Use of our mobile app
I. Information on the collection of personal data
(1) “Innoplexus”, “We”, “Our” or “Us” provide “You”, “Your” or “User” with a mobile app (“NEURIA“) that you can download to your mobile device. In the following, we provide information about the collection of personal data when using NEURIA. Personal data are all data that can be personally related to you, e.g. name, address, email addresses, user behavior.
(2) The person responsible in accordance with Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is
Frankfurter Str. 27, 65760 Eschborn, Germany
email@example.com (see our imprint: www.neuria.app/impressum) (“Innoplexus”).
The company data protection officer of Innoplexus can be contacted at the above address, at Datenschutzabteilung, or at firstname.lastname@example.org.
(3) When you contact us via email or a contact form, we will store your email address and, if you have provided it, your name and telephone number to answer your questions. We delete the data arising in this connection after storage is no longer required or – in the case of legal storage obligations – restrict processing.
(4) If we use contracted service providers for individual functions of our offer or wish to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also state the specified criteria for the storage period.
II. Processing of personal data when using NEURIA
When downloading NEURIA, the required information is transferred to the App Store, in particular user name, email address, time of download and the individual device ID number. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading NEURIA to your mobile device. This processing takes place on the basis of your consent according to Art. 6 para. 1 lit. a GDPR.
By uninstalling, the active processing of your personal data is stopped. 30 months from the date of uninstalling, the data will be deleted due to the discontinuation of purpose, unless we are subject to any statutory retention obligations. We accept the loss of purpose after this period because we assume that it is no longer likely that you will use our services again after this period. However, in order to give you the opportunity to restore your profile after a shorter period of time, e.g. because you deleted the app earlier for lack of necessity, we temporarily store the data for you.
However, if you wish to revoke your consent and not just temporarily suspend its use, you can do so by clicking the “Delete all my personal data” button.
§1 When using NEURIA, we collect the following log file data:
– IP address, also in the API logs
– Date and time of the request
– Content of the request (concrete page, concrete API endpoint)
– Access Status/HTTP Status Code
– Amount of data transferred in each case
– End device from which the request comes
– User Agent
– Operating system and its interface
– Language and version of the User Agent.
On the one hand, this data is mandatory for us from a technical point of view in order to offer the various functions of NEURIA as well as to ensure the stability and security of NEURIA and, on the other hand, to enable a comfortable use of the functions. This processing purpose also represents the legitimate interest which, according to Art. 6 para. 1 p. 1 lit. f GDPR, is the legal basis for data processing.
IP addresses in log files are deleted after 14 days.
§2 Furthermore, when NEURIA is started for the first time, we assign a unique installation ID for each installation, which is stored on an Innoplexus server. It contains no personal data. If you delete NEURIA and then reinstall it, a new installation ID will be generated. This will be assigned so that a connection to the Innoplexus server can be established when starting NEURIA on the mobile device to check if the version of NEURIA you are using is still up to date. NEURIA can be updated to implement new features or to ensure data security.
§3 You must register with your first and last name, e-mail address, telephone number in order to take advantage of NEURIA’s free services. This creates a contract of use between Innoplexus and you and you will receive your own user account. The legal basis for this is Art. 6 para. 1 p. 1 lit. b GDPR, because we use this personal data for the execution of this contract. The data you provide will be transferred to the Google Cloud and stored on a server in Germany. The Google Cloud is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. We have concluded so-called standard contractual clauses with Google, which guarantee an appropriate level of data protection.
Alternatively, you can log in using your Google user account. For this we collect the following personal data:
- First and Last Name
- E-mail address
Also, you can log in using your Apple user account. For this we collect the following personal data:
- First and Last Name
- E-mail address
You can delete your account at any time by clicking the “Delete my personal data” button within NEURIA. The personal data processed by us will be deleted in accordance with Art. 17 GDPR or blocked or restricted in their processing in accordance with Art. 18 GDPR. The data stored by us will be deleted as soon as the purpose of storage no longer applies and the deletion is not contradicted by any legal storage obligations.
§4 If you would like to receive information about possible treatment options, physicians and clinical studies, you can fill out the questionnaire provided by us with questions about your clinical picture. Neurological disease-specific parameters will be asked, such as information on age, disease stage, etc. The information you provide is voluntary and serves the sole purpose of enabling us to provide you with information.
The processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You are free to revoke your consent at any time with effect for the future without giving reasons. This does not affect the legality of the processing carried out up to that point.
You also have the option of registering for participation in clinical studies. To do so, you must provide the following information: Information about the study you wish to register for, your location, contact information (telephone number or e-mail address), information about your medical inclusion and exclusion criteria. The provision of this personal data is voluntary and is based on your consent (Art. 6 para. 1 lit. a GDPR). The purpose of the processing is to carry out the selection procedure. You are free at any time to revoke your consent with effect for the future without giving reasons by selecting the option “Delete all my personal data” in the app. This gives you the option to delete all personal data. After clicking on the “Delete all my personal data” option, you will receive an automated email confirming the deletion of your data. This does not affect the lawfulness of the processing that took place until the revocation.
The completed questionnaires and applications for participation in clinical trials are transferred to the Google Cloud and stored on a server in Germany. The Google Cloud is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. We have concluded so-called standard contractual clauses with Google, which guarantee an appropriate level of data protection. If you have met all eligibility criteria for the clinical trial request, the personal data you have provided will be transferred to the internal Innoplexus clinical trial dashboard. This data can be accessed by the NEURIA team, which is partly based in India and is part of Innoplexus Pune. Here, an appropriate level of data protection is ensured through the conclusion of standard contractual clauses.
§5 We use Google Analytics and Google Firebase, both services provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, to
(1)analyze the general use of NEURIA, especially app installations/uninstallations, disease questionnaires, activities in the search for treatment and enrollment in clinical trials, starting a session and forgetting a password (Google Analytics).
(2)collect diagnostic data to ensure technical stability of the app (Google Firebase).
Your IP address will be processed. We use the anonymization function of Google, whereby the IP address is shortened in the EU/EEA for anonymization purposes and is transmitted in shortened form to Google servers in the USA. We use the anonymized reports on the general use of NEURIA created by Google and transmitted to us in order to continuously improve our service and increase the user-friendliness of NEURIA. The reports we receive contain no personal data. We process the information for the aforementioned purposes on the basis of your previously granted consent in accordance with Art. 6 para. 1 lit. a GDPR.
The data is processed in the USA, for which we have so-called standard contractual clauses with Google that guarantee an appropriate level of data protection.
The data will be deleted when they are no longer necessary for the purpose of their collection because the option to collect and further process information on diagnosis and usage behavior in NEURIA has been deactivated.
You are free to revoke your consent at any time with effect for the future without stating reasons. This does not affect the legality of the processing that has taken place up to that point.
III. Processing of personal data when using the “Second Opinion” feature
After you have registered in the NEURIA app and created a user account, you can use the “Second Opinion” feature to obtain a second medical opinion on diagnosis. In addition to confirming your diagnosis, this contains suggestions for possible therapies, further steps to take, and advice for family members.
§ 1 Before a second medical opinion can be obtained, documentation about your diagnosis is needed that is as comprehensive as possible. For this purpose, it is first necessary to provide basic data, which is limited to your date of birth, gender, initial diagnosis of your neuro, address, e-mail address and telephone or mobile phone number. In addition, the following documents must be uploaded to the NEURIA app:
– Physician’s letter
– Computed tomography (CT) scan report,
– Magnetic resonance imaging (MRI) report,
– Report of positron emission tomography (PET),
– result of ultrasound examination
In addition, you have the option to upload further documents via a contact form integrated in the NEURIA app, as well as to write requests or comments that should be taken into account by the doctor when preparing the second opinion. The medical data you have uploaded, together with your basic data (excluding e-mail address and telephone number) will be transmitted to Innoplexus for review by a medical data specialist with respect to completeness and legibility. After the documents have been reviewed, they are forwarded to a physician who specializes in treating the diagnosis you have specified. This doctor will prepare a second opinion and send it to you via the NEURIA app. The medical data will not be passed on to third parties.
The processing is based on your consent (Art. 9 para. 2 lit. a DSGVO). You are free to revoke your consent at any time without giving reasons with effect for the future. This will not affect the lawfulness of the processing carried out until then. The aforementioned health data will be processed for the purpose of obtaining a second opinion.
Your data will only be stored as long as it is necessary for the aforementioned purposes or as long as legal retention periods require us to store it.
If you revoke your consent, your data will be deleted immediately if we do not need it for aa) fulfilling a legal obligation or bb) asserting, exercising or defending legal claims. After statutory retention periods and all limitation periods expire, we delete your data irrevocably.
§ 2 Before the documentation you provide about your neuro can be forwarded to a doctor for a second opinion, you have to select a transaction method. Transaction is possible by means of the utility token Amrit or credit card.
For transactions using the utility token Amrit , you will need an ERC20 compatible wallet. If you initiate the transaction via your wallet, the data associated with the transaction (amount of Amrit tokens , public keys of receiver and sender, timestamp) will be transferred to the blockchain and stored there. The transmitted transaction data is masked by using a hash algorithm so that no clear data is stored on the blockchain.
Alternatively, you can also pay with a credit card. This requires you to provide the credit card number, expiration date, security code, your home state, and zip code. Your transaction data will be processed to generate an invoice for the second opinion obtained. The legal basis for the processing of your transaction data is Art. 6 para. 1 p. 1 lit. b DSGVO.
We delete your personal data when it is no longer necessary to achieve the purpose of any further processing. This is usually the case after the expiry of the limitation period, starting with the end of the year in which the contractual relationship is terminated, for example by deleting your user account. After the statute of limitations has run, your data will be blocked and deleted after the statutory retention obligations have expired.
§ 3 You also have the option of providing feedback on the service offerings in the NEURIA app. The feedback you have written can be viewed by other users of the NEURIA app. Your personal data is processed on the basis of Art. 6 (1) sentence 1 lit. f DSGVO. Data processing in the context of feedback serves the purpose of quality assurance. This is also our legitimate interest.
You can object to the processing of your personal data at any time, provided that there are no compelling reasons for the processing that merit protection.
Your data will only be stored as long as is necessary for the aforementioned purposes or as long as legal retention periods require us to store it.
If you object to the processing, your data will be deleted immediately if we do not need it for aa) fulfilling a legal obligation or bb) asserting, exercising or defending legal claims. After statutory retention periods and all limitation periods expire, we delete your data irrevocably.
§ 4 If you register as a treating physician in the NEURIA app, the following personal data will be collected from you in order to open an account:
– Phone number
– Registration/medical license number
– other information
Following registration, you can complete your existing profile in the NEURIA app. The information provided can be viewed by users. The following information must be provided by you in order for users to contact you and request a second opinion:
– First and last name
– Contact information (primary email address and phone number)
– Name of the hospital you work for
– Date of license to practice
– Number of years of professional experience
– Registration/medical license number
– Bank data (account number, name of bank) or Wallet ID
To receive transactions for your consultation, you must at least provide bank details (IBAN, BIC, name of bank) or your Crypto Wallet ID to receive Amrit tokens. If the user initiates a transaction via their Crypto Wallet, the data associated with the transaction (amount of Amrit tokens, public keys of receiver and sender, timestamp) is transferred to the Blockchain and stored there. The transmitted transaction data is masked by using a hash algorithm so that no clear data is stored on the Blockchain. Your transaction data is processed to issue an invoice to users.
Optionally, you can also specify the following information:
– additional details about the place of residence (city, country, postal code)
– additional contact information (secondary email address and phone number)
– Subcategories of specializations
– Memberships in the health sector
– Recent publications
– profile picture
– Resume (CV)
In addition, in the NEURIA app, you will have to deposit your time availability, i.e. indicate date and time, so that a consultation can be scheduled with users who have registered as patients.
The legal basis for the processing of your personal data in connection with the opening of a user account for the provision of a second opinion and invoicing is Art. 6 para. 1 p. 1 lit. b DSGVO. The optional information you provide is processed on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO. The legitimate interest here is to create trust between users of the NEURIA app, which leads to a positive perception among (potential) users.
We delete your personal data when it is no longer required to achieve the purpose of any further processing. This is usually the case after the expiration of the statute of limitations, beginning with the end of the year in which the contractual relationship is terminated, for example by deleting your user account. After the statute of limitations has run, your data will be blocked and deleted after the statutory retention obligations have expired.
You may object to the processing of your personal data processed on the basis of Art. 6 (1) lit. f DSGVO at any time, unless there are compelling legitimate grounds for the processing.
IV. Processing of personal data when using the NeuroTwin feature
A NeuroTwin is an app user in the Neuria community whose life situation is similar to yours. NeuroTwins can use a private chat to share experiences. The chat is based on Ethereum blockchain technology. The aim of this feature is to bring app users together.
§ 1 As part of a matching process, you as a user will be matched together with up to 3 other app users, NeuroTwins, who have activated this feature and have a similar profile. In order to find a matching NeuroTwin, various parameters are compared, which we collect from you through a questionnaire to carry out the matching process:
– Hormone receptors
– Genetic markers
– Other health data, depending on the neuro type
The purpose of this feature is to bring together app users and promote the exchange of experiences and information between app users in similar life situations. The processing is based on your explicit consent (Art. 6 para. 1 lit. a GDPR). You are free to revoke your consent at any time without giving reasons with effect for the future. This does not affect the legality of the processing carried out up to that point.
If the last login date was more than 6 months ago, the corresponding profile is automatically removed from the database and can no longer be matched with new NeuroTwins.
§ 2 NeuroTwins can exchange information in a chat integrated in Neuria. Patients must register for the feature and select a nickname before being matched with their NeuroTwins. This nickname can be edited in the settings. When users exchange messages via the built-in chat, the end-to-end encrypted messages are stored on a public Ethereum blockchain.
For this purpose, Innoplexus has provided a node that takes on the function of an intermediary to forward the chat message to the Ethereum blockchain. Before a message is transmitted and stored on the blockchain, it is fully encrypted locally on the patient’s mobile device using end-to-end encryption. The private key needed to encrypt the message is stored on your physical device the whole time and is not shared with Innoplexus or other users. Only when the encrypted message is received by the NeuroTwin, this message is decrypted with a corresponding key on the mobile device of the receiving NeuroTwin.
The purpose of this chat function is to enable the exchange of information and experiences in a simple manner whilst offering at the same time a high level of security. The processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You are free to revoke your consent at any time without giving reasons with effect for the future. This does not affect the legality of the processing carried out up to that point.
In this case, the chat associated with your profile will be deleted from your device. In this case, the private key is lost and no one can decrypt the data, not even Neuria or Innoplexus AG. The nickname and chat content on the device of the NeuroTwin with whom messages were exchanged also disappear. Besides this, your profile will be automatically removed from the NeuroTwin database if the last login date was more than 6 months ago.
The server location cannot generally be assigned to a specific country due to the blockchain infrastructure (Public Ethereum blockchain), but by encrypting the chat content using a public key encryption method, the data is highly pseudonymised for everyone else, so that a data transfer to a third country can be considered ‘safe’.
Hashed metadata is not stored on the Ethereum blockchain.
V. My Data Vault
The “My Data Vault” feature is offered via the NEURIA app. This feature allows user to upload ,store and access their medical documents or information to be stored in predefined folders.This information will be stored adhering to the security standards at Innoplexus and will be accessible only to the user who is the owner of the information.
§ 1 The documents are encrypted and assigned to the user’s account. For this purpose, a secondary ID is generated for the uploaded documents, which is derived from the user’s email ID, the unique ID of the document, the hash ID of the document, and the uploaded size of the document in bytes. The secondary ID is stored on the Ethereum blockchain, ensuring that the document is immutable and its affiliation is authentic.
The documents are encrypted using an asymmetric encryption method. The user has the private key, so no third parties can access the contents of the folders. Innoplexus AG also accesses the key in an automated process to enable the User to download or share the data with other NEURIA users. No documents are viewed by Innoplexus AG employees. The user can delete the uploaded medical documents at any time.
The processing is based on your explicit consent (Art. 6 para. 1 lit. a DSGVO). You are free to revoke your consent at any time without giving reasons with effect for the future. This does not affect the lawfulness of the processing carried out up to that point.
Innoplexus ensures a high level of data security through the encryption techniques used, whereby the exclusive control over the uploaded documents lies with the respective user only. Due to this data sovereignty, Innoplexus is not able to delete the stored documents for the user, as only the user has the private key, which is required for a deletion.
VI. Your rights
(1) You have the following rights towards us regarding your personal data:
– Right of access – Art.15 GDPR,
– Right to rectification or erasure – Art.16 and 17 GDPR,
– Right to restriction of processing – Art.18 GDPR,
– Right to object to the processing – Art.21 GDPR,
– Right to data portability – Art.20 GDPR,
– Right of withdrawal according to Art. 7 para. 3 GDPR
(2) You also have the right to complain to a data protection supervisory authority of your choice about the processing of your personal data by our association. Responsible for us is the
Hessische Beauftragte für Datenschutz und Informationsfreiheit
65189 Wiesbaden, Germany
Phone: +49 (0) 611 14080
For the United Kingdom users the applicable law, regarding their data protection and privacy, is the Data Protection Act 2018 and the respective articles of such.