Privacy Policy Training

Updated April 2020

Table of contents

I. Controller’s name and address
II. Data Protection Officer’s contact details
III. Data processing on the HelloBetter platform
IV. Data subject’s rights
V. Provision of the platform and creation of log files
VI. Use of cookies
VII. Email contact
VIII. Corporate presences
IX. Use of corporate presences in career-oriented networks
X. Hosting
XI. Registration
XII. Content delivery networks
XIII. Telemetry data

I. Controller’s name and address

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States and other provisions of data protection law is:

GET.ON Institut fuer Online Gesundheitstrainings GmbH
Rothenbaumchaussee 209
20149 Hamburg
Germany
+49 (0)40 / 532 528 67
kontakt@hellobetter.de
www.hellobetter.de

II. Data protection officer’s contact details

The controller’s Data Protection Officer is:

DataCo GmbH
Dachauer Straße 65
80335 Munich
Germany
+49 89 7400 45840
www.dataguard.de

III. Data processing on the HelloBetter platform

On this page, we provide you with information about the data protection regulations applicable on the HelloBetter platform (“platform”). The platform is a website from GET.ON Institut für Online Gesundheitstrainings GmbH, Rothenbaumchaussee 209, 20149 Hamburg, Germany (“GET.ON GmbH”, “we” or “us”).

1. Scope of the personal data processing

As a rule, we only process our users’ personal data to the extent necessary to provide a functioning platform, our content and our services. The personal data of our users is normally processed only with user consent. The following personal data is processed:

  • Usernames
  • Insurance number
  • Insurance company
  • Email
  • Telephone number
  • Date of birth
  • Gender
  • IP
  • Browser
  • Your answers from the questionnaires (screening)
  • Symptom level
  • Texts that you write in text fields during the training to complete exercises or to get in contact with us
  • Messages to us via the training platform’s encrypted message function
  • Language

2. Purpose of the personal data processing

For the user: In order to use the tool effectively, the user needs to think about their own data and mental health status.
For the practitioner: They must be able to monitor the patient’s progress and provide feedback.
For the company: The company uses the data to fulfil the contract, provide the online service, provide the online training, validate the effectiveness of the online training, optimise the platform, improve adherence and enhance stability.

3. Legal basis for the processing of personal data

The processing is necessary to safeguard the legitimate interests of our company or a third party, then Art. 6(1)(1)(f) GDPR is the legal basis for processing. In addition, Art. 6 (1)(1)(b) GDPR (fulfilment of a contract with the data subject) and Art. 9(2)(a) GDPR (health data consent) serve as further legal bases.

4. Data deletion and storage period

The data subject’s personal data is erased or blocked once the aforementioned purpose for storage no longer exists. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data is also blocked or erased when a storage period specified by the aforementioned laws expires, unless it is necessary to continue to store the data for conclusion or performance of a contract.

5. Right to objection and revocation:

To make their profile anonymous, the user can write an email to support@hellobetter.de. The training data is also anonymised.

IV. Data subject’s rights

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you are entitled to the following rights with regard to the controller:

1. Right to information

You may obtain confirmation from the controller as to whether or not it is processing your personal data.
In the event of such processing, you may request the following information from the controller:

• the purposes for which personal data is processed;
• the categories of personal data that are processed;
• the recipients or categories of recipient to whom your personal data has been or will be disclosed;
• the planned storage duration of your personal data, if it is not possible to give specific details, criteria for determining the storage duration;
• the existence of a right to rectification or deletion of the data subject’s personal data, a right to restriction of processing by the controller or to of a right to objection to such processing;
• the existence of the right to appeal to a supervisory authority;
• where the personal data is not collected from the data subject, any available information as to their source;
• the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful data about the involved logic, scope and intended impact of such processing with regard to the data subject.

You have the right to request information as to whether your personal data is transferred to a third country or to an international organisation. In this relation, you may request to be informed of the appropriate guarantees in connection with the transfer pursuant to Art. 46 GDPR.

This right to information may be limited if it is likely to render impossible or seriously hinder the achievement of the research or statistical purposes and the limitation is necessary for the achievement of the research or statistical purposes.

2. Right to rectification

If your processed personal data is incorrect or incomplete, you have the right to ask the controller to correct and/or complete the data. The controller must make the correction without delay.

Your right to rectification may be limited if it is likely to render impossible or seriously hinder the achievement of the research or statistical purposes and the limitation is necessary for the achievement of the research or statistical purposes.

3. Right to restriction of processing

Under the following conditions, you may request that processing of your personal data is restricted:

• if you dispute the accuracy of your personal data for a period of time that allows the controller to verify the accuracy of the personal data;
• the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
• the controller no longer needs the personal data for the purposes of processing, but you need this to assert, exercise or defend legal claims, or
• if you have lodged an objection against the processing pursuant to Art. 21(1) GDPR, and it has not yet been established whether the controller’s legitimate reasons outweigh yours.

Where – with the exception of its storage – the processing of your personal data has been restricted, such data may not be processed without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.

If the processing was restricted in accordance with the above conditions, the controller will inform you before the restriction is lifted.

Your right to restriction of processing may be limited if it is likely to render impossible or seriously hinder the achievement of the research or statistical purposes and the limitation is necessary for the achievement of the research or statistical purposes.

4. Right to deletion

a) Duty to delete

You may obtain from the controller the erasure of your personal data without undue delay and the controller has the obligation to erase this data without undue delay where one of the following grounds applies:

• Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
• You revoke your consent to which the processing is subject pursuant to Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR and no other legal basis for the processing exists.
• You object to the processing pursuant to Art. 21(1) GDPR and there are no legitimate reasons for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
• Your personal data was processed unlawfully.
The deletion of your personal data is necessary to fulfil a legal obligation under Union or national law to which the controller is subject.
Your personal data concerning was collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

b) Information to third parties

Where the controller has made your personal data public and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform other controllers processing the personal data that you have requested these controllers to delete any links to, or any copy or replication of, this personal data.

(c) Exceptions

The right to deletion does not exist if the processing is necessary

• for the exercise of freedom of expression and information;
• to fulfil a legal obligation which requires the processing under the law of the Union or of the Member States to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• for the assertion, exercise or defence of legal claims.

5. Right to rectification

If you have exercised your right to rectify, delete or limit the processing of your personal data vis-à-vis the controller, the latter is obliged to notify all recipients to whom your personal data has been disclosed of such rectification, deletion or limitation, unless this proves impossible or involves a disproportionate effort.
You have the right vis-à-vis the controller to be informed of such recipients.

6. Right to data portability

You have the right to receive your personal data that you provided to the controller in a common and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance by the controller to whom you provided the data, provided that

• the processing is based on consent pursuant to Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(1)(a) GDPR and
• the processing is carried out using automated procedures.

By exercising this right, you also have the right to ensure that your personal data is transmitted directly from one controller to another, if this is technically feasible. In doing so, the freedoms and rights of other persons may not be impaired.

The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6(1)(1)(e) or (f) GDPR, including profiling based on those provisions.
The controller will no longer process your personal data unless it can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or unless the processing is for the purposes of asserting, exercising or defending legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing; this also includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the controller will no longer process your personal data for such purposes.

Notwithstanding Directive 2002/58/EC, you can also exercise your right of objection relating to the use of data society services by means of automated procedures that use technical specifications.

You also have the right to object, for reasons emanating from your particular situation, to the processing of your personal data for the purposes of scientific or historical research or for statistical purposes in accordance with Art. 89(1) GDPR. This right to object may be limited if it is likely to render impossible or seriously hinder the achievement of the research or statistical purposes and the limitation is necessary for the achievement of the research or statistical purposes.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your consent given under data protection law at any time. The revocation of consent does affect the lawfulness of processing based on consent before its revocation.

9. Automated decision in individual cases including profiling

You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This shall not apply if the decision

• is necessary for the conclusion or fulfilment of a contract between you and the controller,
• is authorised by Union or national legislation to which the controller is subject, and that legislation provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
• is made with your express consent.

However, these decisions may not be based on special categories of personal data in accordance with Art. 9 (1) GDPR, unless Art. 9(2) (a) or (b) GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3) above, the controller shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, which include at least the right to obtain the intervention of any person from the side of the controller, to express your point of view and to challenge the decision.

10. Right to complain to a supervisory authority.

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State where you reside, where your place of work is based or where the alleged infringement took place, if you consider that the processing of your personal data is in infringement of the GDPR.

The supervisory authority to which the complaint has been submitted will inform the complainant of the status and the results of the complaint, including the possibility of a legal remedy under Art. 78 GDPR.

V. Provision of the platform and creation of log files

1. Description and scope of the data processing

Whenever our website is requested, our system automatically collects data and information from the computer system of the requesting computer.
The following data is collected in this regard:

• Information about the browser type and version used
• The user’s operating system
• The user’s IP address
• Date and time of access,

This data is not stored in our system’s log files. This data is not stored together with the user’s other personal data.

2. Purpose of the data processing

Temporary storage of the IP address in the system is necessary to enable delivery of the platform to the user’s computer. To this end, the user’s IP address must remain stored for the duration of the session.

The storage of data in log files serves to ensure the functionality of the platform. The data is also used to optimise the platform and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

These purposes also include our legitimate interest in data processing pursuant to Art. 6(1)(1)(f) GDPR.

3. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6(1)(1)(f) GDPR.

4. Duration of storage

The data is deleted once it is no longer needed to fulfil the purpose for which it was collected. If data is collected to aid provision of the platform, this is carried out when the relevant session has ended.
If the data is stored in log files, this is carried out after seven days at the latest. It is possible that data may be stored beyond this time. In this case, the users’ IP addresses are deleted or distorted to ensure that assignment to the calling client is no longer possible.

5. Objection and removal option

The collection of data for provision of the platform and the storage of data in log files are essential for operation of the website. Accordingly, the user has no option to object.

VI. Use of cookies

1. Description and scope of the data processing

Our platform uses cookies. Cookies are small text files that are stored in an internet browser or that an internet browser stores on the user’s computer. When a user visits a platform, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the platform is called up again.
We use cookies to make our platform more user-friendly. Some elements of our website require that the visiting browser can also be identified after changing the page.

The following data is stored and transmitted in the cookies:

• Log-in information:

The user data collected in this way is pseudonymised by technical means. Therefore, it is no longer possible to assign the data to the visiting user. The data is not stored together with other personal data of users.

2. Purpose of the data processing

Technically necessary cookies are used to help simplify the use of platforms for users. It may not be possible to offer some features of our website without the use of cookies. It is necessary for these that the browser is recognised even after a page change.
We require cookies for the following applications:

• Session cookies
The user data collected via technically necessary cookies is not used to create user profiles.

3. Legal basis for data processing

The legal basis for the processing of personal data using these technically necessary cookies is Art. 6(1)(1)(f) GDPR.

4. Duration of storage, option to object and possibility of removal

Cookies are stored on the user’s computer and are transmitted to our site by the user. Therefore, as a user you also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our platform, it may be the case that some platform features will no longer be usable to the full extent.
If you use version 12.1 or later of the Safari browser, cookies are automatically deleted after seven days. This also applies to opt-out cookies, which are set to prevent tracking measures.

VII. Email contact

1. Description and scope of the data processing

On our website, it is possible to contact us via the provided email address. In this case, the user’s personal data that is transmitted with the email is stored.
The data is used solely for processing the conversation.

2. Purpose of the data processing

When contacting us by email, this is also the necessary legitimate interest in processing the data.

3. Legal basis for data processing

If the user has given their consent, the legal basis for the data processing is Art. 6 (1) (a) GDPR.
The legal basis for the processing of data that is transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If you contact us via email with the intention of concluding a contract with the company, the additional legal basis for the processing is Art. 6 (1) lit. f GDPR.

4. Duration of storage

The data is deleted once it is no longer needed to fulfil the purpose for which it was collected. For personal data that was sent via email, this is then the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been successfully resolved.

Personal data additionally collected during the sending operation is erased after not more than seven days.

5. Objection and removal option

The user may at any time revoke their consent to the processing of personal data. If the user contacts us by email, they may at any time object to the storage of their personal data. In such a case, the conversation may not be continued.
Users can send an email to support@hellobetter.de

In such a case, all personal data that was stored in the course of making contact is deleted.
Users can send an email to support@hellobetter.de

VIII. Corporate presences

Use of corporate presences in career-oriented networks

Instagram:
Instagram, Part of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland

On our company website, we provide information and offer Instagram users the possibility to communicate with us. If you carry out an action on our corporate presence on Instagram (e.g. comments, contributions, likes, etc.) it is possible that you will make personal data (e.g. your real name or photo of your user profile) public. However, as we generally or to a large extent have no influence over the processing of your personal by Instagram as the company co-responsible for GET.ON Institut für Online Gesundheitstrainings GmbH’s corporate presence, we cannot provide any binding information on the purpose and scope of processing your data.
Our corporate presence in social networks serves the purpose of communication and information exchange with (potential) customers. In particular, we use corporate presences for:

marketing, employer branding, business development

Publications on the corporate presences may contain the following content:

• information about products
• advertising
• customer contact

Every user is free to publish personal data via activities.

The legal basis for the data processing is Art. 6(1)(1)(a) GDPR.

The data generated by our corporate presence is not stored in our own systems.

Instagram has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Instagram undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

You can at any time object to the processing of your personal data that we collect during your use of our corporate presence on Instagram and assert your rights as a data subject as set out in IV. of this Privacy Policy. Please send us an informal email to: For more information on how Instagram processes your personal data and how to opt-out, please click here:
Instagram: https://help.instagram.com/519522125107875

Twitter
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

On our company website, we provide information and offer Twitter users the possibility to communicate with us. If you carry out an action on our corporate presence on Twitter (e.g. comments, contributions, likes, etc.) it is possible that you will make personal data (e.g. your real name or photo of your user profile) public. However, as we generally or to a large extent have no influence over the processing of your personal data by Twitter as the company co-responsible for GET.ON Institut für Online Gesundheitstrainings GmbH’s corporate presence, we cannot provide any binding information on the purpose and scope of processing your data.
Our corporate presence in social networks serves the purpose of communication and information exchange with (potential) customers. In particular, we use corporate presences for:

marketing, employer branding, business development

Publications on the corporate presences may contain the following content:

• information about products
• advertising
• customer contact

Every user is free to publish personal data via activities.

The legal basis for the data processing is Art. 6(1)(1)(a) GDPR.

The data generated by our corporate presence is not stored in our own systems.

Twitter has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, Twitter undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

You can at any time object to the processing of your personal data that we collect during your use of our corporate presence on Twitter and assert your rights as a data subject as set out in IV. of this Privacy Policy. Please send us an informal email to: For more information on how your personal data is processed by Twitter and how to opt-out, please click here:
Twitter: https://twitter.com/en/privacy

YouTube:
YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States

On our company website, we provide information and offer YouTube users the possibility to communicate with us. If you carry out an action on our corporate presence on YouTube (e.g. comments, contributions, likes, etc.) it is possible that you will make personal data (e.g. your real name or photo of your user profile) public. However, as we generally or to a large extent have no influence over the processing of your personal by YouTube as the company co-responsible for GET.ON Institut für Online Gesundheitstrainings GmbH’s corporate presence, we cannot provide any binding information on the purpose and scope of processing your data.
Our corporate presence in social networks serves the purpose of communication and information exchange with (potential) customers. In particular, we use corporate presences for:

marketing, employer branding, business development

Publications on the corporate presences may contain the following content:

• information about products
• advertising
• customer contact

Every user is free to publish personal data via activities.
The legal basis for the data processing is Art. 6(1)(1)(a) GDPR.

The data generated by our corporate presence is not stored in our own systems.

YouTube has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, YouTube undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

You can at any time object to the processing of your personal data that we collect during your use of our corporate presence on YouTube and assert your rights as a data subject as set out in IV. of this Privacy Policy. Please send us an informal email to: For more information on how your personal data is processed by YouTube and how to opt-out, please click here:
YouTube: https://policies.google.com/privacy?gl=DEl=de

IX. Use of corporate presences in career-oriented networks

1. Scope of the data processing

We use the possibility to host corporate presences on job-oriented networks. We maintain a corporate presence on the following job-oriented networks:
LinkedIn:
LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland
XING:
XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland

On our website, we provide information and offer users the possibility to communicate with us.
The corporate presence is used for applications, information/PR and active sourcing.
We do not hold any information on the processing of your personal data by the companies jointly responsible for the corporate presence. You can find further information on this in the Privacy Policy of:
LinkedIn:
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
XING:
https://privacy.xing.com/en

If you carry out an action on our corporate presence (e.g. comments, contributions, likes, etc.) it is possible that you will make personal data (e.g. your real name or photo of your user profile) public.

2. Legal basis for data processing

The legal basis for processing your data in connection with the use of our corporate presence is Art.6(1)(1)(f) GDPR.

3. Purpose of the data processing

Our corporate presence serves to inform users about our services. When doing so, every user is free to publish personal data via activities.

4. Duration of storage

We will store your activities and personal data published via our corporate presence until you revoke your consent. In addition, we comply with the statutory retention periods.

5. Objection and removal option

You can at any time object to the processing of your personal data that we collect during your use of our corporate presence and assert your rights as a data subject as set out in IV. of this Privacy Policy. To do so, please send us an informal email to the email address stated in this data protection declaration.

In addition, LinkedIn has signed and certified itself under the PrivacyShield agreement between the European Union and the USA. By doing so, LinkedIn undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

You can find further information on objection and removal options here:
LinkedIn:
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
XING:
https://privacy.xing.com/en

X. Hosting

The platform is hosted on servers by a service provider we have commissioned.
Our service provider is:

Telekom Cloud

The servers automatically collect and store information in server log files, which your browser automatically transmits when you visit the platform. The stored information comprises:

• Browser type and browser version
• Operating system in use
• Referrer URL
• Host name of the accessing computer
• Date and time of the server request
• IP address

This data is not combined with other data sources. This data is collected based on Art. 6(1)(f) GDPR. The platform operator has a legitimate interest in the technically error-free display and optimisation of its platform: the server log files must be recorded for this purpose.

The platform’s server is geographically located in Germany.

XI. Registration

1. Description and scope of the data processing

On our website, we offer users the possibility to register by providing personal data. The data is entered into an input mask, transmitted to us and stored. This data is not transferred to third parties. The following data is collected during the registration process:

• Email address
• Pseudonym
• IP address of the requesting computer
• Date and time of the registration

The user’s consent to the processing of this data is obtained during the registration process.

2. Purpose of the data processing

To fulfil a contract with the user or to implement pre-contractual measures, the user is required to register.
Data is required to create a personal account on our platform.

3. Legal basis for data processing

If the user has given their consent, the legal basis for the data processing is Art. 6 (1)(1)(a) GDPR.
If the registration serves to fulfil a contract to which the user is a party or to implement pre-contractual measures, the additional legal basis for the processing of data is Art. 6(1)(1)(b) GDPR.

4. Duration of storage

The data is deleted once it is no longer needed to fulfil the purpose for which it was collected.
This is the case for the data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may still be necessary to store the contractual partner’s personal data in order to comply with contractual or legal obligations.

5. Objection and removal option

As a user, you can terminate the registration at any time. You can have the data stored about you changed at any time.
The personal data can be changed within the personal profile on the platform. To delete an account, it is necessary to send an email to support@hellobetter.de.

If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible if no contractual or legal obligations prevent deletion.

XII. Content delivery networks

Akamai

1. Description and scope of the data processing

On our platform, we use functions of the content delivery network Akamai Technologies GmbH, Parkring 20-22, 85748 Garching, Germany (hereinafter referred to as Akamai). A content delivery network (CDN) is a network of regionally distributed servers connected via the internet, which are used to deliver content, and in particular large media files such as videos. Akamai provides web optimisation and security services that we use to improve the load times of our platform and to protect it from misuse. When you access our platform, a connection is established to Akamai’s servers to retrieve content, for example. Personal data can be stored and evaluated in server log files; in particular, the activity of the user (especially which pages have been visited) and device and browser information (especially the IP address and operating system). For more information about Akamai’s collection and storage of data, please visit: https://www.akamai.com/uk/en/privacy-policies/

2. Purpose of the data processing

Akamai’s functions are used to deliver and accelerate online applications and content.

3. Legal basis for data processing

This data is collected based on Art. 6(1)(f) GDPR. The platform operator has a legitimate interest in the technically error-free display and optimisation of its platform: the server log files must be recorded for this purpose.

4. Duration of storage

We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law.

5. Objection and removal option

Information on objection and removal options vis-à-vis Akamai can be found at: https://www.akamai.com/uk/en/privacy-policies/

XIII. Telemetry data

1. Description and scope of the data processing

We collect telemetry data on our platform. Among other things, we implement this with the specially hosted software Sentry.io from Functional Software, Inc. 132 Hawthorne St, San Francisco, CA 94107, USA. In the course of telemetry data processing, the user’s

• IP address
• and browser data

are collected.

2. Purpose of the data processing

The data is processed for the following purposes:

• Infrastructure monitoring
• Application monitoring
• Resource optimisation
• Remedying of errors
• Protocol analysis

3. Legal basis for data processing

This data is collected based on Art. 6(1)(f) GDPR. The platform operator has a legitimate interest in the technically error-free display and optimisation of its platform: the server log files must be recorded for this purpose.

4. Duration of storage

We will store your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law.

5. Objection and removal options

To submit an objection, users can write an informal email to support@hellobetter.de.

This Privacy Policy was created with the support of DataGuard.