Our Privacy statement

By accessing and using our services, you agree to our comprehensive terms of use, which ensure fair and safe use.

Pfeil nach unten

Privacy statement

Purpose of the statement and responsible person

1. Protecting your personal data and privacy is important to us. In this privacy policy (“Statement”), we inform you about your rights and options when you use services from nyra health GmbH, i.e. either

  • download and use our app or use other of our mobile offerings,
  • visit our website and
  • use any other services we provide (collectively, the “Services”).

The subject of this statement is how we process, store and evaluate your data when you use our services.

2. The references to “we”, “us”, “our” or “nyra health” refer to nyra health GmbH based in Kettenbrückengasse 23/1/12, 1050 Vienna. We are a “controller” within the meaning of Article 4 of the EU General Data Protection Regulation (hereinafter “GDPR”). Our data protection officer is Mag. Moritz Schöllauf. If you have any questions, we are also happy to get in touch with you at info@nyra.health. For reasons of better readability, the simultaneous use of male and female forms of language is dispensed with, although it is expressly stated that all personal names apply to all genders.

Personal data that we process

3. We only process data that you provide to us voluntarily.

4. When you sign up for an account to use our services, we process your personal data, namely

  • first and last name;
  • telephone number;
  • email address;
  • year of birth;
  • gender;
  • medical information, including diagnoses that you have received and the existing course of therapy to treat such a diagnosis,
  • voice samples;

to provide our services. The legal basis for this data processing is Article 6 (1) (a) GDPR in conjunction with Article 9 (2) (a) GDPR. The collection and processing of this data is necessary in order to be able to provide our services and to be able to provide our service to the highest quality and to your complete satisfaction.

5. We process and store personal data only for the period necessary to achieve the storage purpose or if this has been provided for by the European legislator or another legislator in laws or regulations to which nyra health GmbH is subject. If the storage purpose ceases to apply or if a storage period prescribed by the European legislator of directives and regulations or another competent legislator expires, the personal data will be deleted routinely and in accordance with legal requirements. If you delete your account, personal data is immediately deleted; it is no longer possible to restore your account.

6. Should you send us an enquiry by e-mail or telephone, we process your personal data (name, email address and telephone number) on the basis of Article 6 (1) (b) GDPR in order to be able to process your enquiry and your orders to the fullest satisfaction. This data is automatically deleted after one year if you do not register for an account or if there is a legal basis for further processing of your personal data, such as consent granted in accordance with Article 6 (1) (a) GDPR.

7. When you download one of our apps, we process your personal data (first and last name; telephone number; year of birth; gender; email address; treatment facility; medical information, including diagnoses that you have received and the existing course of therapy for treating such a diagnosis; voice samples) for and after processing the order due to legal obligations in accordance with Art 6 (1) lit c GDPR, which we must fulfill, such as legally required storage and documentation requirements. After deleting the app, your data is not deleted; it is still available to you until you delete your account. If you delete your account, the data is immediately anonymized; recovery is not possible.

8. When you visit the website www.nyra.health visits, technically necessary cookies and cookies are set for statistical and marketing purposes. You can change your settings at any time or object to previous processing with effect for the future. You can adjust the settings View it here and change your selection there.

9. Should you apply to us, we process the personal data (name, telephone number, email address and other personal data provided to us by you, from your application documents) for the purpose of possibly establishing an employment relationship on the basis of Article 6 (1) (b) GDPR, and if no employment relationship is established, this data will be deleted by us after 7 months from the date you have contacted us.

10. Data generated and processed by us: On the basis of your consent in accordance with Art 6 (1) lit a) in conjunction with Art 9 (2) (a) GDPR, we create and process your medical information relating to patients' use of the services, including improvements and performance improvements by patients as a result of using the services. In particular, the type of exercise and the time it took to complete the exercise are processed as well as the analysis of the exercises (e.g. points, number of repetitions, etc.). This data is processed primarily to evaluate your profile and provide you with the best possible exercises and to provide and improve the services. After withdrawing your consent, the data will be anonymized so that no personal reference can be made anymore.

11. To provide and update our services, improve functionality, we process your name and email address to bring this information and updates to you. This is necessary to fulfill our contractual obligation under Article 6 (1) (b) GDPR. We automatically delete this information when collection and processing is no longer necessary to provide the service. If you delete your account, the data is immediately anonymized; recovery is not possible.

12. Visitors to our website have the option to subscribe to our mailing list. To provide this service, we store and process the subscriber's email address. We also store the subscriber's IP address and the date and time of the subscription in order to be able to verify the authenticity of the subscription. To provide this service, we use the MailChimp service from The Rocket Science Group, LLC, which also stores and processes the data collected on our behalf. On the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR and an order processing contract in accordance with Article 28 (3) (1) GDPR, MailChimp is used as a shipping service provider. A subscriber can unsubscribe from our mailing list at any time, and all data collected in this context will be deleted. For more information about the privacy policy, please see MailChimp's privacy policy at https://mailchimp.com/legal/privacy

MailChimp's general terms of use can be found here https://mailchimp.com/legal/terms

Data transfer to third parties

13. We will only pass on or otherwise transfer personal data to third parties if this is necessary for contract processing or billing purposes.

14. Your personal data will be shared with hospitals and therapists if you choose this setting. This is based on your consent, which can be withdrawn at any time with effect for the future.

15. If, as part of our processing, we disclose data to other persons and companies (contract processors or third parties), transfer it to them or otherwise grant them access to the data, this is only done on the basis of a legal obligation or to fulfill the contract. If we commission third parties to process data on the basis of a so-called “order processing contract,” this is done on the basis of Article 28 GDPR.

16. Your data is stored on secure and certified Fire Base servers, which are located exclusively in Europe, specifically in Frankfurt, GERMANY. There is no transfer of data to the USA or other third countries. Data is transmitted asynchronously when logging on to the Internet and using the app to and from these servers. The data is transmitted via SSL encryption. We have concluded an order processing agreement for this purpose, and the data protection regulations for the processing of your data by Fire Base can be found here: https://firebase.google.com/support/privacy .

Transfer of data to third countries

17. If data is transferred to unsafe third countries, additional legitimacy is required in accordance with Chapter V of the GDPR. This is done either

  • by concluding an adequacy decision in accordance with Article 45 GDPR, according to which the existence of an adequate level of protection has been confirmed by the European Commission,
  • conclusion of standard data protection clauses in accordance with Art 46 GDPR,
  • or by obtaining your express consent in accordance with Art 49 GDPR, in which case we will explain the risks separately.

18. To process payment arrangements and process your personal data to recognize your account and link it to the app via the App Store (for iOS) or Google Play Store (for Android), we have concluded contract processing agreements with Apple and Google. The privacy statement for the processing of personal data in the App Store can be found here: https://www.apple.com/legal/privacy/de-ww/ For the processing of personal data in the Google Play Store, you can find here: https://policies.google.com/privacy?hl=de .

19. We will provide you with separate information about the processing of your personal data using cookies here.

Toms and safety

20. The security of your information is particularly important to us, so we use cutting-edge administrative, technical, personnel, and physical measures to protect your personal information from loss, theft, or unauthorized use, disclosure, or alteration.

21. Your personal data is also protected by appropriate technical and organizational measures (password protection, secure servers with encryption in Europe, backup backup and monitoring, physical hard disk backup, encrypted data transmission, two-factor identification, etc.) in accordance with Article 32 GDPR.

22. These precautions relate in particular to protection against unauthorised, unlawful or even accidental access, processing, loss, use and manipulation, so that unauthorised third parties do not gain access to your data. Due to our highest security standards, data breaches can be almost completely ruled out. Should a data breach nevertheless occur, we have taken comprehensive technical and organizational measures (TOMs) to ensure that it is identified at an early stage and, if necessary, immediately reported to you or the competent supervisory authority, taking into account the respective data categories that are affected.

23. We have also implemented a strict data security policy, train our employees on data protection issues, and review the privacy practices of new products and services that we integrate into our services. Accordingly, our employees are required to sign confidentiality agreements to ensure that your personal data is handled correctly.

24. We use appropriate technical security measures, such as secure hosting provided by industry-leading third parties, to further protect your personal information.

25. As soon as it is no longer necessary to process your data, it is anonymized and only processed in such a way that a personal reference can no longer be established.

Your rights

26. You have the right to assert all data subject rights at any time. These are:

  • the right to request information about your stored personal data, their origin and recipients and the purpose of data processing,
  • the right to correct incorrect personal data,
  • the right to data transfer,
  • the right to object to processing,
  • the right to restrict processing, and
  • Blocking or deleting incorrect or unlawfully processed data.

27. If, contrary to expectations, there is a violation of your right to lawful processing of your data, please contact us immediately (see our contact details in paragraph 2). You also have the right to lodge a complaint with the Austrian Data Protection Authority (www.dsb.gv.at) or with another data protection supervisory authority in the EU.

Data processing based on consent

28. If we process your data on the basis of consent, you have the right to obtain this consent at any time (info@nyra.health or using the contact details set out in paragraph 2), but this does not affect the lawfulness of the data processing carried out up to this point in time in accordance with Article 7 (3) GDPR.

29. The stored personal data will be deleted when you, as a user of the website and/or as a customer, withdraw your consent to storage, and when your data is no longer required to fulfill the purpose for which it was stored or if its storage is or becomes prohibited for other legal reasons.


30. If you have any questions about your personal data, you can of course contact us at any time at info@nyra.health or contact the contact details listed in paragraph 2 at any time.