fbpx

SmartResQ / CorPatch® Privacy Policy

© SmartResQ GmbH – All rights reserved
Germany, Version 2.0 – Issued 2025.09.17

We handle your data in compliance with GDPR

SmartResQ GmbH (“SmartResQ”), operating under the brand name CorPatch®, is committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you interact with us — including through our websites, apps, products, and services branded as CorPatch®.

Please read this Policy carefully. If you do not agree with our data practices, we kindly ask you not to use our services.

Data Controller

Company: SmartResQ GmbH
Address: Uhlandstr. 32/1, D-73770 Denkendorf, Germany
Phone: +49 711 92537040
Email: info@corpatch.com

SmartResQ operates across national borders within Europe and provides products, software, and services to both public and private entities. The company is located in Germany, and SmartResQ complies with European data protection laws, including the General Data Protection Regulation (GDPR). All significant decisions regarding the protection of personal data are made at the management level under the supervision of the Data Protection Officer.

This privacy statement is publicly available on our websites and within our apps.

Please do not use SmartResQ/CorPatch® websites, apps, or services if you do not agree with the processing of personal data as described in this privacy statement.

 

Types of Personal Information We Collect and Process

SmartResQ collects and processes personal data for various purposes, depending on the nature of your relationship with us. This may include situations where you are a job applicant, a representative of a customer, a prospective client, or a user of our software or services. In these cases, SmartResQ acts as the data controller, determining the purposes and means of the processing of your data.

We may process the following categories of personal data:

  1. Basic contact details – such as your name, address, phone number (mobile and/or landline), and email address.
  2. Professional information – including your employer, job title, and role, as well as your preferences and interests in a professional context.
  3. Communication and feedback – including comments, questions, or feedback you provide about our products or services.
  4. Media content – such as photos or video footage recorded at our premises or events.
  5. User-generated content – including media or performance data you have uploaded via our apps or websites.
  6. Authentication data – including login credentials, usernames, passwords, and security questions.
  7. Financial information – such as payment details, where provided voluntarily for transactions.
  8. Technical and traffic data – including browser type, device information, language settings, referral URLs, IP address, and other metadata.
  9. Usage data – such as clickstream behavior, activity within our services, and how you interact with our digital platforms.
  10. Email interaction data – including information about emails you open and how you interact with them.
  11. Social media information – such as personal data you have made publicly available on third-party platforms (e.g. LinkedIn, Facebook, Google).
  12. Scientific and health-related data – collected through our apps and websites for the purpose of improving survival rates following cardiac arrest, where applicable and based on consent or legal grounds.
  13. Customer and product usage data – required to deliver, support, and improve our products and services, and to comply with relevant quality and safety standards.
  14. Recruitment data – collected from job applicants to manage applications, communicate about career opportunities, and enhance our hiring processes.
  15. Marketing and subscription data – including data from individuals who subscribe to newsletters or request information, for communication and service improvement purposes.
  16. Cookie and advertising data – used to provide personalized content and targeted advertising through websites and social media platforms.

    Data Collected and Processed via the CorPatch® Services Platform and Apps

    When using the services platform or mobile apps, we collect and process the following categories of personal data, depending on the user role (Institute Admin, Trainer, Trainee/User):

    All users (Institute Admin, Trainer, Trainee/end user)

    • First name (if provided)
    • Last name (if provided)
    • Nicknames (if provided)
    • E-mail address (required)
    • Preferred language (required)
    • Encrypted Password (hash) (required)
    • Status of email validation (required)

    Trainee/User Device Data (collected automatically)

    • Operating system (Android/iOS) and version
    • Device manufacturer and model
    • App version
    • Timestamps of app activity (last time in foreground/background)

    Connected Device (CorPatch®) Data

    • Serial number / MAC address
    • Firmware version
    • Device model and manufacturer
    • Battery status and device condition

    Onboarding Progress

    • Tutorial completed (yes/no)
    • Terms of use accepted (yes/no)
    • Self-assessment completed (yes/no)
    • Test training completed (yes/no)
    • First login successful (yes/no)
    • Device connected (yes/no)

    Training Data

    • Date, time, and duration of training
    • Training results and settings
    • For institutional training: course, trainer, and institute information

    Real-Life Cardiac Arrest Events

    • Date, time, duration, and approximate location (not linked to a street address)
    • CPR quality indicators: flow, compression rate, depth, and recoil
    • App settings during resuscitation

    Server Log Data

    • IP address of access
    • Browser version
    • Date and time of access
    • Accessed URL

    External Service Providers

    We rely on the following processors for technical functionality:

    • Google/Firebase: crash/error diagnostics, remote logging, push notifications
    • Sendgrid: email communication
    • Hetzner Online GmbH: hosting of backend and databases (Germany-based)

    All data is processed in compliance with GDPR Art. 28 agreements and confidentiality requirements.

    User Deletion Procedure

    • User can delete their accounts via https://app.corpatch.com.
    • Once deleted, users are marked as inactive and no longer accessible to administrators or via login.
    • After 14 days, all user related personal data is permanently deleted from the database.
    • For scientific and analytical purposes (e.g. CPR performance analysis), training and device usage data may be retained in anonymized form, with all links to identifiable users removed.

    Important: We do not use collected data for profiling or automated decision-making. No personal data is transferred outside the EEA without appropriate safeguards under GDPR Chapter V.

      How We Collect Your Personal Information

      Most of the personal information we process is provided directly by you. We collect data and process data when you:

      • Register online or place an order for our products or services – This may include demographic data, email address, payment information, ordered items, order amount, applied discounts, and frequency of purchases. We also process data to send transactional messages, such as order confirmations, shipping notifications, or refund acknowledgments.
      • Interact with communications we send via email, SMS, phone, or direct mail. For example, we may track email open and click rates, time spent reading, sender domain, and the type of email client used.
      • Voluntarily participate in customer surveys or provide feedback through message boards, emails, or other available channels.

      We may also receive personal information indirectly, from the following sources:

      • Cookies and tracking technologies: When you visit our websites or use our apps, we may collect data such as your IP address, geographic location, pages visited, product views, interactions, clicks, and searches.
      • Other individuals affiliated with your organization: If you are associated with a business customer of SmartResQ, we may receive information about you from your manager or colleagues. This also applies if the customer procures our products or services through one of our partner companies.
      • Marketing partners, public sources, and third-party social networks: We may collect publicly available information or data shared with us by our marketing partners or through your public profiles.
      • Cross-source data enrichment: We may combine data collected from various sources to build a more complete profile, which allows us to tailor our communication and services with a higher degree of relevance and personalization.

        How We Use Your Data

        To manage our customer relationships and fulfill our contractual obligations, SmartResQ processes personal data related to your role as a customer, user, or business contact. The purposes of this processing include:

        • Processing orders and managing customer accounts
        • Sending you information and special offers related to products and services that may be of interest to you
        • Managing sales and contractual processes
        • Delivering requested products and services in accordance with agreed terms
        • Providing customer and technical support for users
        • Improving and developing the quality, functionality, and overall user experience of our products, services, websites, and apps
        • Detecting, preventing, and mitigating security threats as well as performing maintenance, troubleshooting, and debugging
        • Preventing misuse or unauthorized use of our systems and services
        • Managing financial processes such as invoicing, payments, and follow-up activities
        • Creating user interest profiles to personalize recommendations and marketing communications
        • Building user communities for education, collaboration, and interaction between users and SmartResQ

        About Leads

        SmartResQ processes personal data from prospective customers (“leads”) for marketing purposes. To deliver targeted and relevant content, we create interest profiles based on your interactions, choices, and behavior on our websites and platforms, as well as your responses to marketing communications. The legal basis for this processing is primarily your consent.

        About Jobseekers

        If you apply for a job with us, we process your data to assess your suitability for the position and to manage the recruitment process. This is done via a secure, online career platform, ensuring compliance with current data protection regulations. The legal basis for this processing is your consent.

        About Website Visitors

        We process certain personal data of visitors to our locations to manage access and ensure site security. This processing is based on our legitimate interest in protecting our business operations, staff, assets, and visitors. Information about your rights is provided when registering via our electronic visitor system.

        Data Sharing for Training Purpose

        To improve CPR quality, especially through training, your personal data may be shared with selected partner organizations (e.g. certified training institutes) so they can offer relevant services or learning opportunities.

        Fraud Prevention

        When processing an order, we may share your data with credit reference agencies or payment service providers to prevent fraudulent transactions and ensure secure handling of financial information.

        How We Store Your Personal Information

        SmartResQ takes the trust of our users and customers seriously. We are committed to protecting personal data from unauthorized access, disclosure, alteration, or misuse.

        We implement appropriate organizational, technical, and physical safeguards based on the nature of the data and the potential risks involved. These measures are designed to ensure the confidentiality, integrity, and availability of the information we handle, in accordance with applicable privacy laws.

        Recognizing that many security incidents stem from within organizations, we actively foster a strong data protection culture among our staff through training, awareness, and clear internal policies. In the event of a data breach, we will follow procedures in line with applicable regulatory guidance, including that of the German data protection authorities.

        How Long We Keep Your Personal Data

        SmartResQ retains your personal data only as long as necessary to fulfill the purposes for which it was collected, while also considering our obligation to respond to inquiries, resolve issues, and comply with applicable legal requirements.

        This means your personal information may be stored for a reasonable period after your last interaction with us or with our customers. Once the data is no longer needed, it will be securely deleted.

        In some cases, personal data may be processed for statistical or scientific purposes. In these instances, the data will be pseudonymized or anonymized to protect your privacy.

        Time Frame for Data Storage

        We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy. In some cases, we may keep your data longer if required or permitted by law for legal, tax, regulatory, or other legitimate business reasons.

        Purpose Retention Period Legal Basis / Notes
        Customer service and accounting regulation 5 years or as long as legally required to comply with accounting and tax laws. Retention according to §257 HGB (Commercial Code) and §147 AO (Tax Code). Deletion after statutory period or user account deletion.
        Career platform 6 months for unsuccessful job applications. Storage renewed every 6 months upon consent to be considered for future positions. Data processing based on consent (Art. 6(1)(a) GDPR). Retention period balances data minimization with legitimate interest in recruitment.
        Marketing purposes 3 years after last user activity or as long as consent is valid. Based on user consent (Art. 6(1)(a) GDPR). Data deleted upon withdrawal of consent or account deletion
        Storage of order history and order fulfillment 5 years or as long as legally required to fulfill contractual and legal obligations. Retention based on §257 HGB and §147 AO. Necessary for warranty, invoicing, and legal compliance.
        Customer experience 3 years after last activity, conditional on marketing consent. Retention under legitimate interest or consent per GDPR (Art. 6(1)(f) or (a)).
        Fraud risk assessment 5 years or as long as required by law. Retention period in accordance with legal obligations and internal security policies.

        Marketing Communications

        You have the right to opt out of receiving marketing communications from SmartResQ. You can do so by:

        • Following the opt-out instructions in the relevant marketing communications,
        • Changing your preferences in the account settings, if you have an account with SmartResQ,
        • Contacting us directly by e-mail at info@corpatch.com
        Please note that even if you opt out of marketing communications, you will still receive essential administrative messages such as order confirmations, service notifications, and other important account-related information.

        Your Data Protection Rights

        SmartResQ respects your data protection rights under applicable laws, including the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the UK Data Protection Act, Swiss data protection laws, and relevant U.S. state laws.

        If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

        • Right of Access: Request copies of the personal data we hold about you.
        • Right to Rectification: Request correction of inaccurate or incomplete personal data.
        • Right to Erasure: Request deletion of your personal data under certain conditions.
        • Right to Restrict Processing: Request limitations on how we process your personal data.
        • Right to Object: Object to the processing of your personal data based on legitimate interests or direct marketing.
        • Right to Data Portability: Request transfer of your personal data to another data controller in a structured, commonly used format.

        To exercise any of these rights, please contact us at info@corpatch.com.

        What Are Cookies?

        Cookies are small text files that are stored on your device and help identify your browser and preferences. They are used to enhance your experience on our websites and apps. Most browsers accept cookies by default, but you can modify your browser settings to reject or delete cookies.

        SmartResQ is committed to respecting your privacy preferences and providing options to control the use of cookies and digital marketing tools.

        How We Use Cookies

        We use cookies for several purposes:

        • Functionality: To recognize you, remember language preferences, and enable website features.
        • Advertising: To collect data about your visit and interactions, and to provide targeted advertising through third-party partners.

          The type of cookies we use

          • Google Analytics: Anonymized website usage statistics to improve our services.
          • Google Analytics Remarketing: Allows Google to show you ads based on previous visits.
          • Google Ads and Remarketing: Tracks ad effectiveness and user interests (non-identifiable).
          • Facebook Remarketing: Facebook tracking pixel to show you relevant ads on Facebook.
          • YouTube Integration: Embeds videos from YouTube; governed by Google’s privacy policy .

          Managing Cookies

          You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect website functionality. For more information and tools, visit:

          You may also opt-out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on.

          Privacy Policies of Other Websites

          Our websites may contain links to external websites. This privacy policy applies only to SmartResQ websites. Please review the privacy policies of any external sites you visit.

          Changes to Our Privacy Policy

          We may update this privacy policy periodically. We will post any changes here with an updated revision date. If significant changes occur, we may notify you via email or by posting notices on our website or social media before changes take effect.

          How to Contact SmartResQ

          For questions or to exercise your data protection rights, please contact us:

          E-mail: info@corpatch.com
          Website: https://corpatch.com

           

          How to contact the appropriate authority

          If you believe your data protection concerns have not been adequately addressed, you may file a complaint with the relevant data protection authority in Germany:

          Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
          Husarenstraße 30
          53117 Bonn
          Germany
          Phone: +49 228 997799-0
          Fax: +49 228 997799-555
          Website: https://www.bfdi.bund.de

           

          © SmartResQ GmbH – All rights reserved
          Germany, Version 2.0 – Issued 2025.09.17

          CorPatch-logo
          Powered by  GDPR Cookie Compliance
          Privacy Overview

          This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.