We collect certain personal information when you use this website. Personal information includes any data that can identify you personally, such as your name, address, email address, and website usage patterns.

The data controller responsible for your personal information is Lindera GmbH, Modersohnstr. 36, 10245 Berlin, Germany, hello@lindera.de (See: Company Information).

Information about Personal Data Collection and Provider Identification in the LINDERA Mobility Analysis App

The following privacy information provides an overview of the collection and processing of your data and how you can exercise your rights under applicable privacy laws. The EU General Data Protection Regulation (GDPR), which came into force on May 25, 2018, requires us to comprehensively inform you about the processing of your personal data. Among other things, we provide detailed information about your rights as a "data subject" whose personal data we process.

Notice Regarding Compliance with ISO 13485 and ISO 27001 as well as MDR 2017/745

Lindera GmbH operates as a manufacturer of medical devices in compliance with the requirements of Regulation (EU) 2017/745 on medical devices (MDR) as well as the international standards ISO 13485 for Quality Management Systems (QMS) and ISO 27001 for Information Security Management Systems (ISMS). These certifications ensure that our products and processes meet the highest quality and safety standards and that the protection of your personal data is always guaranteed according to the strictest regulations.

1. Data Controller and Data Protection Officer

Data Controller for the LINDERA Mobility Analysis App: Lindera GmbH
Modersohnstr. 36
10245 Berlin, Germany
Email: hello@lindera.de

Data Protection Officer: Ms. Attorney Nicole Motiee Tehrani, reachable at: info@ap-datenschutz.de

Responsible Entity under GDPR:

LINDERA GmbH
Modersohnstr. 36
10245 Berlin, Germany
Phone: +49 30 12085471
Email: datenschutz@lindera.de

Data Protection Officer:

Nicole Motiee Tehrani
ap datenschutz GmbH
Hohenstaufenring 8
50674 Cologne, Germany
Phone: +49 221 99989 030
Fax: +49 221 423 2785 -9
Email: info@ap-datenschutz.de

Supervisory Authority:

Berlin Commissioner for Data Protection and Information Security
Alt-Moabit 59-61
10555 Berlin, Germany
Phone: +49 (0) 30 13889-0
Fax: +49 (0) 30 2155050
Email: mailbox@datenschutz-berlin.de

If we use commissioned service providers for individual functions of our services or wish to use your data for other purposes, we will inform you in detail about the respective processes below.

We will specify detailed criteria and storage duration.

Your Data Protection Rights

You have the following rights regarding your personal data:

• Right to information
• Right to correction or deletion
• Right to restriction of processing
• Right to object to processing
• Right to data portability

If you have given consent for data use, you can withdraw this at any time. If the lawfulness of processing is based on consent, it remains valid until withdrawal is exercised.

Please direct all information requests, access requests, or objections to data processing via email to datenschutz@lindera.de or to the address mentioned in Section 1.2.

You may request deletion of your data at any time. Legal retention periods may exist that allow us to retain your data until the expiration of such periods.

If your data is incorrect, you have the right to request correction. We will comply with this request immediately.

You have the right to receive your personal data provided to us in a readable format, as far as technically possible, to make it available to another company (right to data portability). You can also find this option in our LINDERA Mobility Analysis App under the menu item "More." There you can select "Export Data" and follow the instructions within the app.

You have the right to file a complaint with the supervisory authority responsible for you. A list of data protection officers and their contact details can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

2. Collection and Processing of Personal Data

What personal data is used?

We use your personal data to perform mobility analysis, determine your fall risk factors, and provide fall prevention recommendations specifically tailored to your mobility.

More information about the purpose for which the medical device was developed can be found on our website under the intended use of the medical device.

We process your personal data only with your permission. The data collected by the LINDERA Mobility Analysis App is not shared with third parties. This data is used only in connection with mobility analysis.

For mobility analysis, we require the following data:

• Your gait parameters (collected through video recording via your smartphone)
• Responses you provide in a digital health questionnaire

3. Data Categories Collected and Stored

Collection and Processing of Personal Data

Through use of the LINDERA Mobility Analysis App, we collect various personal data that is absolutely necessary for providing our services and fulfilling the intended purpose of our medical device. This data is processed according to GDPR requirements and is necessary to ensure proper allocation and analysis within the app's usage framework.

3.1 Personal Data:

Name and First Name: This data is required to uniquely identify you as a user and complete registration in the app.

Email Address: Your email address serves for communication related to your app usage and provision of support services.

Country: This information is necessary to enable app usage as a self-paying user and serves country-specific adaptation of our application.

Date of Birth: Your date of birth is needed to calculate your age and perform mobility analysis according to our medical device's intended purpose.

Height: Height specification is required to perform precise gait analysis via video recording.

Weight: Weight is necessary to create individualized recommendations based partly on Body Mass Index (BMI).

Gender: Gender specification enables personalized communication and targeted support.

Legal Basis: Processing of this personal data is based on your consent according to Art. 6(1)(a) GDPR and for fulfillment of contractual obligations according to Art. 6(1)(b) GDPR.

Data Collection Overview:

 

Legal Basis: Processing of this personal data is based on your consent according to Art. 6(1)(a) GDPR and for fulfillment of contractual obligations according to Art. 6(1)(b) GDPR.

Important Notice: The protection of your personal data is very important to us! This data is not used for marketing or advertising purposes. The collection and processing of your data serves exclusively for providing our services as a medical device manufacturer and only in connection with the use of the LINDERA Mobility Analysis.

3.2 Health Data

As part of the fall risk factor questionnaire – Only for care recipients (seniors):

• Living situation
• Cognitive or physical limitations
• Care level (0 = no care level; 1-5, where 5 is the highest)
• Analysis interval
• Gait-related conditions
• Medication
• Fall history
• Fear of falling
• Use of mobility aids
• Elimination behavior
• Gait analysis (video recording) - More information under "How does the LINDERA Mobility Analysis work?"

Important Notice: The protection of your personal data is very important to us! This data is not used for marketing or advertising purposes. The collection and processing of your data serves exclusively for providing our services as a medical device manufacturer and only in connection with the use of the LINDERA Mobility Analysis.

Necessity of Data Collection:

The collection of the above-mentioned personal data is essential to use the LINDERA Mobility Analysis App according to its intended purpose as a medical device and to ensure its error-free functionality. This data enables us to perform precise and individual analysis of your mobility and provide personalized recommendations based on this analysis. Without providing this data, full use of the app is unfortunately not possible.

Legal Basis: Data processing is performed according to Art. 6(1)(b) GDPR for fulfillment of the contract you enter by using the app, and to ensure proper use of the medical device.

3.3 App Tracking and Analytics Data

Use of Google Firebase Crashlytics

To improve the stability and reliability of our app, we rely on anonymized crash reports. We use "Firebase Crashlytics," a service of Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland.

In case of a crash, anonymous information is transmitted to Google servers in the USA.

This includes:

• App state at time of crash
• Installation UUID
• Crash trace
• Phone manufacturer and operating system
• Last log messages

Data Collected: In addition to the above information, the following meta and communication data is collected when using Firebase Crashlytics:

• Installation IDs (unique, device-independent ID)
• Device manufacturer and model
• Operating system version
• App version used

This information contains no personal data and no usage-related app data is captured. Additionally, IP addresses are anonymized and location data is not transmitted.

Purpose of Data Processing: The collected data serves exclusively to improve the performance and stability of the LINDERA Mobility Analysis App. It helps identify and fix errors so we can ensure smooth app usage.

Crash reports are only sent with your express consent.

• For iOS apps, you can give consent in the app settings or after a crash
• For Android apps, during mobile device setup, you can generally consent to transmission of crash notifications to Google and app developers

Legal Basis: Processing of this data is based on your consent according to Art. 6(1)(a) GDPR and on our legitimate interest according to Art. 6(1)(f) GDPR to ensure app stability and functionality.

You can withdraw consent at any time by deactivating "Crash Reports" in iOS app settings (in magazine apps, this entry is found under "Communication").

For Android apps, deactivation occurs in Android settings: Open Settings app, select "Google," then in the three-dot menu top right select "Usage & Diagnostics." Here you can deactivate sending of relevant data.

More information can be found in your Google Account help.

Additional privacy information is available in Firebase Crashlytics privacy notices at: https://firebase.google.com/support/privacy and https://docs.fabric.io/apple/fabric/data-privacy.html#data-collection-policies.

Provider: Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland.

Frequently Asked Questions

a. How does the mobility analysis work?

With the LINDERA Mobility Analysis App, you can determine your fall risk simply and digitally. First, you or a person involved in your care enters your personal data into the app. Then a video is recorded of you walking a distance of 3 or 6 meters with your phone camera – you may use mobility aids such as a walking stick or rollator.

The app analyzes the video and determines precise measurements to evaluate your gait pattern and calculate your personal fall risk. Additionally, you answer a health questionnaire. At the end, you receive a comprehensive evaluation showing your fall risk and concrete recommendations for how to reduce this risk.

b. Where does the data come from?

We process personal and health-related data that you provide to us directly or through third parties during registration and mobility analysis. Data collected in connection with mobility analysis is based on questionnaires you complete and other personal information. This data is used exclusively for analysis and is generally not shared with third parties. Since our application is also used by professional healthcare providers, they have access to the collected data and analysis results.

c. Why and on what legal basis do we process your data?

We process your personal data in compliance with GDPR, German Federal Data Protection Act (BDSG), and all other relevant legal provisions. Our mobile application is used to perform mobility analysis to support effective fall prevention. Use of LINDERA Mobility Analysis is voluntary and consents you provide can be withdrawn at any time in the app.

c.1 Data Processing Based on Your Consent (Art. 6(1)(a) GDPR)

For app use, you have given us voluntary consent during registration for collection, processing or transmission of certain personal data. This consent forms the legal basis for processing this data.

Companies such as ambulatory care services and their employees who use the LINDERA Mobility Analysis App have access exclusively to data from their own organization. Similarly, family caregivers can only access profiles created in their personal user account. Processing or sharing of data via the export function in the app is only possible with express consent.

c.2 Data Processing for Contract Fulfillment (Art. 6(1)(b) GDPR)

We can base our data processing on Art. 6(1)(b) GDPR when this is necessary for fulfilling the contractual relationship.

Data processing is not only necessary for contract fulfillment when the contract could not be performed without data processing; rather, it suffices if data processing is objectively reasonable regarding the contract purpose.

Without personal data, we could not assign completed questionnaires to individuals, perform mobility analysis, and consequently could not provide our service (mobility analysis). Therefore, processing appears reasonable regarding the purpose.

d. Where is your data processed and stored?

Your data is processed mainly automatically by our software. For this, it is necessary that our internal IT department is granted access to the data.

For providing our service, we use Open Telekom Cloud and Hetzner Cloud Hosting, where your data is stored. Our application communicates exclusively with servers that serve as prerequisites for processing and performing mobility analyses.

Data sharing with third parties is excluded.

Deutsche Telekom Cloud
Telekom Deutschland GmbH
Landgrabenweg 151
53227 Bonn, Germany
Phone: 0228 – 181 0

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen, Germany
Phone: +49 9831 505-0
Fax: +49 9831 505-3
Website: https://www.hetzner.com
Email: info@hetzner.com

The above-mentioned service providers merely provide servers and IT infrastructure and have no access to the data themselves.

e. Where is your data transmitted?

Data transmission and processing takes place in Germany. For processing your data, we therefore do not use service providers located in third countries outside the European Union.

f. How long is your data stored?

We store your personal data as long as necessary for providing mobility analysis services. You can independently delete your user account including personal and health data in the app at any time. You also have the ability to access and export your data at any time. In the app, you can export your data in human-readable format (PDF) and/or machine-readable format (FHIR XML) to forward the data.

When you delete your account through the app, data will remain stored encrypted as backup copies in our IT system for an additional 30 days before being completely deleted. In case of system recovery, we will ensure that deleted accounts are not restored to operational systems according to our policies.

Other data (e.g., tax and commercial retention and documentation obligations) remain archived according to legal retention requirements for up to 10 years. After expiration of this period, your data will be completely deleted.

g. Your Rights Regarding Processing of Your Data

You have the following rights under GDPR:

• Right to information (Art. 15 GDPR)
• Right to correction (Art. 16 GDPR)
• Right to deletion (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to object (Art. 21 GDPR)
• Right to data portability (Art. 20 GDPR)

Please note that restrictions according to §§ 34 and 35 BDSG apply to rights of information and deletion.

Right to Information

You have the right to receive information about personal and health data stored by us. In the app, you can export your data in both human-readable (PDF) and machine-readable format (FHIR XML) for further use. Upon request, we also provide detailed information including the type and purpose of data processing, recipients, storage duration, and other relevant rights.

Right to Correction

According to Art. 16 GDPR, you have the right to request correction of your personal data if it is incorrect or incomplete. In the app, you can independently update and correct your data at any time. If additional data is incorrect that you cannot change yourself, you can request correction, and we will process your request immediately to ensure your data is corrected according to legal requirements.

Right to Restriction of Processing

According to Art. 18 GDPR, you have the right to request restriction of processing your personal data if one of the following conditions is met:

• You contest data accuracy and we are verifying this
• Processing is unlawful and you refuse data deletion, instead requesting usage restriction
• We no longer need the data for processing, but you need it for asserting, exercising or defending legal claims
• You have objected to processing and it's not yet determined whether our legitimate grounds outweigh your interests

You can independently restrict processing in the app. This option is found under "More." While restriction is active, we may only process your data - apart from storage - with your consent or for asserting, exercising or defending legal claims.

Right to Object

According to Art. 21(1) GDPR, you can object to processing of your personal data for reasons arising from your particular situation, provided this is based on Art. 6(1)(e) (public interest) or (f) (legitimate interest) GDPR. This also applies to profiling based thereon. Should an objection be filed, we will not further process your data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or processing serves to assert, exercise or defend legal claims.

Right to Data Portability

You have the right to receive personal data you provided to us in structured, common and machine-readable format (Art. 20 GDPR). This enables you to transmit this data to another controller. In our app, you can export your data in both human-readable format (e.g., PDF) and machine-readable format (e.g., FHIR XML). This facilitates forwarding your data to other service providers or for personal purposes.

Additional Rights

You also have the right to file a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

Responsible Supervisory Authority:

Berlin Commissioner for Data Protection and Information Freedom
Friedrichstraße 219, 10969 Berlin, Germany
Phone: +49 (0) 30 313 88 9-0
Fax: +49 (0) 30 215 50 50
Email: mailbox@datenschutz-berlin.de

h. Exercising Your Rights

To exercise your rights, you can contact us at any time through the provided contact options. We will promptly review your request in accordance with legal requirements and inform you about measures taken.

i. Asserting Your Rights

To assert your rights, you can contact the responsible entity or data protection officer at any time using the provided contact information. We will examine your requests immediately and in accordance with legal provisions and inform you about measures taken.

k. How and what data is processed for product improvements?

To improve the stability and reliability of our app, we use "Firebase Crashlytics" by Google Ireland Ltd. In case of a crash, anonymized information such as app state, device manufacturer and operating system, crash trace and last log messages are transmitted to servers in the USA. This data contains no personal information and serves exclusively to identify and fix errors to optimize app performance.

Data processing is based on your consent (Art. 6(1)(a) GDPR) and our legitimate interest (Art. 6(1)(f) GDPR) to ensure app stability and functionality. You can withdraw consent at any time in app settings (iOS) or Android settings.

More information can be found in Firebase Crashlytics privacy notices at: Firebase Privacy.

Changes to This Information

Should the purpose or manner of processing your personal data change substantially, we will update this information in a timely manner and inform you about the changes in advance.