Below we provide you with an overview of what data we collect for what purpose and how we ensure the protection of the data in short and in a more detailed form.
The controller is the Medicus Group ("we/us/our" or " Medicus") consisting of:
We offer services to our users' (the "User/you/your") on the Medicus CoVive application available for certain mobile telephones or other mobile devices ("CoVive App") (the "Service") and as further described in our Terms of Service available in its current version at covive.ai/termsofuse available on the CoVive website ("Terms of Service").
Controller / Data Protection Officer
The controller is Medicus AI GmbH
We have appointed a data protection officer who may be reached via firstname.lastname@example.org.
Purpose and Legal Basis of Processing Data; Provision and Recipients of Data
All personal data provided by you in the CoVive app are stored on your phone only and only transferred to or processed by us or any other third parties in anonymized form. If so, your personal data will be used for the following purposes:
We as well as our external service partners receive your data in order to process the data for providing our Service. You provide data if this is necessary for the aforementioned purposes. In the event you refrain from providing such data, you may face legal disadvantages, for example, limited or no possibility of using our Service.
Transfer of Data outside of the EU
In course of data processing by us, data may be transferred to third countries, i.e. countries outside the EU. This may happen via implementation of third-party providers such as cloud services and external service partners which process data on our behalf.
You have the right to withdraw your consent relating to the use of data any time with effect for the future when such data processing is based on your consent. You are entitled to access the data stored by us and are also entitled to amend or rectify your data if such data are incorrect.
You are entitled to request the erasure of your data
You are entitled to receive information about the stored data (in a structured, current and machine-readable format) at any time and to request the correction or deletion of the data in case of incorrect data storage.
You have also the right to lodge a complaint with a supervisory authority at your choice. An overview of the European National Data Protection Authorities may be found here:http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Period for Storing Data; Deletion
The data are deleted if such data are no longer necessary for the purpose of processing.
CoVive App is operated through a safe SSL-connection. If an SSL-connection is activated, third parties are prevented from reading any data that are transferred by you to us.
Personal data are any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal data includes e.g.name, email address or telephone number. Personal data also includes information about your health.
We will only collect, use and/or pass on personal data if this is permitted by law or if the User consents to the data processing. Consent of the data subject means any freely given, specific, informed and unambiguous indication of the person's (data subject) wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Applicable legal provisions are in particular those of the regulation (EU)2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data ("General Data Protection Regulation", GDPR).
For the use of the CoVive App you may enter personal data to use our Service, such as: Your age, sex, location, travel history, occupation and contact history.
For the use of the CoVive App you may also enter medical data to use our Service, such as: Experience of typical symptoms of Covid-19, Covid-19 test results, measurements of your body temperature, heart rate or blood pressure.
These Data are collected to perform the functions of the CoVive App, namely to calculate your risk assessment, offer you personalized recommendations to contact local health authorities and help you track your symptoms if you suffer from a Covid-19 infection.
You may change and delete these data any time within CoVive App. All personal and medical data will stay on the respective device of the User and results and recommendations given by the CoVive App are processed there. If you consent, your data will also be anonymized (stripped of all markers that allow for your identification) on your device, and the anonymized data will be transferred to our servers for statistical analysis of the Covid-19 pandemic. Anonymized and aggregated data may be shared with research institutions.
If such data are considered personal data, Medicus may process it based on Art. 6 (1) a. GDPR, medical data may be processed based on Art. 9 (2) a. GDPR. Processing will only with your explicit and informed consent, which you may revoke at any time.
Use of Google Firebase
Use of Google Firebase Crashlytics
Use of Google Maps
We will transfer your personal data to a third party only within the scope of legal provisions, i.e. if we are obliged to transfer the data due to a government or court order, or, if applicable, legal provisions authorize the transfer or if you give your explicit consent. Your data may be transferred outside the EU as follows:
Medicus Group, Cloud Appers and EOS Health SARL
When using our Service, your data may be transferred outside the EU to the controllers of the Medicus Group as set forth above and to Cloud Appers, Building no 16A, 2nd Floor Freezone Damascus, Jamarek Damascus, Syria, registration number 1953, and EOS Health SARL, Bshara El Khoury Street, Berytech Building, BDD 1294, Beirut, Mount Lebanon, 1100, registration number 1026304. All companies belonging to Medicus as well as Cloud Appers and EOS Health SARL have agreed to comply with data protection standards applicable in the EU via EU standard contractual clauses.
Right to Access (Art. 15 GDPR)
Every user has the right to be informed at any time and free of charge about the personal data stored about him/her. For further information, the user can contact e.g. email@example.com.
This right of access includes confirmation as to whether or not personal data is processed on the data subject and, if so, the detailed information about such processing.
The right to information does not exist if the data are only stored because they may not be deleted due to legal or statutory storage regulations, or only serve the purpose of data protection or data protection control and the provision of information would require a disproportionate effort and processing for other purposes is excluded by appropriate technical and organizational measures.
Right to withdraw consent (Art. 7 GDPR)
Every user has the right to withdraw his or her consent regarding the use, processing or transmission of his/her data at any time with effect for the future when such data processing is based in your consent. For this purpose, the user can contact
In the event of withdrawing the consent, we will no longer process and immediately delete the stored data of the user. This does not apply if we can prove compelling grounds for processing that are worthy of protection and which outweigh the interests, rights, and freedoms of the respective user or in case the processing serves to assert, exercise or defend legal claims. For example, we will continue to use data if it is still necessary for the implementation of the contractual relationship.
Correction and completion of data (Art. 16 GDPR)
The user or data subject has the right to demand that we immediately correct any incorrect personal data concerning him/her. Taking into account the purposes of processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration. For this purpose, you can contact firstname.lastname@example.org at any time.
Erasure ("right to be forgotten ", Art. 17 GDPR)
Medicus does not store any personal data that the User has entered in the CoVive App. The User has the right to have us delete any personal data concerning him/her that we store. For this purpose, the User can delete all data by him/herself or contact email@example.com.
In the event of termination of the User relationship, the User's data will be regularly deleted from the internal database. Data shall be excluded from deletion if, for example, processing of data is necessary for asserting, exercising or defending legal claims; e.g., performance of the contract with us or if there are legal retention periods that prevent deletion.
In the case of non-automated data processing, deletion is also not necessary if this would not be possible due to the special type of storage or would only be possible at disproportionately high expense and the interest of the Employee in the deletion is to be regarded as minimal. The deletion is then replaced by the restriction of processing.
Furthermore, we carry out a restriction of the processing and no deletion of the data, as long as and insofar as we have the reason to assume that a deletion would impair your interests worthy of protection or those of the person affected. In so doing, we will inform you or the affected person of the restriction on processing, provided that such information does not prove to be impossible or would require a disproportionate effort.
Restriction of processing (Art. 18 GDPR)
You also have the right to demand that the processing be restricted. For this purpose, you can contact firstname.lastname@example.org. You can only successfully enforce the right to restrict processing if one of the following prerequisites is met:
Right to data portability (Art. 20 GDPR)
You have the right to receive any personal data you have provided to us in a structured, current and machine-readable format. For this purpose, you can contact email@example.com. You also have the right to data portability vis-à-vis another controller, provided that the processing is based on a consent or on a contract to which the data subject is a party and that the processing is carried out by means of automated procedures. When exercising your right to data portability, you have the right to obtain the personal data to be transmitted directly by one person in charge to another person in charge, as far as this is technically feasible. This right shall not apply where the rights and freedoms of other persons are adversely affected or where processing is necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the person responsible.
Right to lodge a complaint
Each user has a right to lodge a complaint vis-á-vis a supervisory authority of his/her choice. An overview of the European National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Duration of the storage of personal data; deletion periods
As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum. In the case of long-term contractual relationships, such as the use of our Offer, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to the inventory data, to the maximum legal retention periods.
Criteria for the storage period include whether the data are still up-to-date, whether the contractual relationship with us still exists, whether an inquiry has already been processed, whether a process has been completed or not, and whether legal retention periods for the personal data concerned are relevant or not.
We have installed technical and organizational measures in order to safeguard our CoVive App against loss, destruction, access, changes or the distribution of your data by unauthorized persons. However, we cannot guarantee a complete protection for data transmitted to us against all dangers at all times, because information via the internet is not completely secure.
The CoVive App is operated through a safe SSL-connection. If a SSL-connection is activated, third parties are prevented from reading any data that are transferred by you to us.
For any inquiries and additional questions about processing personal data please contact us via firstname.lastname@example.org
We have appointed a data protection officer who may be reached via email@example.com
Copyright 2020. Medicus AI