CED Forum - Privacy Policy - Cross4Channel GmbH

  • Home
  • /
  • CED Forum – Privacy Policy

Data protection 

Cross4Channel – Gesellschaft für digitales Healthcare Marketing mbH (“Cross4Channel”) respects your privacy and we want you to feel safe when using our app. This privacy policy explains what data we collect via the mobile IBD Forumapplication (the "App") and how we use it. By using this App, you agree to the terms of this Privacy Policy.  

Note: For reasons of better readability, the language forms male, female and diverse (m/f/d) are not used and the male form is used instead. This is solely for the sake of better readability and is value-free. For reasons of equality, all personal designations apply equally to all genders. 

1. Your contact person

The contact person and so-called responsible person within the meaning of the General Data Protection Regulation (GDPR) for the data processing described below is  

Cross4Channel – Society for digital healthcare marketing mbH
Germaniastrasse 137
12099 Berlin 

E-mail:     

Contact details of the data protection officer: .  

Licensee of the application IBD Forum is Takeda Pharma Vertrieb GmbH & Co. KG. Neither Takeda Pharma Vertrieb GmbH & Co. KG nor subsidiaries or affiliated companies receive access to personal data. 

 

2. General information about the app

The app IBD Forum offers IBD patients and their families the opportunity to learn about and exchange information about chronic inflammatory bowel disease. The app also offers various functions for IBD patients to support them in their everyday lives.  

3. Data processing when using the app

3.1 Personal data 

Personal data is information that relates to an identified or identifiable person. This primarily includes information that allows conclusions to be drawn about your identity, such as your name, telephone number or email address.  

3.2 Health data 

A large number of the data processed in our app constitute health data. The term health data is to be interpreted very broadly. Health data is all data relating to the physical or mental health of a natural person. This includes, for example, personal notes on the course of the illness in a diary (such as bowel movements, sleeping habits, eating habits, food intolerances) and the medication plan prescribed by a doctor.  

3.3 Usage data 

When you use the app, we collect the following technical data to enable the app's functions, which is automatically collected from your mobile device and transmitted to us during use (this data is hereinafter referred to collectively as "usage data"):  

  • Your device name (e.g. “Apple iPhone 13” or “Samsung Galaxy s22”)
  • Operating system and version
  • App version
  • Set system language
  • General device data, such as language and regional settings
  • IP address of the end device
  • Date and time of use
  • Application ID to identify your app installation

To improve the app, the app also sends us error messages after a crash (i.e. after the app has unexpectedly closed due to a program error or has stopped responding to your input). The error messages do not contain any personal data, but only the aforementioned technical device information and information about which part of the app's software code caused the error. The usage data is logged for the internal log files after the end of each access. In individual cases, longer storage may be necessary in order to be able to contact you about a specific error. The error messages and the associated usage data are then stored until the respective error has been processed.   

We use the usage data and, if applicable, the error messages to enable the app to function and to identify and resolve any security risks or malfunctions and to ensure the stability of our systems. The legal basis for this data processing is Art. 6 (1) (b) GDPR, insofar as this concerns the provision of the app functions, and Art. 6 (1) (f) GDPR, according to which data processing is permitted to protect legitimate interests, insofar as this concerns the collection and further processing of data in internal log files. Our legitimate interests are ensuring the app functions, error detection and correction, and the early detection and defense against cyberattacks. 

3.4 System permissions 

For some functions, the app must be able to access certain services and data on your device. In order to use all of the app's functions, you must give your explicit permission to access them.  

The app needs access to your camera to add photos to the Consultation preparation This data is only stored locally on your smartphone. 

Furthermore, the use of the Toilet Finder your location is used to find the toilets in your area. 

When you start using the app, we will ask you whether we can send you messages (e.g. reminders) on the lock screen of your device - this depends on the operating system version of your mobile phone. You can decide for yourself whether you want to allow our app to send messages or not. Only general data, not personal data, is displayed on the lock screen. This function can be configured at any time in the settings of your operating system. The legal basis for the aforementioned data processing is Art. 6 Para. 1 lit. a GDPR.  

Takeda Pharma Vertrieb GmbH & Co. KG does not receive access to personal data and only receives aggregated and anonymized information.  

3.5 Registration in the CED Forum 

As a registered user, you have the opportunity to leave comments on individual content and posts in our forum.  

As part of the registration and setup of your user profile, we process the following personal data: the user name you have chosen and your email address. 

You can also provide voluntary information (age, gender, origin and description, IBD type, diagnosis since). Information that is absolutely necessary for registration is marked with an asterisk in the input mask as a mandatory field. With your user account, you have the opportunity to participate in discussions in our forum to exchange ideas with other users, to comment and to create new threads. 

The legal basis for data processing is your consent when registering for our forum in accordance with Art. 6 (1) lit. a, 9 (2) lit. a GDPR.  

Your personal data will not be passed on to third parties without your consent.  

Your profile data will be deleted as soon as you delete your account in our forum.  

3.6 Use of the app’s other functions 

Our app offers you various functions to support you as an IBD patient in your everyday life: 

  • The Toilet Finder finds toilets in your area. To do this, you need to share your location with the app.
  • In the calendar of My IBD you can manage your personal diary entries and consultation appointments. You can also enter medications and get support in adhering to your doctor-prescribed medication plan.

You can also link the calendar to your private calendar on your mobile device so that consultation appointments and medication intakes entered in the app are displayed in your private calendar. This means that this data is also transmitted to and processed by the operator/provider of the private calendar, but no information from the private calendar is transmitted to the app calendar. For more information on data processing within your private calendar, please read the respective data protection regulations of the provider; we have no influence on the processing of your private calendar.  

  • With News and information You will regularly receive articles on the topic of IBD from Takeda or expert third parties. Individual articles can be liked. These likes are stored on the server. 
  • In the area Nutrition You can, among other things, record food intolerances and access recipes for IBD sufferers provided by Takeda or expert third parties. Individual recipes can be rated. This rating is stored on the server. 

In order to be able to offer you a compatibility index for each recipe, we compare the entries in your food traffic light with the ingredients contained in the recipes. This comparison is carried out exclusively locally on your device.  

  • Under To know you will find a wealth of information on the subject of IBD.

Depending on how and to what extent you use the above-mentioned functions of the app, the personal data you enter will be collected, e.g. your diary entries, your doctor's appointments and other health-related information (such as your sleep quality or your eating habits or food intolerances). The legal basis for this data processing is Art. 6 Para. 1 lit. a, 9 Para. 2 lit. a GDPR. 

You also have the option of exporting your data for your own use. When you export, the data is saved locally as a PDF on your device.  

3.7 Synchronization of your data 

You have the option of activating the synchronization of the data you have entered yourself in the app (e.g. entries in the diary, in the consultation, the food traffic light or notes) in your profile, provided you have registered/logged in beforehand. If you have activated the synchronization, you can transfer and manage your data after logging in with your existing account, even when using a different device (e.g. when changing mobile phones).  

When synchronization is activated, your personal data will be stored in encrypted form on Google Firebase (see 5.4). The legal basis for this data processing is Art. 6 (1) lit. a, 9 (2) lit. a GDPR. 

If you deactivate the synchronization of your data within the app, the data stored on Google Firebase will be deleted and cannot be restored without reactivating the synchronization. 

3.8 If you use iOS, the following also applies to you: Using the app together with the Apple Watch 

You have the option of using this app in conjunction with the Apple Watch. The app is connected automatically as soon as the Apple Watch is paired with the corresponding mobile device. This connection is also automatic if the app is subsequently installed with a device that has already been paired.  

Using the Apple Watch gives you another way to enter your data, so that important functions (bowel movements, thrusts, weight and drinks) of the app can also be used via the Apple Watch.   

The legal basis for this processing is Art. 6 (1) (a), 9 (2) (a) GDPR. When you enter your personal data, it is stored in the Apple Watch and transmitted to the mobile phone app, provided that the Apple Watch and mobile phone are linked. With a further entry, the data is continuously updated on the Apple Watch and the data transmitted to the app is stored locally on the mobile phone.   

If you reset your Apple Watch, all data stored locally on the Watch will be deleted.  

You can find more information about data protection processing on the Apple Watch here: 

https://www.apple.com/legal/privacy/de-ww/  

4. Use and disclosure of information you provide

4.1 General 

The personal data you provide will be stored on your device in encrypted form. In addition, the encrypted data will be stored in a European data center of our service provider.  

Here's how we can use the information you provide: 

  • To provide you with the functions of the app (the legal basis for this data processing is Art. 6 Para. 1 lit. a, 9 Para. 2 lit. a GDPR).
  • To answer your inquiries and fulfill your requirements, for example to send you notifications and reset passwords (legal basis for this data processing Art. 6 Para. 1 lit. a,b, 9 Para. 2 lit. a GDPR).
  • To send you administrative information, such as information regarding the app and changes to our terms and conditions (legal basis for this data processing Art. 6 Para. 1 lit. a,b, 9 Para. 2 lit. a GDPR).
  • To enable you to send private messages to other members within the forum (legal basis for this data processing Art. 6 Para. 1 lit. a,b, 9 Para. 2 lit. a GDPR).
  • To comply with the terms of use of the app (legal basis for this data processing Art. 6 Para. 1 lit. a,b, 9 Para. 2 lit. a GDPR).
  • To research and work on an algorithm that will later be able to recognize side effect reports and predict disease progression. It is also used to carry out a so-called sentiment analysis (legal basis for this data processing Art. 6 Para. 1 lit. a, 9 Para. 2 lit. a GDPR).
  • To summarize and/or anonymize the data so that we can better understand the use of the app and analyze and predict usage patterns (the legal basis for this data processing is Art. 6 Para. 1 lit. f GDPR).
  • In the event of serious violations of our terms of use and unauthorized access or attempted access to our servers, we reserve the right to use individual data records to derive personal data (the legal basis for this data processing is our previously described legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR).

Some of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this data protection notice, these may include data centers, software providers, IT service providers, help desks, agencies, market research companies and consulting firms. If we pass on data to our service providers, they may only use the data to fulfill their tasks. The service providers have been carefully selected and commissioned by us. If these service providers process their data outside the European Union, this may result in your data being transferred to a country with a lower data protection standard than that in the European Union. In these cases, we ensure that the service providers concerned guarantee an equivalent level of data protection contractually or in another way (for example by concluding standard data protection agreements with the service provider or by certifying the service provider according to the EU-US Privacy Shield). You can obtain a copy of these guarantees from our data protection officer.  

4.2 Reporting of side effects 

We monitor the CED Forum and the app reviews for possible risks associated with the use of medicines (suspected cases of adverse events, but also misuse, abuse, overdoses, medication errors, occupational exposure, off-label use, use during pregnancy and breastfeeding, suspected product counterfeiting) as well as complaints regarding quality and forward these (content of the article) to Takeda Pharma Vertrieb GmbH & Co. KG. 

When monitoring the forum, we take into account whether you have entered a Takeda therapy code in the app. The code authenticates you as a patient of a specific type of therapy and thus gives you the right to access specific content. 

 In the event of a side effect report, personal data will only be passed on to a limited extent, namely the user name and, if applicable, the voluntary information provided (age, gender) and - if available - the therapy status using the stored therapy code. We also reserve the right to contact you if a side effect report has been received and the legal requirements must be met. 

The legal basis for this data processing is Art. 6 Para. 1 lit. a, 9 Para. 2 lit. a GDPR. 

5. Other services used

5.1 Facebook Connect 

You can also register and log in to our app using Facebook Connect with your existing Facebook profile data. Once you have logged in with Facebook Connect, no additional registration is required. 

If you would like to use this function, you will first be redirected to Facebook. There you will be asked to log in with your username and password. We will of course not have any knowledge of your login details. If you are already logged in to Facebook, this step will be skipped. Your user ID will then be sent to us. 

The legal basis for the aforementioned data processing is Art. 6 (1) lit. b GDPR. 

5.2 Google Sign In 

You can also register and log in to our app using Google Sign-In with your existing Google profile details. Once you have logged in with Google Sign-In, no additional registration is required. 

If you would like to use this function, you will first be redirected to Google (the provider for users from the European Economic Area, Switzerland and Liechtenstein is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4). There you will be asked to log in with your user name and password. We will of course not take note of your login details. If you are already logged in to Google, this step will be skipped. Your user ID will then be sent to us.   

The legal basis for the aforementioned data processing is Art. 6 (1) lit. b GDPR. 

5.3 Apple Sign In 

You can also register and log in to our app using Apple Sign-in with your existing Apple profile data. Once you have logged in with Apple Sign-in, no additional registration is required. If you would like to use this function, you will first be redirected to Apple. There you will be asked to log in with your user name and password. We will of course not take note of your login details. If you are already logged in with Apple, this step will be skipped. Your user ID will then be sent to us. The legal basis for the aforementioned data processing is Art. 6 Para. 1 lit. b GDPR. 

More information can be found here Sign in with Apple & privacy – Apple Support 

5.4 Facebook SDK 

We have integrated the so-called development tool Software Development Kit (SDK) from Facebook, Inc., 1 Hacker Way, 94025 Menlo Park, CA, USA, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The Facebook SDK is operated by Facebook Inc., Palo Alto, USA (Facebook). Individual activities (events) of the user within the app can be analyzed in order to, for example, define the target group for advertising campaigns more precisely and better. For this purpose, we send pseudonymized data to Facebook, such as the app ID, and the information that the app has been started. The advertising ID provided by the operating system of the end device serves as the pseudonym. The legal basis for storing this data is Art. 6 Paragraph 1 Sentence 1 Letter b GDPR.  

Facebook uses standard contractual clauses approved by the European Commission and relies on adequacy decisions issued by the European Commission when transferring data from the EEA to the USA or third countries. The transfer of data is therefore permitted under Art. 46 (2) (c) GDPR.  

Further information on the standard contractual clauses and adequacy decisions can be found here: 

https://www.facebook.com/help/566994660333381?ref=dp 

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en  

More information about the Facebook SDK can be found here:  

https://developers.facebook.com/docs/ios   

https://developers.facebook.com/docs/android   

You can find Facebook’s privacy policy here:  

https://www.facebook.com/about/privacy 

5.5 Google Firebase 

We use the developer platform “Google Firebase” and the associated functions and services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.   

Google Firebase is a platform for developers of applications (or "apps") for mobile devices and websites. Google Firebase offers a variety of functions, which are presented on the following overview page:  

https://firebase.google.com/products/

The functions include, among other things, the storage of apps including personal data of the application users, such as content created by you or information regarding your interaction with the apps (so-called "cloud computing"). Google Firebase also offers interfaces that allow interaction between the users of the app and other services, e.g. authentication using services such as Facebook, Twitter or using an email-password combination.  

The analysis of user interactions is carried out using the analysis service "Firebase Analytics". Firebase Analytics is designed to record how users interact with an app. Events are recorded, such as opening the app for the first time, uninstalling, updating, crashing or frequency of use of the app. The events can also be used to record other user interests, e.g. for certain functions of the applications or certain subject areas. This also makes it possible to create user profiles that can be used, for example, as a basis for displaying advertising tailored to users.    

Google Firebase and the personal data of users processed through Google Firebase may also be used together with other Google services, such as Google Analytics and Google Marketing Services and Google Analytics (in this case, device-related information such as “Android Advertising ID” and “Advertising Identifier for iOS” are also processed to identify users’ mobile devices).    

We use Google Firebase based on our own interests in the analysis, optimization, security and economic operation of our application and the apps we operate within the meaning of Art. 6 Para. 1 lit. f. GDPR. Furthermore, users are informed of the use of Google Firebase and associated services in accordance with the legal requirements and the specifications of Google and are asked for their consent when using the app. Use takes place on the legal basis in accordance with Art. 6 Para. 1 lit. a, 9 Para. 2 lit. a GDPR. Consent can be adjusted at any time at the beginning and also during use. A corresponding notice can be found in the app under the item Profile Settings. 

If data is transferred outside the EEC to the USA, this transfer is permissible according to Art. 46 Para. 2 c GDPR, since the standard contractual clauses have been agreed with Google, Inc. 

Google’s privacy policy is available at:  

https://www.google.com/policies/privacy  

Users can find out more information about Google’s use of data for marketing purposes on the overview page:  

https://www.google.com/policies/technologies/ads

If users wish to object to interest-based advertising through Google Marketing Services, users can use the setting and opt-out options provided by Google: 

http://www.google.com/ads/preferences

5.6 OpenStreetMap 

This app uses for the service Toilet Finder an interface to the database of the open source mapping tool “OpenStreetMap” (OSM), provided by the Association for Free and Open Source Software for Geoinformation Systems (FOSSGIS eV), Römerweg 5, D-79199 Kirchzarten. To access locations from OpenStreetMap, it is necessary to transfer your position to a server of FOSSGIS eV. The data from OpenStreetMap is used to find toilets in your immediate vicinity. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. You can find more information on how user data is handled on the data protection page of FOSSGIS eV (https://www.fossgis.de/datenschutzerklaerung). 

5.7 Google Maps 

This app uses for the service Toilet Finder for the visual representation of geographical information (the area map), the Google Maps API is used, which is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). When using Google Maps, Google also collects, processes and uses data about the use of the maps functions through the use of the toilet finder - in this context, the current position is transmitted to Google Maps in order to display the appropriate map section. Google Maps is used to find toilets in your immediate vicinity. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. 

For more information about data processing by Google Maps, please see the “Additional Terms of Use for Google Maps/Google Earth” (https://www.google.com/intl/de_de/help/terms_maps.html) and Google’s Privacy Policy & Terms of Service page (https://policies.google.com/privacy ) remove.  

6. Security

The data stored in the app is encrypted. The data stored outside the app is stored in data centers of our service providers in the EU and transmitted in encrypted form. We try to use all reasonable organizational, technical and administrative measures to protect the data you provide to us in the app. Unfortunately, it is not possible to guarantee the 100% security of a data transmission and storage system. If you have the impression that your interaction with us is no longer secure, please inform us immediately.  

Please note that we do not control and are not responsible for the security of your device or any other apps you use on your device. The security measures listed above apply only to the app and not to what you do outside of the app.  

7. Your privacy settings

You can stop the collection of the data you have entered in the app by deleting your account within the app and by canceling the synchronization. You can find the option to delete your CED Forum account under the menu item My account in the app. You can also synchronize your data via the point My account Configure using the slide switch next to “Synchronization”.  

If you would like to access, correct, update, suppress or delete any personal information you have provided to us through the App, you may access it through the App to delete the relevant information from the App.  

Your personal data is stored in a secure or encrypted form on a server backend system in data centers in Europe. You can request the deletion of this encrypted data using the contact form on the Cross4Channel GmbH website or by contacting us via the email address above. 

If you would like to delete your user account, you can do so actively in the app settings (select "Delete account"). In this case, we fulfill the obligation to delete your data by anonymizing it. Your account data will be deleted. The data aggregated via our analysis program will continue to exist as aggregated data.  

As long as your user account exists and is used, we will retain the data you provide for the time necessary to fulfill the purposes described in this privacy policy.  

8. Your rights

You have the right to information about how we process your personal data at any time. In this context, we will explain the data processing to you and provide an overview of the data stored about you. If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected. You can also request that your data be deleted. If deletion is not possible due to other legal provisions, the data will be blocked. You can also have the processing of your personal data restricted if, for example, you doubt the accuracy of the data. You also have the right to data portability, which means that we can send you a digital copy of the personal data you have provided upon request. In addition, you have the right to object to data processing if it is based on our legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR. You will also always find an unsubscribe link in newsletters. To assert your rights described here, you can contact the contact details given above in section 1 at any time. You also have the right to complain to the data protection supervisory authority responsible for us. You can also contact the data protection authority in the member state of your residence, which will then forward your request to the responsible authority. You can revoke any consent you have given for the processing of your personal data at any time with effect for the future and without giving reasons. The right of revocation can be asserted using the contact options given in section 1 and in the imprint. Please note, however, that if you withdraw your consent, object to the processing of your personal data or request that your data be deleted, you will no longer be able to use our app unless you expressly request it again. 

9. Updates

Since we are always striving to improve the protection of your data with our technical possibilities, we recommend that you review our data protection information from time to time and inform yourself about any changes that have occurred in the meantime. 

Status: 27.04.2022 

en_USEnglish
de_DEDeutsch en_USEnglish