data protection

Data protection declaration of DoctorBox Service GmbH

Effective Date: 11/03/2022

This privacy statement was last updated on November 3, 2022 .

1. Introduction

Thank you for your interest in DoctorBox Service GmbH's privacy policy. DoctorBox Service GmbH respects your privacy and protects your personal data. Read here how DoctorBox Service GmbH uses your personal data when you visit our website or are in contact with us - for example by registering for our newsletter, by using our products and services or by participating in a competition.

You can also find out here what data protection rights you have and what protection the law provides for you.

2. About DoctorBox Service GmbH

DoctorBox Service GmbH (“ DB Service ” or “ we ”) sells home tests for self-use via the website shop.doctorbox.de (“ website ”) and arranges the evaluation of the samples through the connection of partner laboratories. After laboratory evaluation, the test results are provided via the DoctorBox App from DoctorBox GmbH .

It is therefore necessary that you install the DoctorBox app on your mobile device and register (creating a user account). Results can only be called up in the DoctorBox app. You need the PIN and barcode contained in the home test.
The separate data protection declaration of DoctorBox GmbH applies to the use of the DoctorBox app. You can find them here .

You can see the exact flow of data among the actors involved in home testing in Chapter 4.5.2.

DoctorBox Service GmbH is responsible for the processing of your personal data within the meaning of Art. 4 No. 7 of the EU General Data Protection Regulation 2016/679 (" GDPR ") in the context of the sale of home tests for self-use and the operation of the website and as such, your direct contact for questions related to data protection. How to reach us:

Postal: DoctorBox Service GmbH, Lietzenburger Straße 107, 10707 Berlin
By phone: 030-54453898
By email: heimtests@doctorbox.eu
Data Protection Officer: info@dsbplus.de

Collection of Personal Information

3.1 What is personal data?

Personal data is any information about an individual from which that individual can be identified. This does not include data where the identity has been removed (anonymous data).

We collect various personal information about our customers and visitors to the DoctorBox Service GmbH web shop:

  • Identity data such as title, gender, first name, maiden name, last name, date of birth, username or similar and your login/password.
    If you interact with us via social media, this may include your social media username
  • Contact information such as billing address, shipping address, email address and phone numbers
  • Financial data such as payment card and debit/bank account details
  • Transaction Data such as information about payments to or from you and other details of products and services you have purchased from us
  • Profile Data such as your username and password, your purchases or orders, your interests, preferences, feedback and survey responses, and any Profile Data we add (e.g. through analytics and profiling)
  • Technical data such as internet protocol (IP) address, your login details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website use
  • Usage Data , which includes information about how you use our website, products and services
  • Tracking Data , which includes information that we or others collect using cookies and similar tracking technologies, such as web beacons, pixels, and mobile identifiers
  • Marketing and Communications Data , such as your preferences in receiving direct marketing from us and third parties associated with us and your communication preferences.

We deliberately do not collect any sensitive personal data from you. Sensitive personal data is data related to racial or ethnic origin, political opinions, religious or philosophical beliefs, health or medical condition, criminal background or trade union membership. If this should be necessary in individual cases, we will ensure that we receive your express consent to this processing beforehand and that we treat this information securely.

Please note that if you choose not to provide us with personally identifiable information or opt out of certain contact permissions, we may not be able to provide you with the products and services you have requested.

3.2 How do we collect personal information?

There are many different ways we may receive data from you:

Directly from you (online and offline): You may provide us with data when you fill out forms or correspond with us by post, telephone, email, chat or social media. This includes data that you provide to us in the following cases:

  • You register to receive our newsletter.
  • You have a question for us or request information from us.
  • You order our home tests.
  • You ask for direct marketing to be sent to you.
  • They communicate with us via social media.
  • You enter a sweepstakes, promotion or survey.
  • You contact customer service.
  • You provide comments or reviews about our products or services.
  • You fill out our contact form.

Automatic data : When you interact with us, including through the DoctorBox Service GmbH website, we may automatically collect data about your technical equipment, your search and your search pattern. We may also collect information when you click on one of our ads (including on third party websites or via social media).

Third party data:

  • Service providers that enable our e-commerce activities, including e-commerce platforms, payment services and anti-fraud services
  • Analytics providers, advertising networks and search information providers, business partners, vicarious agents and claims adjusters

Third parties who are legally entitled to do so or who share personal data with us with your consent, e.g. B. via social media or rating sites

3.3 Explanation of the legal bases for the use of personal data

We only use your personal data when permitted by law ( based on Art. 6 Para. 1 GDPR ) and usually use it in the following cases:

  • if we need to perform the contract that we are about to enter into or have entered into with you (Art. 6(1) lit. b GDPR). For example, if you buy our products, that is a contract between you and us under which we will supply the products to you.
  • if it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (Art. 6(1) lit. f GDPR). An example of this is fraud monitoring as part of the payment process or the security of our website.
  • if we have to comply with a statutory or legal obligation (Art. 6(1) lit. c GDPR). This includes, for example, keeping records of our sales for tax compliance.
  • If you have previously given us your express consent to processing (Art. 6(1) lit. a GDPR). This may be the case for user tracking or the display of behavioral advertising. You can revoke the consent you have given at any time.

3.4 How and why do we use personal data?

The table below gives you an overview of how we use personal data, what types of personal data this applies to and what the legal basis for each is.

When explaining legal basis, we will refer to the appropriate category from “Explanation of legal basis for use of personal data” above (4.3). If we are using the data based on a legitimate interest, we will explain what that legitimate interest is.

How we use personal data

What types of personal data we use to do this

legal basis

To register you as a new customer

identity, contact

Fulfillment of a contract concluded with you or the initiation of a contract

To administer a potential sale to you

identity, contact

Finance, Transactions, Marketing and Communication

Necessary for our legitimate interests (including to be able to process our customers’ purchases of products)

To process and deliver your order, including administering payments and claims management

identity, contact

Finance, Transactions, Marketing and Communication

Performance of a contract we have with you

Necessary for our legitimate interests (including claims management)

To manage our relationship with you, including notifying you of changes to our terms of service or privacy policy

Identity, Contact, Profile, Marketing and Communication

Performance of a contract we have with you

Required to comply with a legal obligation

Necessary for our legitimate interests (to update our records)

To ask you to leave a review or take a survey

Identity, Contact, Profile, Marketing and Communication

Necessary for our legitimate interests (to study how customers use our products/services)

To enable you to enter a sweepstakes or sweepstakes

Identity, Contact, Profile, Use, Marketing and Communications

Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

To provide you with direct marketing

Identity, Contact, Profile, Usage, Marketing and Communications, Technical, Tracking

your consent

Administering and protecting our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

Identity, Contact, Engineering, Tracking

Necessary for our legitimate interests (running our business, providing administrative and IT services, network security to prevent fraud)

Required to comply with a legal obligation

To provide you with relevant website content and to learn and measure how effective the content on our website is

Identity, Contact, Profile, Use, Marketing and Communication, Technology

tracking

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, grow our business and use this information in our marketing strategy)

your consent

To provide you with relevant advertising and to learn and measure the effectiveness of the advertising we show you

Identity, Contact, Profile, Use, Marketing and Communication, Technology

tracking

your consent

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

technology, use

Necessary for our legitimate interests (to define types of customers for our products/services, to keep our website updated and relevant, to grow our business and to use this information in our product and marketing strategy)

To provide you with suggestions and recommendations about products/services that may be of interest to you

Identity, Contact, Technology, Use, Profile

Necessary for our legitimate interests (to develop our products/services and grow our business)

your consent

To prevent and detect illegal activities

Identity, Contact, Financial, Transaction, Technical, Tracking

Necessary for our legitimate interests (to protect our business and our customers by monitoring fraud and suspicious transactions)

Necessary to comply with a legal obligation to share personal data for law enforcement purposes

To administer our business and keep proper accounts

All relevant data categories

Required to comply with a legal obligation

Necessary for our legitimate interests (to administer our business and keep proper accounts)

To resolve legal disputes involving you or us

All relevant categories of data, depending on the nature of the claim or claim

Necessary for our legitimate interests (to bring or dismiss a claim, whether in court or out of court, to protect or enforce our rights, your rights or the rights of others)

3.5 With whom do we share the data?

3.5.1 Foreword

The contract data will only be passed on to our service providers, which we use to fulfill the contract, in particular technical operators of the website platform we use (Shopify), the payment service provider selected by you (e.g. PayPal) and shipping companies and, if necessary, to debt collection companies, and only in the scope that is necessary to fulfill the contract with you or if we have concluded an order processing agreement with the respective service provider within the meaning of Art. 28 DSGVO.

We require our service providers to ensure the security of your personal data and to process it in accordance with the law. We do not allow our third party service providers to use your personal information for their own purposes. We only allow them to process your personal data for specific purposes and in accordance with our instructions.

If we are legally obliged, we may also pass on personal data to authorities and courts or other third parties.

3.5.2 The data flows of home testing

  • Provision of the order data for shipping service providers

If you make a purchase in our online shop, we collect your name, email address, delivery and billing addresses, payment details and other data related to the purchase (e.g. telephone number, amount of sales made, etc.). .E.). To fulfill the contract, we share your address and contact details with our shipping service providers.

  • Follow-up of home tests and submitted samples

In order to be able to trace the receipt of the ordered test kit at your place or at the laboratory, we can also call up the delivery status of your test kit via a tracking number from the shipping company.

  • Creation of a user account and registration of the test ID in the DoctorBox App (DoctorBox GmbH)

By creating a user account in the DoctorBox App, DoctorBox GmbH receives your personal data. You can find the link to the data protection declaration here .

By registering the enclosed test ID in the DoctorBox app, demographic data (age range and gender) is queried and made available to the laboratory via end-to-end encryption under your test ID, as this may be relevant for the evaluation of the home test.

  • Analysis and evaluation by partner laboratories

The partner laboratory receives the sample sent from you, which is provided with a test ID. By registering the customer's test ID, the partner laboratory may receive demographic data (age range and gender) to better contextualize the result.

However, the laboratory does not receive any personal data from you - you are only recorded as a test ID in the laboratory system. The barcode only contains your personal data in a strictly pseudonymised form. The pseudonymization of the test is also guaranteed in connection with a test name. The test result is stored behind the test ID.

The partner laboratory will not collect any further personal data from you.

  • Transmission via DoctorBox (DoctorBox GmbH) infrastructure to you

After the analysis, the partner laboratory will assign the test result to the barcode and make it available to you immediately via the DoctorBox app interface. For this it is necessary that the data is sent via the IT infrastructure of DoctorBox GmbH. For security reasons, the retrieval takes place exclusively via the DoctorBox GmbH app with the help of the PIN supplied with the home test.

    1. advertising and direct marketing

    Advertising for Doctorbox Service GmbH can be shown to you in a variety of ways, even without using your personal data. Sometimes we buy physical ad space or place ads on websites and social media. If you see advertisements from Doctorbox Service GmbH on websites and in social media, these are not necessarily aimed specifically at you. It could also be that we just bought this advertising space. We may also use "lookalike" products from a search engine or social media platform that are not directed to you and that you can control through the privacy settings of a search engine or social media platform.

    We may use your Identity, Contact, Technical, Tracking, Usage and Profile Data to get an idea of ​​what we think you want, need or may be interested in. This is how we decide which products, services and offers may be relevant to you and let you know about them. We may conduct direct marketing via email, telephone, SMS and postal mail.

    On our website we clearly indicate which direct marketing preferences you can choose. You can agree to receive our newsletter or do so as part of creating a DoctorBox health account. We may also provide our customers with relevant direct marketing about our own products and services unless they have opted out during the purchasing process or later. We can also give you a small hint as part of the order processing if you have placed products in the shopping cart without going to the checkout.

    You can unsubscribe from direct marketing at any time. The easiest way is to use the unsubscribe link at the end of the message or send an email to heimtests@doctorbox.eu.

    We will obtain your explicit consent before we share your personal data with companies outside of DoctorBox Service GmbH for direct marketing purposes.

    We also work with partners to improve the reach of our ads using analytics and retargeting. We use Tracking Data to provide relevant online advertising, including on websites and social media.

    Tracking data, particularly cookies, help us deliver website advertising and social advertising that is most relevant to you and to potential new DoctorBox Service GmbH customers. The cookies used for this purpose are often placed on our website by specialized companies. This is also the reason why you may be shown content from our website again after your visit to the DoctorBox Service GmbH website. This is known as retargeting or remarketing.

    Cookies can let us know if you have seen a particular advert and how long it has been since you saw it. This is useful because it allows us to monitor the effectiveness of our ads and control the frequency with which they are shown. We can also use cookies to recognize whether you have opened a marketing email. After all, we don't want to send you any information that you don't read.

    For more information on tracking data, particularly cookies, see the "Cookies" section below.

    1. Cookies and Plugins

    5.1 What are cookies?

    A cookie is a small file of letters and numbers that we store in your browser. Our website uses cookies to distinguish you from other users of our website. This helps us to make our website attractive and to improve it.

    5.2 Which cookies do we use?

    Strictly Necessary Cookies : These are cookies that are required for the website to function properly. They include, for example, cookies that enable you to log in, use a shopping cart or pay securely. These cookies do not require your consent and are therefore set even if you refuse your consent.

    Vendor name

    name of the cookie

    purpose of storage

    domain

    Duration

    shopify

    _away

    Used in connection with access to the admin area.

    shop.doctorbox.de

    2 years

    shopify

    _tracking_consent

    For Shopify user consent tracking.

    shop.doctorbox.de

    1 year

    shopify

    cart_currency

    Set after a purchase is completed to ensure new carts are in the same currency as the last checkout

    shop.doctorbox.de

    2 weeks

    shopify

    cart_sig

    A hash value of the contents of a shopping cart. It is used to verify the integrity of the carriage and ensure the performance of some carriage operations.

    shop.doctorbox.de

    2 weeks

    shopify

    shopify_pay_redirect

    Used in connection with checkout.

    shop.doctorbox.de

    30 minutes, 3 weeks or 1 year depending on the value

    cookieconsent_preferences_disabled

    Used to save your cookie preferences

    shop.doctorbox.de

    cookieconsent_status

    Used to indicate that the user has consented to the use of cookies during their visit to the website. This prevents the cookie banner from being displayed again on each subsequent visit to the website. No personal data of the user is recorded with this cookie.

    shop.doctorbox.de

    shopify

    keep_alive

    Used in conjunction with buyer localization.

    shop.doctorbox.de

    2 weeks

    shopify

    Localization

    shop.doctorbox.de

    shopify

    Secure_customer_sig

    Used in connection with customer login.

    shop.doctorbox.de

    20 years

    shopify

    Storefront_digest

    Used in connection with customer login.

    shop.doctorbox.de

    2 years

    Analytics and performance cookies: These cookies allow us to count the number of visitors and what website elements they are viewing. This helps us to improve the way our website works, e.g. B. Ensuring that users can easily find what they are looking for. These cookies are only set with your express consent. You can change your choice at any time in our consent tool.

    Functional cookies: These cookies are used so that we can recognize you when you return to our website. We can use it to personalize our content for you, greet you by name and remember your preferences (e.g. your choice of language or region). And we can see if there are any products left in your cart if you've left the site without checking out. These cookies are only set with your express consent. You can change your choice at any time in our consent tool.

    Targeting cookies : These cookies record your visit to our website, the webpages you have visited and the links you have followed. We use this information to make our website relevant to your interests and for advertising and retargeting purposes. We may also share this information with third parties for this purpose. These cookies are only set with your express consent. You can change your choice at any time in our consent tool.

    You can find more information about the exact cookies we use in our consent tool . In this cookie tool you can adjust your preferences at any time.

    This is the most effective way of SEA as we are remembered in the relevant falls.

    You block cookies by opening the settings in your browser, with which you can reject all or individual cookies. If you block cookies (including essential cookies), you may no longer be able to access our website or parts of it. You can find more information about blocking cookies in the help function of your browser or on the website All About Cookies .

    Please note that two things happen when deleting the cookies:

    • We will no longer know if you have opted out of online behavioral advertising so that you see our ads on other websites.

    We will no longer be able to automatically recognize the website settings you have chosen.

    5.3 Plugins

    • We can also integrate third-party content (e.g. YouTube videos) to improve the usability of the website. In order to be able to use this content, it may be necessary for your device data (in particular your IP address) to be passed on to the provider of the respective content. This only happens if you click on the respective content. Further information on the collection of your data when using third-party content can be found here:
    • Youtube: https://policies.google.com/privacy?hl=de
    • Vimeo: https://vimeo.com/cookie_policy

    6. Data Security

    We have put in place appropriate safeguards to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal information. In addition, we limit access to personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

    We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

    7. Data Storage and Deletion

    We will only keep your personal data for as long as is necessary for the purposes for which it was collected or in accordance with legal and market standard periods, unless a further reservation is to comply with a legal obligation or to justify, exercise or defense of legal claims required or a specific period of time has been notified.

    We only keep a limited part of your personal data, which is necessary for marketing purposes, until you withdraw your consent, but in no case longer than 10 years after your last contracted service or delivery of the product.

    Our partner labs will delete your anonymized test results after the legal lab retention period has expired.

    8. Contact DoctorBox Service GmbH on the subject of data protection

    If you have any questions about this data protection declaration or would like to exercise your rights, please send an email to kontakt@doctorbox.eu or send a letter to the following address: Data Protection Officer, Doctorbox Service GmbH, Lietzenburger Straße 107, 10707 Berlin.

    If you need help with our products and services, or with this website in general, please contact us at heimtests@doctorbox.eu.

    You have the right to lodge a complaint with your local data protection authority at any time. However, we would appreciate if you contact us first with your concerns so that we can find a solution.

    9. Third Party Links

    This website may contain links to websites and offers of third parties. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy statement of each website you visit. Before you click on the respective link or offer, no data will be passed on to the third-party provider.

    10. If you do not provide personal data

    Where we need to collect personal data in order to comply with a legal requirement, or under the terms of a contract we have with you, and you fail to provide us with that data, we cannot perform the contract we have or are trying to enter into with you (e.g., to to deliver goods or services to you) may not be fulfilled. Accordingly, we may have to cancel a product or service. In this case, however, we will notify you.