Last updated: May 2026 Β· In accordance with the GDPR and the Austrian Data Protection Act (DSG)
PCM Solution GmbH
Kohlerweg 155
5531 Eben im Pongau
Austria
Email: Contact Form
Website: https://www.phe-buddy.at
With your explicit consent, we process the following health data:
This data is used exclusively to calculate your daily PHE limit, evaluate your nutrition, and display your wellbeing.
Health and fitness data collected via Apple HealthKit or Google Health Connect is used exclusively to provide app functionality. This data will never be used for advertising, marketing, user tracking, or sold to third parties. Data is only shared with third parties with your explicit consent or as required by law.
We collect the following technical data during app installation and use:
The website phe-buddy.at is hosted by ALL-INKL.COM β Neue Medien MΓΌnnich, HauptstraΓe 68, 02742 Friedersdorf, Germany. Each time the website is accessed, the following data is automatically collected and stored in server log files:
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and stable operation of the website). Privacy policy: https://all-inkl.com/datenschutzinformationen/
Our website uses cookies β small text files stored in your browser. We distinguish between:
You can withdraw your cookie consent at any time via the cookie banner or delete and block cookies in your browser settings.
We use the Google Tag Manager by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager itself does not process any personal data β it solely serves to manage and deploy other tracking tools. The activation of the following services only takes place after your consent via the cookie banner. Privacy policy: https://policies.google.com/privacy
With your consent, we use Google Analytics 4 (GA4) by Google Ireland Limited to analyse user behaviour on our website. GA4 collects, among other things:
IP addresses are anonymized by default. Data is processed on EU servers. Legal basis: Art. 6(1)(a) GDPR (consent). You can disable Google Analytics data collection via the browser add-on: https://tools.google.com/dlpage/gaoptout
With your consent, we use the Meta Pixel by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. The Meta Pixel enables measurement of advertising performance on Facebook and Instagram as well as the creation of audiences for remarketing. The following data is processed:
Meta may link this data to your Facebook account if you are logged in. Legal basis: Art. 6(1)(a) GDPR (consent). Privacy policy: https://www.facebook.com/privacy/policy/
We use Unifyr Analytics, a web analytics service by Agentur Circle GmbH, on our website. The Unifyr pixel collects anonymized usage data to analyse website traffic. Data is processed exclusively on European servers and is not shared with third parties. The Unifyr pixel is loaded independently of your cookie consent, as it does not process personal data within the meaning of the GDPR. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in anonymous website analysis).
PHE Buddy processes health data in accordance with Art. 9 GDPR. This is done exclusively on the basis of your explicit consent and for the purpose of healthcare provision.
Phenylketonuria (PKU) is a metabolic disorder. The processing of the associated nutritional and health data serves exclusively your personal healthcare and the management of your PKU condition.
Consent (Art. 6(1)(a) GDPR): Processing of health data, push notifications, camera and microphone access, and marketing emails.
Contract performance (Art. 6(1)(b) GDPR): Provision of app functions, user account and customer support.
Legitimate interests (Art. 6(1)(f) GDPR): App security, fraud prevention, technical operation, service communications and updates.
PHE Buddy requires access to your camera and photo library to take and upload photos of food. Photos taken are stored encrypted on our servers and used exclusively for food recognition.
Microphone access is used for the optional voice input when logging food. Audio recordings are not stored permanently and are only used for the immediate processing of voice input.
PHE Buddy supports Touch ID, Face ID and fingerprint sensors for secure login. Biometric data is processed exclusively locally on your device and is never transmitted to our servers.
With your consent, we send you push notifications for the following events:
You can disable push notifications at any time in the app settings or in your device's system settings.
Access to Apple Health and Google Health Connect is only granted with your explicit consent. You can revoke access at any time:
We do not share your personal data with third parties except in the following cases. Data processing agreements in accordance with Art. 28 GDPR exist with all processors.
PCM Holding GmbH acts as a data processor responsible for the IT infrastructure of PHE Buddy. The following data is transmitted: first name and last name, email address, and technical infrastructure data. Processing is based on a DPA in accordance with Art. 28 GDPR.
For customer support we use a ticketing system provided by PCM Holding GmbH. The following data is processed: first name, last name, email address, content of the support request and the communication history. Legal basis: contract performance (Art. 6(1)(b) GDPR).
For marketing communication and update information we use the SALES Hub of Agentur Circle GmbH. First name, last name and email address are processed. The following are sent:
You can unsubscribe from marketing emails at any time via the unsubscribe link in the email or in the app settings under Settings β Notifications β Email.
For push notifications we use Firebase Cloud Messaging by Google LLC, USA. Google is certified under the EU-US Data Privacy Framework.
Privacy policy: https://policies.google.com/privacy
For push notifications on iOS devices we use APNs by Apple Inc., USA.
Privacy policy: https://www.apple.com/privacy/
Server hosting in Germany, ISO 27001 certified.
Privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz
Server hosting exclusively in Germany, ISO 27001 and BSI IT-Grundschutz certified.
Privacy policy: https://www.syseleven.de/datenschutz/
AI services, processing exclusively on servers in Germany.
Privacy policy: https://www.mittwald.de/datenschutz
For AI-assisted image processing as a failover. OpenAI processes only uploaded images β no further personal data. Certified under the EU-US Data Privacy Framework, transfer based on standard contractual clauses (Art. 46 GDPR).
Privacy policy: https://openai.com/privacy
For geographic classification of the IP address we use ip-api.com. No personal data is stored permanently at the service provider.
After deletion of your user account, all personal data will be irreversibly deleted. Certain data will be fully anonymized prior to deletion and used in this form:
Anonymization is carried out according to the state of the art so that no conclusions about your identity are possible. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
You can object to the use of your anonymized data for training and statistical purposes at any time in the app settings under Settings β Privacy β Data Usage.
Right of access (Art. 15 GDPR): You may request information about your stored data at any time.
Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate data.
Right to erasure (Art. 17 GDPR): You may request the deletion of your data ("right to be forgotten").
Right to restriction (Art. 18 GDPR): You may request the restriction of processing.
Right to data portability (Art. 20 GDPR): You may receive your data in a machine-readable format.
Right to object (Art. 21 GDPR): You may object to the processing of your data.
Withdrawal of consent (Art. 7(3) GDPR): You may withdraw your consent at any time with effect for the future.
To exercise your rights, please contact: datenschutz@pcm-group.at
Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna
Phone: +43 1 521 52-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at
We reserve the right to update this privacy policy as needed. The current version is always available at https://www.phe-buddy.at/datenschutz.en.html. You will be notified of significant changes via the app.
PHE Buddy is also aimed at children and young people with PKU. For users under the age of 16, the consent of a parent or guardian is required. Parents may request the deletion of their child's data at any time.
Email: datenschutz@pcm-group.at
Website: https://www.phe-buddy.at/datenschutz.en.html
Last updated: 05.05.2026