In the context of providing the EyeStabilizer App, Vertify GmbH (“we”) process personal data within the meaning of the EU General Data Protection Regulation (“GDPR“), the Austrian Data Protection Act (“DSG”) and the Telecommunications Act 2021 (“TKG 2021”) also in the role of a data controller. With this privacy policy we inform you about the data processing and your rights as a data subject. You will find our contact details at the end of this privacy policy.

Due to the ongoing development of our EyeStabilizer app or possible legal changes, it may become necessary to adapt this privacy policy. The version published on eyestabilizer.com/privacy-policy shall apply.   

GENERAL DESCRIPTION OF THE CATEGORIES OF DATA SUBJECTS
When providing the EyeStabilizer app, we process personal data of app users, i.e., people who download the app and use it on their mobile device.

PROCESSING ACTIVITIES

2.1 Eyestabilizer App Services
We do not process any personal data of users for the services of the Eyestabilizer app. In order to use the app, it is not necessary to create an account in the app, to give us your name or contact details or to provide us with any other personal data.   

The photo and video recordings taken with the EyeStabilizer app are stored on your smartphone without exception. We do not access these photo and video recordings; this is technically impossible. However, app users have the option of forwarding the recorded photos and videos to third parties via communication services offered by third parties.  

2.2 Data processing for the technical provision and further development of the EyeStabilizer App    

2.2.1 Subject and purpose of data processing, storage period 
For the technical provision, further development and troubleshooting of the EyeStabilizer app, we use individual services of Google Firebase, Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

The following services are used:

a) Firebase Core (Installation):
This is a basic module that processes data depending on the scope and purpose of the other Google Firebase services (see b) and c)).
In principle, the following personal data may be processed:  

• Firebase installation ID (FID)
• IP address
• OS version
• device’s name
• device’s model name
• device’s resolution

This data is processed exclusively for the purpose of other Google Firebase services.
Storage duration: depending on use in one of the other Google Firebase services consulted 

b) Firebase Crashlytics
For the purpose of troubleshooting within the EyeStabilizer app, problems/crashes of the app are detected and documented in order to be able to implement troubleshooting for new releases.

The following personal data are processed for this purpose:

• Crashlytics Installation UUIDs (generated by the FID)
• Crash traces
• Minidump of formatted data with: 
  • RFC-4122 UUID  
  • Timestamp of when the crash occurred 
  • App’s bundle identifier and full version number 
  • Device’s operating system name and version number 
  • Boolean indicating whether the device was jailbroken/rooted 
  • Device’s model name, CPU architecture, amount of RAM and disk space 
  • Uint64 instruction pointer of every frame of every currently running thread 
  • If available in the runtime, the plain-text method or function name containing each instruction pointer. 
  • If an exception was thrown, the plain-text class name and message value of the exception 
  • If a fatal signal was raised, its name and integer code 
  • For each binary image loaded into the application, its name, UUID, byte size, and the uint64 base address at which it was loaded into RAM 
  • Boolean indicating whether or not the app was in the background at the time it crashed 
  • Integer value indicating the rotation of the screen at the time of crash 
  • Boolean indicating whether the device’s proximity sensor was triggered

Storage period: 90 days from data collection  

c) Firebase Performance Monitoring
The following data is processed for the purpose of identifying performance problems in the EyeStabilizer app, such as excessive processing times for videos, and to be able to implement optimisation for new releases:   

• Firebase installation IDs
• App version
• IP address
• Device type
• Country code
• Language code
• Radio/Network information (for example, WiFi, LTE, 3G)
• Internet provider
• OS version
• App package name
• App foreground or background state
• App orientation
• RAM and disk size
• CPU usage
• Length of recorded videos and processing timeFPS of the videos 

Storage period: IP- and installation-related events 30 days from data collection, all other data 90 days from data collection 

Firebase Performance Monitoring uses an additional tool, Firebase Remote Config. This is a support tool for Firebase Performance Monitoring to control the enormous number of events. The following data is also processed for this purpose: 

• Firebase installation IDs
• Country code
• Language code
• Time zone
• Platform version
• OS version
• Firebase Android App ID
• App package name
• Version of the Remote Config SDK used by the app 

The use of Crashlytics and Performance Monitoring can be deactivated at any time in the app settings. This does not affect the functionality of the EyeStabilizer app.   

Storage period: Data processed in the Firebase Remote Config Service will only be deleted at the user’s request.

2.2.2 Recipients
The data is processed by Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and made available to us for the above-mentioned purposes. The data is thus forwarded to Google LLC in the USA.   

This recipient is based in the USA. Since the European Commission has not generally decided that the USA provide an adequate level of data protection, we have concluded standard contractual clauses for the transfer of personal data to third countries with the recipient. 

2.2.3 Legal basis
The legal basis for the processing of our users’ data is our legitimate interest pursuant to Article 6(1)(f) GDPR. Our legitimate interest is the analysis of usage behaviour, the improvement and further development of the app’s functionalities and quality as well as the troubleshooting of the EyeStabilizer app. 

3. RECIPIENT OF PERSONAL DATA
Insofar as we transfer personal data to third parties in connection with the individual processing activities, we refer to section 2 above. 

4. YOUR RIGHTS
You have the following rights in relation to the processing of your personal data:  

Right to withdraw consent 
If we process data relating to you on the basis of your consent (Art 6(1)(a) GDPR), you are entitled to withdraw your consent at any time. As of receipt of your revocation, we will no longer process the data; however, the withdrawal of consent will not affect the lawfulness of the processing carried out up to the time of withdrawal.  

Right of access
You can request access to the data processed about you, in particular the origin and categories of the data processed, the storage period, the recipients and the purpose of the processing. Upon request, we will provide you with a copy of the personal data we process about you. We would like to point out that no information is to be provided if this would adversely affect business or trade secrets of the person responsible or third parties. 

Right to rectification 
If we process data about you that is inaccurate or incomplete, you may request that it be corrected or completed. 

Right to erasure 
You have the right to obtain the erasure of personal data relating to you under certain conditions. We would like to point out that a right to erasure pursuant to Article 17 of the GDPR does not exist in particular if we have to process the data in order to comply with a legal obligation or in order to be able to establish, exercise or defend legal claims. 

Right to restriction of processing 
If it is unclear whether the data processed about you is inaccurate, incomplete or being processed unlawfully, you may request that we restrict the use of your personal data. 

Right to object to processing
Insofar as we process your personal data on the basis of legitimate interests (Art 6(1)(f) DGPR), you have the right to object on grounds relating to your particular situation. In this case, we will no longer process your data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims. 

Right to data portability 
Where we process personal data about you that you have provided to us, you may, in certain circumstances, request that this data be transferred to you in a machine-readable format. You may also instruct us to transfer this data directly to a third party of your choice, where this is technically feasible.  

Right to complain 
Although we make every effort to protect the privacy and integrity of your personal data, disagreements about the way we use your personal data cannot be ruled out. If you believe that the processing of your personal data infringes the GDPR, you are of course welcome to contact us at any time using the contact details below. You are also entitled to lodge a complaint with the Austrian Data Protection Authority. 

5. CONTACT DETAILS OF THE DATA CONTROLLER 

The data controller for the data processing activities described in this privacy policy is: 

Vertify GmbH
Europastraße 1
7540 Güssing
Austria

For all your data protection concerns, in particular to exercise your rights, please contact us in writing (by e-mail) at dataprotection@vertifymed.com. 

6. FURTHER INFORMATION
Please note that there may be other data processing activities in connection with the use of the EyeStabilizer App for which third parties are responsible.
In particular, you are responsible for forwarding records made with the  EyeStabilizer app to doctors, hospitals or other external responsible parties. These recipients may then process your personal data as their own data controllers.  

For detailed information on how these possible recipients process your personal data, please contact them as their respective controllers.