Privacy Policy for the Use of the KAF App/Webapp


Below, we would like to inform you about which personal data is processed when using our KAF App and the processes described below. Personal data (“data”) are all data that can be related to you personally, e.g., your name, your email address, and your use of our app. The data is only processed to the extent necessary to provide the digital application for back pain therapy.


The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Privatpraxis/Institute Dr KAF

Europastraße 4

67433 Neustadt an der Weinstraße

Email address: datenschutz@kaf.de

You can reach our data protection officer by email at datenschutz@kaf.de or by post at our address with the addition “der Datenschutzbeauftragte.”

Technical Data

During your use of the app, we automatically collect certain data that is necessary for the use of the app. These include:

– the internal device ID

– the version of your operating system and the app

– the time of access

– IP address

These data are automatically transmitted to us but not stored, to provide you with the service and the associated functions, to improve the features and performance of the app, and to prevent and eliminate misuse and malfunctions. These data are technically necessary for us to display our app to you and to ensure the stability and security of our app. The legal basis is Art. 6 para. 1 sentence 1 lit. b or f GDPR.


The KAF App is a digital therapy app that provides training programs and specific information for treating back pain.

Treatment Data

Personal data and especially health data are only processed within the scope and for the purposes of the app. Therefore, processing your data within the digital application requires your explicit consent.


1. Use of the App for Its Intended Purpose

The first consent applies to the processing of data for its intended use, testing, and demonstrating positive care effects.

Regarding your assigned exercises, the app may query your feelings after the exercises. An analysis of relevant progress parameters (duration, number, exercises, pain) takes place over the therapy sessions. Additionally, we offer the possibility to determine your progress through medical questionnaires. These data serve to determine your progress and optimize your therapy needs and are only processed for this purpose and stored on our server. The server location with our service provider is in Germany. Our app also uses IP addresses, which are processed solely for the purpose of defense against attacks and stored for a maximum of 7 days. Except for the email address and the temporary storage of the IP address, no data are collected that allow direct assignment to you. All other data are related to you as a person.


The APP requires the following permissions:

-Internet Access:

Needed to allow you access to therapy videos, save entries on our servers, and enable transmission.

-Push Notifications:

Reminders to perform the therapy at the therapy time. These messages are sent locally via the smartphone and not by a service provider.

The above-mentioned functions are explicitly requested on the device no later than the first use and can be confirmed or rejected. In general, granted permission can be revoked at any time in the device’s settings.

Service Providers

To the extent that we use service providers who act for us within the framework of commissioned data processing under Art. 28 GDPR, we have concluded a corresponding contract with them. We do not use service providers in third countries outside the European Union or the European Economic Area.

Your Request/Support

We offer you various contact options, e.g., our address, our email address, our phone number. If you contact us, we use the data you provide, such as your email address, your name, and the content of your request, to process your request. The data collected in this context will be deleted after storage is no longer necessary or processing will be restricted if there are statutory retention obligations.

Deletion Concept, Correction of Incorrect Data & Data Transfer

Your data will be automatically deleted after the end of the care period. For a single license, the time is calculated as follows: your data will be stored for 365 days. If you are inactive (i.e., have not opened the app) for three months after this time, your data will be automatically completely deleted. However, you can also delete your data at any time before then.

To delete or revoke your user account, please request the deletion of the user account via email to support-kafapp@dr-kaf.de (from the email address of the user account).

Please note that after deletion, recovery is not possible, and the data will be irretrievably lost. Only data that we necessarily need to provide our service will be processed. Therefore, you must also delete your account to restrict processing.

If data have been entered incorrectly by you, you have the opportunity to correct them directly in the app. Questions or other correction requests can be sent tosupport-kafapp@dr-kaf.de.

To transfer your data, please contact support-kafapp@dr-kaf.de.

Your Rights

You have the following rights concerning the data relating to you:

– Right to Information: You have the right to request confirmation from us as to whether personal data relating to you are being processed; if this is the case, you have the right to information about these personal data and the information listed in Art. 15 GDPR and to a copy of the data.

– Right to Correction or Deletion: You have the right to demand that we correct any incorrect personal data relating to you without delay and, if applicable, to complete any incomplete personal data. You can demand that we delete personal data relating to you without delay, provided one of the reasons listed in Art. 17 GDPR applies, for example, if the data are no longer needed for the pursued purposes.

– Right to Restriction of Processing: You have the right to demand that we restrict the processing if one of the conditions listed in Art. 18 GDPR is met, for example, if you have objected to the processing for the duration of our review.

– Right to Object to Processing: You have the right to object to certain processing of personal data relating to you.

– Right to Data Portability: You have the right to receive the data relating to you that you have provided to us in a structured, commonly used, and machine-readable format. You can also transfer these data to other places or have them transferred by us.

-Right to Complain to a Data Protection Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority for data protection if you believe that the processing of personal data relating to you violates the GDPR (Art. 77 GDPR). A list of the German data protection supervisory authorities and their contact addresses can be found at: [https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html](https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html).

If you have given us consent to process your data, you can revoke this at any time with effect for the future. However, the legality of the processing carried out based on the consent until the revocation remains unaffected by the revocation.

Recipients / Disclosure of Data

Personal data processed in connection with the use of the “KAF App/Webapp” are generally not disclosed to third parties unless they are intended for disclosure. The provider processes user data properly and takes appropriate security measures to prevent unauthorized access and unauthorized disclosure, alteration, or destruction of data. The data processing is carried out using computers or IT-based systems following organizational procedures and practices specifically aimed at the indicated purposes. In addition to the controller, other internal persons (personnel administration, sales, marketing, legal department, system administrators) or external parties – and in this case, if necessary, designated by the controller as processors (such as providers of technical services, delivery companies, hosting providers, IT companies, or communication agencies) – could also operate this application and thus have access to the data. For billing purposes with your insurance, your insurance number/customer number may be pseudonymized and transmitted to cooperation partners. An up-to-date list of these participants can be requested from the provider at any time.

Google Cloud Services

We use Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to enable users to receive better suggestions from our system. Your information will be pseudonymized and processed on the Google server in Frankfurt, Germany. The data on Google Cloud are encrypted, and only we have access to the encryption key. The following data are stored encrypted by Google Services:

– User ID (pseudonymized and encrypted, without email address and name)

– User profile (pseudonymized and encrypted, without email address and name)

The service provider acts as a processor within the meaning of Art. 4 No. 8 GDPR for the controller and has been committed by the latter based on a data processing agreement (DPA) to implement and maintain appropriate technical and organizational measures (TOMs) to protect your personal data.

Storage Period and Deletion of Data

We generally delete your personal data when there is no longer a need for further storage. A need may exist, in particular, if the data are still required to fulfill contractual services, to check and grant or reject warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion comes into consideration only after the respective retention obligation has expired. If you wish to delete your data, you can send us an email at: support-kafapp@dr-kaf.de.

Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority about the processing of personal data by us.

Changes to This Privacy Notice

We will revise this privacy notice if

 there are changes in data processing or other occasions that make this necessary. The current version can always be found on this website. www.dr-kaf.com

Effective Date: 



Privatpraxis-Institute Dr. KAF  

Europastraße 4  

67433 Neustadt an der Weinstraße, Germany  

Email: support@kafapp.de

If you notice a deterioration in your health condition related to the use of KAF-APP therapy, please contact us immediately.

If you require a paper version of this Privacy Policy for the Use of the KAF App/Webapp, please contact us as well.