Last updated: 2021-06-29
This App is operated by Pupil Labs GmbH, Sanderstraße 28, 12047 Berlin (hereinafter also referred to as “we”, “our” or “us”).
Personal data are any information relating to an identified or identifiable natural person. Personal data include e.g. name, email address or telephone number. Personal data also includes information about websites viewed. Our policy is to only collect, use and/or pass on personal data if this is permitted by law or if you consent to the data processing.
Transient cookies: These are automatically deleted when you close the browser. Transient cookies store your session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. The session cookies are deleted when you log out or a certain time has passed.
Persistent cookies: These are only deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time. Please be aware that you may not be able to use all features of this site, when deleting the cookies from your browser history. The setting of cookies can be prevented by appropriate settings in the user's Internet browser at any time.
We collect the following data:
type/version of the browser
system software used
hostname of the device
time of the server request
hostname of the device
name and version of the operating system
We use these data only for statistical analysis for the purpose of operation, security and optimization of our website. However, we reserve the right to check these data retrospectively if there is a justified suspicion of illegal use based on concrete indications. These data are then stored because this is the only way to prevent the misuse of our website and, if necessary, allow us to investigate any crimes committed. The storage of these data is necessary in order to protect us as the entity responsible for processing the data. As a matter of principle, these data will not be passed on to third parties unless there is a legal obligation to pass it on or the transfer of data serves criminal prosecution purposes.
This data processing is based on Art. 6 (1) f. GDPR (European Union General Data Protection Regulation, Regulation (EU) 2016/679) as we wish to stabilize and improve our website and to establish quality insurance and fraud prevention.
If you contact us (e.g. by email), your details will be stored for the purpose of processing the enquiry and in the event that follow-up questions arise. This is done on the basis of your consent (Art. 6 (1) a. GDPR) or for the purpose of processing your enquiry (Art. 6 (1) b. GDPR).
In order to use our Apps and cloud service (cloud.pupil-labs.com), you have to register with us, or log in using your previously provided registration details. During the registration process, we ask you - the account holder - to provide us with certain data. Such data will only be sent and provided to us after you click the “Sign Up” button.
We will use your submitted data to carry out your registration with us, provide you with necessary functionalities of the Services based on Art. 6 (1) b. GDPR.
We may contact you via email if you send us a request as well as for purposes related to the use of the Services, based on Art. 6 (1) b.
With signing up you agree that we will send you updates and product-related information via email. You can opt-out at any time via email or via the opt-out link in the emails we send.
Whenever the Pupil Invisible or Neon device is worn on the head of an individual (the “wearer”) and switched to the record mode, each eye of the wearer is filmed by one eye camera integrated into the spectacle frame. The two eye videos (one from each eye) are fed into a machine learning algorithm (neural network) which calculates the 2D gaze coordinates. The scene camera is recording an egocentric third video (for Pupil Invisible this only happens if the removable scene camera has been attached to the frame) which can serve to visualize the gaze point of the wearer. A maximum of three videos will be recorded and stored per recording: one video from the scene camera (if connected) and two eye videos (one from each eye camera). The data is saved into a recording folder on the cell phone (companion) device. Each recording is part of a “workspace”.
During each recording, metadata are also collected and these include recording timestamps, serial numbers (scene camera and spectacles serial numbers in the case of Pupil Invisible; module serial number in case of Neon), scene camera image coordinates (2D gaze coordinates), smartphone (android) ID/model/name, IMU (gyroscope, accelerometer; in case of Neon also magnetometer) raw data, wearer ID (uuid), audio data (from the scene camera microphone if switched on in case of Pupil Invisible; from the module's microphone in case of Neon), recording events/annotation provided by the user via the real-time API, and the data users provide when using the recording template feature of Pupil Invisible.
The processing of this data is based on Art. 6 (1) b. GDPR.
Account holders can invite others to become members of their workspaces. Members of workspaces can access the data contained in the workspace, including all recording data. The workspace owner can assign members roles to configure their permissions to edit data.
If a workspace member contributes recordings to a workspace owned by another account, they are agreeing to transfer ownership of the recording data to the workspace owner.
In order to improve individual gaze estimation accuracy, users will be able to perform a special routine for a wearer, which consists of recording a short video while looking at a reference gaze target on the cell phone screen. We then use the eye-tracking data and metadata to fine-tune the “universal” neural network into a personalized neural network, which can then be uploaded to the corresponding spectacle device. For this process, we collect the spectacle serial number, cell phone ID and wearer ID (uuid).
The processing of this data is based on Art. 6 (1) b. and f. GDPR as the training data is used to improve the accuracy of the Services in order to best fulfil the contractual obligations and to improve the quality of the Services in general.
If you choose to delete a wearer profile, we will ask you to further use the associated training data to improve the quality of the Services. You can request deletion of this data via email. Otherwise, you consent to the processing of this data based on Art. 6 (1) a. GDPR.
Beyond the data mentioned above we also handle data to facilitate organization, further processing and enrichment of your recordings. These are:
Wearer profiles: are pairs of user-provided names and system-provided UUIDs. They are stored locally on the phone and synced with the cloud system when connected. Every recording gets associated with one wearer profile.
Recording templates: are user provided forms that can be filled in by the user with each recording. The form structure is stored on the cloud and phone, the content is stored with each recording.
Data uploaded to the cloud via the web-UI by the user for setting up enrichments (Example: Images for the reference Image Mapper )
Derivative Data that is generated on the cloud platform as the output of further processing of the raw gaze data. For example: calculation of gaze fixations, densification to 200Hz gaze data, gaze mapping onto reference surfaces.
Each Pupil Invisible and Neon device is connected to a companion cell phone which serves as a data processing and storage unit and serves as power supply. The videos recorded from each exercise can be securely uploaded from the companion cell phone to Pupil Labs cloud storage, currently hosted by cloud service providers, namely Amazon Web Services Inc. (https://aws.amazon.com/) on servers located in Germany. Such upload is optional and provided via an explicit opt-in procedure. However, we have valid data processing agreements with the aforementioned host providers in order to ensure a high level of security for your personal data.
Once uploaded, you can review recordings on the web and collaborate with your team and colleagues. Your team can collaborate at any stage of the research workflow - from study prep, synchronization of devices in the field, to post-hoc analysis. Recordings are organised and searchable by metadata so you can easily find and filter recordings to download for further analysis.
As a rule you are the only one that has access to your recordings on the phone. Once you upload recordings to Pupil Cloud, other members of the selected workspace have access to the data. Pupil Labs and its cloud service providers mentioned above will only access your data in Pupil Cloud for the following purposes:
Relaying your data between the cloud storage system and you. In this case no human will see your data.
Executing automated or user-triggered data processing (e.g. gaze densification, fixation detection, reference surface gaze mapping and other enrichment processings). In this case no human will see your data.
Gathering usage statistics: we will access your recordings and storage metadata as well as enrichment configuration data but never any actual videos, template entries or events.
In case our systems detect errors, we will seek to fix them. If this requires accessing your recording data, we will seek your permission to do so. However, as a general rule we will not access any actual video data in this process, unless the nature of the error requires this and you have given your consent to it
As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum. Therefore, we delete your personal data, if your use of the Services ends and you have not agreed to a further use. An extended storage will only occur, if there is a legal obligation or if you have consented to do so.
We do not process any data via “profiling” or in the form of automated decision making via the Services. Profiling means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person. Examples of such profiling include the analysis of data (e.g. based on statistical methods) with the aim of displaying personalized advertising to the user or giving shopping tips.
We will transfer your personal data to a third party only within the scope of legal provisions, i.e. in the course of a data processing agreement or if we are obliged to transfer the data due to a government or court order, or, if applicable, legal provisions authorize the transfer or if you give your explicit consent.
We already mentioned above the circumstances under which we transfer your data to Mailchimp and how the said data are used by Mailchimp. In addition to Mailchimp, your data may also be transferred to Stripe, Inc. of 185 Berry Street, Suite 550, San Francisco, CA 94107, USA (hereinafter “Stripe”), and Google, LLC of 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”).
For any processes regarding payments, we use the services of Stripe. Regarding any processes of payments, we do not receive, collect and/or store any payment data. Stripe will use such data for the purpose of managing the payments relating to our services.
The processing of this data is based on Art. 6 (1) f. GDPR as we have a legitimate interest to use professional payment providers for our Services.
We also use Google Analytics to analyse data of Google Adwords for statistical purposes. OPT-OUT: https://www.google.com/settings/ads/onweb/?hl=en
We point out that an automated decision making or profiling can take place when integrating Google and an existing Google account. OPT-OUT: https://adssettings.google.com/authenticated
The use of Google Analytics is based on Art. 6 (1) f. GDPR as we have a legitimate interest to analyse the use of our Website to optimize and improve our Services.
We do not transfer your personal data to any third party provider or location outside the European Economic Area except in accordance with the safeguards required under the GDPR.
We already mentioned above that your data may be transferred to Mailchimp, Stripe, and Google (all located in USA) and we informed you of the safety measures applicable in each case.
As a data subject you have the right:
to withdraw your consent to us at any time. As a result, we are no longer allowed to continue the processing of data based on this consent in the future;
to object to the processing of your personal data, if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) f. GDPR insofar as there are reasons for this arising from your particular situation;
to obtain from us access to your personal data. In particular, you may request access to the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored;
to demand a correction of any incorrect personal data;
to obtain from us without undue delay the rectification of inaccurate personal data concerning you;
to obtain the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to free expression of opinion and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against the processing; and
to receive your personal data, which you have provided to us, in a structured, current and machine-readable format or to request the transmission to another controller.
If you have given your consent to the processing of your data, you can revoke it at any time by sending us an email at email@example.com. Such revocation will affect the admissibility of processing your personal data by us. Insofar as we base the processing of your personal data on the weighting of interests, you may object to the processing. This is the case if processing your data is not required to fulfil a contract with you.
In the case of your justified objection, we will examine the situation and will either stop processing your data, adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing.
In general, we process personal data only if necessary. As soon as the purpose of the data processing is fulfilled, deletion of the data is carried out.
If you wish to make use of your rights mentioned above please send us an email at firstname.lastname@example.org.
We have installed technical and organizational measures in order to safeguard our website and/or products against loss, destruction, access, changes or the distribution of your data by unauthorized persons.
Pupil Labs is committed to complying with all data privacy requirements in any location where the Services are used. You should use care when handling personal data of individual wearers and other data subjects, and ensure that you have complied with the best privacy practices.
You shall first obtain the lawful permission of an individual before collecting, using, storing, transmitting, or transferring their data. You must provide access to information about how the data will be used as well as an easily accessible and understandable way to withdraw consent and/or delete their data. Data collected for one purpose may not be repurposed without further consent unless otherwise explicitly permitted by law.
If you consent to the processing of a data subject’s personal data, you warrant that you have the data subject’s permission to do so.