Data Protection Guidelines of SINOVO health solutions GmbH


SINOVO health solutions GmbH takes the issue of personal data protection very seriously. We organise our data processing in line with the statutory objective of collecting, processing or using only the personal data that is required for the reasonable and economic use of our offer.

In what follows, you will find out when data is saved during your use of the mylife software and how we use this data. We have taken organisational measures to ensure compliance with the regulations relating to data protection.

Should you do not agree with any aspect of our Data Protection Guidelines, you may be entitled to legal rights, which are likewise described here.


Scope of application

In these Data Protection Guidelines, the words "we", "our", "us" refer to:

•          SINOVO health solutions GmbH, Willy-Brandt-Straße 4, 61118 Bad Vilbel;

•          SINOVO business solutions GmbH, Willy-Brandt-Straße 4, 61118 Bad Vilbel


Personal data

SINOVO health solutions GmbH collects, processes and uses your personal data in compliance with the data protection laws of the Federal Republic of Germany and the data protection regulations of the European Union. Personal data is all the information that relates to a natural person or is at least obtainable and thus allows conclusions about this person's identity.

Our online offer can basically be used without the disclosure of your identity. In the event of your participation in one of our personalised services, you will be asked separately for the data required to complete the services. You can freely choose whether you wish to participate in these services and enter the appropriate information.

We expressly point out that the protection of data transfers in open networks, such as the Internet, cannot be fully guaranteed given the current state of the art. The information stored on the servers of SINOVO health solutions GmbH or the Microsoft Cloud may, from a technical point of view, also be viewed and changed by other participants on the Internet without authorisation. SINOVO health solutions GmbH or Microsoft have secured their servers against unauthorised access using proven and customary systems.



Type and extent of data collected and their use

When you visit our website (and its subdomains), the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information will be collected without any action on your part and stored until it is automatically deleted:

IP address of the requesting computer, date and time of access, name and URL of the retrieved file, website from which the access is made (referrer URL), browser used and, possibly, the operating system of your computer and the name of your access provider,

We process the data mentioned for the following purposes:

-        Ensuring the smooth establishment of your connection to our website,

-        Ensuring the easy use of our website,

-        Evaluating system security and stability as well as

-        For further administrative purposes.

The legal basis for the data processing is Art. 6(1)1f GDPR (General Data Protection Regulation). Our legitimate interest follows from the data collection purposes listed above. In no event do we use the data collected for the purpose of drawing conclusions about you.

In addition, we use cookies and analytical services when people visit our website. Further details on this can be found below.

When you access our website, we also collect certain information about you. For more information about this, see the section on 'log files'.

In order to evaluate and continuously improve the quality of our Internet offer, we undertake statistical evaluations of the visits to our pages. This is done in part by using counting graphics in our website. However, the data acquired in this way are strictly anonymised and do not allow any conclusions to be drawn regarding the personal data of the user or the identity of the user. Your data will never be used to create user profiles of any kind.

The data collected will be used for the following purposes:

-        The provision, maintenance, improvement and development of relevant functions, content and services;

-        The detection of and defence against fraudulent, abusive and prohibited activities as well as the protection and security of our services.

 Invitations to the mylife software online version

You can use the mylife Software to invite other people to join and view your online data. The personal data collected will be used exclusively for the invitation and not for other purposes.









Protection and storage of personal data

To ensure the best possible protection of your personal data, SINOVO health solutions GmbH uses Microsoft's cloud services (Windows Azure) with regard to the therapy and device data gathered by the mylife Software. These data are stored in Europe.

We retain your data only for as long as is required for the purposes set forth in these Data Protection Guidelines or for the period of time in which your account is active with SINOVO health solutions GmbH or Microsoft and it is necessary to do so in order to provide you with the services. If you no longer wish that SINOVO health solutions GmbH uses your data to provide the services to you, you can close your account and SINOVO health solutions GmbH will delete the stored data insofar as SINOVO health solutions GmbH is not obliged to keep your data for compliance with legal obligations or for settling disputes.

If we have not had any relevant contact with you for two years, we will erase your personal data from our systems unless we believe in good faith that we are required by law or otherwise to keep them (e.g. an enquiry in connection with a probable lawsuit).

Transfer of personal data to other third parties

We do not share personal information with other third parties. In particular, there is no disclosure of personal data to third parties for advertising purposes.


Transfer of data

Any transfer of your personal data to third parties for purposes other than those listed below does not take place.

We only pass on your personal information to third parties if:

·       you have given your express consent to this in accordance with Art. 6 para(1)1a GDPR,

·       disclosure pursuant to Art. 6(1)1f GDPR is required in order  to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in not disclosing your data,

·       in the event that disclosure pursuant to Art. 6(1)1c GDPR is a legal obligation, as well as

·       it is legally permissible and is required for the settlement of contractual relationships with you in accordance with Art. 6(1)1b GDPR.

Only anonymised data can be passed on to other third parties for evaluation purposes. Anonymization is a process in which personal data is modified in such a way that the details of personal or factual circumstances can no longer – or only with a disproportionate amount of time, costs and labour – be assigned to a particular or identifiable natural person.



If, however, you use further personalised services of our offer, the collection of personalised data and their transfer to third parties may be required for the purpose of carrying out and processing the service. However, these data are only stored or transmitted to the extent required for order processing. In order to do so, when you fill in the respective form, the submission of an explicit declaration of consent is required.

Third parties to whom your data is passed on in the context of order processing are, moreover, bound by the statutory provisions for the handling of personal data. Insofar as we are or will be required to do so by law or by court order, we will forward data, to the extent authorised by law, to the respective authorities entitled to receive information.


Right of revocation, right to disclosure, deletion and data portability

Rights of the data subject

You have the right:

·       in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can demand information on the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom your data have been or will be disclosed, the envisaged period for which the personal data will be stored, the right to rectification, erasure, restriction of processing or objection to such processing, the existence of a right to lodge a complaint, the source of your data, insofar as they have not been collected by us, as well as the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details;

·       pursuant to Art. 16 GDPR, to demand the rectification of inaccurate or the completion of incomplete personal data stored by us immediately;

·       in accordance with Art. 17 GDPR, to demand the erasure of your personal data stored by us, except where the processing is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

·       in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure of the personal data, and we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to  Article 21(1) GDPR;

·       pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller;

·       pursuant to Art. 7(3) GDPR, to withdraw your consent at any time. This will result in us not being allowed, in future, to continue the data processing that was based on this consent and

·       in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your habitual residence, place of work or place of our law offices.

Right of objection

Insofar as the processing of your personal data is required for the purposes of legitimate interests in accordance with Art. 6(1)1f GDPR, you have the right to object, at any time, to processing of personal data concerning you in accordance with Art. 21 GDPR, provided that there grounds relating to your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we implement without your specifying any particular situation.

If you would like to exercise your right of revocation or objection, an e-mail sent to will suffice.

You have the right to revoke your consent to the collection, processing and use of your personal data at any time, without stating reasons and with effect for the future. You can exercise this right by simply calling SINOVO health solutions GmbH or sending the revocation to us, e.g. in writing or by e-mail.

You are entitled, at any time, to request from SINOVO health solutions GmbH comprehensive information on the data stored concerning you.

You can also request, at any time, the correction, erasure and blocking of individual personal data by SINOVO health solutions GmbH.

If you wish, you have the right to transfer your data from us to another Data Controller. We will assist you by submitting your data directly to you or by providing you with a copy in a standard machine-readable format.


mylife Software online version  – Information for the exchange of data with other persons

Users or patients can use the online version of mylife to exchange data with the persons authorised to receive it (e.g. doctor, person of trust). Please note that the linking of personal data with the health data must be technically possible in order to allow your doctor to assign the data to the patient. However, SINOVO health solutions GmbH will not associate personal data with health data in such a way that people other than the authorised physician can assign health data to certain persons. Employees of SINOVO health solutions GmbH have been instructed accordingly and are bound by these Data Protection Guidelines. In no case will personal or health data be passed on to other third parties other than your authorised doctor or other authorised third parties or people authorised to retrieve the data. Access to data contained in mylife Software online version is only possible after the user ID and password have been entered. Doctors and persons of trust shall only gain access to the data after you have authorised your doctor to gain access, the doctor has logged in and the doctor has confirmed his/her registration when logging on. Doctors and persons of trust may use the mylife Software to exchange data with patients who have authorised them to access the patient data. The authorisation of the doctor or a third party can be revoked at any time. After revocation, no access for the respective doctor or third party is possible.




Use of cookies

After you have logged in (with your user name and password), the services of mylife online version use  cookies, with which you can be identified during the duration of your visit. A cookie is stored on your computer. After the end of the session, the cookie expires automatically. You can save this cookie permanently so that you can log in automatically by using the "Automatically log in to this computer" feature. The cookie will then contain parts of your log-in details in encrypted form. However, the automatic log-in to two (2) different computers is not possible in this case.


Log files

With every page you view, access data is stored in a log file, the so-called server log. The data set saved contains the following data:

• Your IP address (a unique identifying number that can be traced back to your device),

• the remote host (the name and IP address of the computer requesting the page),

• the time, status, volume of data transferred and the website from which you came to the requested page (referrer), as well as

• the product and version information of the browser used (user agent).

SINOVO health solutions GmbH uses the standardised log file format of the web server for this purpose. SINOVO health solutions GmbH uses the log data (logs) in an anonymised form, i.e. without assignment or references to your person, for statistical analysis. SINOVO health solutions GmbH may thus, for example, find out on which days and at which times the offers of mylife online version are particularly popular and what data volume is generated on the SINOVO websites. Moreover, SINOVO health solutions GmbH may recognise possible errors thanks to the log files, e.g. faulty links or bugs, and thus use the log files to further develop the mylife online version websites. SINOVO health solutions GmbH does not associate the page views and uses stored in the server log with individuals. SINOVO health solutions GmbH reserves the right, however, to subsequently check the log files via the last known IP address of such users who, on the basis of certain facts, are suspected of using the mylife online version of websites and/or the mylife services illegally or contrary to contract. This serves the protection of mylife members, the security of SINOVO member data, as well as the SINOVO websites and mylife services.

You can prevent the installation of the cookies by setting your browser appropriately. When a corresponding browser setting is used, cookies will not be saved. This may mean, however, that not all features of the mylife Software online version can be used.


Children under 18 years of age

Participation in mylife online services is reserved exclusively for adults. Parents or guardians are responsible for protecting the privacy of their children.

Persons under the age of 18 should not submit any personal data to us without the consent of their parents or guardians. We do not solicit, collect, store or disclose to any third party personal information collected from children.


Links to other websites

Insofar as our Internet pages contain links to the offers of other service providers, we cannot guarantee and cannot assume any liability for the fact that these Internet pages also comply with the statutory provisions. Please inform yourself on the respective websites, with the aid of the privacy policy of the respective provider, of the respective valid data protection standards.



Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

The supervisory authority responsible for SINOVO health solutions GmbH is the Data Protection Officer of the Federal State of Hesse.


Name and address of the controller

The Controller in terms of the General Data Protection Regulation is:

SINOVO health solutions GmbH
Willy-Brandt-Straße 4
61118 Bad Vilbel

Tel.: +49-61-09500 3900



Name and address of the Data Protection Officer:

The Data Protection Officer of the Controller is:

Sascha Hesse
Niddastraße 74
60329 Frankfurt am Main

Tel.: +49-61-09500 3947



This information is subject to legal regulations and may, therefore, require adjustments. If you have any questions, suggestions or comments, please contact us by e-mail at

The current Privacy Statement can be viewed and printed off at any time; please go to

Status: May 2018