Privacy Policy

Thank you for using our app. The protection of your personal data is important to us and we want you to feel safe when using our app.

1. General Information

(1) DocToRead provides an app that allows users to upload data from their medical reports to the app. In the app, the medical report data is translated in live time into a language that is generally understandable for the user. The app processes the medical report data and simplifies the medical language entered into a generally understandable language so that the user understands the content of the medical report. DocToRead expressly does not provide any medical services itself, does not make any diagnoses and does not make any treatment suggestions. The app merely provides a summary in understandable language based on the medical findings data. DocToRead therefore does not require any personal data to provide the service.

(2) Before providing your findings data in the app, please be sure to black out all personal data that could allow conclusions to be drawn about you, your doctor or the issuing organisation. This includes, for example, data such as your name, the name and address and other data of your doctor or the institution that issued the report, as well as your other personal data such as date of birth, postal address, telephone number, etc., if applicable.

Make sure that only the medical content of the report is actually uploaded to the app. If you upload your findings using a photo, take a photo of the findings without the letterhead and signature, for example. If you scan the findings as a file, you can do this in the same way or black out the pdf afterwards in places where your personal data or that of your doctor is shown.

(3) The use of the DocToRead app is voluntary for you. As the user, you alone decide whether and which of your medical findings data you make available in the app. In order to process your diagnostic data, we will obtain your consent for the processing of health data as part of the registration process in the DocToRead app, Art. 6 para. 1 sentence 1 lit. a, Art. 9 para. 2 lit. a GDPR. Click here to view the current version of your consent.

2. Information on the Collection of Personal Data

(1) In the following, we inform you about the collection of personal data when using our app. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behaviour.

(2) The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is
DocToRead GmbH
Business park
Grünewald 9
58540 Meinerzhagen, Germany

You can contact our data protection officer at info@DocToRead.com or by post via
entplexit GmbH
Oliver Greiner
Cologne Street 12
65760 Eschborn

(3) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes.

3. Your Rights as a Data Subject

(1) You have the following rights vis-à-vis us with regard to your personal data:

You have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;

You have the right to demand the immediate correction of incorrect or incomplete personal data stored by us;

You have the right to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

You have the right to request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you oppose its erasure and we no longer need the data, but you require it for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Art. 21 GDPR;

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller;

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. In particular, you can object to the processing of your personal data for the purposes of advertising and data analysis as well as the associated profiling. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing.

You have the right to withdraw your consent from us at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

However, this means that we may no longer continue the data processing that was based on this consent in the future.

(2) Please direct any enquiries regarding your rights as a data subject to the contact details listed under 2.

(3) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The following data protection supervisory authority is responsible for us: The Commissioner for Data Protection and Freedom of Information: https://www.ldi.nrw.de/.

4. Installation of the App

The DocToRead app is available via distribution platforms operated by third parties, so-called app stores such as Google Play or Apple App Store. Your download may require prior registration with the respective app store and installation of the app store software. DocToRead GmbH has no influence on the collection, processing and use of personal data in connection with your registration and the provision of downloads in the respective app store and app store software. In this respect, the responsible body is solely the operator of the respective app store. If necessary, please contact the respective app store provider directly.

5. Use of the App

After registering your account, you must first set a four-digit PIN of your choice to use our app and repeat it in a validation step. Please do not select any trivial number combinations as your PIN. You will be asked to enter this PIN the next time you access the app. Alternatively, you can activate a biometric access method (Face ID, Touch ID).

6. Collection of Personal Data and Purposes of Data Processing

(1) Provision of our app

If you wish to register in our app, we collect the following data, which is technically necessary for us to display our app to you and to ensure stability and security:
– Name of the user
– E-mail address of the user
– Device language
– Installed version of the app
– photos
– Current timestamp

The processing is carried out for the fulfilment of the user contract with you, Art. 6 para. 1 sentence 1 lit. b GDPR, as well as on the basis of your consent, Art. 6 para. 1 sentence 1 lit. a GDPR.
In addition, the processing of the aforementioned data serves the purpose of ensuring system security and stability. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interests in data processing lie in ensuring the proper functioning of our app.

If your device technically supports biometric login, it is classified as secure and you have activated this function on your device, you will be offered the opportunity to use the feature to log in to the app. Consent is voluntary. You can decline this offer or revoke your consent at any time via the settings with effect for the future.

The DocToRead app uses the operating system’s own mechanisms to check the biometric features. The app does not receive any biometric features, only the result.

For devices with an Android operating system, the Google Play Integrity service is used to regularly check the required security level of the function of the device used.
Security note: Do not use biometric functions if you share your device with other users.

We process the aforementioned data for the following purposes:

This information is temporarily stored in a log file. The aforementioned information is collected without any action on your part and stored until it is automatically deleted.

(2) Registration in our app

You must register in order to use our app. We use your details to protect your identity, to provide you with your account and to translate your findings for you. To do this, we collect your master and contact data, in particular your name, your email address, your PIN access or Face ID and the language of the findings data.

This data is required to provide you with access to the service available via the app and to fulfil our obligations under the underlying agreement, Art. 6 para. 1 sentence 1 lit. b GDPR.

If you provide us with health data in medical reports, the processing is carried out on the basis of your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a, Art. 9 para. 2 lit. a GDPR.

(3) Collection of data for the translation of findings

In our app, we offer users the option of submitting a medical report for translation into an easily understandable language. The findings are uploaded to the app, translated and saved in the “History” section. Your data will not be passed on to third parties; in particular, your data will only be stored on your end device and will not be transferred to a cloud or server.

Processing of the data is necessary to create the translation of the findings and to fulfil our service to you.

In this respect, the collection and processing of your findings data is based on your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a, Art. 9 para. 2 lit. a GDPR. However, please ensure that when uploading the findings data, none of your personal data or your doctor’s data or, in particular, no health data are provided that allow conclusions to be drawn about your person. If no health data is provided, we process your data in order to be able to fulfil our service of translating the findings for you and thus the concluded user contract, Art. 6 para. 1 sentence 1 lit. b GDPR.

(4) Making contact

When you contact us (e.g. by email or by using the contact form), the information you provide will be processed for the purpose of handling your enquiry and in the event that follow-up questions arise. The contact form is an additional service provided by us and serves our legitimate interests in enabling you to contact us quickly and easily (see Art. 6 para. 1 sentence 1 lit. f GDPR).

The personal data collected by us in this context will be erased once the matter associated with the contact has been fully clarified and it is not to be expected that the specific contact will be relevant again in the future, unless statutory retention obligations prevent this.

(5) Integration of Meta Pixel

Our site provides for the use of Meta Pixel tracking code; this can be selected via the cookie query and is used to analyse user data for the targeted further development of our app. More about Meta Pixel at: https://www.facebook.com/business/help/742478679120153?id=1205376682832142

7. Tracking, use of Google Analytics

This website uses functions of the web analysis service Google Analytics. If you have given your consent, Google Analytics 4 is used on this website. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user’s end device. It is not assigned to a user ID.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the recorded data records and uses machine learning technologies for data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there. The purpose of the processing is for Google to use this information on behalf of the website operator to analyse your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, which you have given via the cookie banner. You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. You can also prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/. The company is certified in accordance with the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

IP anonymisation

Google Analytics IP anonymisation is activated. As a result, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Other recipients of the data may be
– Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
– Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities may access the data stored by Google. The data sent by us and linked to cookies is automatically deleted after 2 months. Data that has reached the end of its retention period is automatically deleted once a month.

Revocation of consent
You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by

You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

Google signals
We use Google signals. This allows Google Analytics to collect additional information about users who have activated personalised ads and ads can be delivered to these users in cross-device remarketing campaigns. The Google Signals function recognises individual users across different devices (so-called corss device tracking). When you visit our website, Google Analytics records your location, search history and YouTube history as well as demographic data (visitor data), among other things. This data can be used for personalised advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalised advertising messages. The data is also used to compile anonymised statistics on the user behaviour of our users.

The function is only active if you

If you do not wish to use this function, you must deactivate the ‘personalised advertising’ function in your Google account.

Order processing
We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics e-commerce measurement
This website uses the ‘e-commerce measurement’ function of Google Analytics. With the help of e-commerce measurement, the website operator can analyse the purchasing behaviour of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarised by Google under a transaction ID that is assigned to the respective user or their device. (The Google Analytics data protection information has been created using text passages from eRecht24).

8. Legal Basis for Data Processing

When you use our app, we process your data on the legal basis specified in each case.

Insofar as we have obtained consent for the processing of your personal data, Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis for data processing.

Among other things, you provide us with your data as part of your user contract when you register in our app. The legal basis for this is our contractual relationship with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. You are not obliged to provide us with your personal data. However, if you decide not to provide us with your data or only to provide us with part of it, you will not be able to use the functions of our app or will only be able to use them in part.

The legal basis for data processing is also Art. 6 para. 1 sentence 1 lit. f GDPR if the processing of your personal data is necessary to safeguard a legitimate interest of ours or a third party and your interests, fundamental rights and freedoms do not require the protection of personal data.

9. Authorisations for Functions of your Operating System

In order to use special service functions of the app, it is necessary for you to grant access to certain operating system functions. You will be asked to grant the corresponding access authorisation once at the beginning or only when using the respective function. In the vast majority of cases, however, authorisation is not required to operate the app.

Access to your system camera is required to upload a document. Access to your device memory is also required if you want to send photos or PDF files that have already been saved.

10. Data Deletion and Storage Duration

When you actively use the app, your data will be stored until you delete the device registration and uninstall the app.

You can delete your data that is collected and stored in connection with the app by deleting the device registration and uninstalling the app from your device. Please note that we cannot completely delete your data if you only uninstall the app from your device. We do not receive any information about the deletion of the app from the respective operating system.

When the device registration is removed, we delete all data that was collected for this purpose. The data collected during device registration is deleted when the app is reinstalled and replaced by the newer data.

Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject.

11. Possibility of Objection and Removal

As a user, you have the option of cancelling your registration at any time. You can change the data stored about you at any time. Further information on cancellation can be found in our terms of use.

12. Recipients or Categories of Recipients of the Data

(1) As part of our activities and services, it may be necessary for us to disclose the personal data stored about you to natural persons, legal entities or other bodies. Where applicable, we conclude order processing contracts with our service providers to ensure that they may only process your personal data in a manner that we have explicitly instructed them to do so.

Furthermore, we ensure that they have taken the necessary technical and organisational measures to process your data securely and only store your personal data for as long as is really necessary. External service providers who may receive personal data generally fall into the following categories of recipients

– IT service providers and cloud providers to maintain our IT infrastructure, to manage files or service providers to optimise the online offering

– debt collection service providers and lawyers in order to collect receivables and enforce claims in court. If personal data (customer and contact data, payment and consumer data and data relating to the claim) is transferred to a debt collection service provider in the event of debt collection, we will inform you in advance of the intended transfer.

(2) If data is processed in countries outside the EU, we will ensure that your personal data is processed in accordance with the European level of data protection. If there is no decision by the EU Commission, we only transfer data to service providers from third countries that offer suitable guarantees in accordance with Art. 46 GDPR (usually EU standard contractual clauses). In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the respective country.

(3) Translation and summarisation of findings by OpenAI (OpenAI Ireland, Ltd.)
To fulfil our service of translating and summarising findings, our app works with the artificial intelligence of OpenAI. The diagnostic data you upload to the app is translated live by OpenAI into an understandable language. OpenAI uses the pure diagnostic information for this. The translations of the findings are not stored on OpenAI’s European servers.

They are only processed there for the duration of the translation of the findings. OpenAI does not carry out any evaluation, assessment, interpretation, analysis, diagnosis or therapy. OpenAI merely aggregates the information from the findings text and outputs the language in other, simpler words. This machine output can only serve as information and advice for you as a user. You can never replace a visit to the doctor or a form of therapy suggested to you based on the translation of the findings by OpenAI. Please consult your doctor or another healthcare facility for further treatment of any illnesses or diagnoses. Our translation of findings can serve as a communication aid, but should never alter or replace the medical findings in any way.

The processing of your data using OpenAI is secured by our contractual relationship with OpenAI in that we have concluded an order processing agreement with OpenAI as well as usage agreements that also cover the use of OpenAI’s API, which means that all data processed by you in our business area is also protected.

It cannot be ruled out that US authorities may access the data stored by OpenAI.
Further information can be found directly on the OpenAI websites:
OpenAI Business Terms for Azure OpenAI GPT -4- Turbo and APIs: https://openai.com/policies/business-terms
Enterprise Privacy at OpenAI: https://openai.com/enterprise-privacy

13. Special Information for Parents

The app is not intended for children in accordance with applicable laws, and we do not knowingly collect personal data from minors. However, we are committed to complying with the provisions of the law where they require the authorisation of a parent or guardian for the collection, use or disclosure of the personal data of minors. We are committed to protecting the privacy of minors and encourage parents and guardians to be involved in their child’s activities and interests on the Internet.

If parents or legal guardians become aware that their minor child has provided us with personal data without their consent, we would ask them to contact us immediately using the contact details provided under point 2. If we learn that a minor has provided us with personal data, we will delete it from our records. The use of our app is only permitted from the age of 18.

14. Changes to the Privacy Policy

We may need to update or amend the Privacy Policy from time to time. If the changes are significant, we will inform you in an appropriate manner and ask you to take note of the changes made. The latest version of the privacy policy is always available in the app.

Change cookie settings