Privacy Policy
Provides information on how your personal data is processed when you visit and use this website.
1. Preamble
Stigma Health GmbH (hereinafter: Stigma Health, provider), based in Berlin, operates the website www.coobi.health (hereinafter: website) and the coobi care app, a digital support service for users with problematic consumption behaviour regarding alcohol or illegal drugs (hereinafter: coobi care, app, service, product) for Android and iOS.
The following data protection information explains what types of personal data are collected from users of coobi care and the website, for what purposes and to what extent they are processed. The data protection information applies to all processing of personal data carried out by Stigma Health, both in the context of providing services and in particular on the website and in the coobi care app, which users can install on their mobile device, as well as within external online presences, such as in the social media profiles of Stigma Health (hereinafter collectively referred to as ‘online offering’).
2. Responsible body and data protection officer
Responsible for the collection, processing and use of personal user data within the meaning of the General Data Protection Regulation (GDPR) is
Stigma Health GmbH
Mariendorfer Damm 1
12099 Berlin Berlin, Germany
support@coobi.health
In addition to the controller, users can also contact Stigma Health’s data protection officer if they have any questions about their data or this privacy policy or wish to assert their rights as a data subject:
Paul Aretin, Stigma Health GmbH, Mariendorfer Damm 1, 12099 Berlin Berlin, Germany support@coobi.health
3. Collection, processing and use of personal data
3.1) Personal data
‘Personal data’ within the meaning of the GDPR is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal data (e.g. email address) are processed by the provider only in accordance with the provisions of the applicable data protection laws. The following provisions inform you about the type, scope and purpose of the collection, processing and use of personal data.
3.2) Collection of data when using the coobi website
Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same does not conflict with any statutory storage obligations or unless otherwise stipulated below.
Log files:
Every time you access our website, our system automatically collects data and information from the accessing computer's system. The following data is collected:
-
Browser type and version
-
The operating system used by the accessing system
-
The website from which an accessing system accesses our website (so-called referrer)
-
The sub-websites that are accessed via an accessing system on our website
-
Date and time of access
-
An Internet Protocol address (IP address)
-
The Internet service provider of the accessing system
-
Other similar data and information that may be used in the event of attacks on our information technology systems
This data is collected for the purpose of ensuring a smooth connection to our website, ensuring the reliable operation of our website, evaluating system security and stability, and for other administrative purposes. The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest arises from the above-mentioned purposes of data collection.
Data retention periods:
The collected log files are stored for a period necessary to ensure network and information security, usually no longer than 30 days, unless there is a need to extend this period to investigate specific indications of unlawful use.
Contact form and e-mail contact:
If you contact us by e-mail or through a contact form, the data you provide will be used for the purpose of processing your request. We need this data in order to process and answer your enquiry; otherwise, we may not be able to answer your enquiry or may only be able to answer it incompletely. The legal basis for this data processing is Art. 6 (1) point b GDPR, insofar as your request is related to the fulfilment of a contract or is required for the performance of pre-contractual measures. In all other cases, the legal basis is Art. 6 (1) point f GDPR, if it is in our legitimate interest to answer your enquiry as a customer-friendly and service-oriented company. We will delete your data if your enquiry has been fully answered and there is no further legal obligation to store your data.
3.3) Personal Data When Using the Coobi cope App
3.3.1) Mandatory information for creating a user account
To use the coobi care app, you must enter an access code that is provided to you. No personal data such as your email address or name is required. This means that Stigma Health does not know the identity of the user and the data collected cannot be assigned to a person.
Data storage and user account management is carried out via Stigma Health's secure authentication platform, which ensures a high level of security and an optimised user experience. The implementation of this platform is in line with Art. 6 para. 1 lit. a DSGVO and helps to maintain high standards of data protection and privacy.
3.3.2) User Data
When a user account is created, no mandatory information is collected other than the access code and an anonymous username picked by the user. However, coobi care collects data that the user enters while using the app. This includes:
-
age groups
-
sex
-
dependence types
-
goals (e.g. abstinence, reduction)
-
data from control and consumption days
-
categories of pre-existing conditions
-
answers in exercises/modules
-
notification settings
-
mood and emotions
-
Subjective stress level
-
Craving
-
Favourite coping strategies and modules
-
Language settings
The data is collected on the basis of the user's consent in accordance with Art. 6 para. 1 lit. a DSGVO. The provision of this data is necessary in order to use the functions of the app. This data is used exclusively for the stated purposes and cannot be viewed by third parties.
3.3.3) Data that is automatically collected by coobi care
When the app is installed, the following data is collected on a one-off basis:
-
Date of installation
-
Operating system of the device used (Android/iOS)
-
Language (based on device settings)
The collection of this data is used to improve and personalise our services and is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f DSGVO.
3.3.4) Data collected while using the app
coobi care also collects the following data when you use the app:
-
app version used
-
device type
-
time zone
coobi care collects activity data via LogRocket, a service that helps us to understand and improve how users interact with our app. LogRocket records user activity. This service is important for identifying usability issues and improving the user experience. LogRocket collects activity data, device type, operating system and a pseudonymised user ID, but no directly personally identifiable information. The collection of this data is used to improve and personalise the services offered and is based on the legitimate interest of coobi care in accordance with Art. 6 para. 1 lit. f DSGVO. The user can opt out of sharing this analytical information with us at any time in the coobi care settings.
3.3.5) Integration of Garmin wearables
coobi care offers the option of integrating data from Garmin wearables to provide personalised content and insights into the user's well-being. The following data may be collected with the user's express consent:
-
Heart rate data
-
Heart rate variability
-
Activity data
-
Sleep data
-
Steps
-
Stress data
-
Floors climbed
This data is stored anonymously on our servers. The processing of this data is based on the consent of the user in accordance with Art. 6 para. 1 lit. a DSGVO.
3.3.6) Chat function
coobi care offers a chat function that allows users to communicate with each other in closed groups. Communication within the chat function is end-to-end encrypted. Messages can only be read by the communication partners involved and cannot be viewed by Stigma Health or third parties. All encryption and decryption processing occurs locally on the user’s device. Stigma Health only stores encrypted states of the messages, the decryption keys for which only exist with the sender & receiver. The data is processed in accordance with our privacy policy and in compliance with all applicable data protection regulations.
4. Data exchange with third parties
Stigma Health takes the protection of personal user data very seriously. Stigma Health therefore treats personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. coobi care therefore only collects and stores data provided by third-party providers on the basis of the respective consent of the users in accordance with Art. 6 Para. 1 lit. a GDPR and transmits corresponding data to them.
Third-party providers and services used:
-
LogRocket: We use LogRocket to understand and improve how users interact with our app. LogRocket collects activity data, device type, operating system, but no directly personally identifiable information or chat messages. The processing is carried out on the basis of our legitimate interest in optimising our app in accordance with Art. 6 para. 1 lit. f DSGVO.
-
Secure Storage and Local Asynchronous Storage: We use secure storage and local asynchronous storage solutions on users' devices to improve app performance and user experience. These technologies store data locally on the user's device and synchronise it with our servers as needed. The stored data may include user preferences, app settings and operating data. This processing is necessary for the performance of our services, in accordance with Art. 6 (1) (b) GDPR.
Data Transfer and Security Measures
We ensure that all third-party services comply with GDPR standards for data protection and security. When data is transferred outside the EU/EEA, we implement appropriate safeguards, such as Standard Contractual Clauses (SCC) approved by the European Commission.
5. Contact & customer support
Stigma Health uses the business communication platform ‘Calendly’ from Calendly LLC, 1315 Peachtree St NE, Atlanta, GA 30309, USA on its website. Calendly makes it easy to conveniently schedule appointments. To make an appointment, users must provide data such as their name, email address and telephone number. This data may also be transmitted to Calendly on servers outside the European Union. The data processing for the purpose of making an appointment is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of the consent voluntarily given by the user and Stigma Health's interest in making an effective appointment.
For more information on data protection, please refer to Calendly's privacy policy: https://calendly.com/privacy.
6. Surveys
The website uses Tally, a drag-and-drop tool for creating interactive forms, from Tally BV, August van Lokerenstraat 71, 9050 Ghent, Belgium. The user can contact the provider using the online forms created with the help of Tally. The user only has to enter their request and any additionally requested data, such as their name and contact details, and then submit it. User requests are processed in Gmail.
7. Newsletter/Mailings
If you subscribe to our free newsletter, we will process the data requested by you for this purpose, i.e. your email address and optionally your name. When you subscribe to our newsletter, we also store the IP address of the computer system you are using at the time of registration, as well as the date and time of registration. During the registration process, we obtain your consent for receiving this newsletter and the type of content it contains. The data collected during registration for the newsletter is used exclusively for sending our newsletter.
The legal basis for sending the newsletter is your consent in accordance with Art. 6 (1) point a GDPR. You can withdraw your consent to receive our newsletter at any time with effect for the future in accordance with Art. 7 (3) GDPR. To do so, you just have to inform us that you no longer wish to receive the newsletter, or you can use the unsubscribe link contained in each newsletter.
8. Use of web analysis, remarketing and retargeting tools
Stigma Health uses various tools or plugins for web analysis, remarketing and retargeting based on the user's consent in accordance with Art. 6 (1) point a GDPR. These tools use cookies, forward IP addresses and/or collect and analyse various types of data. This includes, for example, the number of visitors to the website, the duration of visits and the origin of visitors. The purpose of using these cookies is to enable us to put together more targeted offers for coobi care users.
Services used
8.1) Instagram
The coobi website and the coobi care app may include features and content from the Instagram service. The provider is Meta Platforms Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include, for example, content such as images, videos or text and buttons that users can use to express their favour for the content or subscribe to the authors of the content. If the user is also a member of the Instagram platform, Instagram can assign access to the above content and functions to the user profile there. You can find out more about Instagram's privacy policy at:http://instagram.com/about/legal/privacy/
8.2) Twitter
The provider's website may include features and content from Twitter, a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. These may include, in particular, buttons that allow the user to share the link to the website. If a user is a member of the Twitter platform, Twitter can assign access to the above-mentioned content and functions to the user's profile there. Twitter's privacy policy: https://twitter.com/privacy
8.3) TikTok
The coobi website and the coobi care app may contain features and content from the TikTok service offered by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380 Ireland. This may include content such as videos and buttons that users can use to express their agreement with the content or subscribe to the author of the content. If the user is a member of the TikTok platform, TikTok can assign access to the above content and functions to their profile there. TikTok provides extensive information on data protection at https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/.
8.4) YouTube
Both the coobi website and the coobi care app may also contain features and content from the YouTube service provided by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. This may include content such as videos that allow users to express their consent to the content or subscribe to the author of the content. If the user is a member of the YouTube platform, YouTube can assign access to the above content and functions to their profile there. You can find YouTube's privacy policy at
https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/
9. Deletion of user data
Stigma Health stores the user's personal data for the duration of the use of the app. When the user account is deleted, all personal data is permanently and irretrievably deleted.
10. Resetting the user account
The user has the option to reset his user account and delete all existing information that has not been collected as profile information.
11. Rights of the user
The user has the following rights, which can be asserted with the controller or the data protection officer. The contact information can be found in Section 2.
11.1 Right of access (Art. 15 GDPR)
The user has the right to request information about their personal data stored by Stigma Health, its origin and recipients, the purpose of the data processing, the planned duration of the data storage and a copy of the personal data that is the subject of the processing, at any time and free of charge.
11.2 Right to rectification (Art. 16 GDPR)
The user has the right to have incorrect or incomplete personal data corrected or supplemented at any time.
11.3 Right to withdraw consent (Art. 7 (3) GDPR)
The user has the right to withdraw his consent to data processing at any time with effect for the future.
11.4 Right to erasure (Art. 17 GDPR)
Under the conditions of Art. 17 GDPR, the user can request the deletion of his personal data. The right to deletion depends, among other things, on whether the data is still needed by Stigma Health to comply with legal obligations.
11.5 Right to restriction of processing (Art. 18 GDPR)
Under the conditions of Art. 18 GDPR, the user can request the restriction of the processing of personal data concerning him.
11.6 Right to data portability (Art. 20 GDPR)
The user has the right to receive the personal data concerning him or her, which he or she has provided, in a structured, commonly used and machine-readable format or to transmit those data to another controller.
11.7 Right to object (Art. 21 GDPR)
Users may at any time exercise their right to object to the processing of their personal data if the processing is based on Art. 6 (1) (e) or (f) GDPR.
11.8 Right not to be subject to automated decision-making (Art. 22 GDPR)
The user has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
11.9) Right to lodge a complaint (Art. 77 GDPR)
In addition, the user has the right to lodge a complaint with a supervisory authority. The competent supervisory authority for Stigma Health is:
Meike Kamp Alt-Moabit 59-61
10555 Berlin
Tel.: +49 30 13889-0
Fax: +49 30 2155050
Mail: mailbox@datenschutz-berlin.de
Web: https://www.datenschutz-berlin.de/
12. Version and updating of this privacy policy
This privacy policy is currently valid and was last updated in October 2024.
Due to the further development of our website and our product or due to changed legal requirements, it may become necessary to change this privacy policy. You can access and print the current privacy policy at any time on the website at https://www.coobi.health/datenschutzerklärung.