Deep Care GmbH
Königsallee 43, 71638 Ludwigsburg, Germany
Phone: +49 (0) 7141 473 2210
E-Mail: info@deep-care.de
Represented by: Dr. Milad Geravand
Commercial Register: Stuttgart District Court, HRB 731472
VAT ID No.: DE326604972
We, Deep Care GmbH, wish to inform you about data protection within our company with this document. This document is provided for information purposes only and does not constitute a contractual document.
Deep Care GmbH, as the operator of the digital health coach „Isa“ and the booking portal on the website booking.deep-care.com, takes the protection of personal data very seriously and respects privacy.
For the remainder of this document, „Isa“ will be referred to as „the Product“ for simplicity.
Please note that within the scope of our collaboration with BG prevent GmbH, the system offered by BG prevent under the name „KICO“ is based on „Isa“. As the system is identical in terms of content and technical aspects, all designations of the „Product“ used in this document also apply equally to „KICO“. Within the scope of the cooperation with BG prevent GmbH, Deep Care GmbH remains the sole responsible party for the purposes of GDPR.
We process users„ personal data (hereinafter referred to collectively as “user„ or “data subject" regardless of gender or role) primarily only to the extent necessary for the performance of a contract or pre-contractual relationship, the provision of a functional website, and the making available of our content and services. The processing of our users' personal data is generally carried out only with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations. Processing is carried out in compliance with applicable data protection laws, such as the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications and Digital Services Data Protection Act (TDDDG).
With this data protection concept, we document the internal and product-related data protection measures of Deep Care GmbH. It serves both for internal guidance and for transparency towards our customers. The aim is to comply with the General Data Protection Regulation (GDPR) and to ensure systematic and sustainable data protection management within the company. This data protection concept relates to our product. Information on data processing on our website can be found in the separate privacy policy at deep-care.com/de/datenschutzerklaerung/.
The circle of individuals affected by the processing of personal data within the scope of the main contract includes:
Employees of the customer within the meaning of § 26 para. 8 BDSG (users)
If the customer is a Deep Care partner, data from employees is also processed by the partner's customers.
Personal data is processed exclusively by users who have agreed to the collection and processing of their data directly with Deep Care.
Within the scope of the main agreement and this addendum, Deep Care GmbH processes the following types of data:
Contact details of the client's contact persons
Delivery data (Employee name, email, shipping address, start date)
Contract master data (contract duration, contract volume, prices)
Contract settlement and payment data
Below we describe the purposes of processing, as well as the processing operations and the categories of data processed, in relation to the user.
A user of a company that is a customer of Deep Care GmbH can order a product via our booking portal. The order can also be placed via sales partners (e.g. such as BG Prevent). However, these partners do not act as data controllers under data protection law, but act as intermediaries for the order on behalf of the customer. Deep Care GmbH remains the sole controller under data protection law. The contract-relevant information for the order is retrieved in the registration form. This includes the name(s) of the user(s), e-mail address(es), dispatch address(es) and the desired start date of use. This data is processed and stored exclusively for the fulfilment and purpose of the contract with the customer or user, e.g. logistics, shipping of the product and invoicing. The personal data of the data subjects will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which we are subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
Once the user has received a product, they have full control over how the product is used and how long they store any captured data. The product does not require data capture or a Wi-Fi connection for normal use. The user has the following options in this regard:
Option A: The user can configure the product so that their data is only available during the device's runtime. With this option, no data is stored after the device is switched off.
Option B: Users can select in the product's settings for their data to be stored in the form of statistics and for long-term tracking. However, with this option, users can still delete all data at any time at the touch of a button.
In each of the options described above, the product gives the user the option to delete any data at any time (Settings > Data Storage > Delete All).
During use of the product, the following data will be stored exclusively locally and in anonymised form on the device, depending on the duration or the storage options described above chosen by the respective user:
a) It is recorded which selection of features and functions the respective user has made and what other interactions they have with the product, such as selecting the intensity level or activating/deactivating individual coaching tips. This configuration allows the user to customise the product, and it adapts accordingly to the specific user.
b) Furthermore, information for statistics, such as information on sitting postures, number of videos played or exercises performed, amount of water drunk, number of breaks, including the user's successes over time, can be recorded. This allows the user to see their progress over time.
c) The device runtime is recorded for the purpose of monitoring the product's lifespan and facilitating device maintenance, ensuring users always have a functional product.
d) The storage of changes in environmental or table height sensor data is primarily to correct a potential misalignment of the table height or to make the necessary adjustments when the product is placed on a new table (e.g. by checking available Wi-Fi or Bluetooth connections, the product can detect that it has been placed in a new location without connecting to them. This can, for example, trigger a prompt to guide the user through setting up their desk ergonomically again).
e) For individual optimisation of digital coaching, the product can optionally ask the user whether they are currently experiencing musculoskeletal complaints (e.g. back, neck or joint pain).
Providing this information is voluntary and is done solely on the user's own initiative.
Provided that corresponding details are given, this information can be used to individualise the analysis of posture and movement behaviour, and in the future, of breathing patterns, and to provide personalised recommendations for relief or prevention based on this.
In this context, health data may be processed within the meaning of Article 9 GDPR, in particular:
Postural and movement data are generally processed independently of any other factors. However, these data are only processed as health data within the meaning of Article 9 GDPR if they are used in connection with voluntarily provided complaints for the individual adaptation of coaching.
The processing of the aforementioned health data is carried out exclusively on the basis of the express consent of the user in accordance with Art. 9 para. 2 lit. a GDPR. This consent is obtained directly within the product before corresponding details are first recorded or processed.
Consent is voluntary and can be withdrawn at any time with future effect. In the event of withdrawal, the data concerned will be deleted immediately in compliance with data protection regulations. Neither granting nor withdrawing consent will result in any disadvantages for the user regarding the further use of the product.
The data will be treated with strict confidentiality, stored encrypted, and processed exclusively for the stated purposes. No data will be passed on to third parties without explicit consent.
Regardless of this, the user can independently delete all data stored in the product at any time or activate automatic deletion after switching off the device.
Whenever a product is returned to Deep Care GmbH, we then register the date of receipt and save it for billing purposes. All personal data not deleted by the user will be completely erased from the device before it is reused.
To exercise the rights available to data subjects, they can contact us at any time: datenschutz@deep-care.com Please note that these rights apply exclusively to personal data. Data that has been fully anonymised and cannot be traced back to a natural person is no longer subject to the GDPR. Therefore, targeted deletion or information about such anonymised data is not possible.
For the purposes of maintenance, product optimisation and the creation of statistical overviews for the customer, only aggregated usage data without personal references are read out. These data do not allow any conclusions to be drawn about individual users.
During the entire contract term, the customer will have access to an online portal called „Cockpit“. This Cockpit is a password-protected web application that is exclusively accessible to authorised individuals nominated by the customer. The Cockpit provides all information relevant to the customer – in particular, current usage metrics and the latest communication materials – in a structured and aggregated format. Furthermore, the Cockpit contains an overview of the participating users of the „Product“ system, enabling the customer's health management to track and manage any devices not returned on time or missing. This overview also serves as documentation of participation and usage for the customer.
Furthermore, aggregated and non-personal usage data for the application of the product will be provided via the cockpit. Data will only be displayed in the cockpit once at least 10 data records are available, in order to rule out traceability to individuals. The data provided is used solely for organisation-related, internal company analysis of usage by health management. The cockpit does not enable personal individual analyses. All individual evaluations and coaching functions are processed exclusively locally on the product during regular use.
At regular intervals, generally once a month, a QR code is displayed to users on the product. By voluntarily scanning this QR code, users can view their individual health status evaluation. This evaluation notably includes assessments of ergonomics, sitting dynamics, and environmental factors such as light, air, and noise conditions. The provision of this individual evaluation is anonymised and does not contain any personal data. Scanning the QR code is voluntary; users can skip this step at any time without any disadvantage. The overarching results generated from the individual evaluations are transmitted to the cockpit exclusively in an aggregated form, without personal reference and with express user consent. Access is only possible once at least 10 aggregated data sets are available.
In supporting the risk assessment through the product, Deep Care takes a very conservative approach to ensure the protection of user personal data. When the risk assessment function and its associated services are used by the user, the following processing operations take place:
a) During the analysis phase, several measurements of the product are taken. The evaluations and analyses of the results take place on-site on the product. Simple optimisations to the workstation are suggested directly by the product to the user on the device locally.
b) The final results of the analysis will be communicated in a reduced form, to an absolute minimum, via a QR code. This will be displayed on the product screen. These results are anonymous and do not contain any personal data.
c) The user is free to scan the provided QR code. If a suitable terminal device is used to scan the QR code, the information contained in the QR code will be transmitted to the Deep-Care.com server anonymously and without the collection of personal data. Following this, the user has the option to voluntarily provide their name and the associated company in order to generate a personalised evaluation in the form of a complete documentation or measurement report.
I. If this function is used as part of an official risk assessment, the report will by default be sent to a central email address previously named by the customer (e.g. to the responsible safety officer) to ensure structured recording within the context of the risk assessment. Furthermore, each user is free to arrange for the report to be sent additionally to an email address individually entered by them.
II. Provided the function is used solely for employees to independently review their workplace without intended documentation in the sense of an official risk assessment, the user can only choose to have the report sent to their own email address on a voluntary basis; in this case, the report will not be automatically forwarded to the employer.
d) Furthermore, an anonymised version of the report – meaning without the user's name or other identifying features – will be stored in the customer's company-specific online portal („Cockpit“). Personal details, such as the name, that the user has optionally provided during report creation will only appear on the full report, which is provided separately and not via the Cockpit. This ensures that only authorised personnel within the customer's company (typically those responsible for occupational safety or company health management) can access and evaluate the relevant assessments as part of the risk assessment, without being able to draw conclusions about individual natural persons.
The product is fully capable of offline use for regular operation – it requires neither a permanent internet connection nor the transmission of personal data to third parties. However, occasional software updates may be required to ensure technical security and functionality, as well as to provide new software features.
An update will be performed solely based on the explicit decision of the company or the user. The product is configured by default to not connect to the internet. A software update is therefore only possible if a temporary connection – e.g. via a local Wi-Fi or a mobile hotspot – is manually established.
The update process usually takes less than five minutes and can be performed anywhere (e.g., at home). During this process, only the serial number of the device is transmitted to the update server of Deep Care GmbH. No further data, especially no personal or usage data, will be transferred, stored, or analysed. After the update is complete, the product can be used again in offline mode.
For corporate clients, there is also the option to operate the product permanently in a mode where no update function is displayed or offered. In this case, the product remains completely offline, and there is no possibility of receiving future software updates. This may result in the product no longer being up-to-date with current technology over time.
The execution of software updates is solely for the purpose of improving the stability, security, and functionality of the product. The processing of the device serial number is carried out in accordance with Art. 6(1)(f) GDPR, based on the legitimate interest of Deep Care GmbH to ensure the technical safety and maintainability of the products. No profiling, analysis of user behaviour, or disclosure to third parties will take place.
Deep Care GmbH will in future provide an optional smartphone app for private end-users. Use of this app is entirely voluntary and is independent of using the product within the scope of company health management. The installation and use of the app are solely at the decision of the respective user on their private end devices.
Users have the option to connect the app to the product if they wish, in order to save and view certain usage statistics locally on their own mobile device. Data transfer only takes place if the user explicitly activates this function and establishes the connection with the product. In this case, data transfer takes place exclusively between the product and the user's respective end device.
For business customers, providing this private app does not create any additional obligations, and its use by employees can be regulated or excluded internally as needed.
We mitigate any risks with technical and organisational measures (see Clause 7). „A risk, within the meaning of the GDPR, is the possibility of an event occurring which, in itself, constitutes damage (including undue impairment of the rights and freedoms of natural persons) or can lead to further damage to one or more natural persons. It has two dimensions: firstly, the severity of the damage and, secondly, the probability that the event and its consequences will occur.“ (cf. DSK_Nr18_Risiko_Lizenzvermerk (datenschutzkonferenz-online.de)) We have identified any potential risks and have mitigated them through appropriate protective measures to ensure the security, integrity, and confidentiality of the personal data entrusted to us.
We employ appropriate technical and organisational security measures to protect user data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purpose of the processing, as well as the existing risks of a data breach (including their likelihood and impact) for the user. Our security measures are continuously improved in line with technological development.
We use tools and plugins to improve the security of the website and our internal systems. We collect log data that arises during the operation of our company's communication technology and on the website, and we analyse this data automatically to the extent necessary to detect, localise or eliminate disruptions or errors in the communication technology, or to defend against attacks on our IT infrastructure, or to detect and defend against malware.
During maintenance and software updates for the product, only the device's serial number and IP address will be encrypted and transmitted via SSL over the internet.
To ensure a level of protection appropriate to the risk of data processing under the contract and service addenda, the contractor has implemented the following technical and organisational measures:
Documentation of the technical and organisational measures taken within the scope of operating the Cockpit Services are available under https://www.hetzner.com/AV/TOM.pdf available from the subcontractor (see 11.).
| Measure | Implementation of the measure |
|---|---|
| Access control Measures that are suitable for preventing unauthorised persons from gaining access to data processing facilities used to process or utilise personal data. Access control measures for building and room security can include, among others, automatic access control systems, the use of chip cards and transponders, access control by gate staff and alarm systems. | Access to the office premises is restricted to authorised personnel with a personal transponder or key card. The office areas are secured by an electronic locking system with access logging. Outside of working hours, access is only possible via the security service. |
| Access control It must be prevented that data processing systems can be used by unauthorised persons. Access control means the unauthorised prevention of the use of facilities. Examples of possibilities include boot passwords, user IDs with passwords for operating systems and software products used, screen savers with passwords, the use of chip cards for logging in, and the use of callback procedures. | Access to internal systems is only granted after successful authentication using a username and password. In addition, two-factor authentication (2FA) is used for all administrative and cloud access. Automatic screen locks after inactivity are enabled. Master user records are managed centrally and checked regularly. |
| Access control It must be ensured that those authorised to use a data processing system can exclusively access the data subject to their access authorisation, and that personal data cannot be read, copied, modified or erased without authorisation during processing. Access control can be ensured, among other things, by means of suitable authorisation concepts that allow for differentiated control of access to data. | We guarantee that only authorised persons have access to your personal data. This data is stored exclusively in German data centres of Hetzner Online GmbH, specifically on physical servers in Nuremberg. Access is strictly limited to authorised employees of Deep Care GmbH who have a clearly defined maintenance contract. All employees involved in the collection, processing or use of personal data are regularly trained in data protection and security issues and are bound to data secrecy. The server environment is protected by the following technical and organisational security measures: - Load balancer protection: the servers are positioned behind a load balancer that regulates access from the public network and only allows legitimate traffic. - Monitoring and logging: All security-relevant access and system activities are logged and regularly checked. |
| Forwarding control It must be ensured that personal data cannot be read, copied, altered or removed without authorisation during electronic transmission, transport or storage on data carriers, and that it can be verified and determined to which recipients personal data transmissions by data transmission facilities are intended. To ensure confidentiality during electronic data transmission, encryption techniques and Virtual Private Networks can be used, for example. Measures for data carrier transport or data transfer include transport containers with locking mechanisms and regulations for data protection-compliant destruction of data carriers. | HTTPS Encryption: All user connections to the booking portal are exclusively via encrypted HTTPS connections. |
| Input check It must be ensured that it can be subsequently checked and determined whether and by whom personal data has been entered, modified, or removed from data processing systems. Input control is achieved through logging, which can take place at various levels (e.g., operating system, network, firewall, database, application). | Incoming data traffic is protected by a configurable firewall. Only defined IP addresses – e.g. from the DeepCare office – are permitted. Monitoring and Logging: All security-relevant access and system activities are logged and regularly reviewed. In addition, changes to data at the application level are logged and regularly evaluated. |
| Availability check It must be ensured that personal data is protected against accidental destruction or loss. This includes aspects such as uninterruptible power supplies, air conditioning, fire protection, data backups, secure storage of data carriers, virus protection, RAID systems, disk mirroring, etc. | Regular Backups: Automated daily data backups are created to prevent data loss. Deep Care GmbH has an internal disaster recovery procedure that describes measures for securing data availability and system functionality in the event of technical failures or security incidents. This procedure is regularly reviewed and updated as part of the internal risk management process. |
| Separation control It must be ensured that data collected for different purposes can be processed separately. This can be guaranteed by, for example, the logical and physical separation of the data. | Data from different customers and application areas are processed in a logically separated, multi-tenant system. Development, test, and production systems are completely separated. The separation occurs at both the database and application levels. Access to test systems is only permitted for authorised developers, and production data must not be used there. |
This data protection concept is regularly updated as part of internal reviews and adapted to legal or technical changes. Responsibility for maintenance and further development lies with the management of Deep Care GmbH in consultation with the Data Protection Officer. The current version is documented internally and clearly version-controlled.
Subcontractor controls (contractual situation, processing agreement, third-country transfers pursuant to Art. 44 et seq.; currently EU/EEA processing, deviations only with prior user consent).
| Company name, address (including country) | Description of subcontractor performance |
|---|---|
| Hetzner Online GmbH Industriestr. 25 91710 Gunzenhausen Germany | Hosting services, cloud storage Physical location: The servers are located in a certified data centre belonging to Hetzner in Nuremberg (Germany). Deep Care GmbH has concluded a contract for order processing with Hetzner Online GmbH. |
| IONOS SE Elgendorfer Str. 57 56410 Montabaur Germany | Hosting services, email servers, DNS servers. Physical location: The servers are located in a certified data centre in Karlsruhe (Germany). |
You are currently viewing a placeholder content from Facebook. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from HubSpot. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from Hubspot Meetings. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationWhen you order Isa through the booking portal, we process the necessary details, such as your name, email address, delivery address, and start date. We require this data to organise the order, delivery, and usage. Health-related details are not collected in the booking portal.
After receiving the ISA, you have full control over the use and storage of your data yourself.
'Isa' essentially works offline. You can choose whether data is only available while in use, or if statistics are saved. You can delete saved data directly on the device at any time. Certain usage information, for example about settings, movement patterns, or exercises performed, is stored locally on the device depending on your selection.
When you use Isa, you can optionally indicate whether you are currently experiencing any discomfort (e.g., in your back or neck). This feature is optional. If you use it, your explicit consent will be obtained directly on your device. This information is used to tailor your coaching more individually and to support you with prevention and relief of discomfort. The processing of this information takes place exclusively locally on the device. No data is transferred to your company or to Deep Care. Your company will not have access to this data. Providing this information is voluntary. You decide for yourself at any time whether you want to provide information. You can withdraw your consent at any time in the settings and delete all corresponding data. This will not result in any disadvantages for your use of Isa.
Your company does not receive personal individual analyses from your usage. Only aggregated data that cannot be traced back to individuals is displayed in the company portal. Therefore, a display only occurs from at least 10 data records.
For data protection queries, please contact us at any time at datenschutz@deep-care.com Contact.
