Effective: [Insert Date] — This policy explains how we process your data in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR).
Daniel Pangerl
Address: Schmiedgasse 28
Email: hallo@dpangerl.de
(Art. 13(1)(a) GDPR)
a) Hosting & Access Logs
When visiting our website, we process:
- Anonymized IP address
- Date/time of access
- Accessed URL and referrer
- User agent (browser, OS)
Purpose: site functionality and security (Art. 6(1)(f) GDPR). Data is deleted within [X] days.
b) Analytics – Umami
We use Umami (self-hosted, cookie-free, privacy-focused) to track aggregate website usage.
- No personal data or IP addresses stored
- No cross-site tracking
- Data is anonymized and used solely for analytics (Art. 6(1)(f) GDPR)
Umami documentation: https://umami.is/docs/privacy
c) Newsletter – Mailjet
You may subscribe to our newsletter voluntarily.
- Collected data: your email address
- Legal basis: your consent (Art. 6(1)(a) GDPR)
- Email services provided by Mailjet SAS (France)
- Data stored in the EU
- You can unsubscribe at any time via the link in every email
Mailjet privacy policy: https://www.mailjet.com/legal/privacy-policy/
a) General Information
Rehaber is a mobile app available on iOS App Store and Google Play Store.
There are two user types: patients and physicians.
Patient users can use the app completely anonymously. No registration or identifiable data is required.
Physician users must create an account to access professional features and manage patient cases.
b) Data Handling for Patients
Patients receive a unique activation PIN from their physician. Entering this PIN links their device to a specific rehabilitation case managed by that physician.
- A random device-bound token is generated to associate the case with the device
- No names, emails, or other personal identifiers are required
- Usage data (e.g. completed exercises, responses) is stored pseudonymously
- The user can at any time delete all associated case data from the device or reconnect the case on a different device using the same PIN
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and legitimate interest in supporting research and app improvements (Art. 6(1)(f) GDPR)
c) Data Handling for Physicians
Physicians must register an account to use the app. Required personal data includes:
- Email address
- First name
- Last name
- Title (e.g., Dr., Prof.)
Optional data includes:
- Profile image (avatar)
- Contact details (e.g., clinic name, phone number, website)
- Additional personalization fields (e.g., location, job title)
This data is used to create and manage physician profiles, assign and manage patient cases, and optionally allow patients to view professional contact details.
Legal basis: Consent for optional fields (Art. 6(1)(a) GDPR); performance of a contract for required fields (Art. 6(1)(b) GDPR). All physician data is stored securely and only accessible to authenticated users with appropriate permissions.
d) No Third-Party Trackers
Rehaber does not include any third-party tracking, advertising, or analytics SDKs.
- Website logs: deleted after [X] days
- Newsletter data: stored until you unsubscribe
- Rehaber usage data: retained for the duration of the research project or until local deletion by the user
You may exercise the following rights:
- Access (Art. 15): Learn what data we store
- Rectification (Art. 16): Correct inaccuracies
- Erasure (Art. 17): Request deletion
- Restriction (Art. 18): Limit processing
- Portability (Art. 20): Obtain a copy in a common format (when applicable)
- Objection (Art. 21): Object to processing on legitimate interest grounds
- Withdraw Consent (Art. 7(3)): Unsubscribe from the newsletter
- Complaint (Art. 77): File a complaint with a supervisory authority
[Your Company Name]
Email: [your-email@example.com]
Address: [Your Address]