The protection of your data is important to us

As the operator of these pages, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations, in particular the General Data Protection Regulation (“GDPR”) and this privacy policy.

Person responsible

Only XO Life GmbH, Agnes-Pockels- Bogen 1, 80992 Munich (hereinafter “XO Life”) is responsible for data processing. XO Life operates the ImpactMonitor platform (”platform“) for digital patient support. The platform is accessible via the domains www.xo-life.com, www.medwatcher.io and www.impactmonitor.io (”web pages“).

XO Life takes the protection of your personal data very seriously. The personal data that you provide to us will be processed confidentially and exclusively in accordance with legal data protection regulations and this privacy policy. In the following, we would like to tell you how this is done.

If you have any questions about data protection or would like information about the collection, processing or use of your personal data, as well as if you have any requests for correction or deletion of your personal data, please contact the above contact address or the following e-mail address: info@xo-life.com. You can also contact our data protection officer at this address. We will then get back to you as soon as possible.

Purpose, type of data and duration of data processing

Through our websites and access portals, we offer companies in the healthcare sector various services to provide, record and analyze knowledge and information about illnesses, health topics and drugs as well as other health-related products.

It is generally possible to use the websites without providing personal data. However, user data may be collected during the visit. For more information about this data processing, see the “Cookies” section. Insofar as personal data (such as name or email address when requesting a contact) is collected on our pages, this is only done on the basis of your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. This data will not be passed on to third parties without your express consent.

If you are a customer of our free or paid services, we process personal data (name, email address, possibly also from employees). We process this data to implement the contractual relationship, Art. 6 para. 1 sentence 1 lit. b GDPR. In addition, it may be necessary to process further employee data who are not our direct contractual partners. In this case, we base data processing on our legitimate interest, Art. 6 para. 1 sentence 1 lit. f GDPR.

Transfer of data to third parties

XO Life generally does not transfer any personal data to third parties. Your personal data can only be transferred to third parties in the following cases:

1. If you provide us with information about the side effects of medications you have experienced, we will only forward this data in pseudonymized form to drug manufacturers. In such a case, personal data about you will not be transferred to pharmaceutical manufacturers.
Only if, at your request, a medical contact person is to be involved, will your full name and date of birth be transmitted to them for identification purposes. This involvement of a medical contact person only takes place with your consent. You can withdraw this consent at any time. The legal basis for this is Art. 6 (1) (a) GDPR.
‍
‍2. XO Life transmits your personal data to cloud service providers whose services are necessary for the website to function. The legal basis for this is Art. 6 (1) (f) GDPR.
‍
‍3. In addition, your personal data may be transferred in other cases. You can find more information about this under “External Service Providers” below.

Cookies

We use so-called cookies to tailor the design to your needs. Cookies are small files that are stored on your device using your Internet browser and help make our websites more attractive to you. Cookies are also used to generate so-called dynamic content on our websites that may be of interest to you; also to generate statistics on the number of visitors to our websites and to determine when such actions were carried out. The processing of this data is based either on our legitimate interest, Art. 6 para. 1 sentence 1 lit. f GDPR or on your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. We may also use cookies to determine the popularity of certain content on our websites. You can find more information about this data processing in the following sections. Most Internet browsers contain instructions on how to prevent cookies from being saved on your device, for example as part of the help function of an Internet browser. If you prevent the use of cookies, some parts of our websites may not work.

We do not combine information generated from cookies with other personal data without your consent, nor do we use cookies to collect or store health-related information about you. We do not transfer information generated from cookies to third parties.

Types of cookies used

There are the following three types of cookies:

Necessary cookies:
‍These cookies are necessary for the operation of the site and to fulfill our contractual obligations. This includes, for example, stability testing and monitoring by the Sentry service.
‍
‍Statistics cookies:
‍In order to further improve our offering and our websites, we collect anonymized data for statistics and analyses. With the help of these cookies, we can, for example, determine the number of visitors and the effect of certain pages on our website. This includes, for example, Google Analytics cookies.
‍
‍Convenience cookies:
‍We use these cookies to make it easier for you to use the site. This includes, for example, the features offered by Hubspot, such as registration and email newsletters.

External service providers

We use the following external service providers, which have different functions.

Google Analytics:
‍This website uses Google Analytics, a web analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google Analytics uses so-called “cookies.” These are text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

However, if IP anonymization is activated on these websites, Google will abbreviate your IP address beforehand within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. The data sent by us and linked to cookies, user identifiers (e.g. user ID) or advertising IDs is automatically deleted after 14 months. Google Analytics is only used with your consent. You can withdraw your consent at any time. The legal basis for the use of Google Analytics is Art. 6 (1) sentence 1 lit. a GDPR.

You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by using the link available at the following link Download and install the browser plug-in.

You can find more information about how Google Analytics handles user data in the Google's privacy policy. We have concluded an order processing agreement with Google and fully implement the strict requirements of the European data protection authorities when using Google Analytics.
‍
‍HubSpot:
‍We use HubSpot for our online marketing activities. This is an integrated software solution with which we cover various aspects of our online marketing.

These include:
- Reporting (e.g. traffic sources, accesses, etc....)
- Contact management (e.g. user segmentation & CRM)

Our registration service allows visitors to our website to learn more about our company, download content, and provide their contact information and other demographic information. This information and the content of our website are stored on servers of our software partner HubSpot. They can be used by us to get in touch with visitors to our website and to determine which services offered by our company are of interest to them. Hubspot is only used with your consent. You can withdraw your consent at any time. The legal basis for the use of Hubspot is Art. 6 (1) sentence 1 lit. a GDPR. All information we collect is subject to this privacy policy. We use all information collected exclusively to optimize our marketing measures. HubSpot is a software company from the USA with a branch in Ireland (contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, telephone: +353 1 5187500). HubSpot is subject to the TRUSTe's Privacy Seal and the “U.S. — Swiss Safe Harbor” framework.
- More information about the HubSpot's Privacy Policy
- You can find more information about the cookies used by HubSpot here & here

‍If you generally do not want Hubspot to collect data, you can prevent the storage of cookies at any time by changing your browser settings accordingly. We have concluded an order processing contract with HubSpot and fully implement the strict requirements of the European data protection authorities when using HubSpot.
‍
‍Stability testing and monitoring by the Sentry service:
‍To improve the technical stability of our service by monitoring system stability and identifying code errors, we use the Sentry service. Sentry serves these goals alone and does not evaluate any data for advertising purposes. Usage data such as metadata (device ID, device data, IP address) is used as processing data. With Sentry, information about the device or time of error is collected anonymously, not used personally and then immediately deleted. In addition, the ID address is hidden (so-called “IP masking”). Sentry is a software company from the USA (contact: Functional Software Inc., Sentry, 132 Hawthorne Street, San Francisco, California 94107, USA).

Information about Sentry's guarantees for data transfers to third countries can be found in Sentry's privacy policy: https://sentry.io/privacy/

Matomo for web analysis:
‍In our web services, we use the “Matomo” service (www.matomo.org) from InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. The software places a cookie (a text file) on your computer, which can recognize your browser. When sub-pages of our websites are accessed, the following data is stored:
- The user's IP address, abbreviated by the last two bytes (i.e. anonymized),
- the subpage accessed and time of the call,
- the page from which the user accessed our websites (referrer),
- which browser is used with which plugins, which operating system and which screen resolution,
- the time spent on the website, and
- the pages that are accessed from the accessed subpage.

The data collected with Matomo is stored on our own servers. It will not be passed on to third parties. Matomo is only used with your consent. You can withdraw your consent at any time. The legal basis for the use of Matomo is Art. 6 (1) sentence 1 lit. a GDPR.
‍

contact form:
‍If you send us inquiries via the contact form, your details from the enquiry form, including the contact details you provide, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. We will not share this data without your consent.

Publisher account login:
‍If you use the contact form to send us information and content to register for a publisher account on the platform, your details and content from the form, including the contact details you provide, will be stored by us to process the registration and in case of follow-up questions. We will not share this data without your consent.

We process and store the personal data provided upon registration exclusively to enable you to access and use the publisher account. The legal basis for processing your personal data is Art. 6 para. 1 lit. b) GDPR.

User account registration:
‍The use of some websites (or individual parts of them) may require the creation of a user account through prior registration. For example, this is the case when you visit websites whose content is only accessible to registered users. When registering, you must provide, among other things, your name, email address, address, company or organization, descriptions, login details and, if applicable, your approval or similar authentication.

We process and store the personal data provided during registration exclusively to enable you to access and use the website. The legal basis for processing your personal data is Article 6 (1) (b) GDPR.

Rights as a user

In accordance with the GDPR, we draw your attention to the following rights with regard to the processing of your data:

Information
‍You have the right to access your data, receive information about your data, and correct it. In accordance with your right to information, you can receive full information from us at any time about what data we have stored about you, where it comes from, to whom this data is passed on and for what purpose it was stored. You also have the right to request the correction, blocking and/or deletion of your data in accordance with legal provisions. Please let us know any requests for information or withdrawals of consent at info@xo-life.com, info@medwatcher.io or info@impactmonitor.io.
‍
‍Correction, deletion or restriction of processing:
‍If you would like to change or delete your data, please contact the specified contact address or email. All personal data you have provided will be deleted by you upon request, provided that there are no legal storage obligations to the contrary.
‍
‍Transferability of data:
‍You can request the relevant personal data that you have provided to us in a structured, common and machine-readable format and have this data transmitted to another person responsible without hindrance from us; you may also have the right to request that we transfer the personal data directly to another person responsible, insofar as this is technically feasible.

Refusal and withdrawal of consent:
‍You have the right to refuse consent or — without affecting the lawfulness of the data processing carried out before the withdrawal — to withdraw your consent to the processing of your personal data at any time.
‍

Automated decisions:
‍You have the right to object to a decision based on automated processing, including profiling, if that decision has legal effect on you or similarly affects you.

Objection to processing:
‍For reasons that may arise from your particular situation, you have the right to object to the processing of your data.

Right to lodge a complaint:
‍You have the right to communicate with the responsible data protection supervisory authority and, if necessary, to complain to them.

Storage period

We only store personal data for as long as they are necessary to achieve the purposes for which this data was collected or, if there are additional legal retention periods (e.g. in the Commercial Code and in the Tax Code), for the duration of the legally required storage period. We will then delete your personal data. Only in exceptional cases can your data be stored beyond that. For example, when the data is necessary to enforce and defend legal claims in favour of XO Life. As described above under “Rights as a user”, you have the option to request the complete deletion of your personal data at any time.

Data security

In order to offer you a particularly high level of data security, XO Life has implemented technical and organizational measures to protect your personal data when transferred and acquired by third parties. These measures are checked and updated at regular intervals. In addition, your personal data is hosted exclusively on German servers. However, we would like to point out that absolute data security cannot be achieved on the Internet, even with extensive technical measures.

Amendment to the privacy policy

XO Life reserves the right to make changes to the privacy policy at any time with effect for the future. When such an update is made, the date of the last change set out below will also be updated. Any changes made to our privacy policy will always be available here, so users of XO Life are always aware of the information we collect and how we may use and share that information. We therefore recommend that you regularly check the latest privacy policy.

Last updated: April 2024