You have the right to access your data, to receive information about your data and to correct it. In accordance with your right to information, you can obtain from us at any time complete information about what data we have stored about you, where it came from, to whom it is disclosed and for what purpose it was stored. You also have the right to request the correction, blocking and/or deletion of your data in accordance with the statutory provisions. Please inform us of any requests for information or revocation of consent at email@example.com,
firstname.lastname@example.org or email@example.com.
Correction, deletion or restriction of processing
If you wish to change or delete your data, please contact us at the above contact address or email. All personal data deposited by you will be deleted upon request, provided that there are no legal obligations to retain data.
We only store personal data for as long as it is required to achieve the purposes for which the data was collected or, if statutory retention periods exist that go beyond this (e.g. in the German Commercial Code and the German Fiscal Code), for the duration of the legally prescribed retention period. Subsequently, your personal data will be deleted by us. Only in exceptional cases can your data be stored beyond this period. For example, if the data is required for the enforcement and defense of legal claims in favor of XO Life. As already described above under “Rights as a user”, you have the option to request the complete deletion of your personal data at any time.
In order to provide you with a particularly high level of data security, XO Life has implemented technical and organizational measures that protect your personal data during data transmission and the acquisition of knowledge by third parties. These measures are checked and updated at regular intervals. In addition, your personal data is hosted exclusively on German servers. However, we would like to point out that absolute data security cannot be achieved on the Internet, even with extensive technical precautions.