Privacy policy for data collection using the myoncare app
Dear users, welcome to Moca Health GmbH, your digital therapy companion. At Moca Health GmbH, we take the protection of your privacy and your personal data very seriously. The protection of your data is a central concern for us, especially in the context of your use of our digital therapy support, which we offer in cooperation with the myoncare app from ONCARE GmbH. This privacy policy informs you about how we process your data as part of our therapy programs.
1. Basic Principles
Moca is committed to protecting your privacy. Your personal data will be processed in accordance with the applicable data protection laws, in particular the EU General Data Protection Regulation (GDPR). This Privacy Policy explains why and how Moca processes your personal (health) data that we collect from you or that you provide to us when you choose to use the myoncare app. In particular, you will find a description of the personal data we collect and process as well as the purpose and basis on which we process the personal data and the rights to which you are entitled.
Please read the Privacy Policy carefully to ensure that you understand each provision.
In accordance with the terms of use, our offer is only aimed at persons aged 18 and over. Accordingly, no personal data of children and young people under the age of 18 is stored and processed.
In the event of questions of interpretation or disputes, only the German version of the privacy policy is binding and authoritative.
2. Definitions
"Moca" refers to Moca Health GmbH, which offers digital platforms and tools for therapy support.
"Practice/Practices" means the physicians and medical practices that are contractually affiliated with Moca and prescribe the digital therapy programs to their patients.
"User" refers to the healthcare professionals/practices and patients who use Moca's services.
"myoncare platform" means the technology developed by ONCARE GmbH on which Moca's services are based or via which Moca provides its own services.
"myoncare App" means the myoncare mobile application for use by patients or employees provided by ONCARE.
"ONCARE" means ONCARE GmbH, Germany.
"Patients" refers to natural persons who make use of medical services and are cared for by the practices that are contractual partners of Moca Health GmbH. This includes persons who receive active or planned therapeutic measures, thus use the myoncare platform and whose data is processed via the myoncare platform.
"Privacy Policy" means this statement made to you as a user describing how we collect, use and store your personal information and informing you of your full rights.
3. Processing of Data
This Privacy Policy applies to all personal data processed by Moca in connection with the use of the myoncare app and the provision of digital therapy support in general. By using our services, you as a user consent to Moca having access to the customer-related data collected via the myoncare app.
3.1 Clarification of roles and responsibilities for the integration of third-party services
As part of our services, we use the myoncare app, which is provided by ONCARE. It is important to understand that ONCARE acts as an independent data controller for the data processing within their application. ONCARE's privacy practices are described in detail in their own privacy policy, which can be viewed at ONCARE Privacy Policy.
If you have any questions for ONCARE, you can find the necessary contact details and the privacy policy directly on the ONCARE website. The ONCARE office is located at Balanstraße 71a, 81541 Munich.
3.2 Cooperation between Moca and ONCARE:
-
Data access and exchange:
-
Moca accesses certain data provided or generated by you as a patient through the use of the myoncare app in order to provide you with our services.
-
-
Responsibilities:
-
ONCARE is responsible for ensuring the data protection compliance of the myoncare app. This includes protecting patients' data from unauthorized access and misuse.
-
Moca is responsible for protecting patient data in accordance with legal requirements and only processes data within the scope of the consents given by the patients and the processing activities necessary for the provision of the service.
-
This clear separation of roles is intended to ensure that patient data is always handled securely and in accordance with the legal requirements of both Moca and ONCARE. If you have any further questions about data protection practices, you can contact us at any time at support@moca.health.
3.3 What is personal data?
"Personal data" refers to all information that makes it possible to identify a natural person. In particular, this includes the name, birthday, address, telephone number, e-mail address and IP address of the user.
"Health data" means personal data relating to the physical and mental health of a natural person, including the provision of health services that reveal information about the health status of users.
Data is considered "anonymous" if no personal reference to the person/user can be established.
In contrast, "pseudonymized" is data from which a personal reference or personally identifiable information is replaced by one or more artificial identifiers or pseudonyms, but which can generally be re-identified by the identifier key.
3.4 What personal data is used when using the myoncare app
Moca may process the following categories of user data when using the myoncare app:
-
Operational data: Personal data that users provide to Moca when registering in the myoncare app, when contacting Moca about problems with the app or during other interactions with Moca for the purpose of using the app.
-
Treatment data: Patients or the practice associated with the patient provide us with personal patient data such as name, age, height, weight, indication, symptoms of illness and other information in connection with the patient's treatment (e.g. in a care plan). Information related to the patient's treatment includes in particular Information about medications taken, responses to questionnaires including disease or condition related information, diagnoses and therapies provided by the practice, tasks planned and completed.
-
Activity data: Personal data processed by Moca if patients connect the myoncare app to a health application (e.g. GoogleFit, AppleHealth, Withings). The patient's activity data is transferred to the connected practice.
-
Reimbursement data: Personal data required for the reimbursement process between the practice and the patient's health insurance company.
4. Purposes of Data Processing
-
Provision of therapy services: Moca processes patient data in order to offer patients personalized therapy support.
-
Communication with medical practices: Moca communicates with the relevant doctors, clinics and other healthcare facilities on behalf of the patient in order to support the patient's therapy.
-
Forwarding of health data: Moca forwards the patient's health data collected via the myoncare app to the relevant treating physicians and healthcare facilities. Moca processes the patient's treatment data in order to provide its own services for the practice and for the patient. The patient's health data, which the patient enters in the myoncare app, is used by the practice to advise and support the patient
-
Improvement of Moca's services: Moca analyzes patient data in order to improve its own services.
-
Data transfer to third parties: In addition, Moca uses the collected data to transmit it in anonymized form, e.g. to pharmaceutical companies or similar, which may use this data for clinical studies and research purposes. This use enables Moca to support and further develop the development of products and therapies in the pharmaceutical industry.
5. Processing of Health and Treatment Data in Connection with the Reimbursement of Costs
Applicable to patients using the myoncare platform in connection with the associated practice for reimbursement purposes.
The myoncare app supports the practice associated with the patients in initiating standard reimbursement procedures for the healthcare services provided to patients via the myoncare app. In order to enable the reimbursement process, the myoncare app supports the collection of the personal (health) patient data by the associated practice for the transmission of this data to the entity paid by the patients (either the Association of Statutory Health Insurance Physicians and/or the patients' health insurance). This data processing is only an initial data transfer for the practice in order to obtain reimbursement from the patient's health insurance company. The type and amount of personal data processed does not differ from other reimbursement routines of the practice. The Practice is the data controller for reimbursement data. Moca acts as data processor on the basis of the data processing agreement with the patients' practice.
Types of data: Name, diagnosis, indications, treatment, duration of treatment, other data necessary for the administration of reimbursement.
Processing of reimbursement data: The practice associated with the patients transmits the treatment data required for reimbursement to the payer (either a statutory health insurance institution and/or the patient's health insurance), and the payer processes the reimbursement data in order to reimburse the practice.
Justification for the processing of reimbursement data: Reimbursement data is processed on the basis of Sections 295, 301 SGB V, Art. 9 para. 2 lit. b GDPR. Data processing by Moca for the practice is also carried out on the basis of Art. 28 GDPR.
6. Commercial Use of Data
6.1 Ownership and use of the data
Moca retains ownership of all data collected via the myoncare platform. This data includes, but is not limited to: operational data, treatment data, activity data and reimbursement data as described in this Privacy Policy.
6.2 Anonymized data transfer
Moca processes the personal patient data in anonymized form in order to analyze and create summary scientific reports to improve products, treatments and scientific results. Moca uses the anonymized or aggregated patient data for commercial purposes, such as improving existing therapies and developing new services. This data may be sold or licensed to third parties for research and development purposes.
7. Push Notifications, Emails and Phone Calls
The delivery of push notifications and emails within the myoncare app is managed exclusively by ONCARE. Moca is not responsible for managing or sending these notifications. Moca only communicates via email and telephone to solve problems or obtain feedback from patients. Moca uses the data collected in this way to improve its own services and optimize patient care. If a patient no longer wishes to receive calls/emails, they can inform Moca of this at any time by sending an email to support@moca.health. This option to unsubscribe applies exclusively to non-essential communication.
8. Duration of the Storage of Personal Data
Moca retains personal patient data for as long as it is necessary for the purpose for which it is processed. As a patient, please note that numerous retention periods require the continued storage of personal data. This applies in particular, but not exclusively, to retention obligations under commercial or tax law (e.g. German Commercial Code, Tax Act, etc.). In addition, the practice must also ensure the retention of your medical records (between 1 and 30 years, depending on the type of documents).
In addition, Moca may retain personal data if the patient has given Moca consent to do so or if a legal dispute arises and Moca uses evidence within the statutory limitation periods, which can be up to 30 years; the regular limitation period is three years.
9. Security of the Data
Moca undertakes to protect user data and to treat it confidentially. We take technical and organizational measures to protect user data from unauthorized access and misuse.
10. Legal Bases
User data is processed on the basis of the user's consent (Art. 6 para. 1 lit. a, Art. 9 para. 2 lit. a GDPR) as well as for contract fulfillment and legal obligations (Art. 6 para. 1 lit. b and c GDPR).
11. Consent and Right of Withdrawal
By using Moca's services, users consent to the processing of their data. Users have the right to revoke their consent at any time with effect for the future. A revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation. The rights are explained in more detail below.
12. Rights as a Data Subject
Below, Moca informs patients about their rights as a data subject. These rights are set out in Articles 15 to 22 GDPR and include
Right to information (Art. 15 GDPR): As a patient, you have the right to request information about whether and how your personal data is processed, including information about the processing purposes, recipients, storage period and your rights to rectification, erasure and objection. You also have the right to receive a copy of all personal data that Moca has stored about you.
Right to erasure / right to be forgotten (Art. 17 GDPR): As a patient, you may request Moca to delete your personal data collected and processed by Moca without undue delay. Please note, however, that Moca can only delete your personal data after the statutory retention periods have expired.
Right to rectification (Art. 16 GDPR): As a patient, you may request Moca to update or correct inaccurate personal data or to complete incomplete personal data.
Right to data portability (Art. 20 GDPR): In principle, as a patient of Moca, you may request that Moca provide you with personal data that you have provided to Moca and that is processed automatically on the basis of your consent or the performance of a contract with you in machine-readable form so that it can be "ported" to a replacement service provider.
Right to restriction of data processing (Art. 18 GDPR): As a patient, you have the right to request the restriction of the processing of your personal data if the accuracy of the data is disputed, the processing is unlawful, the data is required for the assertion of legal claims or an objection to the processing is being examined.
Right to object to data processing (Art. 21 GDPR): As a patient, you have the right to object to the use of your personal data by Moca and to withdraw your consent at any time if Moca processes your personal data on the basis of your consent. Moca will continue to provide its own services even if they are not dependent on revoked consent.
To exercise these rights, please contact Moca at: support@moca.health. Objection and revocation of consent must be declared in text form to support@moca.health.
Moca requires you to provide sufficient proof of your identity to ensure that your rights are protected and that your personal data is only passed on to you and not to third parties.
13. Contact and Complaints
If you have any questions about the processing of your user data by Moca or if you have any complaints, please use the contact option at support@moca.health.
14. Changes to our Privacy Policy
Moca expressly reserves the right to amend this Privacy Policy in the future at its sole discretion. Changes or additions may be necessary, for example, to comply with legal requirements or to take account of technical and economic developments.
In the event of questions of interpretation or disputes, only the German version of the privacy policy is binding and authoritative.
15. Final Provisions
This Privacy Policy is part of Moca's Terms of Use and governs the use of the data that Moca collects from users in the context of the use of the services provided by Moca.
Last updated on March 18, 2025.