Data protection declaration
Data protection declaration
1. General information
We take the protection of personal data very seriously. We align our data processing with the aim of
collecting, processing or using only the personal data necessary for a sensible use of our offer. We
have taken technical and organisational measures to ensure that the data protection regulations are
2. Responsible party
Responsible party within the meaning of data protection laws:
CANKADO Service GmbH
Am Strassland 6
D-85551 Kirchheim bei München
If you have any questions or suggestions about data protection or if you wish to exercise rights
regarding the processing of your personal data, you can contact us by e-mail at the following
3. Subject matter of data protection
The subject of data protection is personal data. Personal data is any information relating to an
identified or identifiable natural person; a natural person is considered identifiable if he or she can
be identified directly or indirectly, in particular by reference to an identifier such as a name,
identification number, location data, online identifier or one or more specific characteristics, which
are expressions of the physical, physiological, genetic, genetic, psychological, economic, cultural or
social identity of that natural person.
4. Legal basis for data processing
We process the personal data arising from your use of our services either with your consent (Art. 6
para. 1 lit. a) DSGVO), to the extent necessary to provide our services in accordance with the data
protection declaration (Art. 6 para. 1 lit. b) DSGVO) or on the basis of a weighing of interests to
safeguard our legitimate interests (Art. 6 para. 1 lit. f) DSGVO).
9.2 If we process personal data to safeguard our legitimate interests (Art. 6 para. 1 lit. f) DSGVO), a
legitimate interest may also lie in the continuous improvement of the security and user-friendliness
of our services.
5. Your rights
You have the following rights with respect to your personal data:
(a) The right of access (art. 15 DSGVO)
(b) The right to rectification (Art. 16 DSGVO) or cancellation (Art. 17 DSGVO)
(c) The right to limitation of processing (Art. 18 DSGVO) and a right to object to processing (Art. 21
(d) The right to data transferability (Art. 20 DSGVO)
Please note that the existence of the rights mentioned in b), c) and d) above is subject to other legal
You have the right to lodge a complaint with a data protection supervisory authority against the
processing of your personal data.
6. Automated data collection
When using CANKADO, your device, e. g. your smartphone, automatically transmits the following
data to CANKADO:
date and time of access,
operating system used,
used terminal device,
Amount of data sent,
This data is processed in order to technically enable you to use CANKADO. With the exception of the
IP address, these data are evaluated for statistical purposes and to improve CANKADO. Depending on
the setting, it may also be possible for your devices to transmit location information to CANKADO.
7. Download the CANKADO Apps
When downloading the CANKADO Apps, certain necessary information is transferred to the
respective App Store. We have no influence on this data collection and are not responsible for it.
8. Creation of a user account
6.1 You can only use CANKADO with a valid user account.
The following data is collected by you in order to provide the user account and the associated
For the use of a doctor’s account:
Uniform training number (EFN)
Workplace information, e. g. practice names
If CANKADO is used by a specialist nurse, we also collect a declaration of consent from the physician
responsible for the specialist nurse.
6.2 For the use of a patient account:
6.3 No personal data is required for the creation of patient accounts created by a physician or an
authorised specialist nurse. The account receives an anonymous ID.
6.4 Cookies and other technologies – We use technologies such as cookies to provide, improve and
protect our services. You can set your browser to accept cookies or not, but without cookies we may
not be able to provide you with the full range of our services.
9. Data you enter
7.1 As a patient, you can use CANKADO to define a therapy plan and document the associated course
of therapy. You can enter the following data, among other things:
1. general data (e. g. gender and year of birth)
2. data on the treatment (e. g. name and intake pattern of the medications to be taken as well
as further routines for additional therapeutic components)
3. medication intake
4. upload documents, e. g. a doctor’s letter
5. We offer you the possibility to personalize your user account, e. g. with a username and a
photo. There is no obligation to create your own personal user account. This is done solely
on a voluntary basis.
7.2 If you release your account for your treating physician or if your account has been created by a
physician or specialist nurse as part of a study or support program, the following additional data may
1. measured values (e. g. blood pressure and weight)
2. data on health status (e. g. name, frequency and severity of symptoms/complaints)
7.3 Internet access is required for using CANKADO. As soon as your device is connected to the
Internet, the stored data is encrypted and transmitted to CANKADO. The data will be processed by us
for the purpose of providing CANKADO functions and for backup purposes.
7.4 All data is stored on ISO 27001 certified servers in Germany.
With your consent to this data protection declaration you agree that we may collect, store and
use the personal health data you have entered in order to make the CANKADO functions available
7.6 You are the owner of your personal health data and these will not be used by us for any other
purpose and will not be passed on to third parties.
7.7 You may revoke your consent pursuant to Section 7.5 at any time with effect for the future.
Please note, however, that the possibility of using CANKADO after revoking your consent may be
restricted or excluded.
10. Release of user data for other users
8.1 If necessary, we will offer you the opportunity to network with other users via CANKADO and give
these users access to your health-related data.
8.2 Networking with other users takes place via an invitation, which you can generate via CANKADO
and send by e-mail or to a contact. If your contact is also a CANKADO user, this contact can view or
edit your released data if you have granted him this right.
8.3 You decide yourself whether and to what extent you want to use the above-mentioned
functionality. There is no obligation to connect your own user account with another user account.
This is done solely on a voluntary basis. Please only link your profile with people you trust. You can
disconnect the network with another user at any time.
11. Use of analysis tools
For the analysis of the use of CANKADO, we collect anonymous statistical usage data using the
analysis tools listed in the following paragraphs. This anonymous user data helps us to improve
CANKADO and cannot be assigned to you at any time. Collected usage data can be crash reports, for
example, if a CANKADO app crashes during use.
CANKADO uses “App Analytics”, an app analysis service from Apple Inc. to process data
such as download and use of the CANKADO Patient App. CANKADO does not receive any
personal data from Apple Inc. about you. The usage analysis by App Analytics only takes
place if you have agreed to this beforehand. For more information, see the privacy menu
of your iOS device.
CANKADO uses Google Analytics for mobile apps, an app analysis service of Google Inc.
(“Google”). With this service, CANKADO collects certain data, such as the time and
duration of use. On behalf of CANKADO, Google will use this information to evaluate
your use of the CANKADO Patient App, to compile reports on the app activities and to
provide further services related to the use of the app to CANKADO. The collected
information about your use of the CANKADO App is usually transferred to a Google
server in the USA and stored there. However, since IP anonymization has been enabled
for the CANKADO App, your IP address will be previously truncated by Google within
Member States of the European Union or in other signatory states to the EEA
Agreement. The IP address transmitted by your end device within the scope of Google
Analytics will not be merged with other Google data. Only in exceptional cases the full IP
address is transferred to a Google server in the USA and shortened there.
declaration can be found on our website. This reservation of the right to change does not apply to
the consent under data protection law pursuant to Section 7.5, which was granted with the consent
of this data protection declaration.