iDIERS app from iDIERS GmbH
1.1. Responsible party
Provider of this app and responsible party in terms of data protection regulations is:
1.2. Intended use
iDIERS (app) is a software that provides patients with individualized movement therapies for the relief of musculoskeletal diseases for autonomous use at home. The software provides individualized training recommendations for the prevention of musculoskeletal diseases..
1.3. General information
iDIERS GmbH observes the principles of data protection by design and data protection by default in the development and operation of the app. The same applies in the course of the further development of our apps and in the implementation of new legal requirements.
In general, we process your personal and -related data in accordance with the requirements of the European Union‘s Data Protection Regulation (GDPR). Under no circumstances will we use your personal data for advertising or marketing purposes or pass it on to third parties outside iDIERS GmbH without your consent.
2. Use of your data (purposes of processing)
The iDIERS App from iDIERS GmbH can generally be used without entering personal data. It only collects data for documenting and optimizing the course of therapy, such as the training units completed or not completed, any existing pain in the postural and musculoskeletal system, and physical fitness (effort level). All information is voluntary. The iDIERS app does not send any data to iDIERS GmbH.
In connection with the use of the iDIERS App, data is collected for the following purposes:
– to the intended use of the digital health app by the users
Personal data such as name or date of birth are not evaluated during processing (in the sense of Art. 4 No. 2 GDPR) in connection with the iDIERS App (so-called personal data). The processing includes:
Information through the QR code (provided by your doctor):
- Doctor ID
- Patient ID
- Prescription period
- Activity level
- Exercises ID
Data stored on the cell phone:
- Videos, pictures and instructions regarding the exercises
- Settings: email address, voucher expiration date, training level, etc.
- Your comments
Data stored on the iDIERS server:
- Patient ID
- Email address (hash, anomysed, only for password loss)
- Password (hash, anonymized, only for password loss)
- Date account creation
- Doctor ID
- Creation date
- Activation date
- Validity period
- Voucher ID
- Training ID
3. Place of storage and data deletion
The data entered in the course of use is only stored and managed locally on your mobile device by the iDIERS app and thus remains in your hands. To delete all user data irretrievably, you only need to delete the iDIERS app from your mobile device.
If you delete the iDIERS app from your mobile device, your usage data will be permanently lost, as this data is not stored on the iDIERS server. However, you have the option to export the data before deleting the app.
Note: When using cloud-based backup functions of the operating system of your end device (smartphone), your data may still be available in the backup storage despite deletion of the app. Please refer to the operating instructions of the respective operating system.
You have the option of importing data from „Apple Health“ and „Google Fit“ into your iDIERS app. This imported data is also only stored locally on your mobile device.
We ensure that your personal data that is incorrect with regard ft he purposes ft he processing is deleted or corrected without delay.
3.1 Deletion concept (excerpt)
When you uninstall the iDIERS app, all user data on your mobile device will be deleted. We have no influence on the uninstallation process of the operating system. We cannot guarantee that all data, including caches and temporary files, will be deleted.
If you do not inform iDIERS of the deinstallation of the app (as a rule), all data on the iDIERS server will be deleted from the server by default after one year of inactivity.
Your aforementioned personal data will only be stored on the iDIERS server for as long as they are absolutely necessary for the provision of the promised functionalities of the digital health application or for other purposes resulting directly from legal obligations. After fulfilling these purposes – after a year without activities, i.e. without extending your exercises – the personal data on the server will be deleted.
The deletion is documented. It is clear who deleted what and when. These logs are kept for three years.
The management of iDIERS GmbH is responsible for the deletion; a review is carried out by the data protection officer of IDIERS GmbH.
Upon your request or your revocation of your consent, all data in your user account will be deleted immediately on the iDIERS server.
Before deleting the user account, you will be informed of any data that may be lost and of the right to data transfer in accordance to Article 20 of Regulation (EU) 2016/679.
4. Security of processing
The iDIERS App has been developed in accordance with current security standards and extensively tested to ensure optimal protection of your data.
We would like to point out that data transmission on the Internet (e.g., when you send exported data by e-mail) may have security vulnerabilities. We try to protect your data from unauthorized access by third parties by taking precautions such as pseudonymization, data economy, observance of deletion periods and taking into account the current state of technology. Despite these protective measures, unlawful processing by third parties cannot be completely ruled out.
It is ensured that the communication of the iDIERS App with other services is technically restricted to such an extent that no unauthorized data communication can take place from the iDIERS app via which personal data is sent.
For the data stored on the iDIERS server, we have taken security precautions that, among other things, exclude the transmission of your data to a third country.
No personal data will be disclosed to third parties via the iDIERS App or iDIERS unless this is directly necessary for the fulfillment of purposes pursuant to Section 4 (2) number 1 or the fulfillment of legal requirements and is limited to these purposes. The only parties involved in the processing of your data on the iDIERS server are:
Hewlett Packard (service exclusively via LOGIN)
Qnap (service exclusively via LOGIN)
Microsoft Server 2019 (no data transfer to vendor)
VMWare (no data transfer to manufacturer, support / maintenance via LOGIN. Infrastructure software, no access to operating system data).
Veeam (no data transfer to manufacturer, support / maintenance via LOGIN, no access to operating system data)
LOGIN SystemHaus GmbH
Hetzner Online GmbH (data center)
Securepoint GmbH (status messages AV, no transmission of personal data)
5. Your rights as a data subject
Als Betroffener haben Sie gemäß den Vorgaben der Datenschutzgrundverordnung (DSGVO) verschiedene Rechte, auf die wir Sie hinweisen möchten:
As a data subject, you have various rights in accordance with the requirements of the General Data Protection Regulation (GDPR), which we would like to point out to you:
§ Right to information:
You have the right to obtain information about the personal data stored about you to the extent set out in Article 15 of Regulation (EU) 2016/679.
§ Right to erasure and rectification:
You have the right to have rectification of inaccurate personal data concerning you and to completion of incomplete personal data concerning you.
To irretrievably delete all therapy-related data, you simply need to delete the iDIERS app from your mobile device. Information on this can be found in the operating instructions for your mobile end device.
All personal data stored on the iDIERS server will be deleted immediately upon your request or processed only in a restricted manner.
We will notify all recipients to whom your personal data has been disclosed of any rectification or erasure of the personal data or restriction of processing pursuant to Article 16, Article 17(1) and Article 18 GDPR, unless this proves impossible or involves a disproportionate effort. We will inform you about these recipients if you request this.
§ Right to object:
You have the right to object at any time, on grounds relating to your particular situation, rdert processing of personal data concerning you which is carried out on the basis of Article 6(1)€ or (f) DSGVO; this also applies to profiling based on these provisions. iDIERS will no longer process the personal data unless we can demonstrate compelling legitimate groun rdert the processing which override your interests, rights and freedoms, or the processing rdert the establishment, exercise or defense of legal claims.
§ Right to data portability:
In accordance with Article 20 of the GDPR, you have the right to read your therapy data collected using the app in a structured, machine-readable form–t – for example, rdert o to continue using it with another software. Under the menu it„m „Data trans“er“, the iDIERS app offers the option of exporting all therapy data or any subset as a PDF- or JSON-file.
You also have the right to receive the personal data concerning you that is stored on the iDIERS server in a structured, common and machine-readable format, and you have the right to transfer this data to another responsible party without hindrance from iDIERS.
§ Right to complain to the supervisory authority:
We are legally obliged to inform you that you have a right of appeal to the supervisory authority.
We do not use tracking tools.
7. Abrufbarkeit der Datenschutzbestimmungen
8. Your contact persons
In our company, compliance with the legal provisions and this statement is monitored by our company data protection officer. The administrators of the app have been trained in the handling of personal data and have been obligated to comply with data protection regulations. For questions regarding data protection, you can contact our data protection officer:
The external contact on the subject of data protection is the responsible supervisory authority:
Bavarian State Office for Data Protection Supervision
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Status: 20.10.2021, Version 4