General Terms of Use

The provider of the app is SOPHIA GmbH & Co. KG (hereafter referred to as "the Provider").
By using the app, the user shall be deemed to have read these Terms of Use, to have fully understood them and to have fully accepted all their provisions without restriction or reservation. We therefore urge you to read the Terms of Use carefully.

1. General information regarding the use of the app

The app enables you to access the SOPHIA SOP management platform (hereafter referred to as "SOPHIA"). The use of the app is subject to a separate SaaS agreement for the use of SOPHIA (licence contract), which defines the nature and scope of the SOPHIA services made available to the user. The content accessible through the app is provided for personal use only, unless there are statutory provisions to the contrary. By downloading the app, you do not acquire any copyrights or industrial property rights, unless they have been explicitly granted to you. The app and its functions may not be used for any purpose other than the intended. You must use the app only to the extent permitted by law and in accordance with our Terms of Use. The Provider reserves the right to exclude you from using the app if you use it contrary to German law or our Terms of Use.



User data is processed according to the provisions of our Privacy Policy.



The app includes an inbox for notifications from SOPHIA.
Notifications from SOPHIA can also be requested by means of a push function. This function is enabled by default. You have however the option to disable this function. Push notifications can be disabled in the system settings of your device.

2. Liability

The Provider cannot give any guarantees regarding the availability, reliability, functionality and suitability of the app for your specific purposes. The Provider shall therefore not be liable for damages, unless he is found to have acted with malicious intent or gross negligence, has caused injury to life, body or health, has given a quality guarantee, has fraudulently concealed a defect or has acted in breach of a material contractual obligation. The statutory liability according to the German Product Liability Act is not affected by this. Material contractual obligations are core obligations for the fulfilment of a contract on which the two parties may rely. Compensation for damages caused by a breach of a material contractual obligation shall be limited to the typical, contractual and foreseeable damage, unless the Provider has acted with intent or gross negligence.

3. Right of use

The app enables users to access and use certain functionalities of SOPHIA from an iOS or Android mobile device, based on the stipulations in the separate licence contract. For the lawful use of the app, users must log in to their user account that is protected by identification and authentication features. The user account and authentication specifications form part of the licence contract. By downloading or using the app, the user does not acquire any additional rights, such as rights in the SOPHIA software or the operating software.

Users must not use the app for purposes other than those specified in the Terms of Use, and they are not entitled to make the app available to a third party. In the event of unauthorised transfer of use of the app, and in order to assert its claims against an (unauthorised) user, the Provider shall be entitled to demand disclosure of all relevant details, in particular the name and address, of the third party.

For the use of SOPHIA, the terms laid down in the relevant licence contract apply.

4. Miscellaneous

The Privacy Policy of the Provider applies. The Provider is constantly working on optimising its services. The Provider therefore reserves the right to add or remove functions and features, and to introduce additional restrictions regarding its services. You may terminate the use of the app at any time. The Provider reserves the right to change and adapt these Terms of Use. You will be notified of such changes in due course.


Privacy Policy

Sophia GmbH & Co. KG

Our Privacy Policy explains in detail what data we collect through SOPHIA and how we process it.

We take the protection of your data seriously. As we rely on your trust and cooperation, we want to make sure that you are satisfied with our performance, including our procedures to protect your personal data. This Privacy Policy provides you with detailed information on how we process your personal data. Please read this Privacy Policy carefully. Our Privacy Policy forms an integral part of the Terms of Use of SOPHIA GmbH & Co. KG.

In the course of the continuous improvement and further development of the SOPHIA cloud application, the implementation of statutory requirements and the integration of new technologies in our products, we might need to amend our Privacy Policy from time to time. We therefore recommend that you regularly check our Privacy Policy for changes.

1. Data controller

The provider of the SOPHIA cloud application and the data controller pursuant to the applicable data protection legislation is:



Trinidadstraße 15a
Gewerbegebiet Hohenesch
27356 Rotenburg (Wümme), Germany

2. Processing of personal data

This Privacy Policy applies to all data, including personal data collected by SOPHIA GmbH & Co. KG. Personal data is data from which an individual could be identified with reasonable accuracy. We process your personal data in compliance with the data protection law of the Federal Republic of Germany and the European General Data Protection Regulation GDPR. We never make your personal data available to third parties for marketing or promotional purposes without having first obtained your explicit consent.

Within our organisation, compliance with the statutory requirements and our Privacy Policy is supervised and enforced by our data protection officers. Our employees have undergone training in the handling of personal data and have committed in writing to comply with the data protection regulations.

As a general rule, the SOPHIA cloud application can be used without providing personal data. Insofar as personal data (e.g. your name, address or email address) is collected, the submission of such information is, as far as possible, always voluntary. Please bear in mind that data transmission through the internet (e.g. in communication by e-mail) might not always be secure. We strive to protect your data from unauthorized access by third parties, through pseudonymization, data economy and compliance with deletion periods, using advanced technology. Despite these measures, we can however not completely rule out that your personal data might be unlawfully obtained and processed by third parties.

3. Data processing in case of access from the internet

When you access the SOPHIA cloud application, your access details are temporarily stored on our web server in the form of a log file. The following data is collected at this point and processed until it is automatically deleted:


  • name of accessed file and volume of transferred data; date and time of access;
  • IP address of device from which request is sent; device ID or other device identification code; device type and model;
  • notification of successful access;
  • requesting domain;
  • type and version of web browser; operating system of your device; name of access provider;
  • browser history and default web log information;
  • location data, including geolocation data of your mobile device. Please note that you have the option to control or even disable the geolocation data services of your mobile device in the device settings.


If the SOPHIA cloud application is run for information purposes only, SOPHIA GmbH & Co. KG collects only personal data that is required for technical reasons to display and enable the functions of the SOPHIA cloud application (establishment of connection), system security and stability, the technical administration of the network infrastructure and the optimisation of the web service. The legal basis for the collection and processing of such data is the legitimate interest of SOPHIA GmbH & Co. KG, in accordance with article 6 (1) lit. f GDPR.

You are entitled to object to the processing of this data. In this case, you might not be able to use all services and features of the SOPHIA cloud application.

Personal data collected through the SOPHIA cloud application is not used for any purposes other than those listed above, unless you have explicitly consented to the additional processing of your personal data.

4. Purpose of data processing – logging in to SOPHIA

SOPHIA GmbH & Co. KG uses your personal data exclusively for managing the logging in to the SOPHIA cloud application. Your login details are stored in an encrypted format in our centralised authentication system for verification purposes.


  • BUser name/ e-mail adress
  • Password

Registration/user account: Before you can use the SOPHIA cloud application, you must register with us. Registration is required only once. In the process, you must submit certain personal data that we then store and process at SOPHIA GmbH & Co. KG.


  • Title
  • First name
  • Surname
  • Address
  • Postal Code
  • Town / city
  • Company / hospital
  • Function
  • E-mail address

The legal basis for the collection and processing of such data is the legitimate interest of SOPHIA GmbH & Co. KG, in accordance with article 6 (1) lit. f GDPR in connection with: the establishment of a good connection between our server and your device; user-friendly access to and use of our website; evaluation of system security and stability and general administrative purposes.

We never use the data to attempt to identify you as a person.



SOPHIA GmbH & Co. KG keeps your personal data only for as long as is required. SOPHIA GmbH & Co. KG therefore deletes your personal data, if:


  • there are no more legitimate grounds for the processing of the data;
  • the purpose for which the data has been stored no longer exists;
  • you have revoked your consent to use your data;
  • we are obliged by law to erase the data;
  • you object to the processing of your personal data,


unless the data is subject to statutory filing periods laid down for instance in the German Tax Ordinance AO or the German Commercial Code HGB.

If this case, SOPHIA GmbH & Co. KG is obliged to comply with the statutory regulations before it can fully erase your personal data.

The obligation to erase data does not apply to data whose elimination would involve a disproportionate effort. In such a case, SOPHIA GmbH & Co. KG can claim a legitimate interest in the continued storage of the data, in accordance with article 6 (1) lit. f GDPR.

5. Obligation of submission of personal data

In order to use our software, you need to submit at least a user name and a password. The provision of this information is governed by our agreement with your employer.

6. Links

The website of SOPHIA GmbH & Co. KG might include links to third-party web pages that are not under our control. When you click such a link, you leave the website of SOPHIA GmbH & Co. KG and thus our scope of responsibility. We are therefore unable to control what happens to personal data submitted through third-party web pages.

7. Transfer of data through the internet

The internet is a global public platform. Due to the internet's nature and inherent mode of operation, and the systemic risks involved, all transmissions of data through the internet are at your own risk. For your security, our services can only be accessed through an encrypted transmission channel.

8. Transfer of data to third countries (outside the EU and EFTA)

We only transfer your data to countries outside the EU and EFTA, if


  • this is necessary for the fulfilment of your order;
  • we are obliged to do so by law;
  • you have given your explicit consent to such a transfer.


Where your personal data is transferred to a third country or international organisation, we do this in full compliance with the GDPR. In line with the principle of data minimization, we limit the transmission of data to the required minimum.

We might cooperate with data processors whose business, parent company or subcontractor is registered in a third country. A transfer of your personal data to a third country may take place where the European Commission has decided that the third country in question ensures an adequate level of protection (article 45 GDPR), appropriate safeguards have been put in place (e.g. standard data protection clauses adopted by the European Commission) and on condition that enforceable data subject rights and effective legal remedies are available to you. To ensure compliance with the European General Data Protection Regulation, we have entered into a binding contract with the data processor.

9. Cookies

The SOPHIA cloud application uses cookies. Cookies are small text files that are stored by your browser on your device. Cookies do not damage your device or any files stored on it, and do not contain computer viruses. They are designed to make our web pages more user-friendly, efficient and safe. Certain cookies (known as "functional cookies" used for instance in language settings and to place orders) are required by the SOPHIA cloud application software in order to enable certain functions. Without these cookies, the SOPHIA could application does not work properly.

Most of the cookies we use are session cookies that are automatically deleted the moment you leave our website. Other cookies remain stored on your device until you delete them. Cookies enable us to recognise you as a repeat visitor the next time you call up our website.

You have the option to configure your browser settings so that you are notified when a cookie is sent to your device. You can then decide whether you wish to store it. You can also reject cookies from certain websites or activate automatic deletion of all cookies upon closing the browser window. Should you disable cookies in your browser settings, you will still be able to use the SOPHIA cloud application, but there might be certain restrictions.

10. Matomo analytics platform

The SOPHIA cloud application uses the Matomo web analytics service. Matomo processes the following data: the browser type and version you use to access our service, the operating system of your device, the country where you are located, the date and time of the server request, the number of visits, the time you spend using the SOPHIA cloud application and the external links accessed by you. Your IP address is truncated before it is stored.

Matomo uses cookies that are stored on your device and allow us to analyse the use of our website. Your personal data might be stored in the form of a pseudonymized user profile. Matomo cookies are automatically deleted after one week. The information generated by the cookie about your use of the SOPHIA cloud application is not transferred to a third party and stored only on our own server.

You have the option to object at any time to the collection of data by Matomo by clicking the link below. In this case, an opt-out cookie is stored on your device. This ensures that Matomo does no longer record session data. If you delete the cookies from your device, this opt-out cookie will also be deleted, so that you need to opt out again from Matomo.

Logs containing user data are deleted latest after 6 months.

Where we seek the user's consent to the processing of personal data (e.g. consent to receive cookies), the legal basis is article 6 (1) lit. a GDPR. Otherwise, we collect and process personal data only where this is necessary for the purposes of our legitimate interests (e.g. analysis, optimisation and efficient operation of our web services) pursuant to article 6 (1) lit. f GDPR.

Deactivation completed! Your visits to this web page are no longer tracked by our web analysis tool. Please note that if you clear the cookies in your browser, you also delete the Matomo opt-out cookie. In this case, and if you change device or web browser, you will need to perform the opt-out procedure again.

11. General data security

We have implemented a broad range of measures to protect your data. Data sent from your device to our server, which includes data entered by you on our HTML pages, is transmitted to SOPHIA GmbH & Co. KG for processing in an encrypted format (SLL - Secure Socket Layer) over the internet.

For security reasons and to protect confidential data such as order details or queries sent by you to us, we use SSL encryption. With this encryption, the protocol section of the address in your browser window changes from "http://" to "https://", and a padlock icon is displayed in the address bar.

Data transmitted with SSL encryption cannot be read by third parties.

12. Disclosure of data to third parties

We do not transfer or disclose your personal data to third parties, unless you have given your explicit consent to such a transfer. In this context, service providers involved in contract initiation or contract fulfilment, such as IT service and hosting providers for the SOPHIA cloud application are not considered third parties, as they act as data processors on behalf of SOPHIA GmbH & Co. KG and are therefore entitled to process personal data, based on the instructions and strict guidelines of SOPHIA GmbH & Co. KG.

SOPHIA GmbH & Co. KG has entered into contracts with its data processors to ensure compliance with the European General Data Protection Regulation.

The transfer of data between SOPHIA GmbH & Co. KG and the contracted data processors is performed according to the applicable national and European data protection regulations, and the volume of transmission data is limited to the required minimum.

13. Your rights as a data subject

Under the European General Data Protection Regulation, you have a number of rights:


  • the right to be informed about how we use your personal data, how we obtain it, who receives it and for what purposes we process it
  • the right to demand restriction of processing of our personal data;
  • the right of rectification;
  • the right to have your data blocked;
  • the right to erasure;
  • the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable format (right to data portability);
  • the right to revoke your consent to the processing of your personal data;
  • the right of complaint to the supervisory authority.



You have the right, for reasons of your own particular situation, to object at any time to the processing of personal data concerning you by SOPHIA GmbH & Co. KG pursuant to article 6 (1) lit. f GDPR. In this case, we no longer process your personal data, unless we can demonstrate compelling legitimate grounds for continuing the processing of your data, for instance where the data is required by us for the establishment, exercise or defence of a legal claim.



Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your data for such purposes.

To stop your data being used for direct marketing purposes, and for any queries you have in this context, please contact us (for contact details, see section "Contact for data protection issues").

14. Contact for data protection issues

If you have any queries or concerns regarding the handling of your personal data by SOPHIA GmbH & Co. KG, please contact our Data Protection Officer. He and his team would be delighted to answer your questions and address your concerns.



Trinidadstraße 15a
Gewerbegebiet Hohenesch
27356 Rotenburg (Wümme), Germany


If you wish to lodge a complaint with the supervisory authority, please contact:


Data Protection Officer of the State of Lower Saxony
Prinzenstrasse 5
30159 Hanover, Germany

15. Accessibility of Privacy Policy

To call up and print the Privacy Policy concerning the SOPHIA cloud application from SOPHIA GmbH & Co. KG, click the link.


Status 22/06/2019