Last update: November 2025
App Privacy Policy
florio® NEPHREE App
We appreciate your interest in florio® NEPHREE. This product allows you to record, organize and review health information (such as treatment and well-being) related to your complement 3 glomerulopathy (C3G) or immune complex-mediated membranoproliferative glomerulonephritis (IC-MPGN). It also comprises a web-based dashboard through which your physician can monitor your data (the “Dashboard”).
We support medical and research organizations with health information for scientific research to improve C3G and IC-MPGN care. In this context, we may use and/or share non-identifiable data as explained in more detailed below. Use of this non-identifiable data by medical and research organizations will only be allowed if approved by an independent external Data Governance Board, consisting of international medical experts and/or representatives of patient associations.
This Privacy Policy (“App Privacy Policy”) explains which personal data are processed when you download, sign up to use and use the App, and how we use these data. The App Privacy Policy also contains a description of your rights as a user. Please read this App Privacy Policy carefully.
Florio GmbH (“Florio GmbH”, “we” and “us”) collects and uses your personal data as described in this App Privacy Policy. Florio GmbH is “controller” within the meaning of the General Data Protection Regulation of the European Union (“GDPR”), and, therefore, responsible for the lawfulness of the processing of your data.
You can contact us at any time using the contact details below:
Florio GmbH
Wilhelm-Wagenfeld-Strasse 22
80807 München
Germany
Phone: +49 89 321 977 090
Email: info@florio.com
You can contact the data protection officer at any time using the contact details below:
Data Protection Officer
Florio GmbH
Wilhelm-Wagenfeld-Strasse 22
80807 München
Germany
Email: privacy@florio.com
When you use the App, we process the following personal data, including sensitive health data:
|
Registration data and log-in credentials such as your username, email address, and a Florio GmbH assigned user ID. |
We process this data to provide the App and to allow you to use it. The legal basis for this processing is its necessity for the performance of the contract that we have concluded with you based on the Terms of Use for the App. We process your user ID to be able to handle your support requests quickly and efficiently. The legal basis is our legitimate interest. We may process your email address to inform you about maintenance activities, security updates or new features. The legal basis is its necessity for the performance of the contract that we have concluded with you based on the Terms of Use for the App, as well as our legitimate interest in keeping our users informed about the App. |
|
Device data/technical data/IP address. |
We process these data for ensuring, maintaining and improving security, protection against loss of data or unauthorized access, as well as delivering updates. The legal basis is our legitimate interest in providing a secure and up-to-date app. |
|
Information relating to your disease and treatment (health data) that you enter in the App, such as: · information about demographics (e.g. your age, country, language preference); · information about your treatment plan (e.g. product name, dose and frequency); · information about your medications taken (e.g. date/time taken, dose, product name); · information about biomarkers such as estimated glomerular filtration (eGFR), proteinuria, blood pressure, hematuria, height, weight, serum albumin, serum creatine; · information about your symptoms such as fatigue, frothy/dark urine, swelling (e.g. time/date, cause); · information about your well-being. |
We process this data to provide you with the individual functions of the App, namely logging and tracking your health condition. The legal basis for this processing is your consent. We can only make the App available to you if you consent to the processing of your health data for the purposes outlined here. If you do not want your health data to be processed for the outlined purposes, please do not sign-up for or use the App. We may furthermore use your non-identifiable data, which means data based on which you cannot be identified, for supporting disease-related science and research purposes. We will only do so if and to the extent that this is permitted by applicable law. |
|
Data about your device and your use of the App, such as most used functionalities and errors. |
We process this data to better understand how users access, use and navigate our App, so that we can improve it and make it more user-friendly. The legal basis for this processing is your consent. We ask for your consent via the App. You can still use the App without consenting to this processing. |
|
We conduct post market surveillance surveys through the App. If you participate, we will process the responses you provide. We use a pseudonymized ID and cookies to prevent multiple submissions of a survey by the same user. |
The legal basis for this data processing is our legitimate interest in conducting post market surveillance to monitor the safety of the App and user satisfaction with the App, and, if a regulatory authority requires us to conduct post market surveillance surveys, the necessity to comply with a legal obligation to which we are subject. |
|
We may process data that you share with us in the context of support requests. |
We process such data to handle your support requests. The legal basis for this processing is its necessity for the performance of the contract that we have concluded with you based on the Terms of Use for the App, and, in the case of health data, your consent. |
We may share your data as follows:
· Your physician: Your data, including health data, is shared with your physician and potentially also with other healthcare professionals of his/her treatment center who have authorized access to the Dashboard, such as nurses or other physicians, on the basis of your consent given to us when signing up for the App.
· Service providers: We cooperate with third parties that perform services and process data, some of which is personal data (including health data), according to our instructions in relation to the App, for the purposes of processing information or operating the App, as well as providing content and programs. Such third parties are restricted from processing the data for any purpose other than to provide these services. Read more about this at https://dashboard.nephree.com/v1/patient/legal-docs under “Service Providers”.
· Authorities: To the extent required by law or necessary for the use in legal proceedings, we may also share your personal data with local or foreign government authorities, supervisory authorities, law enforcement authorities, courts and tribunals, namely
o health data
§ for the establishment, exercise or defense of legal claims and
§ for reasons of public interest in the area of public health;
o other personal data
§ for compliance with legal requirements and
§ on the basis of our legitimate interest.
For example, we may be required by vigilance regulations to report any incidents to supervisory authorities or to perform post market surveillance surveys requested by such authorities.
· Potential asset purchasers: If we sell or transfer assets or if we intend such sale or transfer, a merger or a company restructuring, in particular for the purpose of due diligence processes, we may transfer your personal data (except health data) to one or more third parties as part of such transaction or restructuring, on the basis of our legitimate interest for continuing business or making business transactions or on the basis of your consent, where required.
· Other categories of recipients: We may also share your
o health data with third parties where this is necessary for the establishment, exercise or defense of legal claims or for the protection of vital interests of a third party
o other personal data with third parties where this is necessary for the purposes of our own, or a third party’s, legitimate interests relating to law enforcement, litigation, criminal investigation, protecting the safety of persons, or to prevent death or imminent bodily harm, unless we deem that these interests are overridden by your interests or fundamental rights and freedoms which require the protection of your personal data.
The App is hosted on servers in Germany, which means that your data is stored in Germany.
We may transfer certain data to service providers, some of which may be located outside the EU and the European Economic Area (“EEA”). Learn about our service providers under the link given in Clause 3 of this App Privacy Policy under “Service providers”.
We take reasonable steps to protect your data from loss, misuse, unauthorized access, disclosure, alteration or destruction by taking security precautions that provide for industry‑standard protection. The App is regularly tested by external security experts, who probe our systems for vulnerabilities, and confirm that defenses against malicious attacks or accidental data loss are as strong as possible.
We will store your data only for the period necessary to fulfil the purposes outlined in this App Privacy Policy. After that, we will delete your data, unless statutory retention obligations preclude this or a prolonged storage is necessary in the specific individual case for the establishment, exercise or defense of legal claims. If you withdraw your consent or delete your user account, we will delete your data from our operational database. We may retain your data after your withdrawal or account deletion, if and to the extent that statutory retention obligations apply or if it is necessary to retain your data for the establishment, exercise or defense of legal claims. In this case we store your data in a storage archive.
You have the following rights in connection with our processing of your personal data:
· Access: You have the right to request access to your personal data processed by us and a copy of this data.
· Rectification: You have the right to have any incorrect data rectified and, taking into account the purposes of the processing, to have incomplete personal data completed.
· Erasure: You have the right, if there are justified grounds, to request the erasure of your data.
· Restriction of processing: You have the right to request the restriction of the processing of your data, provided that the statutory prerequisites apply.
· Data portability: You have the right to receive the data provided by you in a structured, commonly used and machine-readable format and to transmit those data to another controller or, to the extent that this is technically feasible, have them transmitted by us.
· Right to object: You have the right, on grounds relating to your particular situation, to object to any processing of your data for the purposes of legitimate interests pursued by us or a third party.
· Withdrawal of consent: You have the right to withdraw your consent at any time without giving reasons and with effect from the date of withdrawal. The withdrawal of your consent will not affect the lawfulness of processing your data based on consent before this consent was withdrawn. Withdrawal of your consent will mean that, from the time you withdraw, it may be impossible to operate the App.
To exercise these rights, including the withdrawal of your consent, or if you have any questions, requests or complaints about the processing of your data in relation to the App, please contact help@florio.com.
· Complaint: You also have the right to lodge a complaint with a supervisory authority at any time, for example in your country of origin.
The App may contain links to external websites or apps that we believe may provide useful information to the users of the App. This App Privacy Policy and the obligations under it do not apply to such external websites or apps (unless these websites or apps are owned by us and directly link to this App Privacy Policy). We are not responsible for the lawfulness of the possible collection, use, disclosure or other processing of your personal data through such external websites or apps, or for the security of your personal data the operators of such external websites or apps may collect and store. We suggest and encourage you to review and familiarize yourself with the privacy and security policies and settings of such external websites and apps or to contact their operators directly for information on privacy and security.
We reserve the right to make changes to the App Privacy Policy in the future. In case of material changes (e.g. any changes that materially affect your rights), we will notify you, for example on our website, and/or publish a temporary notice on the App. The App Privacy Policy in the respective applicable version can be accessed and viewed on our App at any time.
***