DE: Data protection Switzerland
CH: Data protection Switzerland
IT: Protezione dei dati Svizzera
Data Protection Policy
Last update: October 2025
DATA PROTECTION INFORMATION ON USING THE “Dräger Companion med” APP
With this data protection notice, we would like to inform you on what basis and for what purposes
purposes for which we process personal data that we collect from you or that you provide to us,
if you use the “Dräger Companion med” app (the “App”). We would also like to inform you about the
and other general conditions of data processing.
The app is a classified medical device for the European Economic Area and fulfills the
Requirements of Regulation (EU) 2017/745 (Medical Devices Regulation – MPV).
Further information can be found in the app’s terms of use.
The app will process your personal data in strict confidence and for a specific purpose in accordance with the
following notes.
1. who is responsible for data processing and who can I contact?
Controller within the meaning of the General Data Protection Regulation (GDPR) and the Federal Act on Data Protection
Data Protection Act (DSG):
Dräger Safety AG & Co. KGaA (“Dräger”)
Revalstrasse 1
23558 Lübeck
jointly responsible with
BAYOOCARE GmbH (“BAYOOCARE”)
Europaplatz 5
64293 Darmstadt
You can reach the company data protection officers of the responsible parties at the aforementioned
Contact details and by e-mail: dataprivacy(at)draeger.com and dataprivacy(at)bayoocare.com.
The essence of the division of responsibilities between the responsible parties results from the
following tabular overview. For the avoidance of doubt, this in no way affects your legal rights.
legal positions under data protection law against both or one of the controllers.
| Processing activity/obligation | Responsibility/contact point |
|---|---|
| Back-end operation for data storage | Dräger |
| Operative app operation (incl. vigilance) | BAYOOCARE |
| Technical 1st & 2nd level support | Dräger |
| Technical 3rd level support | BAYOOCARE |
| Operation of the ticket system for 1st/2nd/3rd level support |
Dräger |
| Exercising the rights of data subjects in accordance with Art. 15 ff. GDPR and Art. 19 DSG |
Dräger, BAYOOCARE |
| Information for data subjects pursuant to Art. 12 et seq. GDPR and Art. 19 et seq. DSG |
BAYOOCARE |
2 What data do we process?
When you use the app, the following personal data concerning you will be processed:
– Name
– (Delivery) address
– E-mail and password
– Breath alcohol measurement results and times
– Image recordings during the measurements
– Usage data that is collected in anonymized form to ensure proper operation of the website.
of the app and to improve it (e.g. “crashes” that have occurred or other
bugs)
– Master data of your therapist and/or doctor
3 Where do we store your personal data?
Your personal data is initially stored exclusively on your smartphone. When you log in
decide to share your data with your therapist and/or doctor, it will be processed for this purpose.
additionally – on servers maintained by Dräger (“back-end”). This is ensured in any case,
that the servers used to store your data are located exclusively within the European Union
are located.
4. for what purpose do we process your data and on what legal basis?
We process personal data in accordance with the provisions of the GDPR and the
Federal Act on Data Protection (FADP):
4.1. For the fulfillment of contractual obligations (Art. 6 para. 1 lit. b GDPR, Art. 6 DSG)
We process the contractual data in order to provide you with the contractually agreed services.
and to be able to allocate and provide the data to the correct recipients.
4.2. For the processing of personal health data based on your consent (Art. 6 para. 1 lit.
a GDPR, Art. 9 para. 2 lit. a GDPR, Art. 6 DSG)
When you start the app for the first time, you consent to the processing of your health data by activating
of a switch. Based on your consent, we process your health data in order to provide you with
to be able to provide relevant app services.
4.3. For the exercise or defense of legal claims (Art. 9 para. 2 lit. f GDPR, Art. 6 FADP)
If necessary, we may process your data for the establishment, exercise or defense of legal claims.
legal claims.
4.4. To fulfill legal obligations (Art. 9 para. 2 lit. i GDPR, Art. 83 para. 3 lit. e, f MPV, Art. 9 FADP)
Finally, we process data insofar as this is necessary to fulfill our legal obligations to
is required in the field of vigilance of medical devices.
5. to whom will my personal data be transmitted?
In order to provide the services contained in the app, we transmit your data to your therapist and/or
Doctor, if you use this functionality.
In addition, access to data is generally only granted to those persons who need it to fulfill our
contractual and, if applicable, legal obligations. Service providers used by us and
Agents may be given access to data for these purposes, for example with regard to externally commissioned
IT services (e.g. hosting). In this case, we provide the following services through corresponding agreements with these
service providers to ensure that the data protection requirements for their integration are met.
are fully safeguarded.
In addition, we do not transfer any personal data or data that can be related to you to third parties without your consent.
express prior consent.
You are free to extract your results generated via the app in the form of the PDF report and
then transfer it to third parties themselves.
6. is the provision of personal data required by law or contract?
You are not obliged to provide us with the aforementioned personal data.
Please note, however, that the incorrect or incomplete provision of data may jeopardize the
proper provision of services within the scope of the app.
7 How long will my data be stored?
You can make deletions yourself at any time within the app. Dräger deletes data stored in the back end
otherwise immediately after termination of the respective user relationship (at the latest within 60
days).
Please note that we may have to retain individual categories of data for longer, for example due to
Mandatory tax or social law requirements regarding financially relevant accounting data.
The same applies in the case of other circumstances that justify longer storage – for example until the expiry of the
regular limitation period if claims for damages are imminent or until the expiry of regulatory periods.
Deadlines if a retention period under medical device law applies.
8. your rights as a data subject
As a data subject, you have the right to information in accordance with Article 15 GDPR and Article 25 FADP, the right to
Rectification pursuant to Article 16 GDPR and Article 32 (1) FADP, the right to erasure pursuant to Article 17 GDPR
and Article 32, para. 2, lit. C. FADP and the right to restriction of processing pursuant to Article 18 GDPR
and Article 32, para. 2, lit. B. DSG.
Details of who you can assert these rights against and how you can do so can be found in section 1 above.