1. personal data means any information relating to an identified or identifiable natural person (‘data subject’) an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
   

2. processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
   

3. restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future;
   

4. profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
   

5. pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
   

6. controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
   

7. processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
   

8. recipient means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
   

9. third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
   

10. consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
    

As defined by the EU General Data Protection Regulation (GDPR), Tegus Medical GmbH (hereinafter referred to as "Tegus" and/or "we" and/or "us"), Hoheluftchaussee 18, 20253 Hamburg, Germany, is responsible for the processing of your personal data as a data subject.If you have any questions, concerns, or complains about our Privacy Policy or other provisions related to data protection, please contact us:

Tegus Medical GmbH
Hoheluftchaussee 18
20253 Hamburg

phone: +49 (0)40 76122571
email: sarinfo@tegusmedical.com
website: www.tegusmedical.com

In addition to our online services, we provide you with a mobile app that you can download to your mobile device. In the following, we inform you about the processing of personal data when using our mobile app.

1. Categories of personal data
   ‍
   

   1. contact data: first name, last name, e-mail address, telephone number (optional), working address, organization, role
      

   2. general personal data: IP-address, browser version, browser language, location
      

   3. communication and the use of our website: data gathered via cookies and other tracking technologies.
      

2. Processing of personal data
   ‍
   ‍We only process your data if this is permitted by an applicable legal regulation. Such regulations are for example:
   ‍
   

   1. Consent, we will process certain data only based on the consent you have given expressly and voluntarily. You have the right to revoke your consent at any time with effect for the future.
      

   2. Fulfillment of pre-contractual and contractual measures, for initiation and/or execution of your contract with us, we require access to certain data.
      

   3. Fulfillment of a legal obligation, we are subject to several legal specifications. To comply with these requirements, we must process certain data to the required extent.
      

   4. Protection of legitimate interests, we will process certain data to protect our legitimate interests or the interests of third parties. However, this only applies if your interests do not outweigh ours in individual cases.
      

3. Security and data storage
   ‍
   We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of personal data. Therefore, Tegus has implemented numerous organizational, technical, and administrative measures to ensure the most complete protection of personal data under our control.

   We protect the integrity of your data by using secure and encrypted authenticated and authorized access mechanisms, strong end to end encryption mechanisms, VPN, encryption of data in transit and/or at rest, backup and DR procedures/systems, strong password policies, closed and limited access to a backend systems and firewalls.
Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100 % secure. Please notify us immediately, if you have reason to believe that your interaction with us is no longer secure.

   We will keep your data only as long as necessary for the respective purposes for which we process your personal data. We also keep it to comply with our legal and regulatory obligations (such as tax, accounting, and financial reporting obligations). We may also keep your personal data to assist with our fraud monitoring, detection, and prevention activities.

   In all cases where we keep your personal data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

   If you contact us by email, we will store the information you provide (your email address, name and telephone number if available) in order to respond to your inquiry. Any personal data extracted from these communications that is relevant to the contract between us will be securely transferred to our internal secure databases for the purposes of the contract. Upon completion of the contract, this specific personal data extracted for contract purposes will be deleted. In cases where the request is not contract-related, we will retain the relevant data until it is no longer required to be retained, which will normally be after three years. However, we are subject to certain legal obligations which may require us to restrict the processing of your data rather than delete it.

   If we use commissioned service providers for individual functions of our offer or wish to use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you in detail about the respective processes below. In doing so, we also state the defined criteria for the storage period.
   

When you download the mobile app, the required information is transferred to the Apple App Store or Google Play store, i.e. in particular the username (first name and last name), e-mail address, telephone number (optional) working address, organization, role, time of download, the individual device identification number. In addition, the Apple App Store or Google Play store still independently collects various data and provides you with analysis results. We have no influence on this data processing and are not responsible for it. We only process the data insofar as it is necessary for downloading the mobile app to your mobile device.When you use the mobile app, we process the personal data described below to enable you to use the functions conveniently. If you would like to use our mobile app, we process the following data, which are technically necessary for us to offer you the functions of our mobile app and to ensure stability and security, so that they must be processed by us. The legal basis is Art. 6 (1) lit. f GDPR:

1. IP address
   

2. Date and time of the request
   

3. Time zone difference from Greenwich Mean Time (GMT)
   

4. Content of the request (page visited)
   

5. Access Status/HTTP Status Code
   

6. Amount of data transmitted in each case
   

7. Browser
   

8. Operating system
   

9. Language and version of the browser software
   

Furthermore, we require only the usage of your FCM token for push notifications to provide the services of the app.
The mobile app does not use cookies. In addition to the previously mentioned data, technical aids are used for various functions when you use our mobile app, in particular preferences, which can be stored on your end device.
It is a system similar to cookies. They can be deleted from the app settings by the end user or by deleting the application. These are the preferences that we currently save:

1. WELCOME (true/false) -> To only show the initial splash the first time the app starts
   

2. LAST_USERNAME -> If the user logs out, his last email/username will already be written in the login form. It facilitates that he/she doesn't have to write it again
   

3. PLAYER_TUTORIAL -> To show the player tutorial only once
   

4. PLAYER_PRESET_TUTORIAL -> To show the preset tutorial only once
   

As a data subject you have the following rights with regard to the personal data, we control about you:

1. Right to withdraw your previously given consent (Article 7 GDPR)

   Where the processing of your personal data is based on your previously given consent, you have the right to withdraw your consent at any time.
   

2. Right to information (Article 15 GDPR)

   You have the right to request confirmation of whether Tegus processes personal data relating to you, and if so, to request a copy of that personal data.
   

3. Right to correction (Article 16 GDPR)

   You have the right to request that Tegus rectifies or updates your personal data that is inaccurate, incomplete or outdated.
   

4. Right to erasure (Article 17 GDPR)

   You have the right to request that Tegus erase your personal data in certain circumstances.
   

5. Right to restriction of processing (Article 18 GDPR)

   You have the right to request that Tegus restrict the use of your personal data in certain circumstances.
   

6. Right to data portability (Article 20 GDPR)

   Where technically feasible, you have the right to request that Tegus export your personal data that we hold to another company.
   

7. Right of objection (Article 21 GDPR)

   You may also have the right to object to the processing of your personal data.
   

The above rights you can exercise by contacting Tegus via email: sarinfo@tegusmedical.com

Depending on your contract and the organization with which you are affiliated, we refine your right to delete your personal information as follows:

Users may request deletion of their account; however, please note that the deletion process is subject to the terms of the applicable contract and the practices of your affiliate. In particular, data that is extracted and stored in our internal databases as part of a contractual obligation may not be deleted immediately.
If you wish to delete your account and personal information, please send your request to sarinfo@tegusmedical.com and contact your company representative on the project. Upon receipt of such a request, we will validate your request, taking into account existing contractual obligations and your company's policies.
Once validated, we will execute the data deletion process or provide a full explanation if any data must be retained due to overriding legal, business or contractual requirements. It's important to understand that the deletion of certain data may affect your user experience and the services provided to you.
A prospective deletion would not erase data that we are required to retain for administrative, legal, security or contractual purposes.

You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
Authority competent for data protection is the Hamburg Commissioner for Data Protection and Freedom of Information:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str.
2220459 Hamburg

Phone: +49 (0)40 428 54 - 4040F
ax: +49 (0)40 428 54 - 4000
Mail: mailbox@datenschutz.hamburg.de

If we decide to amend this Privacy Policy, all the amendments shall be listed herein. If such amendments are significant, we can decide to inform our registered users via email. In case that Privacy Policy amendments demand new ways of processing your personal data for which your consent is needed, we shall additionally ask you to grant us such consent.