General Terms of Use

The app is provided by Sophia GmbH & Co. KG (hereinafter referred to as "Provider"). In order to use the app, you must agree to the following terms of use. Please thoroughly read these conditions of use:

1. Common Use of the App

The app enables you to access the SOP management platform CAYOO (hereinafter referred to as “CAYOO”). Prerequisite for the use of the app is the existence of a SaaS contract to be concluded separately for the use of CAYOO (hereinafter referred to as “Contract of Use”), which determines the type and scope of the services of CAYOO. The contents provided in the app are limited to personal use, unless there are legal exceptions. By downloading the app, you do not acquire any copyrights or industrial property rights, unless these have been explicitly granted to you. The app and its functions may not be used in an abusive manner. Please use the app only to the extent permitted by law and in accordance with our terms of use. If you violate applicable German law or our terms of use, the Provider reserves the right to exclude you from using the app.

2. User data

The user data is processed exclusively within the scope of and in accordance with the manner described in the privacy policy.

3. Notifications

The app contains an inbox for messages by CAYOO. You can also receive messages from CAYOO via push function. This function is initially activated, but can be deactivated by choice. Push notifications can be deactivated in the system settings of your device.

4. Liability

The Provider does not guarantee the availability, reliability, functionality or suitability of the app for your purposes. Any liability is excluded, unless mandatory liability exists under the Product Liability Act, due to intent, gross negligence, injury to life, body or health, due to the assumption of a guarantee of quality, due to fraudulent concealment of a defect or due to the violation of fundamental contractual obligations. Fundamental contractual obligations are all those obligations which must be fulfilled in order for a contract to be properly executed and which the parties to the contract may regularly rely on being fulfilled. Compensation for damages due to the violation of essential contractual obligations is limited to the foreseeable damage typical for this type of contract, unless there is intent or gross negligence.

5. Right of Use

The app enables access to and the use of parts of the functionality of CAYOO on mobile devices running the operating system iOS and Android on the basis of the user contract to be concluded separately. The use of the app is only permitted with the user account assigned within the scope of this contractual relationship and the corresponding identification and authentication safeguards. The customer does not receive any further rights, especially not regarding CAYOO, the software application or the operating software. You are not allowed to use the app beyond the use permitted according to these terms of use or to allow third parties to use it or to make it accessible to third parties. In the event of an unauthorized transfer of use, the Provider can require you to immediately provide all information required to assert claims against the (unauthorized) user, in particular to provide his name and address. In all other respects, the use of CAYOO is subject to the terms and conditions of the Contract of Use.

6. Miscellaneous

The Provider's privacy policy applies. The Provider is constantly working to optimize its services. For this reason, the Provider reserves the right to add or remove functions and features and possibly to introduce new restrictions to the services. You can stop using the app at any time. The Provider reserves the right to change and adapt the terms of use. You will be informed of this in an appropriate manner.

Privacy policy

Privacy policy

The following detailed privacy policy explains which data is processed by the SOP Management Software CAYOO.

Data protection is important to us and we take it very seriously. We are committed to a trustful cooperation with you and we will make every effort to satisfy you in every respect - this naturally also applies to the handling of your personal data. With these data protection regulations we would like to inform you about how your personal data is processed. Therefore please take note of the following information. Our data protection regulations supplement the terms of use of the websites of Sophia GMBH & Co.KG.

In the course of further development of the CAYOO cloud application and the implementation of new legal requirements, new technologies or in order to improve our service for you, changes to this privacy policy may become necessary. We therefore recommend that you read this data protection declaration again from time to time.

Responsible body

The operator CAYOO cloud application and responsible body in terms of data protection is

Sophia GmbH & Co KG

Trinidad Street 15a

Industrial area Hohenesch

27356 Rotenburg (Wümme)


e-mail address:

General information on the processing of personal data

This privacy policy applies to data, including personal data, which is collected about you by Sophia GmbH & Co KG. Personal data is data or a combination of individual data by which you can be identified.

We process your personal data in compliance with the data protection laws of the Federal Republic of Germany and the European data protection basic regulation. Under no circumstances will we pass on your personal data to third parties for advertising or marketing purposes without your consent.

In our company, compliance with the legal regulations and this declaration is monitored by our data protection officers. Our employees have been trained in the handling of personal data and have been committed in writing to comply with the data protection regulations.

The use of our CAYOO cloud application is usually possible without providing personal data. As far as personal data (e.g. name, address or e-mail addresses) are collected on our pages, this is always done on a voluntary basis, as far as possible.

We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. We try to protect your data from unauthorized access by third parties by taking precautions such as pseudonymization, data economy, observance of deletion periods and taking into account the current state of technology. Despite these protective measures, however, we cannot completely rule out unlawful processing by third parties.

Data processing for access from the Internet

When you visit the CAYOO Cloud application, our web servers temporarily store each access in a log file. The following data is recorded and processed until it is automatically deleted:

Name of the retrieved file and transferred data volume, as well as date and time of the retrieval,

IP address of the requesting computer, as well as device ID or individual device ID and device type,

Message about successful retrieval,

requesting domain,

Description of the type of Internet browser used and, if applicable, the operating system of your end device as well as the name of your access provider,

Your browser history and your standard weblog information,

Location data, including location data from your mobile device. Please note that on most mobile devices you can control or disable the use of location services in the mobile device's settings menu.

When using the CAYOO cloud application for purely informational purposes, Sophia GmbH & Co KG only collects the personal data that is technically necessary for the display, the use of the CAYOO cloud application (connection establishment), the system security, the system stability, the technical administration of the network infrastructure and the optimisation of the internet offer. The legal basis for this is a legitimate interest of Sophia GmbH & Co KG (Art. 6 para. 1 p.1 lit. f DSGVO).

You have the possibility to object to this data processing. If you object to the use of your data, we would like to point out that only a limited use of our services may be possible.

Beyond the cases mentioned above, these personal data will not be processed unless you expressly consent to further processing.

Purpose of processing - Registration for use of CAYOO

Your personal data is collected by Sophia GmbH & Co KG exclusively for the purpose of registering for our CAYOO cloud application. Your registration data is stored and verified in our central authentication system via encrypted connections.

You must enter the following data:

Username/e-mail address


Registration/User account:

To use the CAYOO Cloud application you have to register once. For this purpose you have to enter some personal data which we store as well as process and use within Sophia GmbH & Co KG.

The following mandatory information must be provided where applicable:


first name

Last name




Company / Hospital


e-mail address

Our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO to collect the data is based on the following purposes: ensuring a smooth connection and comfortable use of the website, evaluation of the system security and stability as well as for other administrative purposes.

Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

Storage duration

Your data will be stored by Sophia GmbH & Co KG only as long as they are required for specific purposes. Consequently, your data will be deleted by Sophia GmbH & Co. KG when:

The corresponding legal basis for processing your data no longer exists,

The purpose of processing your data no longer exists,

you revoke your consent to the processing of your data,

A legal obligation that makes deletion necessary, or

you have objected to the processing of your personal data,

unless there are legal retention periods. For example, the German Fiscal Code (AO) or the German Commercial Code (HGB) provides for certain retention periods. Only then the Sophia GmbH & Co KG may finally delete your data.

Excepted from this are data whose deletion would represent a disproportionate effort. In such a case, Sophia GmbH & Co KG has a legitimate interest in the sense of the German Data Protection Act. Art. 6 paragraph 1 lit. f DSGVO for the storage of your data.

Obligation to provide personal data

In order to use the software, it is necessary to provide at least a user name and a password. This is provided in the context of the business relationship with your employer.


The online offer of the Sophia GmbH & Co KG can contain links to the internet pages of third parties, on whose contents the Sophia GmbH & Co KG has no influence. After clicking on a link you leave the area of responsibility of the Sophia GmbH & Co. KG. The following processing of your data will no longer take place within the sphere of influence of Sophia GmbH & Co KG.

Transmission of data via the Internet

The Internet is a worldwide open platform. Due to the Internet's inherent operating mode and the system-related risks, all data transmissions initiated by you are at your own risk. For your security we offer our services exclusively via the encrypted transmission path.

Data transfer to third countries (non-EU countries)

We will only transfer your data to countries outside the European Economic Area (third countries) if

it is necessary for the execution of your orders,

it is required by law, or

you have given us your consent.

If we transfer your data to a third country or to an international organization, this is always done in accordance with the provisions of the DSGVO. Furthermore, in accordance with the principle of data minimization, we only transfer data that is limited to the minimum necessary.

In some cases, we use service providers whose headquarters, parent company or sub-service provider is located in a third country. Your data will only be transferred if the European Commission has decided that an adequate level of protection exists in this third country (Art. 45 DSGVO), appropriate guarantees are provided (e.g. standard contractual clauses issued by the European Commission) and enforceable rights and effective remedies are available to you as the data subject. We have contractually agreed with the service provider on compliance with the European basic data protection regulation and its provisions.

Use of cookies

Our CAYOO cloud application also uses so-called cookies. Cookies are small text files that are stored on your computer and saved by your browser. They do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Some cookies (so-called "functional cookies", e.g. for language settings and ordering processes) are those that are absolutely necessary to guarantee essential functions of the CAYOO cloud application. Without these, the CAYOO cloud application cannot be used as intended.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. If you reject the use of cookies (a possible setting in your browser), the use of the CAYOO cloud application is still possible (possibly with restrictions or with loss of comfort).

Range measurement with Matomo

Within the scope of Matomo's coverage analysis, the following data is processed: the type and version of browser you use, the operating system you use, your country of origin, date and time of the server request, the number of visits, your time spent on the CAYOO cloud application and the external links you activated. The IP address of the user is anonymized before it is saved.

Matomo uses cookies that are stored on the user's computer and that enable an analysis of the use of our online offer by the users. Pseudonymous user profiles of the users can be created from the processed data. The cookies have a storage period of one week. The information generated by the cookie about your use of this CAYOO cloud application is only stored on our server and is not passed on to third parties.

Users can object to the anonymous data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie will be stored in their browser, which means that Matomo will no longer collect any session data. However, if users delete their cookies, the opt-out cookie will also be deleted and must therefore be reactivated by users.

Logs with the users' data will be deleted after 6 months at the latest.

If we ask users to give their consent (e.g. in the context of a cookie consent), the legal basis for this processing is Art. 6 para. 1 letter a. DSGVO. Otherwise, the personal data of the users will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) are processed.

Security measures

We have taken extensive precautions to protect the security of your data. Your data transmitted to us, which you have entered e.g. in HTML pages, are transmitted in encrypted form (SSL - Secure Socket Layer) via the public data network to Sophia GmbH & Co KG and processed.

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of your browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Transfer of data to third parties

Your personal data will not be passed on to third parties unless you have given us your prior consent. Excluded from this are service providers for contract initiation and contract processing, such as IT service providers or the hosting service provider for the CAYOO cloud application. These companies work for Sophia GmbH & Co KG within the scope of so-called order processing and may only use the personal data in accordance with our instructions.

By contract, Sophia GmbH & Co KG has committed these service providers to the European data protection level and monitors them.

In all these cases, the data will be transmitted in accordance with the applicable national and European data protection regulations; the scope of the transmitted data will be limited to the necessary minimum.

Your rights as a data subject

You have the right at any time to:

A free information about your stored personal data, their origin and recipient and the purpose of data processing as well as

to limit the processing of the data,



Deletion of this data,

The preservation of your data in a structured, common and machine-readable format (right to data portability),

Revocation of your consent to the processing of your personal data,

Complaint to the competent supervisory authority

Objection to processing on the grounds of legitimate interest

You also have the right to object to the processing of your personal data at any time if this is done by Sophia GmbH & Co KG GmbH out of a legitimate interest (according to Art. 6 Par. 1 letter f DSGVO). As a consequence, the processing of your data will be stopped unless Sophia GmbH & Co. KG GmbH can justify a continuation of the processing due to legal requirements or due to interests worthy of protection. This is the case, for example, if data is still needed to be able to enforce legal claims.

Opposition to processing for the purpose of direct marketing

You can object to the processing of your personal data for the purposes of advertising and data analysis at any time ("advertising objection").

You can contact us for this and other questions on the subject of personal data under "Your contacts in data protection matters".

Your contact persons in data protection matters

If you have any questions regarding the processing of your personal data, you can contact our data protection officer directly, who is also available in cases of requests for information, applications or complaints:

Data protection officer

Sophia GmbH & Co KG GmbH

Trinidad Street 15a

Industrial area Hohenesch

27356 Rotenburg (Wümme)


e-mail address:

If you wish to exercise your right to complain to the relevant regulatory authority, please contact the following address:

The State Commissioner for Data Protection of Lower Saxony

Prinzenstrasse 5

30159 Hannover

Availability of the data protection regulations

You can access and print out these data protection provisions in the CAYOO cloud application of Sophia GmbH & Co KG under the link

As of 22.06.2019

Service description Cayoo Cloud Application

(Description of the standard services)

1. provision of standard services

With the CAYOO cloud application (hereinafter referred to as "CAYOO"), Sophia GmbH & Co.KG provides the customer with standard services, the content and scope of which are described in the following service description, with the availability described in section 6. CAYOO is ready for operation when Sophia GmbH & Co KG has informed the customer about the activation (access to a functioning CAYOO platform).

2. service transfer point and functionalities of CAYOO

2.1 Performance transfer point

The transfer point for software use is the router exit of the computer center used by Sophia GmbH & Co.KG to the Internet. The customer has to take care for the connection of the customer to the Internet, the provision or maintenance of the network connection to the data center as well as the procurement and provision of network access components for the Internet on the side of the customer. This is not part of the software use.

2.2 Functionalities of CAYOO

User management:

Create, modify, delete users

Assign, modify, delete various user roles

Assign, change, delete teams

Management of SOPs:

Create, modify, copy, delete

Structuring of SOPs in collections

Versioning of SOPs; Previous SOPs are saved as old versions and can always be retrieved and restored if necessary.

Events: Every change in the SOP directory is recorded and can be traced back exactly. So you always know exactly who has worked on what and when.

Approval / Publication of SOPs: SOPs go through an "Approval" process before publication to authorized users. After editing / creating an SOP, an authorized user must first approve the SOP for publication.

SOP release: Other clinics can release SOPs for you. If necessary, you can copy these SOPs directly into your own SOP directory. Conversely, you can also share SOPs with other clinics.

Data storage: CAYOO includes its own cloud storage. Files in this storage can be linked to SOPs as desired (e.g. PDF, images, Word documents etc.)

Use of the free apps on mobile devices and linking to the CAYOO SOP database; updating of the end devices The apps are available free of charge in the respective official app stores (Google Play, iTunes Store).

3. access authorization

When using CAYOO for the first time, the customer himself must generate a user ID and password which are necessary for further use of CAYOO. The customer is obliged to keep user ID and password secret and not to make them accessible to third parties.

4. data backup

4.1 Sophia GmbH & Co.KG secures the customer data by a daily backup of the complete database on a suitable backup medium with up to 30 days backup time. Furthermore, a continuous versioning and backup of the data within the database of the CAYOO system ensures maximum redundancy. A deletion of the customer data takes place after the termination of the contract upon written request of the customer.

4.2 Not included in the contractual scope of services is the long-term data backup for which the customer is responsible and which serves to comply with archiving obligations, e.g. those of a commercial or fiscal nature, unless the customer concludes a separate contract with Sophia GmbH & Co.

5. customer requirements for the provision of services

5.1 Access to CAYOO is via telecommunication

Requirements for the use of CAYOO:

Broadband Internet Access

PC with Windows 10

For apps: current Android (from version 4.4.4 (API20)), iOS (from 12 )

For the web platform: always the latest version of Google Chrome

Important: Systems and/or software not included in this list may be supported by CAYOO and the CAYOO Apps.

The provision of these conditions as well as the telecommunication services including the transmission services from the point of transfer of services to the equipment used by the customer are not subject matter of this contract, but are the responsibility of the customer.

5.2 Data release by the customer

Should the customer use the data release option to share his data, he is obliged to provide only reasonable data that has been carefully checked to the best of his knowledge and belief. Sophia GmbH & Co KG does not guarantee or assume liability for the quality of the customer data provided.

6. availability

6.1 Reference

The availability refers exclusively to the functionalities of CAYOO described in paragraph 2.

6.2 Availability

Sophia GmbH & Co.KG provides the customer with the functionalities of CAYOO as described in number 2 during the system runtime mentioned below, but excluding the times of planned unavailability as contractually agreed in number 8.

6.3 System Runtime

24 hours/day and 365 days/year with 98% system availability.

The system runtime is composed of the times of available usage and unavailability. The available usage includes the times in which the functionalities can be used:

The available use also includes the periods of time specified below during

Disturbances in or due to the condition of the infrastructure not to be provided by Sophia GmbH & Co.KG or its vicarious agents;

disturbances or other events which are not caused by Sophia GmbH & Co.KG or one of its vicarious agents, e.g. exceeding the threshold values according to clause 7.3;

insignificant reduction of the suitability for use according to the contract,

Non-availability shall be deemed to exist if the agreed functionalities are otherwise unusable.

7. Planned Unavailability

Sophia GmbH & Co.KG is entitled outside the planned unavailability to service and maintain the software and/or hardware systems and to make data backups. Planned non-availability outside of the times mentioned must be agreed with the customer in text form (email) or by telephone. In the event of important reasons, the customer will not unreasonably refuse his consent.

7.1 Use in times of planned unavailability

If and as far as the customer can use CAYOO in times of planned unavailability, there is no legal claim to this. If the use of CAYOO in times of the planned unavailability results in a reduction or cessation of services, the customer has in particular no claim to warranty or compensation.