Privacy policy for the TK-Doc app

As a TK insuree, the TK-Doc app allows you to contact the doctors on the TK-MediCall hotline via various channels (live chat and telephone) and ask your medical questions. 

In addition, you can use the care services for exclusive remote treatment (Video consultation) and electronic prescriptions (eGesundheit Deutschland) as well as display information on laboratory values and diagnoses (ICD codes). It is also possible to contact the TK-AppointmentService by telephone. Furthermore, you can talk to dentists about the treatment suggested in your treatment and cost plan. 

Separate data privacy conditions from the respective operators apply for the Video consultation, TK-MediCall, "Expertenrat zum Thema Zahnersatz", TK-AppointmentService and the Symptom-Checker. You must agree to these separately when using this service. 

Further information on the respective offers can be found in the app.

1. Responsible body

The following body is responsible for the collection, processing and use of personal data within the TK-Doc app: 

Techniker Krankenkasse
Bramfelder Str. 140
22305 Hamburg
Tel.: 0800 - 285 85 85
E-Mail: service@tk.de

TK has commissioned the following company to host the app:

Cap3 GmbH
Ringstraße 19
24114 Kiel
Tel.: 04 31 - 90 89 29-0
E-Mail: info@cap3.de

2. Installation of the TK-Doc app 

The app is available via third-party distribution platforms, so-called app stores. Your download may require prior registration with the respective app store and the installation of the app store software. Techniker Krankenkasse (TK) has no influence on the collection, processing, and use of personal data in connection with your registration and the provision of downloads in the respective app store and app store software. In this respect, the sole responsible body is the operator of the respective app store. If necessary, please contact the respective app store provider directly.

3. Necessary authorisations

These authorisations are disabled by default. You have to enable them if you want to use certain features. You can also enable/disable the authorisations at any time from the settings on your smartphone.

3.1 Access to network information

Network access is required because the app can only be used in online mode.

3.2 Access to camera / microphone

The video function for the Video consultation is provided by TeleClinic GmbH. To use this function, TeleClinic GmbH requires access to the camera and microphone. The video system used by TeleClinic GmbH is certified by the German National Association of Statutory Health Insurance Physicians in accordance with Section 31b of the Bundesmanteltarifvertrag der Ärzte [German Federal Collective Agreement for Physicians].

3.3 Access to storage

Access to the data store is required if you want to send TK-MediCall a file that has already been saved.

3.4 Access to the phone

When selecting the "Phone" channel, the app needs the appropriate authorisation on your phone.

3.5 Push notifications

The app can send you push messages when you receive a new electronic prescription or when the results report is available when using the Symptom-Checker. You must agree in advance to push messages being sent.

3.5 Password and biometrics

If you have activated the option "Use biometrics", which can be found under "Account > General > App settings", you can enable the app using biometrics (fingerprint or facial recognition). You can make the settings for biometrics on your smartphone under the device settings. If you do not use the biometrics on your smartphone, you can alternatively unlock the app using a specially generated password. To be able to use the app, either the biometrics or your password will be requested in advance to protect your data in the app from unauthorised access. 

When using the fingerprint sensor to log in, a native feature of your smartphone is accessed. The TK-Doc app only receives a cryptographic key to decrypt the app's data if the fingerprint check is successful.

4. Protection of minors

You must be at least 16 years old to use TK-Doc app. Your age is verified by comparing your insurance number and your date of birth with your insurance data at TK.

5. Data required to use the service

In the following, we would like to inform you about which data is processed via the TK-Doc app.

5.1 Set-up data

After installation, the TK-Doc app requires the following set-up data: insurance number, date of birth and password. This set-up data is required for the app to work. The insurance number and date of birth are used to clearly identify that you are insured with TK. These must be entered when starting the app for the first time. For all other logins, a technically generated key (a so-called hash value) is used for identification. This is stored locally in the protected area of the app. 

To protect the app from unauthorised access by third parties, you must assign a password or use biometrics. You can choose whether the app should be unlocked by entering the password or by biometrics (fingerprint, facial recognition). 

5.2 Registration data for the Video consultation / eGesundheit Deutschland (electronic prescriptions)

To use the Video consultation or to be able to receive electronic prescriptions, you must register via "Meine TK". To do this, log in with the help of your username/insurance number and password. This data is used for unique identification. As a further security level, you must have registered your phone number for the SMS-TAN procedure. 

Details in German of the privacy policy for "Meine TK", TK's online service area, can be found by going to www.tk.de and entering the search code 2013048.

5.3 Data collection when using push notifications

You can be notified about the receipt of new ePrescriptions and about the expiration of the session or the availability of the result report in the Symptom-Checker when you are offline. To do this, your smartphone registers with the respective push service (Apple Push Notification or Firebase Cloud Messaging) after set-up. The service then sends a token to your device. The token is transmitted from the TK-Doc app to the backend and stored there in a database. If a notification is to be sent, the backend sends the message with the token to the push service, which forwards it to your device. 

5.4 User surveys

TK offers you the opportunity to participate in surveys. Participation in such surveys is voluntary. TK does not carry this out itself but uses the company Qualtrics Ltd., Costello House, 1 Clarendon Row, Dublin, D02 TA43 Ireland.  To participate in the surveys, you will be redirected from TK-Doc to the Qualtrics pages. TK will not transmit any of your personal data to Qualtrics. Your answers in the surveys are anonymous to us unless you provide personal data in the answer fields.
 

6. Does TK or other companies receive data and for what purpose?

The companies listed below receive and process the data you provide in the TK-Doc app for specific purposes. In the following, we would like to inform you in detail about these purposes and their recipients:

6.1 Apple and Google 

For security reasons (prevention of misuse of the app), individual codes are assigned for each device when installing the app for iOS devices and Android devices. These codes are passed to the Apple or Google server to check whether the request comes from an app that has been installed from a certified app store. Further data, such as the IP address, is not transmitted. 

6.2 Techniker Krankenkasse

To check the insurance status, the insurance number and date of birth are forwarded to TK. 

In addition, TeleClinic GmbH transmits the following billing-relevant contact information to TK:

• Health insurance/insurance number
• Time of contact
• Medium used to contact us (e.g., video telephony, live chat and telephone).

TK receives the following billing-relevant data from Docyet:

• Number of sessions performed

6.3 Cap3

TK transmits information on the insurance status to Cap3 GmbH to check whether the TK-Doc app can be accessed.

6.4 CGI Germany and Pyur

After an electronic prescription (ePrescription) has been created by the doctors involved, all the prescription data is transmitted in encrypted form to the servers of our contractual partners CGI Deutschland B.V. & Co. KG, Leinfelder Straße 60, 70771 Leinfelden-Echterdingen and Pyur, Nonnenmühlengasse 1 in 04107 Leipzig (trustee). All servers are in Germany. 

CGI and Pyur (trustee) have no way of deciphering and viewing the data contained in the ePrescription (name, aids, diagnosis, etc.). 

In addition, our contractual partners (CGI/Pyur) receive information from TK on registration for the offering (registration date, health insurance number and date of birth). This ensures that the ePrescription can be clearly assigned between doctors, the TK-Doc app and the contractual partners (aid supplier).

6.5 Other important information

Data is always transmitted between the TK-Doc app and the recipients described here with state-of-the-art SSL encryption. 

The so-called equipment identity (IMEI), which enables a clear assignment to the owner of the device, is not recorded by the app.
 

7. Data collection for analysis purposes and troubleshooting

Data is collected in the TK-Doc app to ensure error-free provision of the app (crash reports) and to further develop the app as needed (app analysis). The data collected is stored exclusively on servers in a member state of the European Union or in a country with which the European Union has concluded an adequacy decision (e.g., USA) based on Article 45 of the GDPR. You can change your consent to or rejection of the analysis to ensure error-free provision and demand-oriented further development under "App analysis" in the app settings.

7.1 Analysis to ensure error-free provision (crash reports) 

TK uses crash reporting to ensure that the TK Doc app is error-free. With crash reporting if an error occurs, it is possible to trace where it happened so that the cause can be determined. The following data is collected:

• User ID (UUID, generated during registration)
• Time of access
• Features used (chat, telephony, etc.)
• Operating system used

7.2 Analysis for needs-based further development (app analysis)

To further develop the app in line with demand, TK uses the open-source tool Matomo, which stores the data in pseudonymised form in the Matomo cloud. Neither Matomo nor other third parties have access to personal data. 

The following data is collected

• Date and time of access
• A technical code (random pseudonymised tracking ID), which itself contains no information about you personally and is valid for the duration of your current registration in the app. This code is stored in an encrypted database in your app. The code is deleted as soon as the app is reset or deleted.   
• Technical data about your end device such as operating system, app version 
• Content and functions accessed

The following is measured for app analysis:

• User navigation through the app 
• Number of users by days and months
• Frequency of use in hours
• Number of users broken down by operating system
• Number of users broken down by app version 
• Usage behaviour in certain features (Symptom-Checker, ICD search)

The processing, storage and evaluation of the app analysis data is carried out exclusively in such a way that no conclusions can be drawn about your person. 

The analysis is only available in aggregated, anonymised form (e.g., "50% of users who used the TK-Doc app in May used the Android operating system"). The data processing of the above-mentioned app analysis is carried out based on the legal provisions of Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest here is the optimisation of our TK-Doc app.

7.3 Feedback function

When using the integrated feedback function, anonymous data is sent which is required for subsequent troubleshooting. The following information is sent:

• Optional e-mail
• Date and time
• TK-Doc version

When writing your feedback, please ensure that it does not contain any personal details and/or social data. All feedback is sent to us in the form of an encrypted text message and is stored for the time it takes to review your feedback and then deleted. Please note that you will therefore not receive a reply to your feedback from us. If you wish to receive a reply, you have the option of providing your e-mail address.

Beyond this, we do not use any analysis options.

8. Storage periods and deletion of the data used

8.1 Storage periods for active use

The prescription data in connection with the "eGesundheit Deutschland" electronic prescriptions offering will be stored for 6 years after completion of care (including billing) (Section 110a of the German Social Security Code IV).

8.2 Deletion of your data 

All data within the app is deleted when it is uninstalled on the device or as soon as you reset the app. To do this, please use the corresponding function in the "App settings". 

In accordance with the specifications of the app store operator Google, you can have your account deleted at any time and independently of the above-mentioned app function. To do this, please send an e-mail with your insurance number and your request to delete your account to gesundheitsapps@tk.de. Your data will then be deleted from the app's servers. 

The storage periods described under 8.1 apply to the content of medical consultations.

9. Your rights

You have the following rights which can only be exercised via TK:

a) Right of access (Art. 15 GDPR)

b) Right to rectification (Art. 16 GDPR)

c) Right to erasure (Art. 17 GDPR)

d) Right to restriction (Art. 18 GDPR)

e) Right to object (Art. 21 GDPR)

The right to data portability (Art. 20 GDPR) does not apply to the TK-Doc app as users can only enter set-up data.

The app is not used for profiling or scoring measures in accordance with Art. 22 GDPR.

10. Communication channels

You can use the feedback function to contact TK. In addition, the contact options mentioned in section 1 are available to you. 

You can also contact TK via the e-mail address technischer-service@tk.de.

11. Contact details of data protection officers and supervisory authorities:

Data Protection Officer TK:

Techniker Krankenkasse
Data protection officer
Bramfelder Str. 140
22305 Hamburg
E-Mail: datenschutz@tk.de

Associated supervisory authority:

The Federal Commissioner for Data Protection and Freedom of Information 
Husarenstr. 30
53117 Bonn
E-Mail: poststelle@bfdi.bund.de oder poststelle@bfdi.de-mail.de

12. Modification or adaptation of the privacy policy

The privacy policy is currently valid and is dated 01.12.2024. Due to the further development of our app or the implementation of new technologies, it may become necessary to amend this privacy policy.