Privacy Policy

As of July 2024 – We reserve the right to update this privacy policy.

The topic of data protection is a core value of SkinTech Corp. GmbH. We strive to make this topic as transparent as possible, clearly communicating how and for what purposes the relevant data is used. User data is handled responsibly and is only used in accordance with the applicable data protection laws, particularly the EU General Data Protection Regulation (EU-GDPR).

In particular, we aim to continuously improve IQONIC, the SQIN app, and all related offerings and services, tailoring them better to the needs of users. However, this can only be achieved by analyzing and evaluating how these offerings and services are used. The following provides users with comprehensive information about what happens to their data—especially regarding what, how, and why data is processed. Additionally, all mandatory information required under the EU-GDPR is provided here.

The entity responsible for protecting personal data and ensuring compliance with the EU-GDPR is SkinTech Corp. GmbH, Zimmerstraße 50, 10117 Berlin (hereinafter referred to as "IQONIC," "SQIN," or "the provider"). It operates the aforementioned services. Further contact details, points of contact, and legally required company information can be found in the legal notice or on the websites http://iqonic.ai, http://sqin.co, as well as within the SQIN app.

If users have any questions regarding data protection or wish to exercise their data protection rights (see below), they can contact the Data Protection Officer of SkinTech Corp. GmbH. The Data Protection Officer can be reached via email at info@iqonic.ai or by postal mail at SkinTech Corp. GmbH, Zimmerstraße 50, 10117 Berlin.

This privacy policy applies to all online offerings and services available under the "SQIN" and "IQONIC" brands, including the SQIN website at sqin.co, the IQONIC website at iqonic.ai, as well as other domains that refer to these websites.

For simplicity, the aforementioned offerings and services are collectively referred to as "Services" hereafter.

I. What Data is Collected When Using the SQIN and IQONIC Services?

Direct Entry of Personal Data. When a user logs into, registers for, purchases premium content, or uses a contact form for support requests in the mobile systems of SQIN and IQONIC, the provider collects personal data through the corresponding forms. These data are identifiable and directly linked to the user's identity (so-called clear data).

This clear data includes, in particular, the user’s name, salutation, email address, and password. For paid services, the provider may also request additional contact details (postal address, phone number) as well as shopping cart details and payment data if necessary. Additionally, users can voluntarily provide further personal information, which will also be stored, for example, in their user profile.

There are no services or offerings specifically tailored to children.

Data Enrichment. The provider may supplement users' data through its own observations, but only regarding assumed interests and only as described in these data protection notices. For example: If a user starts a session, the provider assumes an interest in continuing it and enriches the dataset accordingly to remind the user within the app.

Data Provided by Third Parties. In some cases, the provider also receives personal data from third parties when users utilize certain functions or services. This is the case, for instance, when a user logs into the SQIN service using a sign-in service such as Facebook.

Pseudonymized Data. Additionally, the provider processes data that is not directly identifiable to the user as an individual (so-called pseudonymized data). Pseudonymization means that while a user or their computer/browser can be recognized under an ID (“pseudonym”), it is not possible to determine their exact identity or contact details using standard methods. In other words, pseudonyms are not linked with clear data such as names or email addresses because the provider does not need to know more than necessary.

This applies, for example, when the provider wants to analyze which screens within the SQIN or IQONIC services are frequently clicked and which are not or when the provider wants to avoid displaying the same content to users repeatedly.

Further Details. If a user requires more specific information, further details are provided in the chapter “Detailed Overview of Individual Data Processing Activities.”

II. Why is This Data Processed?

The processing of personal data occurs primarily for the following purposes or due to the following legitimate interests:

For Personalization: To display the user’s progress, to suggest content within the SQIN App and IQONIC Services that best match their needs, or to notify the user via email or push notifications about relevant content, tips, and offers.

For Optimization: To determine what users particularly like or dislike and how the services can be improved; to achieve the provider’s designated goals.

To Ensure Service Operation: To detect and prevent attack patterns, identify system errors, and prevent the user from receiving unwanted emails from the provider.

For Financing: To process user purchases of premium content or provide users with personalized discounts, vouchers, and offers.

For Customer Relationship Management and Direct Marketing: To inform users about new offers and features.

For Fraud Prevention, Address Verification, and Credit Checks: To verify provided delivery addresses and assess creditworthiness, which may determine which payment options are offered to the user.

To Comply with Legal Obligations: Including commercial and tax-related requirements, potential disclosure obligations to authorities, as well as to assert or defend legal claims.

The processing of personal data is conducted lawfully on the basis of the EU General Data Protection Regulation (EU-GDPR)—depending on the specific case—on the basis of the user’s consent, a contract with the user, compliance with legal or regulatory obligations, and/or legitimate interests (pursuant to GDPR Article 6, Paragraph 1, Letters a), b), c), and f)).

If the provider processes data based on user consent or a legitimate interest assessment, such processing will only continue as long as the user does not object or withdraw their consent. Further details on this are provided in the sections below.

III. Is Data Shared with Third Parties or Transferred Outside the EU?

SQIN and IQONIC do not commercially transfer users’ personal data to third parties (e.g., selling or renting data) and do not engage in address trading.

However, the provider does not handle everything independently and has engaged certain service providers. Some of these service providers may need access to personal data or at least have the ability to access it. This particularly applies to the technology that the provider uses to operate, monitor, and analyze its services or specific functionalities and offerings. Additionally, this includes billing for purchases as well as debt collection for outstanding invoices.

All of these service providers are contracted in strict accordance with the EU General Data Protection Regulation (EU-GDPR) and must provide details on their technical and organizational measures to protect the personal data entrusted to them from misuse. If necessary, data processing agreements are concluded with service providers to ensure compliance with GDPR requirements.

Some of the IT service providers engaged by the provider are based outside the EU or the European Economic Area (EEA) or store and process personal data in such locations. In cases where the European Commission has not determined that these locations provide an equivalent level of data protection as Germany, the provider ensures the necessary legal guarantees for international data transfers. This typically involves the conclusion of EU Standard Contractual Clauses (SCCs), as mandated by the European Commission.

In certain cases, the provider also shares data with third parties who process the data independently in compliance with data protection regulations. This includes, for example, services such as Facebook, particularly when users register via Facebook Sign-In. Further details on this topic are provided in the next chapter.

► System Permissions

Access to your camera is required to create anamnesis images and is used exclusively for this purpose by SQIN and IQONIC.

If you wish to upload images from your photo gallery, the SQIN and IQONIC systems will require access to your storage.

Additionally, consent to receive push notifications regarding status updates on your treatment is optional. If you do not consent to receive push notifications, you will not receive any updates via push notifications about changes to your treatment status.

If you use our services via the iOS operating system—Apple’s operating system for mobile devices—we will request permission to track your activities as part of user behavior analysis (see "Processing Related to Apple Search Ads"). This helps us target you with advertising and evaluate the actions triggered by our advertisements.

► User Rights as a Data Subject

Under the EU General Data Protection Regulation (EU-GDPR), users have the right to request access to their personal data (see Article 15 GDPR), as well as to request correction (Article 16 GDPR), deletion (Article 17 GDPR), or at least the restriction of processing (Article 18 GDPR) of their personal data.

Users also have the right to data portability (Article 20 GDPR). Furthermore, users may withdraw their consent for the processing of personal data at any time (see Article 7 GDPR) and object to processing based on the assessment of legitimate interests (see Article 21(4) GDPR).

Additionally, users have the right to lodge a complaint with the competent data protection supervisory authority.

If users have any questions regarding this or any other data protection-related matters or wish to exercise their rights, they can contact our Data Protection Officer.

The Data Protection Officer can be reached via email at info@iqonic.ai or by postal mail at:
SkinTech Corp. GmbH, Zimmerstraße 50, 10117 Berlin.

► Detailed Overview of Individual Data Processing

To provide the user with a clearer overview, this privacy policy is structured based on whether it concerns (A) the fundamental provision of SQIN and IQONIC services and functionalities, (B) the optimization of our services, or (C) the optimization of our marketing activities.

Data Processing for the Provision of SQIN and IQONIC Services

The following provides detailed explanations of individual areas, services, and functionalities related to the provision of the SQIN and IQONIC mobile application.

Registering a user account and managing a profile (with email address)

When signing up for SQIN and IQONIC Services, users provide information such as name, gender, interests, and goals. During registration, it is also necessary to provide an email address, which is required to create a user account.

Upon registration, the user will receive a confirmation email to complete the registration process. If signing in directly, the user will receive a one-time verification link to the provided email address. This ensures that the provider uses the correct email address for future communications and correctly associates the user with their account.

After a successful login, an authorization token is stored in the app. The token will be deleted from the smartphone when the user logs out using the logout function. Through this authorization mechanism, the provider ensures that login credentials are not stored locally on the smartphone.

Furthermore, the app only collects account data that the user voluntarily provides during registration, sign-up, or other direct interactions with the app. These data are used based on user consent (see GDPR Article 6(1)(a)).

The provider creates a user profile from this personal data to provide the core functionalities of the services across different platforms (iOS, WebApp, Android). The processing of these data is therefore necessary to fulfill contractual obligations under GDPR Article 6(1)(b).

Additionally, the provider also uses individual user account data for other purposes, such as in connection with newsletters, push notifications, purchases, and support inquiries. Further details on these processes are provided below in the respective sections on data processing.

For data storage, the provider has engaged an IT service provider, namely:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "GF".

SQIN and IQONIC have entered into an agreement with GF regarding the processing of data on their behalf. GF stores and processes personal data strictly in accordance with the instructions of the provider. However, this may also occur outside the EU or the European Economic Area (EEA), particularly in the United States.

If data processing takes place in the United States, it is carried out based on the EU Standard Contractual Clauses (SCCs).

Revocation / Opt-Out Option:

The user can delete their profile and all associated personal data at any time by sending a revocation request to info@iqonic.ai. The provider will then forward this revocation to GF, which is contractually obligated to delete the corresponding data.

Furthermore, the provider will also delete the user’s account if they have not actively used any SQIN or IQONIC services for a period of three years.

If, at the time of the requested or scheduled deletion, data linked to the user’s account is still required for specific purposes, it will not be immediately deleted but rather restricted to certain processing purposes or blocked.

This is particularly the case when legally required retention obligations mandate data storage, such as commercial and tax-related regulations, which may require data to be stored for up to 10 years (see § 147(3) of the German Fiscal Code (Abgabenordnung)).

Data processing during system installation

Purposes
When you install our system or later open the app, data is processed for an API call log during installation and each access. This processing is carried out for the following purposes:

Enabling the use of the app,
System security,
Technical administration of network infrastructure,
Evaluation of system security and stability,
Ensuring a smooth connection establishment.

We do not compare the processed data with other data sets and do not use the data under any circumstances to draw conclusions about your identity.

Types of data
During installation and each access, the following data is collected and stored until its automatic deletion after 30 days:

Date and time of installation,
Date and time of access,
Name and URL of the retrieved file or page,
Amount of data transferred,
Access status (successful file transfer, file not found, etc.),
Browser and operating system of the user’s device,
Name of the user’s internet service provider.

Legal basis
The legal basis for this processing is the fulfillment of the user agreement entered into with you in accordance with Art. 6(1)(1)(b) GDPR.

Necessity
The provision of our app is necessary for the execution of your user agreement for our app with us. If you do not install and open our app, you cannot use it.

Storage duration
The data processed during installation or each access to the app is automatically deleted after 30 days.

Recipients
We use a server located in Germany for the provision of our app’s database and the storage of your doubly encrypted patient record.

Your right to object
According to Art. 21 GDPR, you have the right to object to the above-described processing of your personal data if reasons arise from your particular situation or if your objection is directed against direct marketing.

Data processing with adjust

Purposes
We use adjust to analyze your interactions with our system in order to further develop our system and make it even more user-friendly.

We also use adjust for attribution to improve our mobile advertising campaigns. Attribution is an analysis of where you, as a user, last interacted with an advertisement, an article, or a social media post from SkinTech Corp. GmbH. For this purpose, we analyze whether you have viewed an advertisement, an article, or a social media post from SkinTech Corp. GmbH, clicked on a link contained in it, or left a comment under the advertisement, article, or post.

Data types
With your consent to the analysis of your usage behavior ("marketing analysis") of our system through adjust, the following data about you will be processed:

Your access time to our system,
Whether you are a returning user of our system,
Your access location when using our system,
Your demographic data,
The language, device model, and platform (e.g., iOS or Android) of your device,
Your IDFA (Identifier for Advertising = advertising identifier on iOS devices) or the Android advertising ID,
Your IP address and
Your MAC address.

Demographic data includes information about the website, advertisement, or social media page from which you were redirected to our system. This information is used to estimate your age group as well as the location from which you access our app.

With your consent to the analysis of your usage behavior in our app, the following data will be transmitted to Google Analytics for further user and advertising analysis:

Your access time to our system,
Your access location when using our system,
Whether you are actively using our system at that moment,
Whether you are a returning user of our system,
The language, device model, and platform (e.g., iOS or Android) of your device.

The data related to you is anonymized before processing for the purposes mentioned above, ensuring that you can no longer be identified through the aforementioned data.

You can reset or disable the IDFA and the Android advertising ID at any time through your operating system.

Legal basis
The legal basis for the use of adjust is your explicit consent in accordance with Art. 6(1)(1)(a) GDPR.

Storage duration
The aforementioned data will be deleted after 14 months.

Recipients

At no time will your health data be transmitted to the recipients listed below.

The data related to your use of our app, processed through the adjust program, is handled by adjust GmbH, Saarbrücker Str. 38 a, 10405 Berlin.

The data related to your use of our system, collected via adjust, is transmitted to Google Analytics. The data transmitted to Google Analytics is processed on servers of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, and Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and transferred to the USA. Google acts as our data processor for this processing, and we have concluded a data processing agreement with Google in accordance with Art. 28 GDPR. The legal basis for the transfer to a third country is the standard contractual clauses pursuant to Art. 46 GDPR. Google provides appropriate safeguards for data protection, which you can review at https://privacy.google.com/businesses/processorterms/.

For more information on how Google handles user data in connection with Google Analytics, please refer to Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Your right to withdraw your consent
You have the right to withdraw your consent at any time. The withdrawal of your consent for processing activities related to user behavior analysis via Google Analytics can be done within our system through the menu under "Marketing Analysis" by navigating to Menu > Edit Account > Marketing Analysis and deactivating the "Marketing Analysis"function. The legality of the processing carried out based on your consent before the withdrawal remains unaffected.

Contact form and support inquiries (via email service provider)
If the user contacts the SQIN or IQONIC services, the provider’s email service provider, Google, represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, processes the contact details as well as the content of the inquiry.

Inquiries via email and contact forms may include communication and contract data as well as user history. Additionally, inquiries related to the provider’s apps submitted through the app store contact form are received by the provider via email. The data provided will be treated confidentially. The provided data and the message history with the provider’s customer service are stored for follow-up questions and future communication.

If the user contacts the provider via email or a contact form, the provider uses the personal data transmitted solely based on legitimate interests, for the purpose of responding to the user’s inquiry.

SQIN and IQONIC have entered into a data processing agreement with Google Ireland for processing data on their behalf. Google Ireland stores and processes personal data strictly in accordance with the provider's instructions. However, this processing may also take place outside the EU or the EEA, particularly in the United States. If processing occurs in the United States, it is conducted based on the EU Standard Contractual Clauses (SCCs).

Requests for user profile deletion and newsletter unsubscriptions submitted via our contact channels are stored in the provider’s internal systems to ensure and document that the user’s request has been successfully processed (obligation to provide evidence). User data (email address, name, and username) will be deleted from the provider’s system no later than one year and one month after processing.

For newsletter deletion requests, a connection to the user’s account can be established via the internal system if the request is made using the user’s registered email address. For user account deletion requests, no connection to the user’s account can be established.

All data is securely stored in the system, protected against unauthorized access, and not shared with third parties.

Withdrawal / Opt-Out Option:

A deletion of the user's customer inquiries will take place after 5 years or upon direct withdrawal request sent to info@iqonic.ai.

If and to the extent that data associated with users' email inquiries can and must still be used for purposes that have not yet ceased at the time of the requested or planned deletion, the data records will not be deleted but instead restricted for specific processing purposes.

This is particularly the case when mandatory legal retention obligations require data storage, such as commercial and tax-related regulations. These legal retention periods can extend up to 10 years (see § 147(3) of the German Fiscal Code (Abgabenordnung)).

Data Processing in AI-Supported Processes

Purposes
If you have consented to processing related to the research of an AI-supported teledermatological diagnosis during the registration of your user account or in the settings of your user account, we use the photos you have uploaded and the anamnesis forms you have completed to develop artificial intelligence that can assist in teledermatological diagnostics.

This research aims to enable faster and more effective detection of skin diseases, ultimately allowing future patients to receive better and quicker assistance.

We appreciate your support and trust if you choose to consent to this processing.

Your data will not be disclosed to third parties but will be processed strictly confidentially and under the highest security standards by an experienced IT laboratory commissioned by us for research purposes. The processing of your data takes place exclusively in Germany.

Data Types
For the research of AI-supported teledermatological diagnosis, we process the photos you have uploaded and the anamnesis forms you have completed.

Legal Basis
The legal basis for this processing is your consent in accordance with Art. 9(2)(a) GDPR.

Storage Duration
We will use the aforementioned data related to you for AI-supported teledermatological research until you withdraw your consent.

Recipients
We use a server located in Germany for the provision of our app’s database and the storage of your doubly encrypted patient record.

The research of an AI-supported teledermatological diagnosis takes place exclusively in Germany, under strict confidentiality and the highest security standards in an IT laboratory specialized in AI research.

Your Right to Withdraw Your Consent
You have the right to withdraw your consent for the processing of the aforementioned data for the purpose of AI-supported teledermatological diagnosis research.

You can do this by logging into our system and disabling this option in your account settings under "Product Development". The legality of the processing carried out based on your consent before the withdrawal remains unaffected.

Data Processing for Newsletters

Purposes

Our newsletters are designed to provide you with news from SQIN and IQONIC, as well as recommendations and information in the field of skin analysis and everyday life topics.

Data Types
To receive the newsletter, providing an email address is sufficient. We process the timestamp of your newsletter registration and the IP address recorded by your Internet Service Provider (ISP), which we convert into an anonymized user identifier. This is to determine if someone has misused your email address for newsletter registration.

Legal Basis
The legal basis for this processing is your consent in accordance with Art. 6(1)(a) GDPR.

Storage Duration
We will use your email address to send our newsletter until you withdraw your consent.

To comply with our accountability obligations under data protection law, as required by Art. 5(2) GDPR, we retain a deletion log of your email address removal for up to three years. The legal basis for this retention is the fulfillment of our legal obligation under Art. 6(1)(c) GDPR.

Recipients
We use a German data processor with a German server location to provide our email server.

We use a server located in Germany for the provision of our system’s database.

As part of our newsletter distribution, we analyze your user behavior. This evaluation serves to tailor the newsletter to your needs and continuously optimize it.

Data Types
The following data types are processed:

Email reading and click behavior (open rate and click rate within the newsletter)
Type of device used (desktop, tablet, mobile phone)
Whether you are a user or patient of our system
Time and date of your access to specific newsletter emails
Number of cases submitted in the system
Redirect URL (i.e., which linked web pages you access via the newsletter).

Legal Basis
The legal basis is our legitimate interest in accordance with Art. 6(1)(f) GDPR, to provide you with an effective and user-friendly newsletter.

Storage Duration
We store the aforementioned data until you withdraw your consent, meaning you unsubscribe from our newsletter.

Recipients
We use a German data processor with a German server location to provide our email server.

We use a server located in Germany for the provision of our app’s database.

Your Right to Object
According to Art. 21 GDPR, you have the right to object to the processing of your personal data described above if reasons arise from your particular situation or if your objection is directed against direct marketing.

Data Processing for Review Requests

Purposes
To request reviews from our existing customers, you will receive a one-time review request after each treatment. This serves to improve our services based on your feedback.

Data Types
We process your email address for the sending of review requests, which you provided when registering in our SQINand IQONIC services.

Legal Basis
The legal basis is our legitimate interest in accordance with Art. 6(1)(f) GDPR, to improve our service based on your feedback, meaning personalized direct marketing.

Storage Duration
We use your email address to send review requests until you object to our use of your email address for direct marketing.

In case of account deletion, your email address will be deleted, and you will no longer receive direct marketing messages.

Recipients
We use a server located in Germany for the provision of our app’s database and the storage of your doubly encrypted patient record.

Data Processing for Email Notifications

Purposes
To keep our existing customers informed about our offers and services, provide valuable content, and request reviews, you will receive a regular informational email from us.

As part of this, we analyze your user behavior. This evaluation helps to tailor our emails to your needs and continuously optimize our informational messages and services.

Data Types
The following data types are processed:

Email reading and click behavior (open rate and click rate within these informational messages to existing customers)
Type of device used (desktop, tablet, mobile phone)
Whether you are a user or patient of our system
Time and date of access to the newsletter emails
Redirect URL (i.e., which linked web pages you access via the informational message).

Legal Basis
The legal basis for this processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR in conducting personalized direct marketing.

Retention Period
We will remove your email address from our direct marketing distribution list if you object to the processing of your email address for direct marketing purposes.

In order to comply with our accountability obligations under data protection law, as stipulated in Art. 5(2) GDPR, we retain a deletion log of your email address removal for a period of up to three years. The legal basis for this retention is the fulfillment of our legal obligation pursuant to Art. 6(1)(c) GDPR.

Recipients
For the provision of our email server, we engage a data processor based in Germany with servers located in Germany.

We use a server located in Germany for the operation of our system’s database.

Right to Object
Pursuant to Art. 21 GDPR, you have the right to object to the processing of your personal data as described above, provided that grounds arise from your particular situation, or if your objection is directed against direct marketing.

Processing of Personal Data for Contact Requests via Contact Form

Purpose
Through our contact form within our system, you may contact us at any time if you have questions regarding the use of our system, provided that you are logged into your user account.

Categories of Personal Data Processed
In the context of your contact request, we process your user ID, case ID, and the content of your inquiry. Additional details may be provided voluntarily.

Necessity
The processing of your user ID and, if applicable, your case ID is necessary for handling your request in order to associate it with your patient record. If you submit your request via the contact form within the system, these details are automatically transmitted to us.

Recipients
We use a server located in Germany for the operation of our application.

Contact Requests via Telephone or Email

Purpose
Through the email addresses and telephone numbers provided on our website, you may contact us. Do not use this communication channel to transmit health data to us.

Categories of Personal Data Processed
To process your inquiry, we use the email address or telephone number that you provide to us. We only collect additional information directly from you if it is necessary and relevant for responding to your inquiry and if you voluntarily provide it.

Do not use this communication channel to transmit health data to us.

Legal Basis
The processing of personal data for contacting us is carried out for the performance of a contract with you or for pre-contractual measures pursuant to Art. 6(1)(b) GDPR.

Necessity
The processing of your email address or telephone number is necessary to handle your request and to enable us to contact you again in this context. If you do not provide us with this information, we will be unable to process your inquiry.

Retention Period
If the contact request occurs within the framework of a treatment contract, we retain your information as part of your patient record for ten years pursuant to §§ 630a ff. BGB. Otherwise, the data you have provided will be deleted once your inquiry has been processed.

Recipients
For the provision of our email server, we engage a data processor based in Germany with servers located in Germany.

Processing of Personal Data in Connection with Meta

Purpose
For advertising purposes and to optimize our advertising campaigns, we use Facebook Pixel. This tool allows us to display ads on Facebook and Instagram to users who have visited our website or expressed interest in certain topics.

By analyzing your user behavior, we evaluate the effectiveness of our Facebook and Instagram campaigns and adjust them to align with user interests.

Through our use of Facebook Pixel, Facebook is notified when you click on one of our ads on Facebook or visit the corresponding webpage of our online presence.

Facebook provides us with the collected data in an anonymized format, meaning that we cannot personally identify you or draw conclusions about your identity.

Categories of Personal Data Processed

Upon your consent to the processing activity of marketing analysis within our system, the following data about you will be collected:

Your access time and location to our system
The extent to which you are currently active in our system
Whether you are a returning user of our app system
Your demographic data (gender, age group, interests).
The language, device model, and the type of device you are using (e.g., iOS or Android)

If you maintain a user account on Facebook or Instagram, this information will be linked to your Facebook or Instagram user account.

If you do not maintain a Facebook account, Facebook will store your IP address and other identification markers.

Legal Basis
The legal basis for this processing is your explicit consent pursuant to Art. 6(1)(a) GDPR. You provide your consent for this processing via our cookie banner when you select and agree to the "Marketing Analysis" category.

Retention Period
The retention period is limited to 24 months.

Recipients
Facebook Pixel is a product of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). Facebook acts as our data processor, and we have entered into a data processing agreement with Facebook pursuant to Art. 28 GDPR.

The legal basis for this data transfer is the Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR.

You can find more information about the appropriate safeguards provided by Facebook Pixel for data transfers to third countries at:
https://web.facebook.com/legal/terms/data_security_terms and
https://web.facebook.com/legal/EU_data_transfer_addendum.

Your Right to Withdraw Your Consent
You may withdraw your consent for processing activities related to user behavior analysis at any time via our WebApp settings in the "Marketing Analysis" section by deactivating the "Marketing Analysis" function.

The legality of processing carried out based on your consent prior to withdrawal remains unaffected.

Processing of Personal Data in Connection with TikTok

Purpose
We use TikTok Pixel, a service provided by TikTok Technology Ltd., to display our advertisements to TikTok userswho have shown an interest in our services.

TikTok Pixel enables us to define target audiences for advertisement display.

By analyzing your user behavior, we assess the effectiveness of our TikTok campaigns and adjust them according to user interests.

Categories of Personal Data Processed
The following categories of personal data are processed for advertising on TikTok:

Your user behavior, provided you have visited the TikTok network page or are a TikTok user, including:
The number of our ads you have viewed and your clicks on our ads
Events triggered by you in our system, such as your registration in the system, case creation in our system, and payments for diagnoses of cases created in our system
Information about your operating system and device ID
Anonymized, aggregated data for the creation of so-called custom audiences if you have shown interest in our service

We process information on triggered events (such as registration within the system, creation of a case, or purchases within the system) only if you have consented to processing for the purpose of "Marketing Analysis" within our app.

If you maintain a TikTok user account and have consented within your TikTok account to processing for personalized advertising, TikTok transmits your location and gender to us, provided you specified your location when registering with TikTok.

Legal Basis
If you have consented to processing for the purpose of "Marketing Analysis" within the system, the legal basis for this processing is your consent pursuant to Art. 6(1)(a) GDPR.

Retention Period
The personal data processed as part of the advertisement will be deleted after 18 months.

Recipients
The aforementioned data related to you is processed on our behalf by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok").

The aforementioned data related to you is transferred to the USA. We have entered into a data processing agreementwith TikTok Technology Limited pursuant to Art. 28(3) GDPR, incorporating Standard Contractual Clauses (SCCs)pursuant to Art. 46 GDPR.

You can find more information about the appropriate safeguards for data transfers to third countries provided by TikTok at:
https://www.tiktok.com/legal/privacy-policy?lang=de
https://ads.tiktok.com/i18n/official/policy/privacy

Your Right to Withdraw Your Consent
You have the right to withdraw your consent at any time.

You can withdraw your consent for processing activities related to user behavior analysis within our system via the menu in the "Marketing Analysis" section by navigating to Menu > Edit Account > Marketing Analysis and disabling the "Marketing Analysis" function.

The legality of processing carried out based on your consent prior to withdrawal remains unaffected.

Processing of Personal Data in Connection with Social Media Plugins

Purpose
Social Media Plugins are extensions for external sites that allow you, with a single click, to directly access the corresponding social network profile.

We use social plugins from Instagram (part of Facebook Ltd.) and TikTok on our website to make the content of our website more engaging and informative for you.

Categories of Personal Data Processed
If you visit a page containing an embedded video or a social plugin and have provided consent to processing in "Other Media" via the consent banner, a connection is established to the servers of Facebook and TikTok.

In this process, the following categories of personal data are processed:

The browser you are using
The IP address of your device
The page of this website you have visited
The content displayed to you
The language, device model, and platform (e.g., iOS or Android) of your device.

Legal Basis
The legal basis for this processing activity is your consent to the processing in "Other Media" pursuant to Art. 6(1)(a) GDPR.

Retention Period
The aforementioned personal data related to you will be retained for 24 months.

Recipients
We use a web hosting provider with servers located in Germany for the provision of our website.

Facebook Pixel is a product of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). Facebook acts as our data processor, and we have concluded a data processing agreement with Facebook pursuant to Art. 28 GDPR.

The legal basis for this data transfer is the Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR.

You can find further information regarding the appropriate safeguards provided by Facebook Pixel for data transfers to third countries at:
https://web.facebook.com/legal/terms/data_security_terms
https://web.facebook.com/legal/EU_data_transfer_addendum

The aforementioned personal data related to you is processed on our behalf by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok").

The aforementioned personal data related to you is transferred to the USA.

We have entered into a data processing agreement with TikTok Technology Limited pursuant to Art. 28(3) GDPR, incorporating Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR.

You can find more information regarding the appropriate safeguards provided by TikTok for data transfers to third countries at:
https://www.tiktok.com/legal/privacy-policy?lang=de
https://ads.tiktok.com/i18n/official/policy/privacy

Your Right to Withdraw Your Consent
You have the right to withdraw your consent at any time.

The legality of processing carried out based on your consent prior to withdrawal remains unaffected.

Processing of Personal Data in Connection with Pinterest

Purpose
We use Pinterest Tag, a service provided by Pinterest Europe Ltd., to optimize our Pinterest campaigns, tailor them to user needs, and measure their success.

If you accessed our website via a Pinterest advertisement, we can track your subsequent actions.

By analyzing your user behavior, we assess the effectiveness of our Pinterest campaigns and adjust them according to user interests.

Categories of Personal Data Processed
If you consent to the analysis of your user behavior within our system (i.e., "Marketing Analysis"), the following personal data will also be processed:

Your last exposure to our advertisement (relevant for conversions)
The number of our ads you have viewed and your clicks on our ads (frequency)
Your access time and location when using our system
The extent to which you are actively using our system
Whether you are a returning user of our system
Events triggered by you within the system, such as your registration in the system, case creation, and payment for the treatment of cases you created in our system
The language, device type, and operating system (e.g., iOS or Android) of your device
Demographic data (gender, age, and interests).

We receive the aforementioned data regarding the last view contact by you and other users with our advertisements, as well as the number of viewed and clicked ads per placement from Pinterest in the form of statistical evaluations.

This means that we receive an aggregate count of users who clicked on our advertisement and were redirected to the App Store or Play Store.

Legal Basis
The legal basis for this processing activity is your consent to processing for marketing analysis purposes pursuant to Art. 6(1)(a) GDPR, provided that you granted this during the registration of your user account or via the user account management.

Retention Period
The personal data processed as part of the advertisement will be deleted after 180 days.

Recipients
The aforementioned personal data related to you is processed on our behalf by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest").

The personal data related to you is transferred to the USA.

We have entered into a data processing agreement with Pinterest pursuant to Art. 28(3) GDPR, incorporating Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR.

You can find more information about the appropriate safeguards for data transfers to third countries provided by Pinterest at:
https://policy.pinterest.com/de/privacy-policy

Your Right to Withdraw Your Consent
You have the right to withdraw your consent at any time.

The withdrawal of your consent for processing activities related to user behavior analysis can be carried out within our system via the menu in the "Marketing Analysis" section by navigating to Menu > Edit Account > Marketing Analysis and disabling the "Marketing Analysis" function.

The legality of processing carried out based on your consent prior to withdrawal remains unaffected.

Processing of Personal Data in Connection with YouTube

Purpose
To enhance and optimize our web presence, we embed videos via YouTube on our website.

Categories of Personal Data Processed
If you visit a page containing an embedded video, a connection is established to YouTube’s servers.

In this process, the following categories of personal data are processed:

The browser you are using
The page of this website you have visited
Device-specific information, including the IP address of your device
The content displayed to you on YouTube.

We use the "Enhanced Privacy Mode" option provided by YouTube. According to YouTube, in "Enhanced Privacy Mode", the aforementioned data is only transmitted to the YouTube server in the USA if you watch the video.

Legal Basis
The legal basis for this processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR, to enhance our services with dermatological information for you.

Retention Period
Further information can be found in Google's Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de.

Recipients
The aforementioned personal data related to you is processed by YouTube, LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, a subsidiary of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA. We have entered into a data processing agreement with YouTube as our data processor pursuant to Art. 28(3) GDPR. The legal basis for this data transfer to third countries is the Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR. Google provides appropriate data protection safeguards, which you can review at: https://privacy.google.com/businesses/processorterms/.

If you maintain a YouTube user account and are logged in at the time of accessing the page, the data processed when accessing the page will be linked to your user account, unless you log out before accessing the page. Further information about YouTube’s privacy practices can be found in Google’s Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de.

HealthKit and Google Fit Integration

Apple HealthKit
The provider uses the HealthKit framework (for further information, see here) from Apple (Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA; "Apple"), which provides a centralized storage location for health and fitness data on the iPhone and Apple Watch and allows apps to communicate with the HealthKit Store—with the explicit consent of the user—to access and share this data. This integration must be actively enabled by the user through their system settings. The HealthKit integration can be disabled by the user at any time via system settings. Once disabled, no further data will be exported to the provider.

The provider processes the data collected via the HealthKit framework and the Apple CoreMotion Processor(further information can be found here) for the purposes described below and only with the user’s explicit consent. This includes steps, calories, distance, duration, and heart rate. New data attributes may be added to the HealthKit framework, which will be reflected in the SQIN and IQONIC services and require the user's consent.

Google Fit SDK

The provider uses the Google Fit SDK (for further information, see here), an open platform that allows users to control their fitness data. The provider processes the following data obtained through the Google Fit SDK for the purposes described below and only with the explicit consent of the user: steps, calories, distance, duration, and heart rate. New data attributes may be added to the Google Fit framework, which will be reflected in the product and will require the user’s consent.

The SQIN and IQONIC services and analytics service providers of the SQIN and IQONIC services may analyze activity data for research purposes aimed at offering personalized services and promoting healthy habits. The SQIN and IQONIC services may, with the explicit consent of the user, share user data obtained through the HealthKit framework or Google Fit SDK with third parties for medical research purposes.

The SQIN and IQONIC services do not use information collected through HealthKit or Google Fit SDK for advertising or similar services. The user may prevent the SQIN and IQONIC services from accessing their data at any time by changing their mobile device settings. Users who use HealthKit or Google Fit SDK for storing and analyzing sensitive data should ensure that they protect their smartphone with a secure passcode (e.g., on an iPhone, under Touch ID & Passcode, by disabling the simple passcode and setting a password that includes uppercase letters, lowercase letters, numbers, and special characters).

To improve browsing on the SQIN and IQONIC website, the provider uses cookies (small files containing configuration information). Cookies are used on the SQIN and IQONIC website to enhance user-friendliness and to personalize the website according to user preferences on each visit.

Additionally, the SQIN and IQONIC website sets a cookie banner cookie. This cookie allows the provider to remember whether the user has previously visited the site and accepted cookies (in accordance with the EU "Cookie Directive", official name: E-Privacy Directive 2009/136/EC). To prevent the user from seeing the cookie notification repeatedly, the cookie is automatically deleted after three months, requiring the user to confirm the cookie banner again after expiration.

Such cookies are not only set by the SQIN and IQONIC website itself but also on its behalf by third-party providers, such as Google.de (see below). When a page on sqin.co and iqonic.ai is accessed, cookies are also set that remain stored beyond the user's current visit to sqin.co and iqonic.ai (session cookies).

General Browser Data
The SQIN and IQONIC website also automatically collects and stores information in cookies, which are transmitted by the user's web browser when accessing the webpages sqin.co and iqonic.ai. This includes, in particular, details about the browser and operating system used, a reference to the previously visited website (referral URL), the IP address or hostname of the accessing device, and the timestamp of the page request. This data is used for the statistical evaluation of the sqin.co and iqonic.ai websites.

The SQIN and IQONIC website does not link collected usage data with the name or address data of users, which may be collected during registration for SQIN and IQONIC services (so-called inventory data). The pseudonymized usage data collected is used for long-term evaluation purposes and is deleted either at the end of the evaluation phase or in accordance with legal requirements.

Withdrawal / Opt-Out Option
If the user does not wish to allow cookies or wants to delete existing cookies, they can disable and remove them via their web browser. Help for deleting cookies in the most common browsers can be found at the following links:

Internet Explorer
Mozilla Firefox
Safari
Chrome

The SQIN and IQONIC websites also use analytical cookies from third-party providers such as Google and Facebook for analytical purposes. Users may object at any time to the use of analytics programs by the SQIN and IQONIC website and to the data collection (pseudonymized data) by partner companies, with effect for the future. These functions are offered and provided by the respective service providers, and users will find the relevant instructions described in the associated notice.

B. Improvement of the SQIN and IQONIC Services

Storage and Processing of App Usage Data (via GF)

To store usage data of the SQIN and IQONIC services, the provider uses the Google Firebase service, represented by Google, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In addition to the user profile (username, login data), the provider stores user activity data within the services on the servers of Google Firebase (GF), for example, when a user logs in and tracks their progress.

The storage of usage data enables the provider to ensure a user-friendly experience within the system. This allows users to resume their activities at the exact point where they left off the last time they accessed the system. Additionally, saved personal profile settings are retained, so they do not need to be reconfigured on each use.

In accordance with GDPR requirements for the engagement of IT service providers, we have entered into a written data processing agreement with GF. GF stores and processes personal data strictly in accordance with our instructions. However, this processing may also occur outside the EU or EEA, particularly in the United States. To ensure a GDPR-equivalent level of data protection, the provider has concluded officially approved data protection contracts (EU Standard Contractual Clauses) with GF, as required by the European Commission.

Withdrawal / Opt-Out Option
Users may delete their profile and all stored personal data at any time by submitting a withdrawal request to info@iqonic.ai. The provider will forward the request to GF, which is contractually obligated to delete the relevant data.

Additionally, if a user has not actively used any SQIN or IQONIC services for three years, the provider will delete the user account.

If the data linked to the user account is still required for certain purposes that have not yet ceased at the time of deletion, the data will be restricted rather than deleted, limiting its use to specific processing purposes.

This particularly applies to legally mandated retention obligations, such as commercial and tax law requirements, which may require data storage for up to 10 years (see § 147(3) of the German Fiscal Code - Abgabenordnung).

Analysis of User Behavior on the SQIN and IQONIC Website and Web Services (via Google Analytics)

For the analysis of user behavior on the SQIN and IQONIC website, the provider uses the Google Analytics service, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

To analyze user behavior, a cookie is set. The information generated by this cookie regarding the user’s use of this website (including the user’s IP address) is transmitted to Google’s servers and stored there.

SQIN, IQONIC, and Google have entered into a joint processing agreement, which can be accessed here:
https://support.google.com/analytics/answer/9012600.

The SQIN and IQONIC website uses Google Analytics exclusively with IP anonymization, meaning that IP addresses are only processed in a truncated form to prevent direct personal identification. Through IP anonymization, the IP address is shortened by Google within EU member states or other contracting states of the European Economic Area (EEA) Agreement. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

Google will use this information to analyze the user’s use of web services and the website, compile reports on web service and website activity, and provide additional services related to website and internet usage.

Withdrawal / Opt-Out Option:

Users may object at any time to the collection and storage of data by Google Analytics with future effect. The user has the option to install a browser plugin issued by Google. This plugin is available for various browser versions and can be downloaded here:
http://tools.google.com/dlpage/gaoptout?hl=de.

If and to the extent that data associated with the user’s account is still required for purposes that have not yet ceased at the time of the requested or planned deletion, the data will not be deleted but at least restricted to specific processing purposes.

This applies in particular to legally required retention obligations, such as commercial and tax-related regulations, which may require data to be retained for up to 10 years (see § 147(3) of the German Fiscal Code - Abgabenordnung).

Analysis of App Usage Behavior in SQIN and IQONIC Services (via Google Analytics for Firebase)

For the analysis of user behavior within the SQIN and IQONIC services, the provider uses the Google Analytics for Firebase service, which is operated by Google LLC. Since SkinTech Corp. GmbH is based in Germany, the contractual partner is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland, a European subsidiary of Google LLC.

The provider uses Google Analytics for Firebase to optimize system functionalities and designs through A/B testing. In these tests, the original version of the system is compared against a slightly modified version. The provider then analyzes how well the new feature is received compared to the existing version. This allows the provider to continuously improve the system’s design and functionality, thereby enhancing user-friendliness. To conduct these comparative analyses, Google Analytics for Firebase processes user activity data within our system.

The provider uses Google Analytics for Firebase under the EU General Data Protection Regulation (GDPR) based on the legitimate interest of making the system as user-friendly as possible, optimizing the user experience, and tailoring system improvements accordingly.

Additionally, Google Analytics for Firebase enables the provider to analyze user behavior within the system, helping to better understand how users interact with the services and identify potential improvements. For this purpose, Google Analytics for Firebase processes user data such as IP addresses, demographic characteristics, technical data about the user’s mobile device and installed software version, as well as usage data, including the number of system accesses and actions within the system, such as program purchases.

Furthermore, Google Analytics for Firebase uses this usage data to conduct statistical extrapolations, which compare user behavior with other users of the system. Based on statistical probability, this allows predictions to be made, such as whether a user may be interested in purchasing a program. Based on these statistics, the provider can offer users targeted promotions and discounts for SQIN and IQONIC services that may be of interest to them.

The provider uses Google Analytics for Firebase under the EU General Data Protection Regulation (GDPR) based on the legitimate interest of designing the product to be user-friendly and conducting marketing communication as effectively as possible, ensuring that users only receive relevant offers tailored to their interests.

To integrate Google Analytics for Firebase into the SQIN and IQONIC system, the provider has implemented its Software Development Kit (SDK). This creates an interface that allows Google to access the data mentioned abovethrough the system. The information generated via the SDK about a user’s use of the SQIN and IQONIC services (including IP addresses) is transmitted to a Google server in the United States and stored there.

Google states that it does not associate the user’s IP address with other Google data. However, Google may store and process relevant personal data in any facilities operated by Google, its internal subprocessors, or infrastructure providers. In cases where this data leaves the European Economic Area (EEA) or Switzerland, the transfer is conducted using the Standard Contractual Clauses (SCCs).

Withdrawal / Opt-Out Option:

For all inquiries regarding personal data, users can contact info@iqonic.ai by email. The provider will forward these requests to Google, which has agreed to comply with all obligations under the GDPR, including access, rectification, restriction of access, and deletion of customer data. These obligations will be fulfilled to the extent permitted by EU data retention laws.

If and to the extent that the data associated with a user’s account is still required for purposes that have not yet ceased at the time of the requested or planned deletion, the data will not be deleted but rather restricted to specific processing purposes.

This applies in particular to legally required retention obligations, such as commercial and tax regulations, which may require data retention for up to 10 years (see § 147(3) of the German Fiscal Code - Abgabenordnung).

Analysis of User Behavior in SQIN and IQONIC Services (via Smartlook)

For session recording, the provider uses the Smartlook service, which is operated by Smartsupp.com s.r.o., Milady Horakove 13, 602 00 Brno, Czech Republic.

Smartlook records user behavior on video, allowing the provider to analyze interactions retrospectively. To enable this, the software places a cookie on the user's device (see relevant sections of this privacy policy regarding cookies).

The provider does not store any personal data when using this service.

The provider only uses Smartlook if the user has explicitly consented to it.

The legal basis for processing users' personal data following consent is Art. 6(1)(a) GDPR.

The processing of users' personal data enables the provider to analyze user behavior. By evaluating the collected data, the provider can compile insights regarding the use of individual components of the SQIN and IQONIC services.

This helps the provider to continuously improve the SQIN and IQONIC services and enhance their user-friendliness.

Withdrawal / Opt-Out Option:

The provider does not store any personal data of users. Only anonymous analytical data is processed for evaluation purposes. Anonymized usage logs are stored in accordance with legal regulations and are automatically deleted after 30 days.

Further information can be found in Smartlook’s Privacy Policy:
https://www.smartlook.com/de/privacy

Cookies are stored on the user's device and transmitted to the provider. Therefore, the user has full control over their use. By modifying their browser settings, users can disable or restrict cookie transmission. Stored cookies can be deleted at any time, either manually or automatically.

If cookies for the provider's website are disabled, some features of the website may no longer be fully functional.

By clicking the following opt-out link, users can prevent future tracking by Smartlook:
https://www.smartlook.com/opt-out

C. Optimization of Our Communication and Marketing Activities

Marketing Campaigns with Custom Audiences (via Facebook Pixel and Custom App Events via Facebook SDK)

The provider integrates Facebook services into its systems, represented by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

To measure and optimize marketing campaigns, the provider implements remarketing tags in the SQIN and IQONIC services.

On the SQIN and IQONIC website, this takes the form of the "Facebook Pixel", which is activated when a page is visited and transmits information to Facebook that the page has been accessed.

Within the system, "Custom App Events" are activated, which transmit information to Facebook via an interface (SDK) about which pages a user visits within the system.

When a user uses the SQIN and IQONIC services, a direct connection to Facebook’s servers is established via remarketing tags.

Based on the user’s IP address, Facebook receives information that the user has accessed the SQIN and IQONIC services. Facebook also documents multiple individual actions within the SQIN and IQONIC services, which are used for advertisement optimization.

When using the website, the following actions are tracked and recorded:

Visiting a specific landing page (e.g., homepage)

In addition to the actions listed above, additional information is collected that is only possible within the scope of system usage. These actions can be linked to the user's account. The information obtained in this way allows SQIN and IQONIC to display more targeted advertisements on Facebook.

The provider emphasizes that it has no knowledge of the content of the data transmitted via Facebook Pixel or the Facebook SDK, nor how Facebook uses this data.

With the usage data processed through Facebook Pixel and the Facebook SDK, SQIN and IQONIC can display more relevant advertisements on Facebook and its marketing channels (e.g., Instagram), as these ads take into account the user's individual behavior.

Additionally, this enables the provider to measure whether marketing campaigns achieve their intended goals (e.g., app installs).

SkinTech Corp. GmbH uses Facebook’s services in compliance with the EU General Data Protection Regulation (GDPR) based on its legitimate interest in optimizing ad spend and improving the effectiveness of advertising campaigns.

During the data processing described above, data is transmitted to Facebook's servers and stored there. Facebook also transfers the data collected through the Facebook Pixel offering to its parent company, Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA.

Further details can be found in Facebook's privacy policy.

Withdrawal / Opt-Out Option: If the user does not want advertisements on Facebook to be personalized based on their interests and user behavior, they can object to this at any time in Facebook settings.

Marketing Optimization and Analysis of User Behavior in SQIN and IQONIC Services (via Adjust)

The provider uses the Adjust service, operated by adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany, to analyze the success of advertising campaigns and evaluate user behavior within the SQIN and IQONIC services.

When a user interacts with advertisements displayed by SQIN and IQONIC, the usage data is transmitted to Adjust. Based on this data, Adjust analyzes user responses to SQIN and IQONIC advertising campaigns, allowing the provider to assess the effectiveness of the displayed campaigns.

The processing of data includes the IP address, MAC address, device identification number, and HTTP headers with associated information. The data collection covers the entire process, from interacting with advertising campaigns, such as clicking on an ad, to downloading the app and subsequent interactions with the system after installation.

SQIN and IQONIC use Adjust’s services under the EU General Data Protection Regulation (GDPR) based on the legitimate interest of distributing advertising budgets more efficiently and optimizing ad performance.

Withdrawal / Opt-Out Option:

If the user wishes to object to the processing of this data by Adjust, they can revoke their consent at any time by sending an email to info@iqonic.ai. The provider will then forward this request to Adjust, which is contractually obligated to comply with the forwarded instructions. The deletion of data is carried out in accordance with legal requirements, meaning that statutory retention and documentation obligations will be taken into account.

Additionally, if the user does not wish to be tracked by Adjust, they can select the opt-out option at https://www.adjust.com/forget-device/.

Furthermore, the user can disable tracking within their SQIN and IQONIC profile under "Privacy Notices" by selecting the "Disable Tracking" option. This will deactivate data analysis via Adjust.

If and to the extent that data associated with a user's account is still required for purposes that have not yet ceased at the time of the requested or planned deletion, the data will not be deleted but will be restricted to specific processing purposes.

This applies particularly to legally required retention obligations, such as commercial and tax regulations, which may require data retention for up to 10 years (see § 147(3) of the German Fiscal Code - Abgabenordnung).

► Changes to the Privacy Policy

The provider may update the privacy policy as necessary. The use of user data is subject to the most current version, which can be accessed at https://sqin.co/datenschutz-oska/.

In the event of a significant change to this policy (e.g., modifications to permissions, introduction of new features, etc.), the user will be notified via email, using the email address provided during registration.

If the user continues to access and use the service after the changes take effect, they agree to be legally bound by the updated privacy policy.

► You Have the Right

Under Article 15 GDPR, you have the right to request information about the personal data we process about you. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of rights to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if not collected by us, and the existence of automated decision-making, including profiling, along with meaningful details about it;
Under Article 16 GDPR, you have the right to request the immediate rectification of incorrect or the completion of your personal data stored by us;
Under Article 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless processing is required for exercising the right to freedom of expression and information, fulfilling a legal obligation, reasons of public interest, or asserting, exercising, or defending legal claims;
Under Article 18 GDPR, you have the right to request the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful but you oppose erasure, we no longer need the data but you require it for legal claims, or you have objected to processing under Article 21 GDPR;
Under Article 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transfer of this data to another controller;
Under Article 7(3) GDPR, you have the right to withdraw your consent at any time. This withdrawal means we will no longer process your data based on that consent in the future, although processing carried out before the withdrawal remains lawful;
Under Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. Generally, you may contact the supervisory authority at your usual place of residence, workplace, or our company's registered office. The supervisory authority responsible for our registered office is the Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin, Phone: +49 30 13889-0, Email: mailbox@datenschutz-berlin.de

Links to third-party websites:

Our system may contain links to third-party providers through the links already outlined to our presences on social media platforms. This privacy policy refers exclusively to the processing within this system. We have no control over the processing on the linked pages. Please review the respective processing activities on those sites.

Storage and Deletion of Data:
In principle, we only store your personal data for as long as necessary to fulfill our contractual obligations. Therefore, all stored personal data and pseudonymized usage data will be deleted when they are no longer needed for the purposes for which they were collected or if you explicitly request it, and we are not obligated by legal regulations to retain them. Retention and documentation obligations may arise from commercial law, tax law, or the Civil Code. These laws may stipulate retention periods of 10 years or more. In such cases, data will be deleted automatically after the legally required retention period has expired.

Disclosure of Personal Data
Except for the recipients mentioned above, we do not share your personal data with third parties. This only happens when

You have expressly consented in accordance with Art. 6(1)(a) or Art. 9(2)(a) GDPR,
The transfer of your data is necessary under Art. 6(1)(f) GDPR for the establishment, exercise, or defense of legal claims, and there is no reason to believe that you have an overriding legitimate interest in not sharing your data,
There is a legal obligation to transfer the data in accordance with Art. 6(1)(c) GDPR, or
The transfer is legally permissible and necessary under Art. 6(1)(b) GDPR for the fulfillment of contractual obligations with you.

► Contact Person for Data Protection and Data Protection Officer

If the user has any questions regarding the collection, processing, and use of personal data, requests for information, corrections, blocking, or deletion of data, or the withdrawal of consent given, they can contact the provider at any time via email at info@iqonic.ai or by mail to SkinTech Corp. GmbH, Zimmerstraße 50, 10117 Berlin.

The data protection officer of the provider can be reached via email at info@iqonic.ai or by mail to SkinTech Corp. GmbH, Zimmerstraße 50, 10117 Berlin.

Privacy Policy

Table of Contents:

I. What Data is Collected When Using the SQIN and IQONIC Services?

II. Why is This Data Processed?

III. Is Data Shared with Third Parties or Transferred Outside the EU?

► System Permissions

► User Rights as a Data Subject

► Detailed Overview of Individual Data Processing

Data Processing for the Provision of SQIN and IQONIC Services

B. Improvement of the SQIN and IQONIC Services

Marketing Optimization and Analysis of User Behavior in SQIN and IQONIC Services (via Adjust)