Privacy policy
LuvMe APP by Heyer Group
Heyer Group, its brands, affiliates and subsidiaries (hereinafter referred to as“heyer ,” “we,” “our” or “us”), including but not limited to Heyer Medical AG, Heyer Medical Co., Ltd, Heyer Care Co., Ltd., Oricare Inc. and Beijing Aeonmed Co., Ltd. , is committed to protecting the privacy and security of your personal information and would therefore like to show you transparently with these notices on data protection (hereinafter referred to as "notices") which personal data we collect during usage of the LuvMe APP service (hereinafter referred to as "service" or "app") and how we process it.
If you do not want heyer to process your personal data via this service in accordance with these notices, we recommend that you do not install the service. If you have already installed the service and no longer wish your personal data to be processed in part or in full, please proceed as described in section 6 and section 7 g) of this statement.
1.Contact in terms of data protection law
info@heyermedical.de
2. Processing of your personal data
We process your personal data based on the applicable data protection laws, i.e. in particular the EU General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act Bundesdatenschutzgesetz, BDSG). You could see the respective concrete legal basis further down in this statement under "Categories if personal data collected, reasons for collection, legal basis."
3.Recipients of your personal data
We work with hosting providers from the European Union to provide our service. With each of these we have concluded a contract for commissioned data processing in accordance with Art.28 of the General Data Protection Regulation (GDPR). We retain responsibility for the processing with regard to the process or employed.
In addition, personal data may be forwarded to your caregiver in charge, i.e. to the person/company from whom you received the therapy device, if and to the extent that you have consented to this.
4.Categories of personal data collected, reasons for collection, legal basis
When you use the service, we process your personal data. Some personal data are indispensable for the smooth operation of the service and are collected by default after you have agreed to this notice. Other personal data will only be collected if you have actively given your consent to this. Information on this personal data can be found in the information texts for obtaining your declaration of consent of the service, accessible within the app under the corresponding menu item.
By default, we process the following items of your personal data according to Art. 6 para.1 lit. a of the General Data Protection Regulation (GDPR):
Account Data (If an account has been created): Name, birthday, e-mail address and password, Wi-fi name and Wi-fi password, etc.
Purpose: Creating the user account, verifying user log-in and configuring network settings for the device.
Information about your therapy device: Serial number for the device, device model, mainboard software version, therapy parameters, etc.
Purpose: Identifying the device, binding the device, error investigation and displaying the patient reports, remote monitoring by caregivers, etc.
By default, we process the following items of your health data according to Art.9 para.2 lit. a of the General Data Protection Regulation (GDPR):
Therapy data collected by your device and transmitted via Wi-Fi, Cellular Data or Bluetooth: Statistical data such as therapy duration, pressure, inspiratory pressure, expiratory pressure, AHI, AI, HI, CAI, OAI, MAI, leakage volume, etc.
Purpose: These data is solely used by for displaying information and generating charts in user’s patient reports.
Profile data: Type of mask.
Purpose: Identifying the type of mask user is using. The mentioned mask type is collected as part of the device configuration parameters and does not include any user identity information.
5. Protection of your data
We use appropriate technical and organizational measures to protect your personal data from unauthorized access loss, misuse or alteration. These include, but are not limited to, encrypting your data during transmission and storage, regularly back up data using cloud services, and using authentication mechanisms (e.g. JWT) to verify user identities and prevent unauthorized access, and managing user permissions using the RBAC (Role-based access control) model to restrict access to your sensitive data. We comply with applicable data protection laws to protect your personal information.
6. Data storage, retention and deletion
Your personal data will be stored for as long as you use the service and as long as it is necessary for the respective processing purpose. It is possible that your data will be stored beyond this period, but only if and to the extent that this is absolutely necessary due to legal provisions (e.g. retention obligations).
To withdraw your consent, please delete your account in the account settings. By deleting the account, all personal and health data will be deleted immediately and irretrievably, you will no longer be able to use the service afterwards. To do so, please proceed as described in section 7 g).
7. Your data subject rights
If and insofar as your personal data is processed in the course of using our service, you are entitled to the following rights as a "data subject" within the meaning of the General Data Protection Regulation (GDPR):
a) Disclosure
You may request information from us as to whether personal data relating to you is being processed by us. There is no right to information if the provision of the requested information would violate the duty of confidentiality pursuant to Section 83 of the German Tax Advisors Act (StBerG) or if the information must be kept secret for other reasons, in particular due to an overriding legitimate interest of a third party. Notwithstanding this, there may be an obligation to provide the information if your interests outweigh the interest in secrecy, in particular taking into account imminent damage. The right to information is also excluded if the data is only stored because it may not be deleted due to legal or statutory retention periods or exclusively serves the purposes of data security or data protection control, provided that the provision of information would require a disproportionately high effort and processing for other purposes is excluded by appropriate technical and organizational measures. If the right to information is not excluded in your case and your personal data is processed by us, you can request information from us about the following:
· The purposes of the personal data processing
· The categories of processed personal data processed
· The recipients or categories of recipients to whom your personal data are disclosed, particularly in the case of recipients in third countries
· If possible, the planned duration for which your personal data will be stored or, if that is not possible, the criteria for determining the storage period.
· The existence of a right to rectify, erase or restrict the processing of personal data concerning you or a right to object to such processing the existence of a right to lodge a complaint with a supervisory authority for data protection.
· The available information on the origin of the data, if the personal data was not collected directly from you as the data subject.
· If applicable, the existence of automated decision-making, including profiling, and meaningful information about the logic involved as well as the scope and intended effects of automated decision making.
· Where applicable, in the case of transfer to recipients in third countries, unless there is a decision by the EU Commission on the adequacy of the level of protection pursuant to Article 45(3) of the General Data Protection Regulation (GDPR), information about what appropriate safeguards are provided pursuant to Article 46(2) of the General Data Protection Regulation (GDPR) to protect the personal data.
b) Correction and completion
If you discover that we have inaccurate personal data about you, you may request that we correct this inaccurate data without delay. In the case of incomplete personal data concerning you, you can demand that it be completed.
c) Deletion
You have a right to request deletion ("right to be forgotten"), unless the processing is necessary for the exercise of the right to freedom of expression, the right to information or for compliance with a legal obligation or for the performance of a task carried out in the public interest, and one of the following grounds applies:
· The personal data are no longer necessary for the purposes for which they were processed.
· The justification for the processing was solely your consent, which you have withdrawn.
· You have objected to the processing of your personal data that we have made public.
· You have objected to the processing of your personal data that we have not made public and there are no overriding legitimate grounds for the processing.
· Your personal data have been processed unlawfully.
· The erasure of the personal data is necessary for compliance with a legal obligation to which we are subject.
There is no claim to deletion if, in the case of lawful non-automated data processing, deletion is not possible or only possible with disproportionate effort due to the special nature of the storage and your interest in deletion is low. In this case, the restriction of processing takes the place of deletion.
d) Restriction of processing
You may request us to restrict processing if one of the following reasons applies:
· You dispute the accuracy of the personal data. In this case, the restriction may be requested for the period of time that allows us to verify the accuracy of the data.
· The processing is unlawful, and you request the restriction of the usage of your personal data instead of erasure.
· Your personal data is no longer required by us for the purposes of processing, but you need it for the assertion, exercise or defense of legal claims.
· You have filed an objection pursuant to Article 21 (1) of the General Data Protection Regulation (GDPR). Restriction of processing may be requested as long as it is not yet clear whether our legitimate reasons outweigh your reasons.
Restriction of processing means that the personal data will only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. Before we lift the restriction, we have the obligation to inform you about it.
e) Data transferability
You have a right to transfer data, provided that the processing is based on your consent (Article 6 (1) sentence 1 a) or Article 9 (2) a) of the General Data Protection Regulation (GDPR)) or on a contract to which you are a party, and the processing is carried out with the help of automated procedures. The right to transfer data in this case includes the following rights, provided that this does not affect the rights and freedoms of other persons. You may request us to provide you with the personal data you have provided to us in a structured, commonly used and machine-readable format. You have the right to transfer this data to another responsible party without hindrance on our part. To the extent technically feasible, you may request that we transfer your personal data directly to another controller.
f) Objection
If the processing is based on Art. 6 para.1 sent.1 lit. E) of the General Data Protection Regulation (GDPR) (performance of a task in the public interest or in the exercise of official authority) or on Art. 6 para.1 sent.1 lit. F) of the General Data Protection Regulation (GDPR) (legitimate interest of the controller or a third party), you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you. This also applies to an objection based on Art. 6 para.1 sentence 1 lit, E) or lit, F) of the General Data Protection Regulation (GDPR). After exercising the right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You may object at any time to the processing of personal data relating to you for direct marketing purposes. This also applies to profiling associated with such direct marketing. After exercising this right of objection, we will no longer use the personal data concerned for direct marketing purposes.
You have the option to inform us of your objection informally by telephone, by email, if necessary, by fax or to our postal address listed at the beginning of this data protection declaration.
g) Revocation of consent
You have the right to revoke your consent at any time with effect for the future, The revocation of consent can be made in the corresponding menu item by deactivating the checkbox set there by you by clicking on it. Alternatively, the revocation can be communicated informally by telephone, by e-mail or to our postal address. Please note that the revocation does not affect the lawfulness of the data processing that took place on the basis of the consent until receipt of the revocation. After receipt of the revocation, the data processing, which was based exclusively on your consent, will be discontinued.
h) Complaint
If you believe that the processing of personal data concerning you is unlawful, you may file a complaint with a data protection supervisory authority having jurisdiction over the place where you reside or work or over the place of the alleged infringement.
8. External links
This privacy notice does not apply to third-party websites that you may access through links in this service. We encourage you to read the privacy notices of those third parties to understand how they process personal data.
9. Updates to these notices
From time to time, we may update these privacy notices to respond to legal, technical or business developments. We recommend that you check the effective date of this notice (see at the very bottom) to see when it was last updated.
10.Questions
If you have any questions about data protection, you can contact our data protection officer directly. He and his team are also available if you require information, wish to submit a request, or make a complaint.
Current status of the notices on data protection: January 30, 2026
I have read the privacy policy and accept it!