The provider of the app is SOPHIA GmbH & Co. KG (hereafter referred to as "the Provider").
1. General information regarding the use of the app
The app includes an inbox for notifications from SOPHIA.
Notifications from SOPHIA can also be requested by means of a push function. This function is enabled by default. You have however the option to disable this function. Push notifications can be disabled in the system settings of your device.
The Provider cannot give any guarantees regarding the availability, reliability, functionality and suitability of the app for your specific purposes. The Provider shall therefore not be liable for damages, unless he is found to have acted with malicious intent or gross negligence, has caused injury to life, body or health, has given a quality guarantee, has fraudulently concealed a defect or has acted in breach of a material contractual obligation. The statutory liability according to the German Product Liability Act is not affected by this. Material contractual obligations are core obligations for the fulfilment of a contract on which the two parties may rely. Compensation for damages caused by a breach of a material contractual obligation shall be limited to the typical, contractual and foreseeable damage, unless the Provider has acted with intent or gross negligence.
3. Right of use
The app enables users to access and use certain functionalities of SOPHIA from an iOS or Android mobile device, based on the stipulations in the separate licence contract. For the lawful use of the app, users must log in to their user account that is protected by identification and authentication features. The user account and authentication specifications form part of the licence contract. By downloading or using the app, the user does not acquire any additional rights, such as rights in the SOPHIA software or the operating software.
For the use of SOPHIA, the terms laid down in the relevant licence contract apply.
Sophia GmbH & Co. KG
1. Data controller
The provider of the SOPHIA cloud application and the data controller pursuant to the applicable data protection legislation is:
SOPHIA GmbH & Co. KG
27356 Rotenburg (Wümme), Germany
2. Processing of personal data
As a general rule, the SOPHIA cloud application can be used without providing personal data. Insofar as personal data (e.g. your name, address or email address) is collected, the submission of such information is, as far as possible, always voluntary. Please bear in mind that data transmission through the internet (e.g. in communication by e-mail) might not always be secure. We strive to protect your data from unauthorized access by third parties, through pseudonymization, data economy and compliance with deletion periods, using advanced technology. Despite these measures, we can however not completely rule out that your personal data might be unlawfully obtained and processed by third parties.
3. Data processing in case of access from the internet
When you access the SOPHIA cloud application, your access details are temporarily stored on our web server in the form of a log file. The following data is collected at this point and processed until it is automatically deleted:
- name of accessed file and volume of transferred data; date and time of access;
- IP address of device from which request is sent; device ID or other device identification code; device type and model;
- notification of successful access;
- requesting domain;
- type and version of web browser; operating system of your device; name of access provider;
- browser history and default web log information;
- location data, including geolocation data of your mobile device. Please note that you have the option to control or even disable the geolocation data services of your mobile device in the device settings.
If the SOPHIA cloud application is run for information purposes only, SOPHIA GmbH & Co. KG collects only personal data that is required for technical reasons to display and enable the functions of the SOPHIA cloud application (establishment of connection), system security and stability, the technical administration of the network infrastructure and the optimisation of the web service. The legal basis for the collection and processing of such data is the legitimate interest of SOPHIA GmbH & Co. KG, in accordance with article 6 (1) lit. f GDPR.
You are entitled to object to the processing of this data. In this case, you might not be able to use all services and features of the SOPHIA cloud application.
Personal data collected through the SOPHIA cloud application is not used for any purposes other than those listed above, unless you have explicitly consented to the additional processing of your personal data.
4. Purpose of data processing – logging in to SOPHIA
SOPHIA GmbH & Co. KG uses your personal data exclusively for managing the logging in to the SOPHIA cloud application. Your login details are stored in an encrypted format in our centralised authentication system for verification purposes.
TO LOG IN TO OUR APPLICATION, YOU MUST SUBMIT
- BUser name/ e-mail adress
Registration/user account: Before you can use the SOPHIA cloud application, you must register with us. Registration is required only once. In the process, you must submit certain personal data that we then store and process at SOPHIA GmbH & Co. KG.
FOR REGISTRATION, YOU MUST PROVIDE THE FOLLOWING PERSONAL DATA
- First name
- Postal Code
- Town / city
- Company / hospital
- E-mail address
The legal basis for the collection and processing of such data is the legitimate interest of SOPHIA GmbH & Co. KG, in accordance with article 6 (1) lit. f GDPR in connection with: the establishment of a good connection between our server and your device; user-friendly access to and use of our website; evaluation of system security and stability and general administrative purposes.
We never use the data to attempt to identify you as a person.
DURATION OF DATA STORAGE
SOPHIA GmbH & Co. KG keeps your personal data only for as long as is required. SOPHIA GmbH & Co. KG therefore deletes your personal data, if:
- there are no more legitimate grounds for the processing of the data;
- the purpose for which the data has been stored no longer exists;
- you have revoked your consent to use your data;
- we are obliged by law to erase the data;
- you object to the processing of your personal data,
unless the data is subject to statutory filing periods laid down for instance in the German Tax Ordinance AO or the German Commercial Code HGB.
If this case, SOPHIA GmbH & Co. KG is obliged to comply with the statutory regulations before it can fully erase your personal data.
The obligation to erase data does not apply to data whose elimination would involve a disproportionate effort. In such a case, SOPHIA GmbH & Co. KG can claim a legitimate interest in the continued storage of the data, in accordance with article 6 (1) lit. f GDPR.
5. Obligation of submission of personal data
In order to use our software, you need to submit at least a user name and a password. The provision of this information is governed by our agreement with your employer.
The website of SOPHIA GmbH & Co. KG might include links to third-party web pages that are not under our control. When you click such a link, you leave the website of SOPHIA GmbH & Co. KG and thus our scope of responsibility. We are therefore unable to control what happens to personal data submitted through third-party web pages.
7. Transfer of data through the internet
The internet is a global public platform. Due to the internet's nature and inherent mode of operation, and the systemic risks involved, all transmissions of data through the internet are at your own risk. For your security, our services can only be accessed through an encrypted transmission channel.
8. Transfer of data to third countries (outside the EU and EFTA)
We only transfer your data to countries outside the EU and EFTA, if
- this is necessary for the fulfilment of your order;
- we are obliged to do so by law;
- you have given your explicit consent to such a transfer.
Where your personal data is transferred to a third country or international organisation, we do this in full compliance with the GDPR. In line with the principle of data minimization, we limit the transmission of data to the required minimum.
We might cooperate with data processors whose business, parent company or subcontractor is registered in a third country. A transfer of your personal data to a third country may take place where the European Commission has decided that the third country in question ensures an adequate level of protection (article 45 GDPR), appropriate safeguards have been put in place (e.g. standard data protection clauses adopted by the European Commission) and on condition that enforceable data subject rights and effective legal remedies are available to you. To ensure compliance with the European General Data Protection Regulation, we have entered into a binding contract with the data processor.
Most of the cookies we use are session cookies that are automatically deleted the moment you leave our website. Other cookies remain stored on your device until you delete them. Cookies enable us to recognise you as a repeat visitor the next time you call up our website.
You have the option to configure your browser settings so that you are notified when a cookie is sent to your device. You can then decide whether you wish to store it. You can also reject cookies from certain websites or activate automatic deletion of all cookies upon closing the browser window. Should you disable cookies in your browser settings, you will still be able to use the SOPHIA cloud application, but there might be certain restrictions.
10. Matomo analytics platform
The SOPHIA cloud application uses the Matomo web analytics service. Matomo processes the following data: the browser type and version you use to access our service, the operating system of your device, the country where you are located, the date and time of the server request, the number of visits, the time you spend using the SOPHIA cloud application and the external links accessed by you. Your IP address is truncated before it is stored.
You have the option to object at any time to the collection of data by Matomo by clicking the link below. In this case, an opt-out cookie is stored on your device. This ensures that Matomo does no longer record session data. If you delete the cookies from your device, this opt-out cookie will also be deleted, so that you need to opt out again from Matomo.
Logs containing user data are deleted latest after 6 months.
Where we seek the user's consent to the processing of personal data (e.g. consent to receive cookies), the legal basis is article 6 (1) lit. a GDPR. Otherwise, we collect and process personal data only where this is necessary for the purposes of our legitimate interests (e.g. analysis, optimisation and efficient operation of our web services) pursuant to article 6 (1) lit. f GDPR.
Deactivation completed! Your visits to this web page are no longer tracked by our web analysis tool. Please note that if you clear the cookies in your browser, you also delete the Matomo opt-out cookie. In this case, and if you change device or web browser, you will need to perform the opt-out procedure again.
11. General data security
We have implemented a broad range of measures to protect your data. Data sent from your device to our server, which includes data entered by you on our HTML pages, is transmitted to SOPHIA GmbH & Co. KG for processing in an encrypted format (SLL - Secure Socket Layer) over the internet.
For security reasons and to protect confidential data such as order details or queries sent by you to us, we use SSL encryption. With this encryption, the protocol section of the address in your browser window changes from "http://" to "https://", and a padlock icon is displayed in the address bar.
Data transmitted with SSL encryption cannot be read by third parties.
12. Disclosure of data to third parties
We do not transfer or disclose your personal data to third parties, unless you have given your explicit consent to such a transfer. In this context, service providers involved in contract initiation or contract fulfilment, such as IT service and hosting providers for the SOPHIA cloud application are not considered third parties, as they act as data processors on behalf of SOPHIA GmbH & Co. KG and are therefore entitled to process personal data, based on the instructions and strict guidelines of SOPHIA GmbH & Co. KG.
SOPHIA GmbH & Co. KG has entered into contracts with its data processors to ensure compliance with the European General Data Protection Regulation.
The transfer of data between SOPHIA GmbH & Co. KG and the contracted data processors is performed according to the applicable national and European data protection regulations, and the volume of transmission data is limited to the required minimum.
13. Your rights as a data subject
Under the European General Data Protection Regulation, you have a number of rights:
- the right to be informed about how we use your personal data, how we obtain it, who receives it and for what purposes we process it
- the right to demand restriction of processing of our personal data;
- the right of rectification;
- the right to have your data blocked;
- the right to erasure;
- the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable format (right to data portability);
- the right to revoke your consent to the processing of your personal data;
- the right of complaint to the supervisory authority.
OBJECTION TO LAWFUL PROCESSING OF YOUR DATA
You have the right, for reasons of your own particular situation, to object at any time to the processing of personal data concerning you by SOPHIA GmbH & Co. KG pursuant to article 6 (1) lit. f GDPR. In this case, we no longer process your personal data, unless we can demonstrate compelling legitimate grounds for continuing the processing of your data, for instance where the data is required by us for the establishment, exercise or defence of a legal claim.
OBJECTION TO USE OF DATA FOR DIRECT MARKETING PURPOSES
Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your data for such purposes.
To stop your data being used for direct marketing purposes, and for any queries you have in this context, please contact us (for contact details, see section "Contact for data protection issues").
14. Contact for data protection issues
If you have any queries or concerns regarding the handling of your personal data by SOPHIA GmbH & Co. KG, please contact our Data Protection Officer. He and his team would be delighted to answer your questions and address your concerns.
DATA PROTECTION OFFICER
SOPHIA GmbH & Co. KG GmbH
27356 Rotenburg (Wümme), Germany
If you wish to lodge a complaint with the supervisory authority, please contact:
Data Protection Officer of the State of Lower Saxony
30159 Hanover, Germany