This App is operated by Pupil Labs GmbH, Sanderstraße 28, 12047 Berlin (hereinafter also referred to as “we”, “our” or “us”).
What are personal data?
Personal data are any information relating to an identified or identifiable natural person. Personal data include e.g. name, email address or telephone number. Personal data also includes information about websites viewed. Our policy is to only collect, use and/or pass on personal data if this is permitted by law or if you consent to the data processing.
How are your data collected and used?
Download and Use of this App
When downloading the App, the required information is transferred to Google Play, in particular
- user name
- e-mail address
- customer number of your account
- time of download
- payment information
- individual device code number.
We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the App to your mobile device.
When using the App we collect the personal data described below in order to enable convenient use of the functions:
- IP address
- Date and time of the request
- Time zone
- Contents of the request
- Access status/HTTP status code
- amount of data transferred in each case
- Operating system and its interface
Further we need your device identification, unique number of the terminal (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), MAC address for WLAN use, e-mail address.
When using the App, the device ID number is assigned to each registered device. Our access to the device ID number is necessary to identify the device and the user account in order to improve the use of the App.
In addition to the data mentioned above, cookies are stored on your device when using our App. Cookies are small text files that are stored in the device memory of your mobile device and assigned to the App you are using. Cookies allow certain information to flow to the location that sets the cookie (here: us). Cookies cannot execute programs or transmit viruses to your mobile device. They serve to make mobile apps more user-friendly and effective overall.
Our App uses transient and persistent cookies.
Transient cookies are automatically deleted when you close our App. These include in particular session cookies. They store a so-called session ID, which can be used to assign various requests to your mobile app. This enables your mobile device to be recognized when you use our mobile app again. The session cookies are deleted when you log out or close the app.
Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can configure the settings of your mobile operating system and the app according to your wishes and, for example, reject the acceptance of third-party cookies or all cookies. Please note that you may not be able to use all functions of our mobile App in this case.
The processing of this data is based on Art. 6 (1) f. GDPR (European Union General Data Protection Regulation, Regulation (EU) 2016/679) as it used to guarantee stability and security of our service.
Using our Service and Devices
Registration and use of the cloud service
In order to use our cloud service, you have to register with us, or log in using your previously-provided registration details. During the registration process, we ask you to provide us with certain data. Such data will only be sent and provided to us after you clicked the respective “Sign Up” button.
We will use your submitted data to carry out your registration with us, provide you with necessary functionalities of the Services based on Art. 6 (1) b. GDPR.
We may contact you via email if you send us a request as well as for purposes related to the use of the Services, based on Art. 6 (1) b.
Whenever the Pupil Invisible device is mounted on the head of an individual (the “wearer”) and switched to the record mode, each eye of the wearer is filmed by one eye camera integrated into the spectacle frame. The two videos recorded by the two eye cameras are fed into a machine learning algorithm (neural network) which calculates the 2D gaze coordinates, and if the world camera is connected, an egocentric third video is recorded which can serve to visualize the gaze point of the wearer. Therefore, two (or three) videos are recorded and stored per recording – one from the world camera (if connected) and one from each of the two eye cameras. The data is saved into a recording folder on the cell phone (companion) device.
During each recording, metadata are also collected and these include recording timestamps, world camera and spectacles serial numbers, world camera image coordinates (2D gaze coordinates), cell phone (android) device ID/model/name, IMU (gyroscope) raw data, wearer ID (uuid), and audio data from the world camera microphone if switched on.
The processing of this data is based on Art. 6 (1) b. GDPR.
In order to improve individual gaze estimation accuracy, users will be able to perform a special routine for a wearer, which consists of recording a short video while looking at a reference gaze target on the cell phone screen. We then use the eye-tracking data and metadata to fine-tune the “universal” neural network into a personalized neural network, which can then be uploaded to the corresponding spectacle device. For this process, we collect the spectacle serial number, cell phone ID and wearer ID (uuid).
The processing of this data is based on Art. 6 (1) b. and f. GDPR as the training data is used to improve the accuracy of our service in order to best fulfil the contractual obligations and to improve the quality of our service in general.
If you choose to delete a wearer profile, we will ask you to further use the associated training data to improve the quality of our service. You can request deletion of this data via email. Otherwise, you consent to the processing of this data based on Art. 6 (1) a. GDPR.
How are your data stored?
Each Pupil Invisible device is connected to a companion cell phone which serves as a data processing and storage unit and serves as power supply. The videos recorded from each exercise can be securely uploaded from the companion cell phone to Pupil Labs cloud storage, currently hosted by cloud service providers, Digital Ocean, LLC (https://www.digitalocean.com) and Hetzner Online GmbH (https://www.hetzner.de), on servers located in Germany. Such upload is optional and provided via an explicit opt-in procedure. However, we have valid data processing agreements with the aforementioned host providers in order to ensure a high level of security for your personal data.
Once uploaded, you can review recordings on the web and collaborate with your team and colleagues. Your team can collaborate at any stage of the research workflow - from study prep, synchronization of devices in the field, to post-hoc analysis. Recordings are organised and searchable by meta-data so you can easily find and filter recordings to download for further analysis.
We, on the other hand, have no access to the recordings or any of your data which are uploaded to the cloud, except in the case of the training videos where we seek to improve individual gaze estimation accuracy.
Duration of the storage of personal data; deletion periods
As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum. Therefore, we delete your personal data, if your use of our service ends and you have not agreed to a further use. An extended storage will only occur, if there is a legal obligation or if you have consented to do so.
Automated Decision Making (“Profiling”)
We do not process any data via “profiling” or in form of automated decision making via our App or service. Profiling means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person. Examples of such profiling include the analysis of data (e.g. based on statistical methods) with the aim of displaying personalized advertising to the user or giving shopping tips.
Are your data transferred to third parties?
We will transfer your personal data to a third party only within the scope of legal provisions, i.e. in the course of a data processing agreement or if we are obliged to transfer the data due to a government or court order, or, if applicable, legal provisions authorize the transfer or if you give your explicit consent.
Are your data transferred outside the EU?
We do not transfer your personal data to any third party provider or location outside the European Economic Area except in accordance with the safeguards required under the GDPR.
What are your rights?
As a data subject you have the right:
to withdraw your consent to us at any time. As a result, we are no longer allowed to continue the processing of data based on this consent in the future;
to object to the processing of your personal data, if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) f. GDPR insofar as there are reasons for this arising from your particular situation;
to obtain from us access to your personal data. In particular, you may request access to the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored;
to demand a correction of any incorrect personal data;
to obtain from us without undue delay the rectification of inaccurate personal data concerning you;
to obtain the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to free expression of opinion and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against the processing; and
to receive your personal data, which you have provided to us, in a structured, current and machine-readable format or to request the transmission to another controller.
If you have given your consent to the processing of your data, you can revoke it at any time by sending us an email at firstname.lastname@example.org. Such revocation will affect the admissibility of processing your personal data by us. Insofar as we base the processing of your personal data on the weighting of interests, you may object to the processing. This is the case if processing your data is not required to fulfil a contract with you.
In the case of your justified objection, we will examine the situation and will either stop processing your data, adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing.
In general, we process personal data only if necessary. As soon as the purpose of the data processing is fulfilled, deletion of the data is carried out.
If you wish to make use of your rights mentioned above please send us an email at email@example.com.
What safety measures are in place for protection of your data?
We have installed technical and organizational measures in order to safeguard our website and/or products against loss, destruction, access, changes or the distribution of your data by unauthorized persons.
Obligations for our customers who control the data of other persons
Pupil Labs is committed to complying with all data privacy requirements in any location where our App and services are used. You should use care when handling personal data of individual wearers and other data subjects, and ensure that you have complied with the best privacy practices.
You shall first obtain the lawful permission of an individual before collecting, using, storing, transmitting, or transferring their data. You must provide access to information about how the data will be used as well as an easily accessible and understandable way to withdraw consent and/or delete their data. Data collected for one purpose may not be repurposed without further consent unless otherwise explicitly permitted by law.
If you consent to the processing of a data subject’s personal data, you warrant that you have the data subject’s permission to do so.
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority in the member state of your residence, place of work or place of alleged infringement, if you believe that the processing of your personal data infringes on the GDPR.
Changes to this Policy
For any inquiries and additional questions about processing personal data please contact us at firstname.lastname@example.org.