Last update: March 23, 2023
We take privacy seriously
We always recommend the use of an anonymous email address, without providing any personal or sensitive information.
We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are bound by the applicable data protection laws.
Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process and our data protection statements are constantly being revised. Please ensure that you have the latest version.
Responsible body in the sense of data protection law
Snore Free GmbH
1080 Vienna – Austria
Contact details of the data protection officer
Hr. Mag. Edwin Stangl
2700 Wiener Neustadt – Austria
Purpose and scope
The data protection declaration is valid for the following services:
- This Website https://diga.snorefree.com/
- App SnoreFree DiGA (SFD)
Personal data (hereinafter referred to as “data”) are processed by us only as necessary and for the purpose of providing a functional app on iOS and Android and a user-friendly website, including its content and the services offered there.
The app SnoreFree is used for the treatment of nocturnal snoring disorders and guides through a variety of logopaedic exercises.
With the help of a rating system and a sleep diary, progress is tracked and therapy is guided. For this purpose, health data as defined in Art. 9 DSGVO are used, these are explained in more detail in point b).
Collection of general information
Every time you use SnoreFree, a connection is established with the SnoreFree server. The IP address and information about the terminal device you are using are automatically recorded. Without this data, it would not be technically possible to use SnoreFree. In this respect, the collection of this data is absolutely necessary. Furthermore, we use the anonymised information for statistical purposes. They help us to optimise the offer and the technology. We also reserve the right to check the log files retrospectively if we suspect illegal use of our offer. The legal basis for the temporary storage of the data or the log files is Art. 6 para. 1 lit. f DSGVO, whereby the legitimate interest follows from the previously mentioned purposes. The data, in particular the log files, are deleted at regular intervals.
Anti snore training
Personal data are processed within the scope of the snoring training. Personal data is all information by which a person is clearly identifiable. It is therefore data that can be traced back to a person.
All data is stored and processed on servers in Germany by European providers. The operator of our servers is certified according to ISO 27001, and corresponding order data processing contracts are in place.
Internet access must be available to use the app. The use of internet-based services is generally associated with a certain security risk, which we minimise from our side, but we cannot completely address all risks.
If registration takes place via the SnoreFree DiGA health application, SnoreFree will process the following personal data in the context of the registration and use of the SnoreFree health application:
- Email address and
- licence code.
In this case, the processing of your data is based on your consent pursuant to Art. 6 para.1 p. 1 lit. a DSGVO, § 4 para. 2 p. 1 DiGaV. You can revoke your consent at any time without giving reasons. The processing of the DiGA code for billing purposes is based on Art. 6. para. 1 p. 1 lit. b DSGVO.
The deletion of the data takes place 12 months after the end of the period of use, in order to give you the opportunity to continue the snoring training at a later time, even after the end of this period. Deletion also takes place after 12 months of inactivity, in which case you will receive a notification by e-mail 30 days before deletion.
(b) Anti snore training with SnoreFree
In order to personalise the snore training and thus achieve the highest possible success rate, further data is collected in the snore training with the health application SnoreFree. This includes:
- a user nick-name chosen by the user,
- system language,
- chosen language.
When using the app, health data will be asked on:
- Therapy success,
- sleeping hours,
- the consumption of relevant substances such as alcohol and caffeine,
- sleep patterns and
- your note on the subjective perception of your performance and mood.
The answers you give are stored and evaluated in order to adapt the training to your individual problems and needs.
The data collected are special categories of personal data, especially health data, as defined in Art. 9 DSGVO and § 22 BDSG. Health data are all data relating to the physical and mental state of health of a natural person.
This data is stored on a server in Germany. The servers are not operated by us, but by a European provider. A commissioned data processing contract and a list of technical and organisational measures are in place with this provider. The contractor is certified according to ISO 27001.
Only our administrators, our support staff and you have access to the data.
The stored data is used to calculate score values, create evaluations and monitor training success.
(c) Contract processing
The data transmitted by you for the purpose of using our range of services is processed by us for the purpose of processing the contract and is necessary to this extent. Conclusion and processing of the contract are not possible without the provision of your data.
The legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO.
We delete the data once the contract has been fully processed, but in doing so we must observe the retention periods under tax and commercial law.
In the context of contract processing, we pass on your data to third parties (such as financial service providers for the processing of payment transactions), insofar as the transfer is necessary for the service or for payment purposes. The legal basis for the transfer of contractual data is then Art. 6 para. 1 lit. b) DSGVO.
This data is only collected and used by SnoreFree if this is expressly permitted by law or if the user consents to the collection, processing, use and transfer of the data.
The legal basis for the processing of the data or health data is your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO and Art. 9 para. 2 sentence 1 lit. a DSGVO.
You can withdraw your consent to processing at any time without giving reasons. Withdrawal of consent results in blocking of the processing of your data and deletion after 30 days, within which time you can give your consent again and continue to use the programme without loss of progress.
The deletion of the data takes place 12 months after the end of the period of use, in order to give you the opportunity to continue the snoring training at a later time, even after the end of this period. Deletion also takes place after 12 months of inactivity, in which case you will receive a notice by email 30 days before deletion.
Using anonymised data to improve the service
The SnoreFree health application is based on current scientific treatment methods and takes into account the latest research findings. To ensure continuous improvement of the snoring training, SnoreFree reserves the right to anonymise and subsequently analyse your data. This allows us to optimise the training and its effectiveness.
Contact and support
If you contact SnoreFree by e-mail or form, the information you provide (in particular your e-mail address) will be stored in order to be able to answer your enquiry and to ask possible follow-up questions. In this case, the processing of your data is based on your (implied) consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO.
Your data will be deleted if your enquiry has been conclusively answered and the deletion does not conflict with any statutory retention obligations, e.g. in the case of any subsequent contract processing.
Below you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller with regard to the processing of your personal data:
(a) The right to request information about your personal data processed by us in accordance with Article 15 of the GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
(b) The right, in accordance with Art. 16 DSGVO, to demand the immediate correction of incorrect or completion of your personal data stored by us.
(c) The right to request the erasure of your personal data stored by us in accordance with Article 17 of the GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
(d) The right to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO.
(e) The right, in accordance with Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller. In the profile, you can export all data stored about you in a machine-readable format. You also have the option of giving a clinical professional (doctor / psychotherapist) access to an evaluation report. The report contains data from your sleep diary as well as data on your progress in snore training. The access cannot be triggered by the clinical specialist himself/herself, but is exclusively initiated by an action of you from the profile of the application. Any access is only possible through an explicit authorisation from you.
(f) The right to complain to a supervisory authority in accordance with Article 77 of the GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace for this purpose.
(g) Right to revoke consent given in accordance with Art. 7 (3) DSGVO: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
(h) Insofar as your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to specify a particular situation.
If you wish to exercise your right of revocation or objection, an email to email@example.com is sufficient.
Our Internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).Cookies have various functions.
Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos).
Other cookies are used to evaluate user behaviour or to display advertising.
Cookies that are necessary to carry out the electronic communication process, to provide certain functions you have requested (e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f DSGVO, unless another legal basis is specified.
The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO and § 25 para. 1TTDSG); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of our website may be limited. If cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the scope of this data protection declaration and, if necessary, request your consent.
YouTube with extended data protection
We use the YouTube embedding function to display and play videos from the provider YouTube (hereinafter “YouTube”), which belongs to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).
The extended data protection mode is used here, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. If playback of embedded YouTube videos is started, the provider uses YouTube cookies or comparable recognition technologies to collect information about user behaviour. According to information from YouTube, these are used, among other things, to collect video statistics, to improve user-friendliness and to prevent abusive behaviour. The YouTube server is informed which of our pages you have visited. If you are logged in to Google, your data will be directly assigned to your account when you click on a video. If you do not wish to have your data associated with your YouTube profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in accordance with Art. 6 para. 1 lit. f) DSGVO on the basis of Google’s legitimate interests in the display of personalised advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
You can object to the analysis of user behaviour and targeted advertising by YouTube at the following link: Google Analytics Opt-out
Websites and apps
Our apps and websites use SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the operator. This encryption prevents the data you transmit from being read by unauthorised third parties.
Analysis and tracking
Our websites and apps use the open source analysis service Matomo.
This enables us to collect and analyse data on the use of our websites and apps by visitors. This enables us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our visitors perform certain actions (e.g. clicks, purchases, etc.). The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The operator SnoreFree has a legitimate interest in analysing user behaviour in order to optimise both its offer and its advertising.
Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
IP anonymisation: We use IP anonymisation for the analysis with Matomo. In this process, your IP address is shortened before analysis and then coded so that it can no longer be clearly assigned to you.
Analysis without cookies: We have configured Matomo so that it does not save any cookies in your browser.
Hosting: We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
We use the service provider Mailjet, a service of the German company Mailjet GmbH, Alt-Moabit 2, 10557 Berlin, Germany, to send the newsletter.
We use the so-called double opt-in procedure; the newsletter service is only activated once you have expressly confirmed this to us.
If you would like to receive the newsletter offered on the website, we require an e-mail address from you that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. We will then send you a notification e-mail and ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this e-mail.
When you register for our newsletter, we store your IP address and the date of registration. No further data is collected or only on a voluntary basis. This storage is solely for the purpose of providing evidence in the event that a third party misuses your e-mail address to register you for the newsletter without your knowledge or authorisation. The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1a DSGVO). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time with future effect, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. The data you have provided us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
App SnoreFree DiGA (Germany)
When using the app SnoreFree DiGA, the following data is processed:
- Authentication data for logging into the app,
(email, password, time of login).
- Device data for the provision of content,
(mobile phone model, operating system, installation-specific device ID).
- Progress data for the operation of the app and for the provision of therapy and therapy support,
(content displayed and completed, questionnaire responses).
- Settings for individual course composition,
(Consents (GTC, data protection, in-app notifications, camera, microphone), user-specific course composition (content of the app), version of the installed app).
- Server communication for the operation of the app,
(IP addresses, retrieved content, pseudonymised ID, timestamp).
- Server log files for the operation of the app,
(timestamp, anonymised IP, URLs).
If consent is given, the data points are collected for the following purposes:
- Intended use of the app SnoreFree DiGA,
(No. 1 in § 4 paragraph 2 sentence 2 DiGAV).
- Proof of positive effects on care in the context of a trial of the SnoreFree DiGA app (§ 139e Para. 4 SGB V),
(No. 2 in § 4 paragraph 2 sentence 2 DiGAV).
- Evidence for agreements on remuneration amounts for the app SnoreFree DiGA (§ 134 paragraph 1 sentence 3 SGB V),
(No. 3 in § 4 paragraph 2 sentence 2 DiGAV).
- Permanent guarantee of the technical functionality, user-friendliness and further development of the digital health app,
(No. 4 in § 4 paragraph 2 sentence 2 DiGAV).
If you use the SnoreFree app as a Digital Health Application (DiGA), we will forward your DiGA Code to the billing service provider NOVENTI HealthCare GmbH, Einsteinring 41-43, 85609 Aschheim near Munich (Noventi) for the purpose of secure billing.
Noventi will only process your DiGA Code for the purpose of billing, i.e. only to the extent necessary to fulfil its service obligations and to comply with our instructions in relation to this data. In order to ensure data protection compliant processing, we have concluded a contract on commissioned processing with Noventi.
The SnoreFree DiGA app is hosted by the external service provider AWS Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg.
The personal data collected by the app is stored on servers of the hoster in Frankfurt – Germany. The personal data processed is only available to the hoster in pseudonymised form. Only SnoreFree can assign this data to a specific person. The hoster is not able to re-identify the respective users.
In this way, the personal data is protected in the best possible way, even in the event of a permissible transfer of data to the USA in individual cases (e.g. within the framework of the CLOUD Act). In addition, the hoster has contractually assured us that, in the event of a demand for surrender by US authorities, it will take legal action and exhaust it before surrendering personal data.
Our hoster will only process your data to the extent that this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data. To ensure data protection-compliant processing, we have concluded a contract on commissioned processing with our hoster.
Downloading the App
When downloading the app, certain information necessary for this purpose is transferred to the respective app store. SnoreFree has no influence on this data collection and is not responsible for it.
You can download the app SnoreFree DiGA here:
Server Log files
The infrastructure service providers automatically collect and store information in so-called server log files, which your browser or smartphone automatically transmits to us.
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- complete IP address of the requesting computer
- amount of data transferred
This data is not merged with other data sources. The processing is carried out in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our apps and websites.
For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data. It is not possible for us to draw conclusions about individual persons on the basis of this data. The data remains on our web server for 21 days and on a log server for 6 months. The data is only processed for statistical purposes; it is not compared with other data or passed on to third parties, even in extracts.
Social media channels
If you visit the social media pages and are logged into your social media account at the same time, these services can directly assign your visit to our website to your account.
If you do not want these social media services to assign your data to your account, you must log out of these services before visiting our website.
We would like to point out that you use these social media services on your own responsibility and that we are not currently aware of all details of data processing at these services. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating, discussion).
We have no influence on the type and scope of the data processed by social media services, the type of processing and use or the transfer of this data to third parties.
The social media services and Snore Free GmbH are therefore also jointly responsible for the protection of your personal data (Art. 26 DSGVO).
The data you enter on online social media services, in particular your username and the content published under your account, are processed by us insofar as we share or respond to your posts, if applicable, or also make posts from us that refer to your account. The data freely published and disseminated by you on social media services will thus be included by SnoreFree in our offer and made available to our followers.
The aforementioned data will be processed by us for the following purposes:
- Customer loyalty, promotional purposes, internal evaluation.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the data collection purposes listed above.
This service is offered on the technical platform and by means of the services of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A..
The data controller for individuals living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.
Facebook and Instagram
For the operation of our Facebook page and our Instagram account, we use the service and technical platform of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Snore Free GmbH uses a YouTube channel owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Snore Free GmbH uses the technical platform and services of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, for the social media presence offered here.
Snore Free GmbH uses the technical platform and services of TikTok Technology Ltd, 10 Earlsfort Terrace, Dublin, D02 T380 Ireland, for the social media presence offered here.
You can apply to our company electronically. Of course, we will only use your details to process your application and will not pass them on to third parties. Please note that e-mails sent unencrypted will not be protected against unauthorised access. At present, you can only send us your application by e-mail in unencrypted form.
We do this on the legal basis of our overriding legitimate interest in conducting an efficient application process (Art 6(1)(f) DSGVO) and on the basis of the need to carry out pre-contractual measures (Art 6(1)(b) DSGVO). We collect this data as part of the application process either by you providing it to us (for example, by sending your resume by email) or by us collecting it ourselves (for example, by recording notes during the job interview).
The applicant’s personal data collected, processed and used in connection with the application process will be deleted no later than 6 months after the application process has been completed if the employment relationship does not materialise. Further storage of the data for consideration in future application procedures will only take place after obtaining the prior express consent of the applicant.
If an employment relationship is established between you and us, we may further process the personal data already received from you for the purposes of the employment relationship in accordance with Section 26 (1) of the German Federal Data Protection Act (BDSG) if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the employee representative body resulting from a law or a collective agreement, a works agreement or a service agreement (collective agreement).
In order to ensure that our data protection declaration always complies with the current legal requirements, SnoreFree reserves the right to make changes at any time. This also applies in the event that the data protection declaration has to be adapted due to new or revised services, for example new services.
If you have any questions, we look forward to receiving your email at: firstname.lastname@example.org