Privacy Policy for "BloodPressureDB"

1. Privacy at a glance

General information

BloodPressureDB is designed to help individual patients manage diagnosed high blood pressure. To do this, BloodPressureDB lets you record blood pressure data and, optionally, other health information. The data are stored and can be retrieved; the service also creates analyses such as statistics or trend charts. By using the service and storing data, you consent to this processing. You can withdraw this consent at any time. You can also delete your user account directly in the service; this will delete all stored data. Through the service you can also retrieve all your data at any time and correct them if needed. Personal data are any information that can identify you personally. You can find detailed information on data protection in the sections below.

This privacy policy applies to the website and our apps for the different operating systems. Since the web app is part of our website, we decided to provide a single, unified privacy policy for both the website and the apps for the different operating systems. This is intended to make things easier for you.

  1. We do not collect data that are not necessary for the service or its operation (data minimization principle)
  2. It is possible to use the BloodPressureDB service pseudonymously or anonymously*
  3. No unsolicited sharing of data with third parties
  4. We only collect anonymized statistical usage data for the website and app; no profiling

* A piece of data is considered personal if we can link it to a specific person. Of course we associate your data with you that's the purpose of a user account. However, from an email address you provide and a freely chosen username we cannot directly infer your identity, so we consider that a pseudonymous account. You may use a new email address that has no other link to you. With the guest access we don't have these details and consider the use anonymous. When you contact our servers we always see your IP address; this is treated as personal data. However, we cannot determine your identity from the IP address.

We welcome any questions or feedback about data protection. 

Who is responsible for data collection on our website and in the app?

Data processing is carried out by the manufacturer. You can find their contact details in the imprint.

How do we collect your data?

Your data are collected partly because you provide them to us. For example, this can be data you enter into a form. This also includes health data that are stored and processed by BloodPressureDB. Primarily these are blood pressure data, but you can optionally record other health-related data as well.
Other data are collected automatically when you visit the website and use the app by our IT systems. For more details see the section "Server log files" in chapter 4.

Which data are collected or can be recorded in the app?

each including date and time


What do we use your data for?

Some data are collected to ensure the website and app function correctly. Other data may be used to analyze your usage behavior.

What rights do you have regarding your data?

You have the right at any time, free of charge, to obtain information about the origin, recipients and purpose of your stored personal data. You also have the right to request correction or deletion of these data. If you have given consent to data processing, you can withdraw that consent at any time for the future. You also have the right, under certain circumstances, to request restriction of the processing of your personal data. In addition, you have the right to lodge a complaint with the competent supervisory authority.

For this and other questions about data protection you can contact us at the address given in the imprint at any time.

Analytics tools and third-party tools

When you visit our website your browsing behavior may be evaluated statistically. This is mainly done with cookies and so-called analytics programs. The analysis of your browsing behavior is usually anonymous; it cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

2. Hosting

External hosting

The services are hosted by an external provider (host). The personal data collected on this website and in the app are stored on the host's servers. These may include in particular IP addresses, contact requests, meta- and communication data, contract data, contact details, names, website accesses and other data generated by a service.

The use of the host is for the purpose of fulfilling contracts with our prospective and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast and efficient delivery of our online offering by a professional provider (Art. 6(1)(f) GDPR).

Our host will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions regarding these data. Server location is Germany.

For more information, see the host's website: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/

3. General notes and mandatory information

Data protection

The operators of these pages and apps take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This privacy policy explains which data we collect and what we use them for. It also explains how and for what purpose this happens.

Please note that data transmission over the Internet (for example when communicating by email) may have security gaps. Complete protection of data against access by third parties is not possible.

Note on the controller

The controller responsible for data processing is:

klier.net International S.L., Arona, Spain

You can reach us at the email address: dsb@klier.net.

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g. names, email addresses or similar).

Data protection officer:

Horst Klier, Avenida de Chayofita 18, Arona, Spain, dsb@klier.net

Note on data transfers to the USA

Our website includes tools from companies based in the USA. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are required to disclose personal data to security authorities and you may not have legal recourse against this disclosure.

It cannot be ruled out that US authorities (e.g. intelligence services) may process, analyze and store your data hosted on US servers for surveillance purposes. We have no influence on these processing activities.

Revocation of your consent to data processing

Many processing operations are only possible with your explicit consent. You can withdraw consent you have already given at any time. A simple informal message by email is sufficient. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.

Right to object to data processing in specific cases and to direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ARTICLE 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THOSE PROVISIONS. THE RELEVANT LEGAL BASIS ON WHICH PROCESSING IS BASED IS SET OUT IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) GDPR). IF YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING WHERE IT RELATES TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ARTICLE 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of data protection violations under the GDPR, you have the right to lodge a complaint with the competent supervisory authority, in particular in the EU member state of your usual residence, place of work or the place of the alleged infringement.

For companies based in Spain, the competent supervisory authority for data protection matters is the Agencia Española de Protección de Datos (AEPD). The AEPD contact details are as follows:

Agencia Española de Protección de Datos
C/ Jorge Juan, 6
28001 Madrid
Spain
Website: www.aepd.es

The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to receive the data we process automatically based on your consent or in performance of a contract, and to have those data transmitted to yourself or to a third party in a commonly used, machine-readable format. If you request direct transfer to another controller, this will only be done insofar as it is technically feasible.

SSL or TLS encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content such as form entries, orders or inquiries you send to us as site operator. You can recognize an encrypted connection by the change in the browser address line from "http://" to "https://" and by the lock symbol in your browser line.

When SSL/TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Access, deletion and correction

Within the scope of applicable law you have the right at any time to receive free information about your stored personal data, their origin and recipients and the purpose of data processing, and, if necessary, the right to have such data corrected or deleted. For this and other questions about personal data, you can contact us at the address given in the imprint at any time.

Right to restriction> der Verarbeitung

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing applies in the following cases:

If you have restricted the processing of your personal data, those data aside from being stored may only be processed with your consent, or for the establishment, exercise or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

Objection to promotional emails

The use of contact details published in the context of imprint obligations for sending unsolicited advertising and information material is hereby objected to. The site operators expressly reserve the right to take legal action in the event of unsolicited advertising, for example by spam emails.

4. Data collection on our website and in the apps

Cookies

Our websites use socalled "cookies". Cookies are small text files and do not harm your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently. Session cookies are deleted automatically after your visit ends. Permanent cookies remain on your device until you delete them yourself or your web browser removes them automatically.

In some cases, cookies from thirdparty companies may also be stored on your device when you visit our site (thirdparty cookies). These allow us or you to use certain services of the third party (e.g. cookies for processing payment services).

Cookies serve different functions. Many cookies are technically necessary because certain website functions would not work without them (for example, the shopping cart function or video playback). Other cookies are used to analyze user behavior or to display advertising.

Cookies that are necessary for carrying out electronic communication (necessary cookies), or for providing certain functions you request (functional cookies, e.g. for the shopping cart), or for optimizing the website (e.g. cookies to measure web traffic) are stored based on Article 6(1)(f) GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing cookies to provide its services in a technically errorfree and optimized way. If consent to store cookies has been requested, the storage of the respective cookies is based solely on that consent (Article 6(1)(a) GDPR); consent can be withdrawn at any time.

You can set your browser so that you are informed about the setting of cookies and allow cookies only on a casebycase basis, block the acceptance of cookies for certain cases or in general, and enable automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

If thirdparty cookies or cookies for analysis purposes are used, we will inform you separately about this in the context of this privacy policy and, if necessary, request consent.

Server log files

The provider of the websites automatically collects and stores information in socalled server log files that your browser or our app automatically transmits to us. These are:

These data are not merged with other data sources.

The basis for data processing is Article 6(1)(b) GDPR, which allows processing of data for the performance of a contract or precontractual measures. In addition, the collection of these data is carried out on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in the technically errorfree presentation and optimization of its website this also requires the collection of server log files.

Technical log files

Our app creates technical log files when used, which can be transmitted to us either automatically in the background or manually by users. These data are not merged with other data sources.
Which data are collected?

For what purposes do we process these data?
Legal basis
Processing is based on Article 6(1)(f) GDPR (legitimate interest). Our legitimate interest is to provide a technically errorfree, stable and secure app and to ensure compatibility with future devices, operating system versions and BLE peripherals. In weighing interests, we have taken into account that only the information necessary for these purposes is collected and processed.

Requests by email and telephone

If you contact us by email or telephone, your details including any contact information you provide will be stored by us for the purpose of processing your enquiry and in case followup questions arise. We may use thirdparty providers to process your enquiries.

The processing of these data is based on Article 6(1)(b) GDPR if your enquiry is related to the performance of a contract or is necessary for precontractual measures. In all other cases, the processing is based on our legitimate interest in effectively handling enquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), if this was obtained.

The data you provide will remain with us until you ask us to delete them, you withdraw your consent to storage, or the purpose for storing the data no longer applies (e.g. after your request has been fully handled). Mandatory statutory provisions in particular retention periods remain unaffected.

Registration on the website or app and use of the service

You can register on our website or in the app to use our service. The data entered for this purpose are used only for the purpose of using the specific offer or service for which you registered. The mandatory data requested during registration must be provided in full. Otherwise we will refuse registration. Data entered during use will be used by us only for the purpose of the service. They will not be shared or analyzed without your consent. 

The data are stored locally on the respective device in the areas provided by the respective system or browser. Online storage takes place on our own servers, which serve no purpose other than operating the service.

For important changes, such as changes to the scope of the offer, the dispatch of Infomail, individual user notices (e.g. reminders for irregular app use) or technically necessary changes, we use the email address provided during registration to inform you.

Processing of the data entered during registration and use is based on your consent (Article 6(1)(a) GDPR). You can withdraw consent at any time. A simple informal message by email to us is sufficient. The lawfulness of the data processing carried out prior to withdrawal remains unaffected. Please note that if you withdraw consent, you may no longer be able to use the app fully.

The data collected at registration and during use will be stored by us as long as you are registered with us and will then be deleted. Legal retention periods remain unaffected.

Unused accounts will be deleted after 2 years of nonuse. You will be notified by email beforehand. Unused guest accounts will be deleted after one year. Unfortunately, we are not able to contact you in that case. 

You can delete your user account including all data at any time within the app. Important note: uninstalling the app does NOT delete the account with us. We do not know on how many devices you use the app to access an account with us.
Because we perform backups of all data, it is possible for a short time to restore accounts. We do not guarantee this.


To provide a high level of service quality, the app creates logs that can be transferred to us in support cases. These are transmitted only in consultation with our support team or must be proactively sent to us by you via email. An exception is the detection of serious errors (exceptions). In such cases, error details may be transmitted to us without prior consultation.

Processing of data (customer and contract data)

We collect, process and use personal data only to the extent that they are necessary to establish, shape the content of, or change the legal relationship (master data). This is done on the basis of Article 6(1)(b) GDPR, which allows processing of data for the performance of a contract or precontractual measures. Personal data about the use of our websites (usage data) are collected, processed and used only to the extent necessary to enable or bill the user for the use of the service. Furthermore, personal data may be collected to demonstrate positive care effects in the context of a trial according to § 139e paragraph 4 of the Fifth Book of the Social Code.

The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

Data transfer when concluding a contract for goods shipment

We transfer personal data to third parties only if this is necessary for contract processing, for example to companies involved in the delivery of goods or to service providers entrusted with payment processing. Further transfer of data does not take place, or only occurs if you have expressly consented to the transfer. We do not pass on your data to third parties without your explicit consent, for example for advertising purposes.

The basis for data processing is Article 6(1)(b) GDPR, which permits processing of data for the performance of a contract or precontractual measures.

Data transfer when concluding a contract for services and digital content

We transfer personal data to third parties only if this is necessary for contract processing, for example to the service provider responsible for payment processing.

Further transfer of the data does not take place, or only occurs if you have expressly consented to the transfer. We do not pass on your data to third parties without your explicit consent, for example for advertising purposes.

The basis for data processing is Article 6(1)(b) GDPR, which permits processing of data for the performance of a contract or precontractual measures.

5. Telemonitoring application

When using the telemonitoring function to forward your data to the treating physician, your prior consent (Article 6(1)(a) GDPR) is required. The type of data includes blood pressure and pulse values with the time of recording as well as statistics. Processing takes place exclusively in Germany.  When using the GDT export, the data are transferred directly to your doctor.

6. Voice data capture as well as capture by photo and AIbased analysis

Consentbased processing:

The processing of your voice and image data takes place exclusively on the basis of your explicit consent in accordance with Article 6(1)(a) GDPR. Since health data (e.g. vital parameters) are also processed, your consent under Article 9(2)(a) GDPR is additionally required. You will be asked explicitly for your consent before your data are captured.

Processing procedure:

After> With your consent, your voice or image data will be anonymized via a secure proxy and transmitted to the AI provider OpenAI Ireland Limited. The AI processes these data solely to extract your vital signs (e.g., blood pressure, pulse) using AI-assisted analysis. The extracted vital signs are then displayed in an input form and can be used or saved by you.

Security measures and data minimization:

We use extensive technical and organizational measures including encryption (e.g., TLS/SSL) and strict access controls to protect your data during transmission and processing. Only the data strictly necessary for the analysis are collected and processed (principle of data minimization).

Withdrawal of consent:

You have the right to withdraw your consent at any time. Withdrawal will stop the processing of your voice and/or image data from the time of withdrawal, without affecting the lawfulness of processing carried out up to that point (Art. 7(3) GDPR). To withdraw your consent or for questions about data protection, please contact our data protection officer.

7. Use of Apple Health (HealthKit) and Google Health Connect

Our app can with your explicit consent import and export health data from Apple Health (HealthKit) and Google Health Connect. This allows health data (e.g., blood pressure and pulse data) to be synchronized between our app and those services.

Transfers take place only via the interfaces provided by the respective operating system and are encrypted. Imported data may be stored on our servers to provide the app's features. We do not share the data with third parties or use it for advertising or tracking purposes.

Processing is done only with your consent in accordance with Art. 6(1)(a) and Art. 9(2)(a) GDPR. You can revoke the access rights at any time in your device's system settings.

8. Analytics tools and advertising

VG WORT counting pixel

We use VG WORT's METIS access counting to measure accesses to online texts we make available through our service. This allows the likelihood that a text is copied to be recorded. A text's copy likelihood forms the basis for VG WORT to lawfully distribute payments under the Copyright Act (UrhG) to the authors and publishers of these texts.

As part of METIS access counting, a "counting tag" is embedded in the source code of each online text. This counting tag is an ID uniquely assigned to that specific text and causes an access to that text to be counted when the marked text is visited. In addition, a client ID is created and a so-called "METIS Session Cookie" is set on the user's device for the marked text. Using this client ID and the session cookie, it can be determined whether this text has already been accessed by the user within a browser session. This helps prevent unlawful multiple counts of the text when determining its copy likelihood. Neither the session cookie nor any other part of the METIS access counting involves processing personal data at any time. METIS access counting is carried out for VG WORT by Kantar GmbH, Landsberger Straße 284, Munich 80687.

9. Infomail

Newsletter data

To avoid unnecessary data transfer, images in our Infomail are only loaded when viewed. We also track this to see if a recipient does not open emails over an extended period. 

The processing of data entered during registration is carried out solely on the basis of your consent (Art. 6(1)(a) GDPR). You can revoke your consent to the storage of the data, the email address, and its use for sending the Infomail at any time, for example via the "Unsubscribe" link at the end of the Infomail. The lawfulness of processing carried out prior to the revocation remains unaffected. The email address will remain stored in order to preserve the history, including confirmation of subscription and unsubscription and emails sent.

The data you provide to receive the Infomail will be stored by us until you unsubscribe from the Infomail and will remain stored for legal reasons even after cancellation. Data stored with us for other purposes (e.g., email addresses for the member area) are not affected.

10. Plugins and tools

YouTube

Our website uses plugins from the Google-operated site YouTube. The operator of the site is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode means that YouTube does not store information about visitors to this website before they watch a video. However, the enhanced privacy mode does not necessarily exclude the transfer of data to YouTube partners. Thus, YouTube regardless of whether you watch a video establishes a connection to the Google DoubleClick network.

When you visit one of our pages that includes a YouTube plugin, a connection to YouTube's servers is established. The YouTube server is informed which of our pages you visited. If you are logged into your YouTube account, you enable YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, once a video starts, YouTube may store various cookies on your device or use comparable recognition technologies (e.g., device fingerprinting). In this way, YouTube can obtain information about visitors to this website. These data are used, among other things, to compile video statistics, improve user-friendliness, and prevent fraud.

It is possible that, after starting a YouTube video, further data processing operations may be triggered that are outside our control.

Using YouTube serves the legitimate interest of presenting our online offerings attractively. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If consent has been obtained, processing takes place solely on the basis of Art. 6(1)(a) GDPR; consent can be withdrawn at any time.

Further information on handling user data can be found in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

11. Online marketing and partner programs

Amazon Partner Program

The site operators participate in the Amazon EU Partner Program. Amazon embeds advertisements and links to Amazon.de on our pages, through which we can earn money from advertising cost reimbursements. Amazon uses cookies to track the source of orders. This allows Amazon to recognize that you clicked the partner link on our website.

The storage of "Amazon cookies" is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in this, since only the cookies make it possible to determine the amount of its affiliate remuneration.

Further information on data use by Amazon can be found in Amazon's privacy notice: https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401.


As of: Rev 19 (13.10.2025)
Translation Disclaimer:
This content has been automatically translated. We strive for accuracy, but errors may occur. Please contact us if you find any inconsistencies or have questions.

BloodPressureDB.de

info@bloodpressuredb.com

Imprint | Privacy Policy

Press | BloodPressureDB App