Data Protec­tion Policy of the TK-Coach App

The TK‑Coach app offers personal coaching to improve your well-being and features activities from the areas of fitness, relaxation and nutrition.

1. Responsible Bodies

The bodies responsible for the collection, processing and use of personal data in connection with this app are

Techniker Krankenkasse ("TK")  
Bramfelder Straße 140  
22305 Hamburg

T-Systems International GmbH ("TSI")  
Hahnstraße 43d
60528 Frankfurt am Main

With respect to data processing, the above-mentioned bodies are so-called "joint controllers" as defined by Art. 26 GDPR.

If you have any questions regarding the data processing of the app or the exercising of your data subject rights, please contact Health_Datenschutz@t-systems.com

Contact of the data protection officer (TSI)
T-Systems International GmbH  
z.H. Datenschutzbeauftragter  
Friedrich - Ebert - Allee 140  
53113 Bonn
E-Mail: datenschutz@telekom.de 

a) How does the cooperation work? Who processes which data and for what purpose?

TK and TSI created the app together and are continuously developing it.

TSI programs and maintains the app and operates the app's servers which are necessary for its operation.

TK does not receive any personal data about your use of the app.

b) How can the data subjects' rights be exercised?

Pursuant to Art. 26 (3) of the GDPR, you can assert your rights under the GDPR (e. g. right of access to the processed data) with all bodies. The jointly responsible parties work together to ensure and fulfil your rights.

In the interest of efficient processing, we kindly ask you to send corresponding requests directly to the following e-mail address:
Health_Datenschutz@t-systems.com

c) How is the protection of your personal data ensured?

The data controllers have taken technical and organisational measures to ensure the protection of your data.

Compliance with these measures is contractually agreed between the processing entities and is continuously monitored by their data protection officers.

2. Installation of the App

The app is available via distribution platforms operated by third parties, so-called app stores (Google Play and Apple App Store). Your download may require prior registration with the respective app store and installation of the app store software.

The responsible bodies have no influence on the collection, processing and use of personal data in connection with your registration and the provision of downloads in the respective app store and the app store software. In this respect, the responsible party is solely the operator of the respective app store. If necessary, please contact the respective app store provider directly for more information.

3. What data is required to use the app? For what purpose and on what legal basis is the data processed?

In the following, we would like to inform you about what data is collected, processed and stored via the app and on what legal basis this is done.

3.1. Consent to participation and processing of personal data, consent to terms of use

The e-mail address, date/time, content of the declaration of consent and the terms of use are processed.

The purpose of processing this data is to prove your consent to data processing in the app and proof of your agreement to the terms of use.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

3.2. Registration, login, multi-factor authentication

The authentication token of the app server is processed and for multi-factor authentication: device ID (UUID), manufacturer and device model.

This data is processed for secure login to your personal user account and to protect the confidentiality of your data.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

3.3. Master data

Your name, your e-mail address, a pseudonymised user ID, your date of birth and your gender are processed.

This data is used to communicate with you personally, for the proper provision of the app's offer and for the preselection of activity recommendations (e. g. exercises, tasks, recipes).

Legal basis: Art. 6. para. 1 lit. a GDPR (consent)

3.4. Data from questionnaire responses, logging activities

Your answers to the questionnaires included in the app: With the help of your answers, your state of health is determined and a pre-selection for the exercise recommendations is made; the questionnaires also contain questions relating to health.

Your year of birth and gender: this information is also processed for the pre-selection of your exercise recommendations.

Your scheduled activities, your activity progress and your feedback on the activities: This information is used for the presentation and evaluation of the progress of your coaching.

Legal basis: Art. 9 para. 2 lit. a GDPR (consent).

3.5. Activity data, such as calories burned and performed exercises

Your activity data collected in the app and its modules. The type of activity data collected depends on the functions and modules of the app that you use.

The activity data is used to determine your state of health and is also evaluated for the selection of recommendations (e. g. exercise recommendations).

Legal basis: Art. 9 para. 2 lit. a GDPR (consent).

3.6. Data from the use of connected so-called wearables (number of steps, measurement period)

If you connect one of the supported external devices ("wearable") with the app, the app retrieves data collected with this device and uses this data to determine your state of health and to select recommendations.

Legal basis: Art. 9 para. 2 lit. a GDPR (consent)

3.7. Calculation of the so-called Mental Health Score (optional)

You have the option of letting the app calculate the Mental Health Score. This also processes health-related data.

The following data is processed to calculate and display the Mental Health Score: internal (technical) ID, age, gender, data from previous answers to questionnaires in the app.

The following data collected by your fitness tracker are also included in the calculation: number of steps (daily value), sleep duration (daily value), resting pulse (daily value). Note: When retrieving the released data from the connected external fitness trackers, depending on the manufacturer more data than is necessary for calculating the Mental Health Score is provided. TK and TSI have no influence on this or on the technical design of the interfaces provided by the fitness tracker providers. Any data beyond the above-mentioned data required for the Mental Health Score will not be stored.

Legal basis: Art. 9 para. 2 lit. a GDPR (consent)

3.8. Pseudonymized data for product improvement and further development (OPTIONAL)

Exclusively in pseudonymised form and separated from the app's other data processing:

Data from your use of the app such as your answers to the initial questionnaire, your selected activities, your activity progress, your gender and your year of birth, data from your operation of the app, data on the type of mobile device.

Important note: These data do not contain any information that can directly identify you, such as your e-mail address or name. These data are also never made accessible to TK or third parties.

Data processing for product improvement and further development will only take place if you have given separate optional consent to this during registration or in the app.

Legal basis: Art. 6. para. 1 lit. a GDPR (consent)

3.9. User surveys (OPTIONAL)

TK provides you the opportunity to take part in optional surveys. TK does not conduct these surveys itself, but uses the services of the company Qualtrics Ireland Limited, Costello House, 1 Clarendon Row, Dublin2, D02 TA43 Ireland (Qualtrics). As soon as surveys are started, you will be notified via a separate pop-up window. If you take part in the survey, you will be redirected to the Qualtrics website. TK will not forward any of your personal data to Qualtrics. Your answers are anonymous as long as you do not enter any personal data in the answer fields.

By consenting, you agree to receive surveys for TK's quality assurance. You have the right not to consent and can withdraw your consent at any time in your profile settings. It cannot be ruled out that our contractual partner or a third party commissioned by it may conduct quality assurance surveys on its own behalf. The contractual partner is responsible for both the content and frequency of the surveys and will inform you separately about its own surveys.

Legal basis: Art. 6. para. 1 lit. a GDPR (consent)

3.10. Technical usage and history data

Technical data such as login data (user ID, date/time) in the form of so-called technical log files.

Note: the IP address or other unique identifiers of your mobile device are not stored.

Legal basis: Art. 6 para. 1 lit. a GDPR

3.11. Push notifications

IP address, technical device identifier, content of the message, date/time.

In the app, you have the option of agreeing to receive so-called push messages. Push messages in the app contain non-specific reminders about upcoming events or content provided ("Please remember your appointment tomorrow."). For technical reasons, further data (e. g. the IP address of your device) is processed.

The receipt of push messages is deactivated by default. You can deactivate the receipt of push messages at any time in the settings of the operating system of your mobile device.

Important note: When sending push messages, the above-mentioned data is processed by companies based in a third country (USA - Google/Apple). A level of data protection comparable to the EU cannot be guaranteed for these companies.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

3.12. Forced Update

In order to ensure smooth operation and resolve possible problems, during the initialisation process (initial start, reactivation from the background or unlocking), the app checks for available updates that are necessary for technical, functional and content security. A request is sent to the backend for this purpose: it checks whether a certain minimum version of the app is being used, which is necessary for secure and stable operation. This does not necessarily have to be the latest or most recent version. The IP address of your mobile device is transmitted for technical reasons. If necessary, you will be notified that the latest version must be downloaded from the App Store. Without installing this minimum version, it is no longer possible to use the app for security reasons.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

3.13. Analysis to ensure accuracy and error-free functioning

To keep the app accurate and error-free, TK uses crash-reporting. Crash reporting ensures that if an error occurs, it can be traced back to the point where it occurred in order to identify the cause. The information collected is stored exclusively on TK servers:

• Client IP (truncated)
• End device ID for crash reporting (a randomly generated number that does not allow any association with the device or person)
• App version
• Operating system
• Screen resolution
• Mobile device
• Date and time
• Content and functions accessed

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

If you agree to cross-platform usage behavior, crash reporting will also be carried out across all your visits.

3.14. AdmiralCloud

The data collected by the AdmiralCloud server includes details on how the user uses AdmiralCloud services, the IP address, data on the device type, device language, date and time of viewing. These are used only to manage the service.

3.15 Voucher code holder and guest accounts

Your data (surname, first name, and e-mail address) will be processed so that TK can contact you if necessary. The prerequisite for this is the existence of an effective declaration of consent. You can find more information on this on the registration page.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

4. Withdrawal of consent to data processing

You can revoke your previously given consent to the processing of your personal data at any time with effect for the future:

You can also send a revocation to the responsible persons via e-mail. To do so, please e-mail: Health_Datenschutz@t-systems.com.

A revocation will result in your personal data no longer being processed within the scope of the app. Your personal data will be deleted unless there is a legal obligation to retain it.

Further use of the app is then no longer possible.

Important note: In the "Settings" of the app, you can revoke any optional consent you may have given for

• the purpose of using pseudonymized data for product improvement and further development,
• the purpose of using the e-mail address to be contacted from TK,
• process your wearable data to calculate the Mental Health Score,
• participation in surveys and satisfaction ratings.

From this point on, no pseudonymized data will be collected and used for the revoked purpose. However, in this case you can continue to use the app.

5. Deletion of data

You have the option of deleting your user account at any time within the app. To do this, please use the corresponding function in the "Settings" of the app.

In accordance with the requirements of the app store operator Google: You can also request the deletion of your account at any time independently of your app function via the following e-mail address Health_Datenschutz@t-systems.com. To do so, state the e-mail address provided in the app and the request to delete your account or the desired data. The data protection officer will then contact you for authentication. If this authentication is successful, your data will be deleted from the app's servers.

This procedure also takes place if the user is inactive for 6 months.

If you use the app without a time limit, your user account and all personal data stored on the app's servers will be deleted after 6 months of inactivity.

If you revoke your consent to the processing of your data, your personal data stored on the app's servers will be deleted. Please send your revocation by e-mail to: Health_Datenschutz@t-systems.com

If you revoke the optional consent for the calculation of the Mental Health Score, your relevant data (Mental Health Score) will be deleted, and you will no longer be able to use the corresponding function (Mental Health Score) from this point onwards. You can give your optional consent again at any time and use the function again.

An important note for TK policyholders who participate in the TK bonus programme: if you use the app as part of the TK Bonus Programme, the data required to determine and verify your individual bonus entitlement will be stored 15 months (after deletion of the app usage data) and then automatically deleted.

6. Which other recipients receive data and for what purpose?

TSI uses sub-service providers to realise the app, e. g.

• for hosting the so-called backend of the app as well as the content of the app,
• for the (optional) calculation of the Mental Health Score.

These sub-service providers act exclusively on behalf of TSI and are obligated by so-called order processing contracts pursuant to Art. 28 GDPR to exclusively process data in accordance with instructions and to comply with the GDPR.

Data is not passed on to other third parties.

7. Origin of data, processing in third countries, automated decision-making, profiling

All data processed in the app and on the app's servers is only collected directly from you.

No processing takes place in so-called third countries (countries outside the EU).

There is no automated decision-making and no profiling according to Art 22 (1) and (4) GDPR.

8. General data subject rights

You have the right to

• request information on the categories of data processed, the purposes of processing, any recipients of the data, the planned storage period (Art. 15 GDPR);
• to request the correction or completion of incorrect or incomplete data (Art. 16 GDPR);
• revoke a given consent at any time with effect for the future (Art. 7 para. 3 GDPR);
• object to data processing that is to be carried out on the basis of a legitimate interest for reasons arising from your particular situation (Art. 21 (1) GDPR);
• in certain cases, within the framework of Art 17 GDPR, to request the deletion of data - in particular insofar as the data is no longer necessary for the intended purpose or is processed unlawfully, or you have withdrawn your consent or declared an objection in accordance with the above;
• under certain conditions, to demand the restriction of data insofar as deletion is not possible or the obligation to delete is disputed (Art. 18 GDPR);
• data portability, i.e. you can receive your data that you have provided to us in a common machine-readable format such as CSV and, if necessary, transfer it to others (Art. 20 GDPR). A corresponding export function is available in the app.

9. Contact details of the supervising authorities

For TK:

Der Bundesbeauftragte für Datenschutz und die Informationsfreiheit  
Graurheindorfer Str. 153  
53117 Bonn  
E-Mail: poststelle@bfdi.bund.de or poststelle@bfdi.de-mail.de

Für die TSI:

Der Hessische Beauftragte für Datenschutz und Informationssicherheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden  
E-Mail: poststelle@datenschutz.hessen.de

10. Amendment or adaptation of the privacy policy

The Privacy Policy is currently valid and dated 13 June 2025. Due to the further development of the app or the implementation of new technologies, it may become necessary to amend this Privacy Policy.

(V12.00 01/09/2025)