We take the protection of your personal data very seriously. We process your personal data exclusively in accordance with the legal requirements, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
This data protection policy informs you about the type, scope and purpose of the processing of your personal data in connection with the use of our app [...] (pilot).
1. Controller and data protection officer
The controller is:
Muno GmbH
Französische Straße 47
10117 Berlin
Managing directors: Quentin Ferry, Timothy Rajakumar, Dr. Bruno Steinkraus
You can contact our data protection officer as follows:
[…]
2. Processing of personal data when using our app and legal bases
When using our app, we process certain types of personal data that are necessary to provide the services offered by the app. We only process the data that you provide to us when you register and when you use the app.
The processing is used to analyze and determine your skin condition and facial structure. It may be necessary for us to process your health data. Health data is personal data relating to the physical or mental health of a natural person, including the provision of health services, and from which information about their state of health can be derived.
The data we process is as follows:
• First and last name
• E-mail address
• Gender
• Year of birth
• Answers you provide to the questions asked in the app (in particular questions about health, skin condition, the existence of relevant illnesses, skin type classification, skin sensitivity, the presence of allergies, lifestyle)
• Images provided by you and biometric data derived from these images
• Medical test results if you send us a microbiome sample for analysis. The specific health data that we process as part of the analysis will be included in your personalized analysis report
• Password
• Device ID
• Google ID
• Apple ID
The legal basis for data processing is Art. 6 (1) lit. b GDPR insofar as we process data in the context of registration and the provision of the app.
Insofar as we process biometric data or health data, the legal basis is your express consent to the processing of your data in accordance with Art. 6 (1) lit. a GDPR in conjunction with Art. 9 (2) lit. a GDPR.
3. Use of data for analysis purposes and to improve the app
In order to further develop and continuously improve our app, the artificial intelligence used in it and the services we offer, we process some of your personal data from the use of the app in an anonymized form, to prevent the possibility of drawing conclusions about any individual user. For this purpose, the data is anonymized by removing the personal reference and replacing it with an internal ID that can no longer be assigned to you. If we use images for analysis purposes, we only use certain biometrically distinctive sections of them to prevent any personal identification. We use the anonymized data to carry out aggregated evaluations.
The legal basis for the use of your data for analysis purposes is your explicit consent in accordance with Art. 6 (1) lit. a GDPR in conjunction with Art. 9 (2) lit. a GDPR.
4. Newsletter distribution
When you register in the app, you have the option of registering for newsletters. To receive newsletters, you only need to provide a valid e-mail address. In order to ensure the security of your personal data, the registration process is conducted in accordance with the double opt-in procedure. This means that after you have submitted your e-mail address, we will first send an e-mail to that address. Your newsletter subscription will only become active when you click on the confirmation link contained in this e-mail.
Data processing for the purpose of sending the newsletter is carried out in accordance with Art. 6 (1) point a GDPR, based on and for the duration of your consent. Every e-mail you receive from us contains an unsubscribe link should you no longer wish to receive newsletters. Unsubscribing will result in your email address being removed from the mailing list.
5. Recipients of data
It may be necessary for us to disclose your personal data to third parties (usually only IT service providers for the provision of the app).
Otherwise, your personal data will not be passed on to third parties other than the recipients named in this data protection policy.
6. Use of Google Firebase
We use the registration and authentication service Firebase Authentication, a solution from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), in our app.
Firebase Authentication stores the data collected during the registration and authentication process on our behalf and we have therefore concluded an data processing agreement with Firebase Authentication.
The following personal data is processed by Firebase Authentication: username, profile picture and email address. If you register using SMS identification, your mobile number will also be collected.
The processing that takes place as part of the registration and authentication process is based on your consent in accordance with Art. 6 (1) point a GDPR. Further information on data protection can be found in Google's data protection information (available at https://policies.google.com/privacy?hl=en-US ).
For the development, provision and operation of the app, we use Firebase Hosting, a solution from Google Ireland Limited, Gordon House, 4 Barrow Street, D04 E5W5 Dublin, Ireland.
7. Storage periods and deletion of data
We only store personal data for as long as is necessary to fulfil the respective processing purposes (offering our services and providing the app) and to comply with legal retention periods.
We reserve the right in individual cases to store your personal data for a longer period if you have filed a complaint or if we need your data in relation to a legal dispute regarding our relationship with you. This also applies if you no longer use our app.
If you revoke your voluntarily given consent or exercise your right to erasure, we will delete or anonymize all your personal data that is not subject to statutory retention requirements within 60 days. If you do not request the deletion of your personal data, all of your personal data will be automatically deleted or anonymized after two years of inactivity within the app.
All images taken using the app, as well as the analyses and recommendations, are stored on your device. If the app is uninstalled from your device, all images taken will also be deleted.
8. Third country transfer
Insofar as we transfer personal data to recipients outside the EU, we do so only in accordance with Art. 44 et seq. GDPR. This will only happen if the third country has been found by the EU Commission to have an adequate level of data protection by means of an adequacy decision or if other data protection guarantees are in place. Should we deviate from this, we will always inform you in good time before the start of the processing and will only carry out the processing with your prior, explicit and informed consent (Art. 49 para. 1 lit. a GDPR).
9. Your data protection rights
You have the following rights with respect to the personal data concerning you:
• Right of information,
• Right to rectification or erasure,
• Right to restriction of processing,
• Right to object to processing,
• Right to data portability,
• Right to lodge a complaint with the competent data protection supervisory authority.
This means you have the right
• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if not collected by us, and the existence of automated decision-making including profiling and, where applicable, meaningful information about the details of such data;
• in accordance with Art. 16 GDPR, to demand the immediate correction of incorrect or incomplete personal data stored by us;
• in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored by us;
• in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data;
• in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller;
• in accordance with Art. 7 (3) GDPR, to withdraw your consent at any time. This has the consequence that we are no longer allowed to continue the data processing based on this consent in the future; and
• complain to a regulatory authority in accordance with Art. 77 GDPR. For this purpose, you can contact the Berlin Commissioner for Data Protection and Freedom of Information.
10. Withdrawal of consent
If you have given your consent to the processing of your data, you can revoke it informally at any time – in particular by sending an e-mail to [...]. You can also revoke your consent to data processing at any time in your account settings by deleting your user account.
Such a revocation influences the permissibility of the processing of your personal data after you have given it to us, but does not affect the lawfulness of the data processing until revocation.
11. Automated individual decision-making, including profiling
The personal data provided by you in the app will not be used for an automated decision-making process (including profiling).
Valid from December 2024