Welcome to Emperra GmbH E-Health Technologies GmbH, hereinafter referred to as Emperra GmbH. Thank you for your interest in using the ESYSTA product system! The following components are part of this system:
We, Emperra GmbH, attach great importance to the protection of your data and the preservation of your privacy. To ensure that you are fully aware of the collection and use of personal data in the ESYSTA product system, please take note of the following information.
What is personal data?
This term is defined in Article 4 (1) EU-DSGVO:
""Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."
For example, this includes health data. This term is defined in Article 4 (15) of the EU GDPR:
""Health data" means personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, and from which information about their health status is derived."
Further information can be found at:
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679
As the website operator, Emperra GmbH collects data about access to the site and stores it as server log files. The following data is logged:
The data collected is only used to detect attempted attacks. The website operator reserves the right to check the server log files retrospectively if there are concrete indications of unlawful use. This data is stored for a maximum of 14 days.
We are legally obliged to ensure data security. The legal basis for this is Article 6, paragraph 1 c GDPR in conjunction with Section 4 (1), 6, Annex 1 DIGAV.
We collect, process, use and store your personal health data for the purpose of diabetes mellitus management. You create a user account for this purpose. Your data will only be collected, processed and stored for the period in which you use ESYSTA in accordance with your consent. The legal basis for this is Article 6(1)(a) and Article 9(2)(a) GDPR.
Your data will be collected, processed and stored in accordance with your consent for the period in which you use ESYSTA. Even if you delete your ESYSTA account, please note that our products are reimbursable and may therefore be subject to billing by health insurance companies, among others. Billing-relevant data is stored for 12 months in the customer data management system and then for up to 10 years in the archive, which corresponds to the statutory retention periods for companies in accordance with Section 147 of the German Fiscal Code (AO) and Section 257 of the German Commercial Code (HGB). Due to the retention obligations, the legal basis is Article 6 (1) c) GDPR. Any medical data and values collected in the ESYSTA application will be irrevocably deleted when the user account is deleted.
Automated decision-making, including profiling in accordance with Article 22 GDPR, does not take place.
When registering, we specifically ask for the following consents:
Required consent:
I agree to the General Terms and Conditions of Emperra GmbH and consent to my personal data being collected, processed and stored for the intended use of ESYSTA. This is necessary for the use of ESYSTA, billing and verification. Further information can be found in our privacy policy.
Required consent:
I am aware that the ESYSTA portal serves to supplement my diabetes mellitus monitoring and it is recommended that I discuss this with my treating doctor. I will always coordinate all adjustments to my treatment and detailed medical questions with my attending physician.
Optional consent:
I consent to data processing and data analysis to permanently guarantee the technical functionality,
user-friendliness and further development of the digital health application.
You can revoke this consent at any time in the settings.
Optional consent:
I agree to export the data from ESYSTA to the electronic patient file. The type and scope of the exported data are described in the privacy policy.
If you wish to withdraw the required consent, you will no longer be able to use ESYSTA. Please use the "Delete account" option. You can revoke the optional consents at any time and without giving reasons in the settings of your account.
The ESYSTA app and the ESYSTA portal allow you to share your data with your attending physician, provided they have registered in the ESYSTA portal for physicians ( https://doc.esysta.com ). You will need the following information to share your data:
After approval, your attending physician has read access to your data in the ESYSTA system. You can revoke this approval at any time in the approval menu.
By using the ESYSTA product system, you conclude a service contract with Emperra GmbH on the basis of Emperra GmbH's General Terms and Conditions. The use of the services of this contract is only possible with your declaration of consent. There is no contractual or legal obligation to provide your personal data, although details such as your name and e-mail address are mandatory for using the application.
You can use the ESYSTA app and therefore the portal at any time, even without other medical products/devices from the ESYSTA product system.
The following data is recorded when blood glucose meters are used:
The following data is recorded when insulin pens are used:
When using the Solosmart, the data collected is insulin injection data, namely:
When using the Solosmart, data on insulin delivery is recorded.
The collected data is stored in the Solosmart's internal memory..
The Solosmart has appropriate technical security measures in place to protect the security and confidentiality of the data, including preventing it from being falsified, damaged, disclosed or accessed by unauthorized third parties.
The data is collected and securely transmitted to the mobile application that was previously connected to the Solosmart so that this mobile application can enable medical monitoring.
The Solosmart stores the last 100 insulin deliveries.
All data stored in the Solosmart's internal memory will be deleted when the device is reset.
n accordance with the applicable regulations and under the conditions defined therein, users can exercise their applicable rights (data deletion) at any time by resetting the Solosmart.
For patients: You have the option of exporting your data to your electronic patient file (ePA). This requires registration with the health ID of your health insurance company with transmission of your health insurance number (KVNR), which we store for this purpose. If available in your ESYSTA account, the following data will be exported to your ePA:
Metadata for exportFor the use of the ESYSTA portal, we only use functional cookies in order to be able to provide you with all functions. These only identify your session and thus enable full use.
No other cookies are set for analysis or tracking purposes.
ESYSTA does not use any third-party analysis tools.
Upon request to our customer service, you as a user will receive free access to which personal data about you has been stored. Provided your request does not conflict with a legal obligation to store data (e.g. data retention), you have the right to correct incorrect data and to object to, block or delete your personal data. You can revoke your consent at any time, without giving reasons, with effect for the future.
If you wish to delete your customer account with ESYSTA, you can do this in the settings of your ESYSTA account.
The following message is displayed here:
"Attention! You are about to delete your account and your data completely. Please bear in mind that this may have consequences for your treatment documentation and, if released, also for your attending physician. If you wish to do this, we recommend that you export your data beforehand using the export function. [Cancel] / [Continue]. To finally delete your account, please enter your ESYSTA password and confirm [Delete account]. Otherwise, please click on [Cancel]".
Technical implementation: After the above-mentioned confirmation, all corresponding data is also technically deleted from the database.
Right of appeal:
Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection regulations (Art. 77 GDPR). You can also contact our external data protection officer. Contact: see point 9.
Our products and the systems necessary for the collection, use, processing and storage of data are protected against loss, destruction, access, modification or dissemination of your data by technical and organizational measures in accordance with a certificate of the international standard ISO/IEC 27001 in accordance with the current state of the art.
Our data processing systems, e.g. web servers, are located exclusively in the Federal Republic of Germany.
Hosting is provided by the ISO 27001-certified company Digitas GmbH, Heidi-Kabel-Platz 2, 20099 Hamburg.
This is data processing on behalf of Emperra GmbH in accordance with Article 28 GDPR. Your data will not be transferred to third countries.
Personal data is only transmitted and stored in encrypted form in accordance with the current state of the art.
Insofar as we use service providers to carry out and handle data processing processes, the contractual relationships are regulated in accordance with Article 28 EU GDPR. These contracts and the technical and organizational measures taken therein are regularly checked for specific compliance.
For the purpose of billing DiGA activation codes, these are transmitted to the billing service provider Noventi:
Address:
NOVENTI Health SE Berg-am-Laim-Straße 105
81673 Munich, Germany
Lützowstrasse 105
www.noventi.de
Link to the privacy policy:https://www.azh.de/datenschutz-impressum/datenschutz/
The personal data collected in the course of using the ESYSTA product system is transferred to the ESYSTA portal by Emperra GmbH for the purpose of documenting the automatic diary and stored and processed there.
If you have further questions about data protection at Emperra GmbH, please contact us
For confidential communications, e.g., the sending of prescriptions, please use the postal service.
Your written inquiries regarding data protection and privacy will normally be answered within one month of receipt.
Please note that this privacy policy only applies to the products of Emperra GmbH. Other data protection declarations and data protection and data security provisions may apply to the linked external content. You can find out who is responsible for the respective offer in the imprint of the respective provider.
All information contained on our website is regularly checked with the greatest possible care. If there are any relevant changes, we will update this privacy policy.
The current status is 29.11.2024.
ESYSTA® is a product and registered trademark of
Emperra® GmbH E-Health Technologies