Privacy Policy "BloodPressureDB"

1. Privacy at a glance

General information

BloodPressureDB is designed to help an individual patient manage diagnosed high blood pressure. For this purpose, BloodPressureDB allows you to record blood pressure data and, optionally, other health data. The data are stored and can be retrieved; evaluations such as statistics or trend charts are also created. By using the service and saving data, you consent to this processing. You can revoke this consent at any time. The service also gives you the option to delete your user account directly. Doing so will delete all stored data. Through the service you can also download all your data and correct them if needed. Personal data are all data that can identify you personally. Detailed information on data protection can be found in the following sections of this privacy policy.

This privacy policy applies to the website and our apps for the various operating systems. Because the web app is part of our website, we decided to provide one combined privacy policy for the website and the apps for the different operating systems. This should make things easier to follow for you.

  1. No collection of data that are not strictly necessary for running the service (principle of data minimization)
  2. It is possible to use the BloodPressureDB service pseudonymously or anonymously*
  3. No unsolicited sharing of data with third parties
  4. We collect only anonymized statistical usage data for the website and app, no so-called "profiling"

* Data are considered personal if we can assign them to the same person. Of course we assign your data to youthats the point of a user account. However, from an email address you provide and a freely chosen username we cannot directly infer your identity, so we regard such accounts as pseudonymous. You are welcome to use a new email address that has no other connection to you. With a guest access we do not even have that information and consider the use anonymous. When you contact our servers we always see your IP address; this is considered personal data. However, we have no way to identify a person from the IP address.

We welcome questions and feedback about data protection. 

Who is responsible for collecting data on our website and in the app?

Data processing is carried out by the manufacturer. You can find their contact details in the imprint.

How do we collect your data?

Your data are collected in two ways: data you provide to us (for example, when you fill in a form) and data automatically collected when you visit the website or use the app by our IT systems. This includes health data stored and processed in BloodPressureDB. Primarily these are blood pressure data, but you can optionally record other health-related data.
More information can be found in the section "Server log files" in chapter 4.

Which data are or can be collected in the app?

each including date and time


What do we use your data for?

Some data are collected to ensure the website and app work correctly. Other data may be used to analyze your usage behavior.

What rights do you have regarding your data?

You have the right at any time, free of charge, to obtain information about the origin, recipients and purpose of your stored personal data. You also have the right to request correction or deletion of these data. If you gave consent to data processing, you can revoke that consent at any time for the future. You may also, under certain circumstances, request restriction of the processing of your personal data. In addition, you have the right to file a complaint with the competent supervisory authority.

You can contact us at any time at the address given in the imprint for this and other questions about data protection.

Analysis tools and third-party tools

When you visit our website, your surfing behavior may be analyzed statistically. This is done mainly with cookies and so-called analytics programs. The analysis of your surfing behavior is usually anonymous; it cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

2. Hosting

External hosting

The services are hosted by an external provider (host). The personal data collected on this website and in the app are stored on the host's servers. These may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated through a service.

The use of the host takes place for the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in our interest in a secure, fast and efficient provision of our online offering by a professional provider (Art. 6(1)(f) GDPR).

Our host will process your data only to the extent necessary to fulfil its performance obligations and will follow our instructions regarding these data. Server location is Germany.

Further information can be found on the host's website: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/

3. General notes and mandatory information

Data protection

The operators of these pages and apps take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data are data by which you can be personally identified. This privacy policy explains which data we collect and what we use them for. It also explains how and for what purpose this happens.

Please note that data transmission over the internet (e.g. when communicating by email) may have security gaps. A completely secure protection of data from access by third parties is not possible.

Note on the responsible party

The party responsible for data processing is:

klier.net International S.L., Arona, Spain

You can reach us at the email address: dsb@klier.net.

The responsible party is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g. names, email addresses or similar).

Data protection officer:

Horst Klier, Avenida de Chayofita 18, Arona, Spain, dsb@klier.net

Note on data transfers to the USA

Our website includes tools from companies based in the USA. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We point out that the USA are not considered a secure third country under EU data protection law. US companies may be required to disclose personal data to security authorities without you being able to effectively challenge this in court.

Therefore it cannot be ruled out that US authorities (e.g. intelligence agencies) may process, analyze and permanently store data located on US servers for surveillance purposes. We have no influence over these processing activities.

Withdrawal of your consent to data processing

Many processing operations are only possible with your explicit consent. You can withdraw consent at any time. A simple informal message by email is sufficient. The lawfulness of processing carried out up to the time of withdrawal remains unaffected.

Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)

IF THE PROCESSING OF DATA IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE SPECIFIC LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR). IF YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of data protection violations under the GDPR, you have the right to lodge a complaint with the competent supervisory authority, in particular in the EU member state of your habitual residence, your workplace or the place of the alleged infringement.

For companies based in Spain, the competent supervisory authority for data protection matters is the Agencia Española de Protección de Datos (AEPD). The contact details of the AEPD are as follows:

Agencia Española de Protección de Datos
C/ Jorge Juan, 6
28001 Madrid
Spain
Website: www.aepd.es

The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to receive data that we process automatically on the basis of your consent or to fulfill a contract, in a common, machine-readable format, and to have these data transmitted to another controller where technically feasible.

SSL / TLS encryption

This site uses SSL / TLS encryption for security reasons and to protect the transmission of confidential content, such as data entries, orders or requests you send to us as site operator. An encrypted connection is indicated by the address line of the browser changing from "http://" to "https://" and a lock symbol in your browser line.

If SSL / TLS encryption is activated, the data you send to us cannot be read by third parties.

Information, deletion and correction

Within the applicable statutory provisions, you have the right at any time to obtain free information about your stored personal data, their origin and recipients, and the purpose of the data processing, as well as a right to correction or deletion of these data. For this and other questions about personal data, you can contact us at any time at the address given in the imprint.

Right to restriction of processing

You have the right to request restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

If you have restricted the processing of your personal data, these data - apart from storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims, to protect the rights of another natural or legal person, or for reasons of important public interest of the EU or a member state.

Objection to promotional emails

The use of contact details published as part of the imprint obligation for sending unsolicited advertising and information materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.

4. Data collection on our website and in the apps

Cookies

Our websites use so-called "cookies". Cookies are small text files and do not harm your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain on your device until you delete them or your browser deletes them automatically.

In some cases, cookies from third parties may be stored on your device when you visit our site (third-party cookies). These allow us or you to use certain services of the third party (e.g. cookies for payment processing services).

Cookies have different functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. shopping cart function or displaying videos). Other cookies are used to analyze user behavior or to display advertising.

Cookies that are necessary for carrying out the electronic communication process (necessary cookies) or for providing certain functions you request (functional cookies, e.g. for the shopping cart) or for optimizing the website (e.g. cookies to measure web audience) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to store cookies has been requested, the storage of the relevant cookies is based exclusively on this consent (Art. 6(1)(a) GDPR); consent can be revoked at any time.

You can configure your browser so that you are informed about the setting of cookies and only allow them on a case-by-case basis, exclude the acceptance of cookies for certain cases or generally, and enable automatic deletion of cookies when closing the browser. Disabling cookies may restrict the functionality of this website.

If cookies from third parties or for analysis purposes are used, we will inform you separately in this privacy policy and, if necessary, request your consent.

Server log files

The provider of the websites automatically collects and stores information in so-called server log files that your browser or our app automatically transmits to us. These are:

These data will not be merged with other data sources.

The basis for data processing is Art. 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. In addition, the collection of these data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website for this purpose, server log files must also be recorded.

Technical log files

Our app generates technical log files during use, which can either be transmitted to us automatically in the background or manually by the users. These data are not combined with other data sources.
What data are collected?

For what purposes do we process these data?
Legal basis
Processing is based on Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest is to provide a technically error-free, stable and secure app and to ensure compatibility with future devices, OS versions and BLE peripherals. In the balancing of interests we have ensured that only information strictly necessary for these purposes is collected and processed.

Requests by email and telephone

If you send us requests by email or telephone, your details including the contact information you provided will be stored by us in order to process the request and in case follow-up questions arise. We may use third-party providers to process your requests.

The processing of these data is based on Art. 6(1)(b) GDPR if your request is related to the fulfillment of a contract or is necessary for pre-contractual measures. In all other cases the processing is based on our legitimate interest in effective handling of requests addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if such consent was obtained.

The data you provide will remain with us until you ask us to delete them, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g. after your request has been completed). Mandatory statutory retention periods remain unaffected.

Registration on the website or app and use of the service

You can register on our website or in the app to use our service. We use the data entered for this only for the purpose of using the respective offer or service you registered for. Required fields during registration must be completed. Otherwise we will refuse registration. Data entered during use are used by us only for the purpose of the service. They will not be passed on or analyzed without your consent. 

Data are stored locally on the device in the areas provided by the respective system or browser. Online, data are stored on our own servers, which serve no other purpose than operating the service.

We use the email address provided during registration to send you information related to using our service. This includes in particular:

This communication is based on Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in effective use of our service and privacy-friendly data minimization).
Where this information is necessary for the operation and security of the service (e.g. notices about account deletion), it cannot be unsubscribed from.

Processing of data entered during registration and use is based on your consent (Art. 6(1)(a) GDPR). You can withdraw a consent you have given at any time. A simple informal message by email is sufficient. The lawfulness of processing carried out until the time of withdrawal remains unaffected. Please note that if you withdraw consent you may no longer be able to use the app fully.

Data collected during registration and use are stored by us as long as you are registered with us and are then deleted. Legal retention periods remain unaffected.

Unused accounts will be deleted after 2 years of inactivity. You will receive appropriate notices by email beforehand. Unused guest accounts are deleted after one year. Unfortunately, in that case we cannot contact you. 

You can delete your user account including all data at any time within the app. Important note: uninstalling the app does NOT delete the account with us. We do not know on how many devices you use the app to access an account with us.
Since we make backups of all data, it is possible for a short time to restore accounts. However, we do not guarantee this.


To provide high-quality support, the app creates logs that can be transferred to us in case of support requests. These are transferred only in consultation with our support or must be proactively sent by you by email. One exception is the detection of severe errors (exceptions). In that case error details may be transmitted to us without prior consultation.

Processing of data (customer and contract data)

We collect, process and use personal data only to the extent necessary for establishing, shaping or changing the legal relationship (inventory data). This is done on the basis of Art. 6(1)(b) GDPR, which permits processing of data for the performance of a contract or pre-contractual measures. Personal data about the use of our websites (usage data) are collected, processed and used only to the extent necessary to enable or bill the users use of the service. In addition, personal data may be collected to demonstrate positive care effects in the course of a trial under § 139e(4) of Book Five of the German Social Code.

The customer data collected are deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

Data transfer when concluding a contract for goods shipment

We will only pass on personal data to third parties if this is necessary for contract processing, for example to companies involved in delivering goods or payment service providers. Any further transfer of data will not take place unless you have expressly consented. We will not pass on your data to third parties for advertising purposes without your explicit consent.

The basis for the processing of data is Art. 6(1)(b) GDPR, which permits processing of data for the performance of a contract or pre-contractual measures.

Data transfer when concluding a contract for services and digital content

We will only pass on personal data to third parties if this is necessary for contract processing, for example to the payment service provider commissioned with the payment processing.

Any further transfer of data will not take place unless you have expressly consented. We will not pass on your data to third parties for advertising purposes without your explicit consent.

The basis for the processing of data is Art. 6(1)(b) GDPR, which permits processing of data for the performance of a contract or pre-contractual measures.

5. Telemonitoring application

When you use the telemonitoring function to forward your data to your treating physician, you must give your consent beforehand (Art. 6(1)(a) GDPR). The data type includes blood pressure and pulse values with the time of recording and statistics. Processing takes place exclusively in Germany.  When using the GDT export, the data are transmitted directly to your doctor.

6. Voice data capture, photo capture and AI-based analysis

Processing based on consent:

The processing of your voice and image data is carried out exclusively on the basis of your explicit consent according to Art. 6(1)(a) GDPR. As health data (e.g. vital signs) are also processed, your consent under Art. 9(2)(a) GDPR is additionally required. You will be explicitly asked for your consent before your data are collected.

Processing procedure:

After you give consent, your voice or image data are anonymized via a secure proxy and transmitted to the AI provider OpenAI Ireland Limited. The AI processes these data solely to extract your vital signs (e.g. blood pressure, pulse) using AI-supported analysis. The determined vital signs are then displayed in an input mask and can be used or saved by you.

Security measures and data minimization:

We use extensive technical and organizational measures including encryption (e.g. TLS/SSL) and strict access controls to protect your data during transmission and processing. Only the data strictly necessary for the analysis are collected and processed (principle of data minimization).

Withdrawal of consent:

You have the right to withdraw your consent at any time. Withdrawal will stop the processing of your voice and/or image data from that point on, without affecting the lawfulness of the processing carried out up to that time (Art. 7(3) GDPR). To withdraw your consent or for questions about data protection, you can contact our data protection officer.

7. Use of Apple Health (HealthKit) and Google Health Connect

With your explicit consent, our app can import and export health data from Apple Health (HealthKit) and Google Health Connect. This allows health data (e.g. blood pressure, pulse data) to be synchronized between our app and those services.

Transfer only takes place via the interfaces provided by the respective operating system and is encrypted. Imported data may be stored on our servers to provide the apps functions. Data will not be passed on to third parties or used for advertising or tracking purposes.

Processing is carried out only with your consent under Art. 6(1)(a) and Art. 9(2)(a) GDPR. You can revoke access rights at any time in your devices system settings.

8. Analytics tools and advertising

VG Wort counting pixel

We use the METIS access counting from VG WORT to measure accesses to online texts we provide. This allows the probability that a text was copied to be recorded. The copy probability of a text forms the basis for a lawful distribution of remuneration under copyright law (UrhG) by VG WORT to the authors and publishers of these texts.

As part of the METIS access counting, a "counting mark" is embedded in the source code of the respective online text. This counting mark is an ID uniquely assigned to that text and causes an access to that text to be counted when the marked text is visited. In addition, a client ID is formed and a so-called "METIS Session Cookie" is set for the user of the marked text. Using this client ID and session cookie it can be detected whether the text has already been accessed by this user during a browser session. This is intended to prevent unlawful multiple counts of the text when determining its copy probability. Neither the session cookie nor any other element of the METIS access counting processes personal data at any time. The METIS access counting is carried out for VG WORT by Kantar GmbH, Landsberger Straße 284, Munich 80687.

9. Infomail

Newsletter data

To save unnecessary data transfer, images in our Infomail are only loaded when viewed. We also log this to detect when a recipient has not opened emails for a long time. 

Processing of the data entered during subscription is carried out exclusively on the basis of your consent (Art. 6(1)(a) GDPR). The consent given for storing the data, the email address and its use for sending the Infomail can be revoked at any time, for example via the "Unsubscribe" link at the end of the Infomail. The lawfulness of processing already carried out remains unaffected by the withdrawal. The email address will remain stored to secure the history including confirmation of subscription and unsubscription and sent emails.

The data you provide to us for the purpose of subscribing to the Infomail will be stored by us until you unsubscribe from the Infomail and will remain stored for legal reasons even after unsubscribing. Data stored for other purposes (e.g. email addresses for the member area) are not affected.

10. Plugins and tools

YouTube

Our website uses plugins from the Google-operated site YouTube. The operator of the site is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that YouTube does not store information about visitors on this website before they watch a video. However, enhanced privacy mode does not necessarily prevent data sharing with YouTube partners. Thus YouTube regardless of whether you watch a video establishes a connection to the Google DoubleClick network.

When you visit one of our pages with a YouTube plugin, a connection to YouTube's servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, once a video starts, YouTube may store various cookies on your device or use similar recognition technologies (e.g. device fingerprinting). In this way YouTube can receive information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent fraud.

Additional data processing operations may be triggered after starting a YouTube video, over which we have no control.

The use of YouTube is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If consent was requested, processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; consent can be revoked at any time.

More information on handling user data can be found in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

11. Online marketing and partner programs

Amazon Partner Program

The operators of the site participate in the Amazon EU Partner Program. On our pages, Amazon displays advertisements and links to the Amazon.de site, from which we can earn advertising fees. Amazon uses cookies to trace the origin of orders. This allows Amazon to see that you clicked the partner link on our website.

The storage of "Amazon cookies" is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in this, since only through these cookies can the amount of its affiliate commission be determined.

Further information on data usage by Amazon can be found in Amazon's privacy policy: https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401.


Version: Rev 20 (22.03.2026)
Translation Disclaimer:
This content has been automatically translated. We strive for accuracy, but errors may occur. Please contact us if you find any inconsistencies or have questions.

BloodPressureDB.de

info@bloodpressuredb.com

Imprint | Privacy Policy

Press | BloodPressureDB App