If you use our mobile service, your information will be provided to us. For that reason, we would like to be completely transparent and disclose what information we collect, how we use it, who we share it with, and what ways you can access, update, and delete your personal information.
I. Who is responsible?
Responsible for data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
As Data Protection Officer, we have appointed:
Data Protection Officer of IITR Datenschutz GmbH
Phone: +49 (0) 89 724 018 40
II. What processing activities are carried out?
We have two basic categories of data:
- Data that you provide
- Data we receive through your use of the application
We will explain these categories in more detail.
Data you provide
When you use our application, we collect information that you provide to us. This requires you to set up an S4DX account. To do this, we need to store some important information from you, such as: your name, a username, a password and an email address.
Purpose, legal basis and legitimate interest
In principle, your data will only be processed on the basis of consent given by you. The legal basis is Art. 6 sec. 1 p. 1 lit. a GDPR.
Recipients of the data
Our server is serviced by a service provider who acts as our processor.
The operation of the infrastructure is also agreed with a processor.
All service providers are contractually obliged to treat your data confidentially.
The storage period refers to your active usage of this app.
If at some point you decide that you no longer want to use S4DX, you can simply ask us to delete your account or you can delete your account in the app on your own. Your data will no longer be saved after the deletion.
The provision of personal data is not required by law or contract. However, no processing is possible without this consent.
Please read the information on your right to object under Art. 21 GDPR below.
Use of the application
Purpose, legal basis, and legitimate interest
When you access our application, general information is automatically collected. This information includes, for example, the storage of the email address to send a confirmation email, internet service provider details, camera usage to capture the barcodes, [Satellite] use of local memory to temporarily store usersessions and sample test, [Satellite] and the use of our algorithm that improves sample detection.
In particular, these are processed for the following purposes:
- Ensuring a trouble-free connection of the application,
- Ensuring a smooth use of our application,
- evaluation of system security and stability as well as
- for other administrative purposes.
The processing is carried out in accordance with Art. 6 sec. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our application.
Recipients of the data
We use technical service providers to operate and maintain our servers, who act as our processors.
The data will be deleted as soon as it is no longer necessary for the purpose of the collection. This is generally the case for the data used to provide the app when the session is over.
The provision of the aforementioned personal data is not required by law or contract.
III. What are your privacy rights?
Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR.
In the case of the right of access and the right of cancellation, the restrictions under Sections 34 and 35 of the German Data Code (BDSG) apply.
You may withdraw your consent to the processing of personal data at any time to us. This also applies to the withdrawal of declarations of consent given to us before the General Data Protection Regulation was applied, i.e. before 25 May 2018. Please note that the withdrawal will only work for the future. Processing carried out prior to your withdrawal is not affected.
In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 GDPR i.V..m. Section 19 of the German Federal Data Protection Act). A list of supervisory authorities (for the non-public sector) with their respective addresses can be found at
IV. Data security
We only deal with personal data insofar as this is possible in accordance with data protection regulations. We also take all necessary technical and organisational security measures to adequately protect your personal data from unauthorized access and misuse.
Insofar as we store or process personal data, this is done within a high-security data center. In order to protect the security of your data during transmission, we use encryption methods (e.g. SSL) over HTTPS. Our servers are secured by firewall and anti-virus protection. Back-up and recovery procedures as well as role and authorization concepts are a matter of course for us.
Our employees are obliged to comply with the provisions of the GDPR and the BDSG when handling data.
Information about your right to object under Article 21 GDPR
You have the right, for reasons pertaining to your circumstances, to object at any time to the processing of personal data concerning you, which takes place pursuant to Article 6 (1) lit. f GDPR (data processing based on a balance of interests); this also applies to profiling based on that provision within the meaning of Article 4(4) GDPR.
If you object, we will no longer process your personal data unless we can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise, or defend legal claims.
The objection may be informed with the subject “opposition” stating your name, address or other identifiers to:
Smart4Diagnostics GmbHRupert-Mayer-Str.44D-81379 Munich