Privacy policy

The purpose of this privacy policy is to inform you about how we process personal data. The protection of your privacy is of paramount importance to us, for which reason we ensure compliance with statutory provisions on data protection as a matter of course.

Name and contact details of the responsible party

Fosanis GmbH
Gerichtstraße 23
Hof 3, Aufgang 2
13347 Berlin
Germany

Email: support@mika.health

Data protection officer

If you have any questions regarding our data protection measures, the processing of your data or about the protection of your rights as a data subject, you can reach us and our data protection officer as follows:

External data protection officer:

ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21, 20354 Hamburg, Germany

For all questions and concerns regarding your data, please contact support@mika.health

Should you wish to communicate directly with our data protection officer (for example, because you have a particularly sensitive concern), please contact them by letter post since communication by email can always pose certain security risks. Please state in your enquiry that your concern relates to the company Fosanis GmbH.

Personal data

Personal data is all information about a specific or identifiable person. This includes the following categories of personal data that we process:

  • your contact details (such as your full name, address, email address and telephone number),
  • your correspondence with us,
  • log files containing information about your visit(s) to our website,
  • identification numbers (such as insurance numbers),
  • online identifiers (such as cookie IDs, IP addresses, advertising IDs),
  • health data (such as medical diagnoses, treatments, blood test results),
  • information about your health insurance.

Use of cookies

General information about cookies

A cookie is a text file with an identification number that is transferred to a user's computer when the website is used and stored there together with other actually requested data. The file will be stored there for later access and serves to authenticate a user. Since cookies are only simple files and not executable programs, they do not put devices at any risk.

Depending on the settings of the internet browser selected by a user, the device will accept cookies automatically. However, this setting can be changed and the storage of cookies deactivated or set in such a way that a user is notified as soon as a cookie is set. If the use of cookies is deactivated, some functions of the website may not be available or only available to a limited extent. The use of cookies by our website can be deactivated at any time by selecting the appropriate setting of the respective internet browser and thus permanently object to cookies being set.

Any cookies that have already been set can be deleted at any time using an internet browser or other software programs. We may cooperate with advertising partners who help us to make our website more interesting for you. In such cases, cookies from partner companies may also be stored on your hard drive when you visit our website (third-party cookies).

Session cookies

Session cookies are used for the duration of a session and are then automatically deleted when the executing browser is closed. For example, in the interest of improving user-friendliness they ensure that video and audio files can be played and that user entries are temporarily stored while they are being entered.

Persistent cookies

Persistent cookies will remain on your device after you close the browser.

These cookies can, for example, save your user preferences, such as language settings,

and analyse user behaviour on our website. The storage period of persistent cookies corresponds to the respective validity period of the individual cookie. Once this has expired, they are automatically deleted.

When you visit our website for the first time, you will be asked to consent to the use of cookies. You can call up further information on the cookies used under ‘Details’ in the corresponding window.

Purposes of use

Your data is processed for the following purposes:

  • for correspondence with you,
  • to conclude contracts with you,
  • for advertising, such as sending you our newsletter,
  • for quality assurance and statistics,
  • for the provision of our service,
  • for your participation in our competitions,
  • for your participation in our events,
  • for your participation in our surveys,
  • to consider your application,
  • to improve our service.

Legal basis

We rely on the following legal bases to process your data:

  • your consent, if you have given us such consent (art. 6(1)(a) UK GDPR),
  • the initiation or execution of a contract with you (art. 6(1)(b) UK GDPR),
  • to meet legal obligations (art. 6 (1)(c) UK GDPR),
  • the enforcement of our legitimate interests (art. 6(1)(f) UK GDPR).

Legitimate interests

Your data is processed for the purpose of safeguarding and/or pursuing the following legitimate interests:

  • the improvement of our offer,
  • the protection of our systems against misuse,
  • the compilation of statistics and
  • the storage of our correspondence with you.

Requirement or obligation to provide data

Unless expressly stated, the provision of your data is not required or mandatory.

Storage periods

We store your data

  • if you have consented to the processing, at most until you revoke your consent;
  • if we need the data to fulfill a contract, at most for as long as the contractual relationship with you exists;
  • if we use the data on the basis of a legitimate interest, at most as long as your interest in erasure or anonymization does not outweigh our interests;
  • if there are statutory retention requirements, until the end of the retention periods.

Data recipients

When processing your data, we collaborate with the following service providers,

who gain access to your data:We use Host Europe of Host Europe GmbH, Hansestraße 111, 51149 Cologne,  Germany for web hosting purposes. Any personal data captured on our website is stored on the hoster’s servers. The use of Host Europe is based on our legitimate interest to ensure our website is hosted in as error-free and secure a manner as possible (art. 6(1)(f) GDPR). For further information, please visit www.hosteurope.de

We use Matomo Cloud by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand for web analytics of our website. To this end, we process online identifiers and your usage data. Matomo uses cookies, which are stored on your computer and which allow an analysis of your use of the website, to achieve this. Matomo cookies will remain on your device until you delete them. All analysis data is exclusively stored locally on our server. It is NOT forwarded to Matomo itself. For further information visit: matomo.org

We use Facebook Pixel of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Republic of Ireland (‘Meta’) for the purpose of conversion measurement so as to display ads on Facebook and other websites for you and other interested users and to measure the impact of such advertising.

Facebook Pixel, which we have implemented on our website, allows your browser to establish a connection with Facebook, which in turn makes it possible to compare user data such as IP addresses or user IDs. If you are registered with Facebook, Meta can assign your visits to your account. In this way, your behaviour can be tracked if, for example, you click on a Facebook ad to reach our site or if you were redirected to the advertiser by clicking on an ad displayed by us. This makes it possible to evaluate ads in terms of their effectiveness for statistical or other market research purposes and to improve further advertising. We cannot draw any conclusions about the identity of users, but Meta may subsequently customise the placement of ads on and off Facebook. To do this, Meta may use cookies, web beacons or other storage technologies and may set a cookie for a maximum of 180 days with data that may include your visits to our website or your clicking on one of our advertisements, once you have given your consent to the use of cookies that require such permission. With your consent, data processing is carried out on the basis of art. 6(1)(a) UK GDPR. You can revoke your consent at any time with future effect via our management platform; this would not affect the legality of any data processed on the basis of consent granted prior to the revocation taking effect. In addition, you can also revoke your consent by adjusting your browser settings or as a logged-in user of the Facebook social media network at www.facebook.com. You can also deactivate user-based advertising via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/), via  www.youronlinechoices.com or the US-American website (www.aboutads.info). As a registered Facebook user, you can deactivate the ‘Custom Audiences’ remarketing function in the advertisement settings.  Insofar as personal data is collected on our website with the aforementioned tool and forwarded to Meta, limited joint responsibility for processing this data rests with both us and Meta. We have entered into a joint data controller agreement with Meta regarding the processing of your data in accordance with art. 26 GDPR, the terms of which can be viewed here: www.facebook.com. In accordance with this agreement, we are responsible for providing data protection information and for the secure implementation of the tool on our website in accordance with the law on data protection, whereas Meta is responsible for data security. Data subjects' rights with regard to the data processed by Meta can be asserted directly with Meta; any claims of this kind submitted to us will be forwarded to Meta. Further information on which personal data is processed within the framework of joint responsibility can be found at:  www.facebook.com. Any data processing carried out by Meta after onward transfer is not subject to joint responsibility.

It cannot be ruled out that Meta transfers data to the USA for the purpose of storage and further processing. Any such data transfer to the USA would be subject to the standard contractual clauses of the EU Commission: www.facebook.com and facebook.com More information about how Meta processes personal data, including ways to enforce your rights as a data subject against Meta, can be found in Meta's privacy policy at: www.facebook.com.

We use Google Analytics of Google Ireland Limited, Gordon House Barrow Street Dublin 4, Republic of Ireland (hereinafter referred to as ‘Google’). This service enables an analysis of the use of our website and uses cookies for this purpose. To this end, data generated by the cookie, such as your anonymised IP address, is transmitted on our behalf to a Google server, where it is stored and analysed. For use on our website, Google Analytics was extended by the code ‘gat._anonymizeIp();’, which ensures that IP addresses are captured anonymously. The anonymisation of your IP address is usually achieved by Google  shortening your IP address. The Google Analytics advertising function involves use of remarketing and performance reports broken down by demographic characteristics and interests. The purpose of these methods is to use information about user behaviour to tailor advertising measures more closely to the interests of the respective users. In the context of remarketing, personalised advertising measures may be placed on other websites based on a user's surfing behaviour on our website. In this regard, any such advertising material may contain products that a user previously viewed on our website. If you have given Google permission to link your web and app browsing history with your Google account and to use data captured from your Google account for the purpose of personalising ads, Google will use such data for cross-device marketing.

Most browsers automatically accept cookies. But you can disable the use of cookies by selecting the appropriate settings on your browser. Please be aware, though, that doing so may mean you cannot use the website to its full extent. You will have to adjust your settings for every browser you use. You can also prevent Google from capturing and processing data  by clicking on the following link, then downloading and installing the following browser add-on:

tools.google.com. Alternatively, or within browsers on mobile devices, please click on the following link: Link

This will place an opt-out cookie on your device for our website that will take effect for your currently used browser. If you delete your cookies in this browser, you will have to click on this link again. Data processing and in particular the setting of cookies are undertaken with your consent on the basis of art. 6(1)(a) UK GDPR. You can revoke your consent at any time without affecting the legality of any data processed on the basis of consent granted prior to the date of the revocation. In this respect, joint responsibility for capturing and processing the data of visitors to our website rests with both us and Google. We have entered into a joint data controller agreement with Google regarding the processing of your data in accordance with art. 26 UK GDPR. In particular, this agreement also regulates the security measures that Google is obliged to observe. The terms of the contract concluded with Google can be viewed here: privacy.google.com.

Further information on terms of use and data protection can be found at: marketingplatform.google.com and policies.google.com.

We use Cookiebot of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark to comply with EU regulations regarding the use of cookies on our website as well as to obtain relevant user permissions for using cookies on our website. This involves capturing the following data: user IP numbers in anonymised form (the last three digits are set to '0'), date and time when consent was granted, the user agent of a user's browser, the URL from which the consent was sent, an anonymous, random and encrypted key, users’ consent status, which serves as proof of consent. Further information about the provider can be found at: www.cookiebot.com.

We use Calendly of Calendly, LLC, BB&T Tower 271 17th St NW, Atlanta, GA 30363, USA, to plan, prepare and track appointments. For this purpose, data that was provided by you, such as contact information and online identifiers, is captured. More information on the provider can be found at: calendly.com.

We use Placetel of BroadSoft Germany GmbH c/o Cisco Systems GmbH, Lothringer Straße 56, 50677 Cologne, Germany as cloud telephony software for incoming and outgoing calls. This entails processing a user’s contact details and data relating to their correspondence with us. More information about the provider can be found at: www.placetel.com.

We use Sendinblue of Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany for customer relationship management purposes. Any data you enter in the form on our website and in any correspondence with us will therefore be processed. Such data may include contact details, correspondence data, identification numbers, health data and information about your health insurance. More information on the provider can be found at: www.sendinblue.com.

We use Pipedrive of Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia as our CRM tool for managing customer relationships with medical professionals. For these purposes we process contact and correspondence data. When you contact us (using the contact form or by email), user details will also be processed for the purpose of handling and dealing with the respective enquiry. In addition, we use the Pipedrive CRM system in pursuit of our legitimate interests. In order to process messages as quickly as possible, we use contact forms provided by Pipedrive. The data transmitted when filling out these forms is sent to Pipedrive and stored on Pipedrive servers. Further information can be found in Pipedrive's privacy policy at: www.pipedrive.com

We use One.com of One.com Group AB, Carlsgatan 3, 211 20 Malmö, Sweden as our email provider. Achieving this involves processing all correspondence data appertaining to email exchanges. We have concluded an agreement with One.com to ensure that data protection requirements are met and that data protection regulations are observed. More information on data protection at One.com can be found at:  www.one.com

We use Vimeo social media plugins of Vimeo LLC, 555 West 18th, Street, NY 10011, USA to embed Vimeo videos on our website. When you visit our website a connection will be established with the Vimeo servers. Vimeo will also be informed that you visited our website in the form of your IP address. If you are logged in to Vimeo, Vimeo can assign your visit to our website to your user account. If you interact with the plugin (for instance. by clicking on an embedded video), this will be assigned to your profile and stored by Vimeo. We have no influence on the scope and content of the data collected by Vimeo. To prevent captured data being assigned to your profile, you will have to log out of your account. More information on Vimeo’s privacy policy can be found at: vimeo.com.

We use Quform of ThemeCatcher Ltd, 20-22 Wenlock Road, London, UK to provide forms on our website. This involves the use of online identifiers, contact details, identification numbers, health information, information about your health insurance and any additional information you provided when filling out various forms. More information on data protection can be found at: www.themecatcher.net.

Transfer to third countries

We transfer data outside of the United Kingdom. This kind of data transfer is subject to agreements that have been concluded in the interest of ensuring a sufficient level of data protection. These agreements can be made available for viewing on request.

Your rights

 Your rights as a data subject are as follows:

  • To request information about how your data is processed and to receive a copy of your personal data. Among other things, you can demand information regarding the purposes of data processing, the personal data categories that are processed, the recipients of such data (in case as such data is transferred), storage periods or the criteria for determining such storage periods.
  • To receive personal data relating to you in a structured, commonly used and machine-readable format or to transfer it to another controller or person responsible.
  • To rectify your data. If your personal data is incomplete, you are entitled to complete it under consideration of the purposes pursued by such data processing.
  • To have your data deleted or blocked.
  • To restrict the extent to which your data is processed.
  • To object to the processing of your data.
  • To revoke your consent to your data being processed with future effect.
  • To lodge a complaint with the relevant supervisory authority regarding unlawful data processing.

Status of the data protection declaration

This information will be updated should changes in our process occur.

Date of this privacy policy: 05.04.2023