Privacy policy for the MASTHAVE® website

The following privacy policy is divided into:

1. general information,

2. data collected/purpose of processing/legal basis/duration of storage,

3. disclosure to third parties,

4. Google Analytics,

5. Google Adwords,

6. Vimeo

7. deletion of data,

8. rights regarding the processing of personal data,

9. right of objection,

10. changes to this privacy policy/responsible person

1. general information

We appreciate your visit to our website www.masthave-app.com (hereinafter "website") and your interest in the MASTHAVE® app with the self-evaluation of your mastocytosis contained therein (hereinafter "MASTHAVE app"). We protect your privacy and your personal data to the best of our ability. The website is intended to provide information about the MASTHAVE app and to enable interested users and medical practitioners to contact us. The name and contact details of the controller are as follows

Global Allergy and Asthma Excellence Network

c/o DGAKI

Robert-Koch-Platz 7
10115 Berlin
E-Mail: info@masthave-app.com

The contact details of the Data Protection Officer are as follows:

E-mail: info@masthave-app.com

When you visit this website, personal data is transmitted. According to Article 4(1) of the General Data Protection Regulation (EU) 2016/679 (hereinafter "GDPR"), personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

According to Article 4(2) GDPR, the processing of data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

This Privacy Policy is supplemented by our General Terms and Conditions, available at https://masthave-app.com/agb and our Cookie Policy, available at https://masthave-app.com/. The legal notice is available at https://masthave-app.com/impressum.

2. data collected / purpose of processing / legal basis / duration of storage

Below we show you which categories of data are collected, the purpose of the processing, the applicable legal basis and the duration of storage.

Categories of data

Purpose of the processing

Legal basis

Duration of storage

Authentication data

IP address, date and time of the request, time zone difference to Greenwich Mean Time, content of the request (specific page), access status/http status code, amount of data transferred in each case, website from which the request originates, browser, operating system and its interface, language and version of the browser software.

Website access. Ensuring the use of the website.

Analysing the functionality of the website. Administrative purposes.

Fulfilment of a contract pursuant to Article 6(1)(b) GDPR. Interest in the error-free operation and functionality of the website in order to prevent misuse and improve the website, Article 6(1)(f) GDPR.

1 month

Contact form

E-mail address, surname, first name

Processing of your data for the purpose of receiving and processing your enquiry. The enquiry cannot be processed without the data collected. To ensure the use of the website. Analysing the functionality of the website.

Administrative Zwecke.

Fulfilment of a contract pursuant to Article 6(1)(b) GDPR. Interest in the error-free operation and functionality of the website in order to prevent misuse and improve the website, Article 6(1)(f) GDPR.

1 month

2.3 Data from children

The website is not intended for use by children under the age of 18. The collection and/or storage of personal data of children is not intended with the operation of the website. Nevertheless, the use of services may occur under certain circumstances. If this is the case, children, i.e. all users aged 17 or under, must obtain their parents' consent before they can visit the website and/or use the contact form. If parents realise that their child has entered personal data in the contact form without their consent, they must ask us to delete this personal data. To do so, please send an e-mail to info@masthave-app.com. If the controller becomes aware that personal data has been collected from a child under the age of 18, the necessary measures will be taken immediately to either obtain parental consent for the processing of the child's personal data or to delete this personal data.

3. Disclosure to third parties

We do not sell your personal data. We also do not transfer any personal data to third parties without your consent, unless such a transfer is permitted by law. The personal data you enter is collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for the data to be passed on to one or more processors, who will also use the personal data exclusively for internal use attributable to the controller. If the processing is carried out on behalf of the controller, the controller shall only work with processors who offer sufficient guarantees that appropriate technical and organisational measures are implemented in such a way that the processing is carried out in accordance with the requirements of the GDPR and the protection of the data subjects is guaranteed. The transfer of data to processors takes place on the basis of Art. 28 para. 1 GDPR. A sale of your data to third parties and/or disclosure of the data for marketing purposes is hereby excluded. We are also legally obliged to provide information to certain public authorities on request. These are law enforcement authorities, authorities that prosecute administrative offences subject to fines and the tax authorities. This data is passed on on the basis of our legitimate interest in combating misuse, prosecuting criminal offences and securing, asserting and enforcing claims, provided that your rights and interests in the protection of your personal data do not outweigh this, Art. 6 para. 1 lit. f GDPR. The GDPR permits data processing within the EU. Processing outside the EU in a so-called third country is permitted if a comparable level of protection exists in the third country (adequacy decision pursuant to Articles 45, 46, 47 GDPR). The service providers we use are either based in the EU or in a country in which the EU has established an adequate level of data protection.

4. Google Analytics

In order to better adapt this website to the needs of our users, we analyse visits to our website. We use your IP address, which we anonymise beforehand (and possibly similar numbers that are exchanged between computers during normal Internet use) with the intention of being able to analyse data about the websites visited, your browser and your computer, among other things. The stored data is analysed exclusively for statistical purposes; in particular, the IP address is not linked to a specific person. It is not passed on to third parties.

This website uses Google Universal Analytics, a web analytics service provided by Google Inc ("Google"). The legal basis for the processing of personal data using Google Analytics is Art. 6 para. 1 sentence 1 lit. f) GDPR. The operating company of the Google Analytics component is

Google Ireland Limited
incorporated and operating under the laws of Ireland
(Registration Number: 368047 / VAT Number: IE6388047V)
Gordon House, Barrow Street
Dublin 4
Ireland

Google Universal Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website (including your IP address) is usually transmitted to a Google server and stored there. IP anonymisation has been activated on this website so that the IP address of Google users within member states of the European Union or in other contracting states of the Agreement on the European Economic Area is shortened beforehand. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Universal Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link http://tools.google.com/dlpage/gaoptout?hl=de. You can find more information on terms of use and data protection at

http://www.google.com/analytics/terms/de.html or under http://www.google.de/privacy.html.

We would like to point out that this website uses Google Universal Analytics with the code extension "anonymizeIp" to ensure anonymised collection of IP addresses (so-called IP masking) and to exclude direct personal references.

  1. Google Ads

This website uses Google Ads, a programme of Google Inc ("Google"). The legal basis for the processing of personal data using Google Ads is Art. 6 para. 1 sentence 1 lit. f) GDPR. The operating company of the Google Ads component is:

Google Ireland Limited
incorporated and operating under the laws of Ireland
(Registration Number: 368047 / VAT Number: IE6388047V)
Gordon House, Barrow Street
Dublin 4
Ireland

Google Adwords is an online advertising programme that uses conversion tracking. If you reach our website via a Google advert, Google Adwords places a cookie on your computer. Each Google Adwords customer is assigned a different cookie. The legal basis for the processing of personal data using Google Adwords is Art. 6 para. 1 sentence 1 lit. f) GDPR.

Our company is only informed of the total number of users who have responded to the advert. No information is passed on that could be used to identify you personally. The use is not for tracking purposes.

  1. Use of Vimeo

We use videos on our website that are provided through the Vimeo platform. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages that includes a Vimeo video, a connection to the Vimeo servers is established. In doing so, the Vimeo server is informed which of our pages you have visited. Vimeo may also place cookies on your device or use similar recognition technologies (e.g., device fingerprinting), provided you have given your consent. This allows Vimeo to collect information about visitors to our website.

If you are logged into your Vimeo account, you allow Vimeo to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.

The use of Vimeo is in the interest of providing an attractive presentation of our online offerings and delivering video content. The legal basis for this is Art. 6(1)(a) GDPR, provided you have given your consent via our cookie consent banner. You can withdraw your consent at any time.

Data transfers to the USA are based on the EU Standard Contractual Clauses and/or the adequacy decision of the European Commission, where applicable. For more information on how Vimeo processes your data, please see Vimeo’s privacy policy:
https://vimeo.com/privacy

7. Deletion of data

The following provisions apply in addition to the information provided in section 2 of this privacy policy. The legislator has issued various retention periods and obligations. Once these periods have expired, the corresponding data is routinely deleted. If data is not affected by this, it will be deleted or anonymised if the purposes stated in this privacy policy no longer apply. Unless this privacy policy contains other, deviating provisions regarding the storage of data, the data collected by us will be stored by us for as long as it is required for the aforementioned purposes for which it was collected. Any further processing or use of your personal data will generally only take place if this is permitted by law or if you have consented to the data processing or use. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes prior to further processing and provide you with further relevant information. We store information for the purpose of detecting and tracking misuse, in particular your IP address, for a maximum of one month. The legal basis in this respect is Art. 6 para. 1 lit. f GDPR, the text of Art. 6 GDPR can be found here: http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&qid=1474615617790

Our legitimate interest in the retention of data for one month is to ensure the proper functioning of the website and the transactions conducted via it, as well as to be able to ward off cyber attacks and the like. We may use anonymous usage information to customise the design of the website.

8. Rights regarding the processing of personal data Right to information
You have the right to request information from us at any time about the personal data processed by us concerning you within the scope of Art. 15 GDPR. To do so, you can send a request by post or email to the addresses given above. You can find the text of Art. 15 GDPR under the following link:
http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&qid=1474615617790

Right to rectification of incorrect data
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you, Art. 16 GDPR. To do so, please use the contact addresses given above. You can find the text of Art. 16 GDPR here:
http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&qid=1474615617790

Right to cancellation
You have the right to immediate erasure ("right to be forgotten") of personal data concerning you if the legal grounds pursuant to Art. 17 GDPR apply. You can find the text of Art. 17 GDPR here:
http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&qid=1474615617790

Legal grounds exist, for example, if the personal data are no longer necessary for the purposes for which they were originally processed or if you have withdrawn your consent and there is no other legal basis for the processing; the data subject objects to the processing. To exercise your above right, please contact us at the contact addresses given above.

Right to restriction of processing
You have the right to restrict processing if the conditions are met and in accordance with Art. 18 GDPR. You can find the text of Art. 18 GDPR here:
http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&qid=1474615617790

Accordingly, the restriction of processing may be required in particular if the processing is unlawful and the data subject refuses the erasure of the personal data and instead requests the restriction of the use of the personal data or the data subject has objected to the processing pursuant to Art. 21 (1) GDPR pending the verification whether our legitimate grounds override yours. To assert your aforementioned right, please contact us at the contact addresses given above.

Right to data portability
You have a right to data portability in accordance with Art. 20 GDPR. You can find the text of Art. 20 GDPR here:
http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&qid=1474615617790

You have the right to receive the data concerning you, which you have provided to us, in a commonly used, structured and machine-readable format and to transmit those data to another controller, such as another service provider. The prerequisite for this is that the processing is based on consent or on a contract and is carried out using automated procedures. To assert your above right, please contact us at the addresses given above.

9. Right of objection

Contradiction

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based, inter alia, on point (f) of Art. 6(1) GDPR pursuant to Art. 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. To assert your aforementioned right, please contact us at the contact addresses given above.
You can find the text of Art. 21 GDPR here:

http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&qid=1474615617790

Right to lodge a complaint with a supervisory authority

If you believe that the processing of your personal data by us is unauthorised, you have the right to lodge a complaint with the supervisory authority responsible for us. The contact details of the state data protection authority responsible for you can be found at:

https://www.datenschutz-wiki.de/Aufsichtsbehörden_und_Landesdatenschutzbeauftragte

If you would like to contact the authorities, please contact us first - this will allow us to resolve your concerns quickly and easily.

10. Changes to this privacy policy / responsible party
The current version of this privacy policy is always available at www.masthave-app.com and refers exclusively to the website. The data protection information is subject to constant adaptation.

You can find the legal notice at www.masthave-app.com.

Controller within the meaning of the GDPR:
Global Allergy and Asthma Excellence Network

c/o DGAKI

Robert-Koch-Platz 7
10115 Berlin
E-Mail: info@masthave-app.com

Status: December 2024

CONTACT US

If you have any questions regarding the privacy policy, please contact us by: