Privacy Policy Limbach Befund2Go

Contents

GENERAL

We take the protection of your personal data very seriously and treat it confidentially and in accordance with the statutory data protection regulations and this privacy policy. This privacy policy applies to our mobile iPhone and Android apps (hereinafter referred to as "Befund2Go" "Befund2Go App" or "App" for short). It explains the type, purpose, and scope of data collection when using the app. We would like to point out that data transmission over the Internet may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

RESPONSIBLE

We act as the controller within the meaning of the applicable data protection laws for this application:

LIMETEC Biotechnologies GmbH
Neuendorfstrasse 23 b
16761 Hennigsdorf
Phone: 033 02 866 97 - 0

We take all measures required under applicable data protection law to ensure the protection of your personal data. If you have any questions regarding this privacy policy, please contact our data protection officer:

Jan Alkemade
Alkemade IT-Security e.K.
Egerländer Str. 9
D-61239 Ober-Mörlen
E-mail: jan.alkemade@alkemade-it.de
Phone: +49 (0) 6002 939593

Further information about our company can be found in the imprint on our website https://www.limetec-biotechnologies.de/impressum/.

THE BEFUND2GO APP

The Befund2Go app is provided to transmit laboratory test results quickly and easily to those tested.

COVID-19 NOTE

This app is provided to quickly and easily communicate test results, including potentially COVID-19 test results, to those tested.

WHAT IS THE RANGE OF FUNCTIONS

The app enables the user to make findings from laboratory orders digitally accessible within an app, provided that the laboratory order was placed with one of the participating laboratories of the Limbach Group SE.

WHICH DATA IS PROCESSED

When you use the Befund2Go app, we process the following data for the provision of the app and the findings and to ensure the security of the operation of the app:

Functional:

*The findings data remain on Limbach Group SE's own servers, which are located in Germany even if the data are retrieved. If you do not retrieve the data from abroad, there are no plans to transfer it to third countries and it is not technically necessary. The connection between the app and our servers is secured according to the state of the art. We would like to point out once again that the secure operation of the app depends to a large extent on you keeping your access data secret and not storing the access data on the device with which you use the app. Very important: Under no circumstances do we sell your personal data to third parties!

WHICH AUTHORIZATIONS DOES THE APP REQUIRE

In order to provide our services via the app, we require the access rights listed below, which enable us to access certain functions of your device. Access to the device functions is necessary to ensure the functionality of the app. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR, your consent within the meaning of Art. 6 para. 1 lit. a GDPR and/or - if a contract has been concluded - the fulfillment of our contractual obligations (Art. 6 para. 1 lit. b GDPR).

CAMERA

In order to be able to assign the user to the correct laboratory location, the user must scan a QR code as a first step. This is provided by the test location, e.g. in the form of a flyer. By scanning the QR code, the laboratory ID is read out and the user is assigned to the correct laboratory location so that the user's request ends up at the right laboratory and the requirements are met for this laboratory to ultimately be able to successfully deliver the findings. Scanning the QR code within the app by the app user therefore temporarily requires authorization to use the camera sensor. When a QR code is scanned, no image information other than the laboratory ID is stored. Authorization to use the camera sensor is not required permanently and can be revoked again via the system settings after the scanning process has been completed without restricting further use of the app. The same applies to barcode scanning; here too no image information is stored apart from the barcode read.

PUSH NOTIFICATIONS

The authorization of the app to send push notifications is not mandatory to use the app; the receipt of findings is basically also possible without this authorization. However, it is strongly recommended that the user gives the app this authorization as this allows the user to be informed about the existence of the findings or problems with the transmission. Sufficient transmission of information cannot be guaranteed without authorization to send push notifications.

DEVICE IDENTIFICATION OF YOUR SMARTPHONE

When the user registers in the laboratory information system, the device ID is linked to the user's respective laboratory order so that the findings can be transferred to the user's app via the device ID (as a unique feature) at a later point in time ( when the findings are completed).

PURPOSES OF THE PROCESSING OF PERSONAL DATA AND VOLUNTARY DISCLOSURES

The primary purpose of the app is to make the findings of laboratory orders digitally accessible to the user within an app, provided that the laboratory order was placed with one of the participating laboratories of the Limbach Group SE. In order for the user to retrieve findings, registration is required. This serves two purposes:

Optional: If you wish to contact support, you must provide an e-mail address.

STORAGE

General storage period of personal data: Unless otherwise stated or specified in this privacy policy, the personal data collected by this app will be stored until you ask us to delete it, revoke your consent to storage, delete the app, or the purpose for data storage no longer applies. If there is a legal obligation to store the data or another legally recognized reason for storing the data (e.g. legitimate interest), the personal data concerned will not be deleted before the respective reason for storage no longer applies.

INFORMATION DELETION AND CORRECTION

You have the right to free information about your stored personal data at any time, their origin and recipient, and the purpose of the data processing as well as a right to rectification or erasure of this data. For this and further questions on the subject of personal data, you can contact us at any time at the address given in the imprint. This data may be deleted in the following cases:

ACCOUNT DELETION

We recommend that you delete your account quickly and conveniently within the Befund2Go app. However, you also have the option of requesting the deletion of your account outside the app. To delete your account outside the Befund2Go app, you can request this at the following email address: lpa@limetec-biotechnologies.de.

With the successful account deletion, all data associated with the account will be irrevocably deleted.

EXTENDED FUNCTIONS

The application creates a log file during use, which contains anonymous usage data among other things. This file is never automatically sent to us or third parties. At present, the log file is created purely for preventive purposes and is neither analyzed nor transmitted. The purpose of the log file is to enable active troubleshooting in the event of app malfunctions, e.g. app crashes, and thus to better understand the malfunction.

ADVERTISING

Your data will not be used for commercial purposes at any time. The responsible laboratory within the Limbach Group SE only stores the information that is necessary to ensure the safe and functioning operation of the application.

RECIPIENTS / DISCLOSURE OF DATA

Data that you enter in the app will not be passed on to third parties unless this is necessary for the purpose of processing the contract or providing information. However, service providers and processors may be used for the operation of this application or for other products. It may happen that a service provider obtains knowledge of personal data. Service providers are carefully selected - in particular with regard to data protection and data security - all measures required under data protection law for permissible data processing are taken.

Note: If you make use of the option to save or share your findings outside the Befund2Go app, the findings data is potentially unsecured from this point onwards. At this point at the latest, you as the user are responsible for the data protection of your findings data. This is the case, for example, if you save your findings on your end device or send them by email.

DATA PROCESSING OUTSIDE THE EUROPEAN UNION

Data processing outside the European Union in connection with the use of the app does not take place.

DATA PROTECTION OFFICER

You can reach the responsible data protection officer at:

Alkemade IT-Security e.K.
Egerländer Str. 9
D-61239 Ober-Mörlen
E-mail: jan.alkemade@alkemade-it.de

YOUR RIGHTS AS AN AFFECTED PERSON

The GDPR grants data subjects whose personal data is processed by us certain rights which we would like to inform you about here:

Revocation of your consent to data processing

Many data processing operations are only possible with your consent. We will expressly obtain this from you before commencing data processing. You can revoke this consent at any time. All you need to do is send an informal email to lpa@limetec-biotechnologies.de. The legality of the data processing operations carried out up to the revocation remains unaffected by the revocation.

RIGHT TO OBJECT TO THE COLLECTION OF DATA IN SPECIAL CASES AND AGAINST DIRECT ADVERTISING (ART. 21 GDPR)

If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of personal data concerning you at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal bases on which processing is based can be found in this privacy policy. If you object, we will no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority. This can be found at https://www.bfdi.bund.de/DE/. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

AMENDMENT OF THIS DATA PROTECTION NOTICE

This data protection notice will be revised in the event of changes to this application or other occasions that make this necessary. You will always find the current version under the Data protection tab in this application.

Status: 13.06.2024