This App is operated by Pupil Labs GmbH, Sanderstraße 28, 12047 Berlin (hereinafter also referred to as “we”, “our” or “us”).
What are personal data?
Personal data are any information relating to an identified or identifiable natural person. Personal data include e.g. name, email address or telephone number. Personal data also includes information about websites viewed. Our policy is to only collect, use and/or pass on personal data if this is permitted by law or if you consent to the data processing.
How are your data collected and used?
Download and Use of this App
When downloading the App, the required information is transferred to Google Play, in particular
- user name
- email address
- customer number of your account
- time of download
- payment information
- individual device code number.
We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the App to your mobile device.
When using the App we collect the personal data described below in order to enable convenient use of the functions:
- IP address
- Date and time of the request
- Time zone
- Contents of the request
- Access status/HTTP status code
- amount of data transferred in each case
- Operating system and its interface
Further we need your device identification, unique number of the terminal (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), MAC address for WLAN use, and email address.
When using the App, the device ID number is assigned to each registered device. Our access to the device ID number is necessary to identify the device and the user account in order to improve the use of the App.
In addition to the data mentioned above, cookies are stored on your device when using our App. Cookies are small text files that are stored in the device memory of your mobile device and assigned to the App you are using. Cookies allow certain information to flow to the location that sets the cookie (here: us). Cookies cannot execute programs or transmit viruses to your mobile device. They serve to make mobile apps more user-friendly and effective overall.
Our App uses transient and persistent cookies.
Transient cookies are automatically deleted when you close our App. These include in particular session cookies. They store a session ID, which can be used to assign various requests to your mobile app. This enables your mobile device to be recognized when you use our mobile app again. The session cookies are deleted when you log out or close the app.
Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.The processing of this data is based on Art. 6 (1) f. GDPR (European Union General Data Protection Regulation, Regulation (EU) 2016/679) as it used to guarantee stability and security of our service.
Using our Service and Devices
Registration and use of the cloud service
In order to use our App and cloud service (cloud.pupil-labs.com), you are required to register with us, or log in using your previously provided registration details. During the registration process, we ask you - the account holder - to provide us with certain data. Such data will only be sent and provided to us after you clicked the respective “Sign Up” button.
We will use your submitted data to carry out your registration with us, provide you with necessary functionalities of the Services based on Art. 6 (1) b. GDPR.
We may contact you via email if you send us a request as well as for purposes related to the use of the Services, based on Art. 6 (1) b.
With signing up you agree that we will send you updates and product-related information via email. You can opt-out at any time via email or via the opt-out link in the emails we send.
Whenever the Pupil Invisible device is worn on the head of an individual (the “wearer”) and switched to the record mode, each eye of the wearer is filmed by one eye camera integrated into the spectacle frame. The two eye videos (one from each eye) are fed into a machine learning algorithm (neural network) which calculates the 2D gaze coordinates. If the scene camera is connected, an egocentric third video is recorded which can serve to visualize the gaze point of the wearer. A maximum of three videos will be recorded and stored per recording: one video from the scene camera (if connected) and two eye videos (one from each eye camera). The data is saved into a recording folder on the cell phone (companion) device. Each recording is part of a “workspace”.
During each recording, metadata are also collected and these include recording timestamps, scene camera and spectacles serial numbers, scene camera image coordinates (2D gaze coordinates), smartphone (android) ID/model/name, IMU (gyroscope) raw data, wearer ID (uuid), audio data from the scene camera microphone if switched on, recording events/annotation provided by the user via the real-time API, and the data users provide when using the recording template feature of Pupil Invisible.
The processing of this data is based on Art. 6 (1) b. GDPR.
Account holders can invite and authorize other users to contribute recordings to their workspaces. When you perform and contribute recordings to a workspace owned by an account holder other than yourself, you are agreeing to transfer ownership of the recording data to that account holder.
In order to improve individual gaze estimation accuracy, users will be able to perform a special routine for a wearer, which consists of recording a short video while looking at a reference gaze target on the cell phone screen. We then use the eye-tracking data and metadata to fine-tune the “universal” neural network into a personalized neural network, which can then be uploaded to the corresponding spectacle device. For this process, we collect the spectacle serial number, cell phone ID and wearer ID (uuid).
The processing of this data is based on Art. 6 (1) b. and f. GDPR as the training data is used to improve the accuracy of our service in order to best fulfil the contractual obligations and to improve the quality of our service in general.
If you choose to delete a wearer profile, we will ask you to further use the associated training data to improve the quality of our service. You can request deletion of this data via email. Otherwise, you consent to the processing of this data based on Art. 6 (1) a. GDPR.
Beyond the data mentioned above we also handle data to facilitate organization, further processing and enrichment of your recordings. These are:
- Wearer profiles: are pairs of user-provided names and system-provided UUIDs. They are stored locally on the phone and synced with the cloud system when connected. Every recording gets associated with one wearer profile.
- Recording templates: are user provided forms that can be filled in by the user with each recording. The form structure is stored on the cloud and phone, the content is stored with each recording.
- Data uploaded to the cloud via the web-UI by the user for setting up enrichments (Example: Images for the reference Image Mapper )
- Derivative Data that is generated on the cloud platform as the output of further processing of the raw gaze data. For example: calculation of gaze fixations, densification to 200Hz gaze data, gaze mapping onto reference surfaces.
How are your data stored?
Each Pupil Invisible device is connected to a companion cell phone which serves as a data processing and storage unit and serves as power supply. The videos recorded from each exercise can be securely uploaded from the companion cell phone to Pupil Labs cloud storage, currently hosted by cloud service providers, namely Amazon Web Services Inc. (https://aws.amazon.com/), Hetzner Online GmbH (https://www.hetzner.de), on servers located in Germany. Such upload is optional and provided via an explicit opt-in procedure. However, we have valid data processing agreements with the aforementioned host providers in order to ensure a high level of security for your personal data.
Once uploaded, you can review recordings on the web and collaborate with your team and colleagues. Your team can collaborate at any stage of the research workflow - from study prep, synchronization of devices in the field, to post-hoc analysis. Recordings are organised and searchable by metadata so you can easily find and filter recordings to download for further analysis.
When and by whom is your data accessed?
As a rule you are the only one that has access to your recordings on the phone. Once you upload it to Pupil Cloud, Pupil Labs and its cloud service providers mentioned above will only access your data for the following purposes:
- Relaying your data between the cloud storage system and you. In this case no human will see your data.
- Executing automated or user-triggered data processing (e.g. gaze densification to 200Hz, fixation detection, reference surface gaze mapping and other enrichment processings). In this case no human will see your data.
- Gathering usage statistics: we will access metadata for your recordings and storage as well as enrichment configuration data. We will not access any actual videos, template entries, or events.
- In case our systems detect errors, we will seek to fix them. If this requires accessing your recording data, we will seek your permission to do so. However, as a general rule we will not access any actual video data in this process, unless the nature of the error requires this and you have given your consent to it.
Duration of the storage of personal data; deletion periods
As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum. Therefore, we delete your personal data, if your use of our service ends and you have not agreed to a further use. An extended storage will only occur, if there is a legal obligation or if you have consented to do so.
Automated Decision Making (“Profiling”)
We do not process any data via “profiling” or in the form of automated decision making via our App or service. Profiling means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person. Examples of such profiling include the analysis of data (e.g. based on statistical methods) with the aim of displaying personalized advertising to the user or giving shopping tips.
Are your data transferred to third parties?
We will transfer your personal data to a third party only within the scope of legal provisions, i.e. in the course of a data processing agreement or if we are obliged to transfer the data due to a government or court order, or, if applicable, legal provisions authorize the transfer or if you give your explicit consent.
Are your data transferred outside the EU?
We do not transfer your personal data to any third party provider or location outside the European Economic Area except in accordance with the safeguards required under the GDPR.
What are your rights?
As a data subject you have the right:
- to withdraw your consent to us at any time. As a result, we are no longer allowed to continue the processing of data based on this consent in the future;
- to object to the processing of your personal data, if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) f. GDPR insofar as there are reasons for this arising from your particular situation;
- to obtain from us access to your personal data. In particular, you may request access to the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored;
- to demand a correction of any incorrect personal data;
- to obtain from us without undue delay the rectification of inaccurate personal data concerning you;
- to obtain the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to free expression of opinion and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against the processing; and
- to receive your personal data, which you have provided to us, in a structured, current and machine-readable format or to request the transmission to another controller.
If you have given your consent to the processing of your data, you can revoke it at any time by sending us an email at email@example.com. Such revocation will affect the admissibility of processing your personal data by us. Insofar as we base the processing of your personal data on the weighting of interests, you may object to the processing. This is the case if processing your data is not required to fulfil a contract with you.
In the case of your justified objection, we will examine the situation and will either stop processing your data, adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing.
In general, we process personal data only if necessary. As soon as the purpose of the data processing is fulfilled, deletion of the data is carried out.
If you wish to make use of your rights mentioned above please send us an email at firstname.lastname@example.org.
What safety measures are in place for protection of your data?
We have installed technical and organizational measures in order to safeguard our website and/or products against loss, destruction, access, changes or the distribution of your data by unauthorized persons.
Obligations for our customers who control the data of other persons
Pupil Labs is committed to complying with all data privacy requirements in any location where our App and services are used. You should use care when handling personal data of individual wearers and other data subjects, and ensure that you have complied with the best privacy practices.
You shall first obtain the lawful permission of an individual before collecting, using, storing, transmitting, or transferring their data. You must provide access to information about how the data will be used as well as an easily accessible and understandable way to withdraw consent and/or delete their data. Data collected for one purpose may not be repurposed without further consent unless otherwise explicitly permitted by law.
If you consent to the processing of a data subject’s personal data, you warrant that you have the data subject’s permission to do so.
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority in the member state of your residence, place of work or place of alleged infringement, if you believe that the processing of your personal data infringes on the GDPR.
Changes to this Policy
For any inquiries and additional questions about processing personal data please contact us at email@example.com.