cosinuss° Health Web: Data Privacy
The purpose of this document is to inform users, customers, and other stakeholders of the cosinuss° Health Web about the data protection measures in place, the legal basis for data processing, and the rights of data subjects in accordance with applicable regulations, particularly the General Data Protection Regulation (GDPR).
| Contact |  Cosinuss GmbH Kistlerhofstrasse 60, 81379 Munich, Germany +49 89 740 418 32 dataprivacy@cosinuss.com | ——————————————————- |
|---|---|---|
| Version: | 2.0 | |
| Last Updated: | March 2025 | |
| Website: | https://www.cosinuss.com | |
| Health° Platform: | https://health.cosinuss.com |
Protecting your privacy is important to Cosinuss GmbH (herein called “cosinuss°” or “company”). This data policy document describes how cosinuss° is using data in the context of its Remote Vital Signs Monitoring solution. cosinuss° operates a web application (°Health Web: https://health.cosinuss.com) including its servers, in combination with its Gateway devices and apps, as well as its in-ear sensors. With these components together cosinuss° is enabling the monitoring, processing and transmission of vital signs remotely (herein called “Remote Vital Signs Monitoring Solution”). cosinuss° is thus providing an end-to-end solution to enable individuals/institutions to remotely monitor vital signs of a selected group of people (herein called “Data subjects”). With this Remote Vital Signs Monitoring system, cosinuss° has no plan and motivation to sell or transmit personal data or health data to any third parties.
cosinuss° sells its Remote Vital Signs Monitoring system and the service of operation thereof to professionals/companies/organizations (herein called “Data Controller”).
When operating its Remote Vital Signs Monitoring system, cosinuss° only processes personal data according to documented instructions from the Data Controller, and only to the extent that is necessary to fulfil the obligations of a previously signed Principal Agreement and Data Processing Agreement, unless processing is required under EU or Member State law to which cosinuss° is subject. In this case, cosinuss° must inform the Data Controller of that legal requirement before processing, unless that law prohibits this notification on important grounds of public interest, see General Data Protection Regulation article 28, section 3, paragraph a. The Data Processing Agreement is part of the Data Controller’s instructions to cosinuss°. cosinuss° processes personal data on behalf of the Data Controller, and is only allowed to use the personal data for own purposes, especially the improvement of its offering, if it has the prior written consent of the Data Controller to do so.
Personal data collected by the Data Controller
The Data Controller is solely responsible for collecting any personal data that is directly identifying the data subjects. Thus, the Data Controller is also always responsible for the delivery of the components of the Remote Vital Signs Monitoring system to the data subjects. At no point of time does cosinuss° have any directly identifying personal data of the data subjects.
The Data controller has additionally authorized access to the Health Data collected and processed by cosinuss° throughout the °Health Web application or an Application Programming Interface (API).
Data collected by cosinuss°
In the framework of its Remote Vital Signs Monitoring solution cosinuss° is collecting health data and other meta data described hereafter of pseudonymized individuals.
Pseudonymization process
To enhance data privacy and security, cosinuss° Health Web employs a pseudonymization process for every new subject added to the system. This process ensures that personal data is anonymized while still maintaining its usability for analysis and management purposes. The steps of the pseudonymization process are as follows:
- Unique Pseudonym Generation: For each new subject, a unique pseudonym is created in the format “XXXX.XXXX,” where each “XXXX” consists of four random alphanumeric characters (A-Z, 0-9).
- Alphanumeric Characters: The pseudonym consists of a combination of letters (A-Z) and numbers (0-9), ensuring uniqueness while maintaining simplicity and scalability.
- Data Association: All personal and health-related data associated with the subject are tied to this pseudonym, rather than the subject’s real identity.
- Privacy Protection: By using the pseudonym instead of personal identifiers, the system minimizes the risk of exposing sensitive information while allowing for the effective management and use of data.
- Access Control: Only authorized personnel with the necessary access rights can associate the pseudonym with the original personal information, further enhancing data protection.
This process enables us to comply with privacy regulations while ensuring that the data remains protected and secure across all interactions within the platform.
Data type details
| Subject | Data Type | Description |
|---|---|---|
| Pseudonym | String (9 characters) | unique identifier of each subject of the format “XXXX.XXXX”, where XXXX is a combination of 4 letters or numbers (A-Z, 0-9) |
| time created | Timestamp | Timestamp indicating when the subject was created |
| label | String (up to 64 characters) | Free text field that can be used for external database IDs or other references |
| Sensor Device | Data Type | Description |
| MAC address | String (17 characters) | Unique Bluetooth MAC address of the sensor device |
| Unique Device Identification (UDI) | String (50 characters) | Standardized identifier for the sensor device, including serial number, GTIN, LOT, sensor type |
| Firmware version | String (e.g., “1.2.3”) | Version number of the sensor's firmware |
| Bluetooth Device Name | String (up to 64 characters) | Name of the sensor as it appears in Bluetooth settings |
| Cap size | String (e.g., “S”, “M”, “L”) | Size of the sensor tip (custom term) |
| Battery level | Integer (0-100%) | Battery charge percentage (updated at ~0.1 Hz) |
| Gateway Device | Data Type | Description |
| MAC address | String (17 characters) | Unique MAC address of the gateway device |
| Unique Device Identification (UDI) | String (variable length) | Standardized identifier for the gateway device |
| Software version | String (e.g., “1.2.3”) | Version number of the gateway’s software |
| Recording Data | Data Type | Description |
| Record ID | String (13 characters) | Unique identifier for the recorded data file of the format “XXXXXX.XXXXXX”, where XXXXXX is a combination of 6 letters or numbers (A-Z, 0-9) |
| Time record start | Timestamp | Start time of the recording |
| Time record end | Timestamp | End time of the recording |
| Time upload to server | Timestamp | Time when the recorded data was uploaded |
| Record duration | Float (seconds) | Total duration of the recording |
| Record timezone | String (e.g., “UTC”, “Europe/Berlin”) | Time zone of the recording location |
| Sensor RAW Data | Data Type | Description |
| PPG Green | Binary (24-bit), 200 Hz | Raw Photoplethysmogram from Green LED |
| PPG Infrared | Binary (24-bit), 200 Hz | Raw Photoplethysmogram from Infrared LED |
| PPG Red | Binary (24-bit), 200 Hz | Raw Photoplethysmogram from Red LED |
| PPG Ambient | Binary (24-bit), 200 Hz | Raw Photoplethysmogram with LED turned off (baseline) |
| ECG Channel 1-6 | Binary (32-bit), 512 Hz | Raw Electrocardiogram data from 6 channels |
| Acceleration / Position | Binary (16-bit), 100 Hz | 3-axis accelerometer (X, Y, Z) |
| Temperature CT | Float, 1 Hz | Contact thermometer temperature (non-medical) |
| Sensor Vital Signs | Data Type | Description |
| Arterial Oxygen Saturation | Integer (%), 1 Hz | Blood oxygen saturation (SpO₂) |
| Pulse Rate | Integer, 1 Hz | Heart rate in beats per minute (bpm) |
| Body Temperature | Float, 0.1 Hz | Infrared thermometer temperature |
| Respiration Rate | Float, 1 Hz | Breathing rate in breaths per minute |
| Sensor Derived Parameters | Data Type | Description |
| Quality Index | Integer, 1 Hz | Sensor fit and signal quality |
| Perfusion Index | Float, 1 Hz | Pulse strength as a percentage |
| RR-Interval | Integer (ms), 1 Hz | Time between heartbeats (milliseconds) |
| Server Scores | Data Type | Description |
| Deviation Score (DS) | Integer, 1 Hz | Deviation Thresholds on Vital Signs |
| To be defined by Data Controller | Combined Vital Signs Scoring | |
| Server Analysis | Data Type | Description |
| To be defined by Data Controller | Combined Frequency Analysis |
Meta data collection is necessary in order to be able to connect a pseudonym with a data stream and to be able to troubleshoot possible problems by knowing the respective firmware version of each component.
Information about battery level is used to signal the Data subject and the Data Controller the need for charging the sensor device and thus to ensure the ongoing offering.
Information regarding quality is needed in order to be able to indicate to the Data Controller which health data is reliable and which collected data needs to be questioned.
Raw Data collected is the data which is needed to calculate vital signs like: Heart Rate, Blood Oxygen Saturation, Core Body Temperature and Respiration rate. Additionally, it is used to derive further parameters like RR–Intervals, Perfusion, Heart Rate Variability. These are additionally provided to the Data Controller to fulfil the purpose of the principal processing.
If agreed on in the Data Processing agreement further processing of derived parameters can be conducted on the server in order to fulfil the principal purpose. One example of such processing is the calculation of the Deviation Score (DS).
Special Note regarding Bluetooth and Android
If the Remote Vital Signs Monitoring solution includes a mobile app running on an Android mobile device, cosinuss° may have an access to the coarse location of the person. This is due to the Bluetooth connection on the Android system: When the user enables Bluetooth to connect to the in-ear sensor, Android is forcing the user to enable ‘Locations’ as well. This obligation is coming from Android, not from the app. cosinuss° is not collecting or using this data, and importantly, the location information stays locally on the mobile device. It is not transmitted to the cosinuss° Health server.
Storage and disclosure of personal data
cosinuss° generates, processes and stores the data listed above in order to fulfil the purpose defined with each Data controller individually. Collected and processed data is stored on servers located in Nuremberg, Germany by Hetzner Online GmbH, which is a server provider audited by TÜV and complying with the GDPR. cosinuss° has a data processing agreement with Hetzner, according to the Art. 28 GDPR. If not explicitely agreed upon differently, cosinuss° will hand back and delete personal data when data processing under the Principal Agreement with the Data controller ceases or at the written request of the Data Controller. cosinuss° ensures that only employees, sub-processors, business partners, external consultants and temporary workers etc who need to know have access to the personal data covered by the Data Processing Agreement and that they all are bound by professional confidentiality or are subject to a relevant statutory duty of confidentiality. If cosinuss° is involved in the sale or transfer of some or all of its assets, personal data may be disclosed to the acquiring organization but only to an extent permitted by law. In this process the acquiring organization will be directed to agree to protect the privacy of your Personal data in a manner consistent with this declaration and applicable law.
Security
cosinuss° uses commercially reasonable and appropriate physical, electronic, and managerial procedures to safeguard and secure the Personal data collected. Whenever health data is transmitted, it is encrypted. So even, if the transmission protocol is accessed by an unauthorized third party, they can't use the transmitted information. However, cosinuss° can’t fully eliminate security and/or privacy risks associated with Personal data created, stored or transferred using the internet and internet technologies. cosinuss°, as the Data processor, shall not be liable for any breach, unauthorized disclosure or unlawful use of Personal data or Health data that was, at the time of the breach, under the control of the Data processor.
Cryptographic techniques
Authentification
cosinuss° only collects and processes data of pseudonymized Data subjects and limits access to this data to the authorized persons who need to know and are bound to confidentiality.
Bluetooth
The Bluetooth LE data transmission uses traffic encryption. Additionally, cosinuss° offers a 1-1 pairing mode including authentication.
Hypertext Transfer Protocol Secure (HTTPS)
The Hypertext Transfer Protocol Secure is using the latest TLS Certificates to ensure secure communication in the World Wide Web. Also, the Advanced Encryption Standard (AES) and Block Ciphers are protecting the data transmission true to highest classification. HTTPS is used in the WebInterface as well as between the communication gateway device/lab app and server.
Server Location
Servers are located in two different data centers (Nuremberg & Falkenstein / Germany) from Hetzner Online GmbH.
Certification
- Hetzner Online GmbH has its business address at Industriestraße 25, 91710 Gunzenhausen, Germany and is certified according to DIN ISO/IEC 27001
- cosinuss° has a data processing agreement with Hetzner, according to the Art. 28 GDPR
Data Protection
- redundant data storage at different data centers
- full encryption of data at rest
- video-monitored high security fence around the entire data center park
- access only via access control terminals with transponder or access cards
- state-of-the-art surveillance cameras for 24/7 monitoring of access roads, entrances, security gates and server rooms
- modern early fire detection system with direct connection to the local fire department
Availability of Services
- redundant web services running at different data centers
- emergency power supply
- redundant USV systems
- battery operation: approx. 15 minutes
- temperature monitoring of room air and in server/distribution cabinets
- DDOS protection
- suppressed botnet communication
Data Protection Impact Assessment (DPIA)
A Data Protection Impact Assessment (DPIA) is required under the GDPR any time you begin a new project that is likely to involve “a high risk” to other people’s personal information. With Remote Vital sign monitoring this may be the case if the type of processing in particular is:
- Using new technologies
- Tracking people‘s behaviour
- Processing data concerning health
- Processing used for automatic decisions
- Processing children‘s data
cosinuss° recommends preparing for a DPIA before beginning any data processing activity. Ideally, the DPIA should be conducted before and during the planning stages of a new project. If you have a Data Protection Officer you must consult with that person, and any other key stakeholders involved in the project, throughout the course of the DPIA. It should contain the following elements:
- A systematic description of the envisaged processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by the controller
- An assessment of the necessity and proportionality of the processing operations in relation to the purposes
- An assessment of the risks to the rights and freedoms of data subjects
Access, Comments, and Questions
To get the best use of the Remote Vital Signs Monitoring solution, all responsible parties keep their information accurate, current, and complete by routinely updating each other. If you have any questions, comments, or concerns regarding this Privacy Policy, please contact our Privacy Officer:
Cosinuss GmbH, Kistlerhofstrasse 60, 81379 Munich, Germany Tel.: +49 89 740 418 32 E-mail: dataprivacy@cosinuss.com