Confused by UDIs? Check out our step-by-step video course and watch us purchase real UDIs

MyFlow Score Privacy Policy

1. Introduction

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that is processed when you use the MyFlow Score app, including processing purposes and the extent of processing. In addition, we inform you about your rights with regard to any personal data collected and how you can enforce them.

Last updated: November 9th 2021

2. Responsible

OpenReg GmbH (“we”, “us”, “OpenReg”) is responsible for the provision and distribution of the MyFlowScore app and is available to answer any questions you may have at the contact details below.

OpenReg GmbH
c/o Factory Works GmbH
Rheinsberger Str. 76/77
10115 Berlin

Authorized representatives: Dr. Oliver Eidel, Managing Director
E-mail address: [email protected]
Contact data protection officer: [email protected]

3. Overview Of The Processing Operations

No personal data is collected or processed by OpenReg as part of operating MyFlow Score. Users can enter health-related data themselves in the application; however, this data is processed and stored locally on the end device. OpenReg does not gain access to this data.

Categories of processed data

Categories of data subjects

Purposes of processing

We will only use your personal data if legal provisions allow us to do so. No personal data will be collected or processed by OpenReg in the course of operating MyFlow Score. To the extent that this should change, this section of our privacy policy will inform you of the relevant legal bases of the European General Data Protection Regulation (GDPR). Please note that national data protection regulations may apply in addition to GDPR provisions.

National data protection regulations in Germany:

In addition to GDPR provisions, national data protection regulations apply in Germany. These include in particular the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). The BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of individual federal states may apply.

5. Security Measures

To the extent that personal data is processed, we use appropriate security measures to prevent your personal data from being accidentally lost or used, intercepted, altered or disclosed in an unauthorized manner. We take appropriate technical and organizational measures in accordance with the law, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the level of threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. We have also established procedures to ensure the exercise of data subjects’ rights, the deletion of data, and responses to data compromise. We will notify you and relevant government agencies about data privacy incidents in accordance with applicable legal requirements. Furthermore, we take the protection of personal data into account already during the development or selection of hardware, software as well as procedures in accordance with the principles of data protection, through technology design and through data protection-friendly default settings.

Access to personal data is generally restricted to employees and service providers who need such access to perform their duties or to provide services for us. Health information relevant to the use of MyFlow Score is stored exclusively on the end user device and is subject to the security standards of the manufacturer of the terminal device.

6. Data Transfer

Insofar as it occurs in the course of processing personal data that data is transferred and disclosed to external service providers, we comply with legal requirements and conclude appropriate data protection agreements with the recipients of the data. We inform you about such subcontracted processing and any service providers in this section of our privacy policy.

In the course of using the MyFlow Score application, no data is transferred either within or outside OpenReg GmbH. A transfer to countries outside of EU jurisdiction does not take place.

7. Data Retention And Deletion

We generally retain personal information only as long as necessary to fulfill the purposes for which it was collected, as well as for compliance with legal and reporting obligations. When determining data retention periods, we consider the amount, nature, purpose and sensitivity of personal data, as well as applicable legal requirements and the potential risk of harm from unauthorized use or disclosure. In some cases, personal information may be used anonymously without being associated with you for any length of time. In such cases, we may use such information without further notice to you.

Personal data will be deleted by us in accordance with legal requirements as soon as consent on which processing is based is revoked or other permissions cease to apply (e.g. when the purpose of processing has been fulfilled or ceases to apply). If the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.


As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 GDPR:

Right to information / right of access: you have the right to request a confirmation as to whether data are being processed. You have the right to obtain information about the processing and a copy of the data to verify whether we are processing them lawfully.

9. Change And Update Of The Privacy Policy

We ask you to regularly check the content of our Privacy Policy. We adapt our policy as soon as changes in data processing carried out by us make this necessary. We will inform you as soon as the changes require any act of cooperation on your part (e.g. to give consent) or other individual notification. Where we provide addresses and contact information of companies and organizations in this policy, please note that the addresses may change over time before contacting us.

Digital Health Jobs No Cookie For You Privacy Policy Imprint
No QMS on this planet will save you from creating crappy software.