Type of data collection
The “Eghi Fit” app, henceforth called “App” is used to collect health, behavioural and environmental data from patients in the context of a scientific research study, named “Eghi”. The research study is a collaboration between the following institutions:
- University of Freiburg (coordinator)
- Deutsches Forschungszentrum für Künstliche Intelligenz (DFKI)
- University of Duisburg-Essen
- Bodymed AG (study participant manager)
- University of Erlangen-Nürnberg
The collection and processing of the data obtained by the App is performed fully pseudonymous and encrypted by Hahn-Schickard. The pseudonymous data is sent encrypted by the App to a secured Bexome gateway. From the gateway, another encrypted connection is used to transfer data to the research organisations participating in the study (see research study partner list). The pseudonymised data will be stored for at least 10 years by the project coordinators and the study participant managers.
Pseudomisation is performed using an participant identification number (PID) without specifying the name of the study participants. Pseudonymous means that the data cannot be used to identify a participant, without an additional coding list that links PIDs to the participant names. Coding lists exist that link the respective name to the PID. The coding lists are only accessible to the study managers of the respective institutions, i.e. only the study managers can assign the collected data to the respective participant name. All other collaborating institutions do not have access to coding lists. Coding lists will be destroyed after completion of the study. As long as a coding list exist, the respective patients can request deletion of all collected data. However, once the coding list is deleted, participant data can no longer be identified. The data is then anonymised. Therefore, requests for data deletion can be implemented as long as the coding list exist.
Data access is secured and personalised. Only designated study managers of the partner institution, who serves as study participant manager, as well as study researchers of each collaborating institution are granted access to the pseudonymous patient data.
The research study had been assessed and approved by a Medical-Ethical Committee according to the rules of good scientific practice. Study participants will fully informed about the data collection, transfer, and storage. Each study participant must sign the study-related consent form before participating.
We hereby state that Google Workspace APIs will not be used for developing, improving or training generalized AI and/or ML models.
Usage of Google Fit and Apple Health for the data collection
The App collects data using Google Fit and Apple Health, depending on the smartphone platform used by the participant. Furthermore, the App is used to record health-related data samples from sensors of smartwatch and smartphone of the study participant, as well as participant interaction with in-app.
The App takes the following data from Google Fit / Apple Health:
| Bexome | Flutter Health | IOS-AppleHealth | Android Google Fit | Beurer Medical device |
| Fit/steps | STEPS | stepCount | TYPE_STEP_COUNT_CADENCE | |
| Bloodpressure/heart-rate + Fit/heartrate | HEART_RATE | heartRate | TYPE_HEART_RATE_BPM | X |
| Fit/move | MOVE_MINUTES | appleMoveTime | TYPE_MOVE_MINUTES | |
| Fit/calories | ACTIVE_ENERGY_BURNED | activeEnergyBurned | TYPE_CALORIES_EXPENDED | |
| Balance/weight | WEIGHT | bodyMass | TYPE_WEIGHT | X |
| Bloodpressure/diastolic | BLOOD_PRESSURE_DIASTOLIC | bloodPressureDiastolic | FIELD_BLOOD_PRESSURE_DIASTOLIC | X |
| Bloodpressure/systolic | BLOOD_PRESSURE_SYSTOLIC | bloodPressureSystolic | FIELD_BLOOD_PRESSURE_SYSTOLIC | X |
| Temperature/value | BODY_TEMPERATURE | bodyTemperature | TYPE_BODY_TEMPERATURE | |
| Balance/body_mass_index | BODY_MASS_INDEX | bodyMassIndex | ||
| Balance/body_fat_percentage | BODY_FAT_PERCENTAGE | bodyFatPersentage | TYPE_BODY_FAT_PERCENTAGE | X |
| Fit/distance | DISTANCE_WALKING_RUNNING | distanceWalkingRunning | X | |
| Fit/activity | ELECTRODERMAL_ACTIVITY | electrodermalActivity | ||
| Fit/low_intensity | LOW_HEART_RATE_EVENT | lowHeartRateEvent | ||
| Fit/high_intensity | HIGH_HEART_RATE_EVENT | highHeartRateEvent | ||
| Fit/hours_sleep | SLEEP_IN_BED | sleepAnalysis | ||
| Fit/awake | SLEEP_AWAKE | sleepAnalysis | ||
| Fit/asleep | SLEEP_ASLEEP | sleepAnalysis | ||
| Fit/outofbed | SLEEP_OUT_OF_BED | sleepAnalysis | ||
| Fit/lightsleep | SLEEP_LIGHT | sleepAnalysis | ||
| Fit/deepsleep | SLEEP_DEEP | sleepAnalysis | ||
| Fit/REM | SLEEP_REM | sleepAnalysis | ||
| Bloodpreasure/resting_heart_rate | RESTING_HEART_RATE | restingHeartRate | X |
The App collects the following data directly from the user:
| Meal intake time, foods, food amounts | 3-6/day | user input |
| Fit pet game (clicks for goals achieved / tips completed) | 1-3-/day | user input |
How the application accesses Google user data:
The App uses the Flutter Health Package to access the GoogleFit Data on Android platforms and Apple Heath data on iOS.
How the application stores Google and Apple user data:
Data is saved pseudonymously and encrypted in the App data space at the participant’s smartphone. Upon data network availability, data is transferred to the Bexome Cloud. Data access and storage are restricted as described above in Type of data collection.
How the application shares Google and Apple user data:
The App does not make any Google or Apple user data publicly accessible. The data stored on the servers of the collaborating institutions will be accessed by designated study managers and study researchers, who are affiliated to the institutions collaborating in the research study.
Privacy and confidentiality
All data collected in studies with the Bexome app are published fully anonymised and kept confidential in accordance with the European Union (EU) General Data Protection Regulation (GDPR). Subsequent use of data is subject to standard data use policies that protect the complete anonymity of participating individuals. In all cases, the use of data is subject to the General Data Protection Regulation. Employees of the research institutes who are not involved in the studies do not have access to the raw data or protocols. This precaution is intended to prevent any negative impact from individual comments made by study participants. As with any publication or online activity, the risk of a breach of confidentiality always exists. In accordance with the GDPR, researchers will inform participants if a data confidentiality breach has been identified.
Responsible for the research study
- Prof. Dr. Oliver Amft and Dijana Ivezic
- Intelligent Embedded Systems Lab
- Universität Freiburg
- Georges-Köhler-Allee 302
- D-79110 Freiburg im Breisgau
- email: [email protected]
Data Protection Officer of the Albert Ludwig University of Freiburg
- Data Protection Officer,
- Albert Ludwig University of Freiburg,
- Friedrichsstraße 39,
- 79098 Freiburg
- email: [email protected]