expected product launch: early 2020

Privacy Notice IONIQ App

IONIQ Skincare GmbH & Co. KG attaches great importance to the protection of your privacy and your personal data as well as the necessary data security and therefore collects, processes and uses your personal data exclusively in accordance with the principles described below as well as the requirements of the EU General Data Protection Regulation and the Federal Data Protection Act applicable to IONIQ Skincare GmbH & Co. KG.

With this Privacy Policy, we inform you about the processing of your personal data within the scope of your use of the “IONIQ Skincare Consultant” App (hereinafter referred to as “App”) as well as about your rights of data subjects. The nature of the personal data processed and the categories of data and scope of processing depend on whether (i) you use our App to get recommendations on how to use sunscreen products, or (ii) you use all or individual functions within our App (e.g. appointment calendar, login, etc.). Therefore, not all parts of this Privacy Policy may be relevant to you.

I. Name and address of the controller

The controller for the operation of the App within the meaning of the EU General Data Protection Regulation (“GDPR”) and other national data protection laws of the EU Member States as well as other applicable data protection provisions is:

IONIQ Skincare GmbH & Co. KG Otto-Lilienthal-Str. 18 88677 Markdorf (Germany)

Phone: +49 (0) 7544 505-1831 E-mail: app@ioniqskin.com Website: www.ioniqskin.com

represented by the management (hereinafter referred to as “Company”, “we” or “IONIQ”).

If you wish to object to the collection, processing or use of your data by us in accordance with this Privacy Policy in its entirety or for individual measures, you can send your objection by e-mail or letter to the aforementioned contact data. You can also obtain information about your personal data at any time and free of charge under the contact data mentioned above.

II. Your personal data

Personal data is any information relating to an identified or identifiable natural person (“data subject”). Only personal data is collected, such as your name, telephone number, postal and e-mail address, date of birth and telephone number, which you voluntarily make available to us or to the collection of which you have consented. In addition, we collect usage data in the App (such as information about the time of app use, the version of the App you are using at that time, and other data generated when using the App) and use this anonymously and exclusively for analytical purposes and to optimise the App. For the technically required data we refer to the text under “Use of log files”. For the usage data collected for statistical purposes we refer to the text under “Google Crashlytics” as well as “Google Firebase”.

III. General information on data processing

1. Scope of the processing of personal data

We process personal data (hereinafter also referred to as “data”) of data subjects only to the extent necessary to provide a functional app as well as our contents and services offered for our IONIQ products and the use of sunscreen products.

In order to be able to provide you with all the functions of our App, in particular to give you recommendations for the use of the IONIQ Sprayer with regard to your particular skin conditions and the current weather and UV radiation, we need to process personal data that you provide about your skin and sun sensitivity as well as information about the location of the use of the App or the IONIQ Sprayer. Your data concerning health will only be processed if you have given us your express consent.

The processing of personal data of our users takes place only after the user’s consent, except in the exceptions mentioned here. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons or in which processing of the data is permitted by statutory provisions or is necessary for the fulfilment of a contract.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, point (a) of Art. 6(1) GDPR serves as the legal basis.

Point (b) of Art. 6(1) GDPR serves as a legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This shall also apply to processing operations necessary prior to entering into a contract.

If the processing of personal data is necessary for compliance with a legal obligation to which our Company is subject, point © of Art. 6(1) GDPR serves as the legal basis.

In the event that vital interests of the data subject or of another natural person make processing of personal data necessary, point (d) of Art. 6(1) GDPR serves as the legal basis.

If the processing is necessary for the purposes of a legitimate interest pursued by our Company or by a third party and where such an interest is not overridden by the interests or fundamental rights and freedoms of the data subject, point (f) of Art. 6(1) GDPR serves as the legal basis for processing.

Point (a) of Art. 9(2) GDPR serves for the processing of data concerning health on the basis of your consent.

3. Storage location, data erasure and storage duration

We have commissioned the “HEROKU” service of the hosting provider Salesforce.com Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, California 94105, USA (hereinafter referred to as “HEROKU”) for hosting and storing the collected data in a Mongo database. We have concluded the data protection agreement with HEROKU for data processing on the basis of the EU standard contract clauses. According to this agreement HEROKU undertakes to guarantee the necessary protection of your data and to process them exclusively on our behalf in accordance with the applicable data protection regulations. Further information about HEROKU can be found on the website: https://www.heroku.com/. HEROKU processes your data on certified servers in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework. HEROKU uses the data for the purpose stated here and exclusively on our behalf. The data will not be used independently by HEROKU or passed on to third parties. These data are not stored together with other personal data of the user.

The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. In addition, storage can take place if this has been provided for by the European or respective national legislator in Union regulations, laws or other regulations to which the controller is subject. The data shall also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract. In general, the data stored locally and on our hosted server is erased after our app users log off.

4. Age restriction when using the App

The App is not intended for people under the age of 16. We ask that persons under the age of 16 do not provide any personal information to us. If we learn that we have collected personal information from individuals under the age of 16, we will take immediate steps to delete the information as soon as possible. If you find out that a user of one of our apps is younger than 16 years, please contact us at app@ioniqskin.com.

IV. App permissions

1. Description, purpose and scope of data processing

Depending on the operating system used (iOS or Android), the App uses the following app permissions or access rights. Apps are usually applications isolated from the system. With the permissions granted, the App can also access functions and data that are outside our normal app area.

The App uses the following permissions for the operating systems iOS and Android:

(1) The access to the approximate location (network based) and the exact location (GPS and network based) is used for the purpose of sun protection recommendation, weather forecast, determination of local UV radiation and Bluetooth communication with the IONIQ Sprayer.
(2) The access to the Bluetooth connection information is used to check whether Bluetooth is enabled and to transfer information to or retrieve information from nearby Bluetooth devices.
(3) The access to the camera (recording of pictures and videos) serves for the purpose of the Sprayer Tutorial (distance and position of the Sprayer to the skin) as well as for the production of a profile picture.
(4) Reading access to the SD card or data or files stored on your device is used to adjust the profile picture.

In addition, we require additional permissions that are mandatory for the operation of the App (display network status and WLAN status, access to the network status, pairing of Bluetooth devices, control vibrations, disable standby mode), but do not process any personal data.

2. Legal basis for data processing

The processing serves the above-mentioned purpose and takes place according to point (a) of Art. 6(1) GDPR on the basis of your voluntary consent at the first call of the permission by the operating system or in the case of an objection of a renewed consent.

3. Possibility of objection and removal

You can change, restrict, and/or deactivate app permissions at any time using your settings on the terminal used and taking into account the operating system used. More detailed information on the procedure for each operating system can be found here:

For Android: Settings > Apps / Application Manager > App Selection > Reset individual permissions by swiping For iOS: Settings > Privacy > Service Selection (Camera, Contacts…) > Remove individual apps by clicking the Withdraw Permission button

Please note: If permissions for our App are deactivated, it may not be possible to use all functions of the App to their full extent.

V. Use of log files

1. Description and scope of data processing

For the pure use of the App, our app server collects information that is technically necessary to display our app content and to ensure the stability and security of the App.

The following data is stored in log files:

(1) Date and time of access
(2) Transferred data volume
(3) Message as to whether the retrieval was successful

The data is stored on HEROKU hosted servers.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is point (f) of Art. 6(1) GDPR.

3. Purpose of data processing

The system logs are stored to ensure the functionality of the App. In addition, the data is used to optimise the App and to guarantee the necessary security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also include our legitimate interest in data processing pursuant to point (f) of Art. 6(1) GDPR.

4. Duration of storage

No IP addresses or other personal data of the user are collected. The maximum storage time for log files for the purposes listed above is 24 hours.

5. Possibility of objection and removal

The collection of the data for the provision of the App and the storage of the data in log files is mandatory for the operation of the App. Consequently, there is no possibility of objection on the part of the user.

VI. Login and user profile

1. Description and scope of data processing

The App can be used with or without a user profile or login. However, we would like to point out that some functions in the App, e.g. appointment calendar, comment function in the newsfeed, indication of a profile picture, are not possible without registration. If you want to use the App without registration or login, you can skip the step with “SKIP”.

The user profile can be set up via e-mail address, Facebook Connect or Google Sign In.

a) Setting up a user profile with an e-mail address:

In order to set up your personal profile with your e-mail address, the following personal data must be provided: (1) your first and last names, (2) your e-mail address, (3) a freely selectable password (min. 6 digits necessary).

We recommend to always use the masking function when entering the password within the App to prevent shoulder surfing.

b) Login with Facebook Connect:

Instead of registering with your e-mail address, you can also register or log in to the App using the social plugin Facebook Login. Facebook Login is a service of the integrated software development kit (SDK) of Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA (hereinafter referred to as “Facebook”) and offers you the possibility to automatically link your Facebook profile with the IONIQ App by selecting the “Continue with Facebook” button. To confirm the link, you will automatically be redirected to a Facebook website to verify your Facebook profile once. An additional registration in the App is then no longer necessary.

By linking your Facebook account with our App, we gain access to your data stored on Facebook. We use the following data to set up and provide your profile: (1) your profile name, (2) your e-mail address, (3) your profile picture, (4) your social network ID.

We would like to point out that through the integration of the Facebook software development kit, also the trackers Facebook Places and Facebook Share are integrated, which are not used by us.

For more information about Facebook and privacy settings, please refer to the Facebook Privacy Notice and Terms of Use at https://facebook.com/privacy and https://www.facebook.com/terms respectively.

c) Login with Google Sign In:

Instead of registering with your e-mail address, you can also register or log in to the App using Google Sign In. Google Sign In is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (hereinafter referred to as “Google”) and offers you the possibility to automatically link your Google profile with the IONIQ App by selecting the “Continue with Google” button. To confirm the link, you will automatically be redirected to a Google website to verify your Google profile once. An additional registration in the App is then no longer necessary.

By linking your Google account with our App, we gain access to your data stored by Google. We use the following data to set up and provide your profile: (1) your profile name, (2) your e-mail address, (3) your profile picture, (4) your social network ID.

For more information about Google Sign In and privacy settings, please refer to the Google Privacy Notice and Terms of Use at https://policies.google.com/privacy or https://policies.google.com/terms.

We hereby inform you that both Facebook (via Facebook Connect) and Google receive data about your use of the App. The data exchange is already possible before the registration within our App. We have no control over the data collected by Google and Facebook and their data processing operations, nor are we aware of the full scope of the data collection, the purposes of the processing and the storage periods and location. Also for the erasure of the collected data by Google and Facebook no information is available. For further information on the purpose and scope of data processing, as well as your rights and privacy settings in this regard, please refer to the above terms of use and privacy notices of Facebook and Google.

You can then voluntarily add or change a profile photo to the profile in your profile settings. After successful registration, you will automatically receive a confirmation e-mail welcoming you to the IONIQ App.

2. Legal basis for data processing

The legal basis for the processing of data transmitted by you, Facebook or Google and processed by us in the course of consenting to setting up and providing a user profile is point (a) of Art. 6(1) GDPR.

3. Purpose of data processing

The processing of personal data by us serves to set up and provide your user profile for the IONIQ App.

4. Duration of storage

Your data (name, first name, e-mail address, password, profile picture or profile name, e-mail address, profile picture, social network ID as well as the type of registration) will be stored on certified HEROKU servers. The password is stored in a protected area and protected before storage by a cryptographic procedure.

The data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. For personal data, this is the case if the consent for processing is withdrawn or the profile is deleted. Please note that deleting your profile for the App has no effect on your Facebook or Google profiles.

5. Possibility of objection and removal

This data processing is voluntary for you. However, if you do not provide us with your personal data, including but not limited to the data necessary to set up your profile, we will not be able to offer you this service.

The user has the possibility to withdraw his or her consent to the processing of personal data at any time. By withdrawing your consent no further processing of your data takes place for this purpose and your profile is deleted. The profile can be deleted at any time via the app settings under “Delete account” or via the contact data under point I. By deleting your profile, all collected personal data will be erased.

VII. Determination of the individual skin type

1. Description, purpose and scope of data processing

Within the App we determine your skin type as the basis for our product, skin and sun protection recommendations on the basis of ten data on your skin and sun sensitivity (sex, skin colour, hair colour, eye colour, freckles, reaction of your skin to sunbathing, dryness, scaling and sensitivity of the skin, approximate age).

By providing the above data, we determine your skin texture, which is subsumed into six skin types (1) Pure Pearl (skin type 1) (2) Beige Bliss (skin type 2) (3) Smooth Sand (skin type 3) (4) Caramel Candy (skin type 4) (5) Golden Glam (skin type 5) (6) Cocoa Cool (skin type 6) and assigned to you.

The determination of your skin type takes place because we want to give you a recommendation for the time interval until the next application of a recommended sunscreen product on the basis of your determined skin type, the weather and the UV radiation at your location. In addition, we give you tips and information suitable for your skin type as well as skin care and sun protection tips and product recommendations for IONIQ products. Our recommendation is not a medical consultation of a suitably qualified person.

2. Legal basis for data processing

The processing of the data (sex, hair colour, eye colour and age) serves the above-mentioned purpose and is carried out according to point (a) of Art. 6(1) or for the processing of the data concerning health (reaction of your skin to sunbathing, dryness, scaling and sensitivity of the skin) according to point (a) of Art. 9(2) GDPR by your voluntary participation in the survey or the determination of your individual skin type.

3. Duration of storage

Your data will be stored locally on your terminal if you are not registered and logged into our App. For logged-in users of our App, the data is stored on the HEROKU servers hosted by us. The data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. For personal data, this is the case if the consent for processing is withdrawn or the profile is deleted.

4. Possibility of objection and removal

This data processing is voluntary for you. However, if you do not provide us with your personal data, including but not limited to the data necessary to determine your skin type, we will not be able to offer you our service.

The logged-in user can withdraw his or her consent to the processing of personal data at any time. By withdrawing your consent no further processing of your data takes place for this purpose and your profile is deleted. The profile can be deleted at any time via the app settings under “Delete account” or via the contact data under point I. By deleting your profile, all collected personal data will be erased.

In addition, every user of the App can adjust his or her identified skin type under “Profiles” if necessary. If you do not feel safe with your subsumed skin type, or if you have doubts that it is your skin type, we recommend that you manually select or reduce the skin type in the profile settings.

VIII. Using the IONIQ Sprayer (tutorial)

Until the expected market launch of the IONIQ Sprayer in March 2020, you will find a tutorial in our App on how to operate the Sprayer. In addition to important tips for operating the Sprayer and instructions for applying skin lotion (speed, distance to skin, information about your body shape), we offer you the opportunity to practice the correct use of the IONIQ Sprayer with the help of your camera. For the presentation of the tutorial we need the permission for the access to your camera.

For a description of the app permission, the purpose and the possibilities for objection, please refer to the text under item “IV. App permissions”.

You will also find a link to our YouTube channel, where you can find further information and videos about us and the IONIQ Sprayer.

When the Sprayer goes on sale, further functions in our App will be activated and described in the Privacy Policy. For example, the IONIQ Sprayer will communicate with our App via Bluetooth and exchange the fill level of the cartridges, the amount of sun protection spray used, the battery life and other useful information.

IX. Calendar, checklist and timer

1. Description, purpose and scope of data processing

Within the App registered users find the possibility to create and save individual appointments or routines as well as checklists in the provided calendar functions and to set a timer. The calendar creates a recurring routine by specifying a time, the planned weekday and a calendar description, which gives you a reminder at the desired and specified time. In addition, it is possible to create checklists within the calendar.

With the calendar functions we offer you the possibility to create and independently manage your individual skin care routine. For example, you can set a reminder as to when it is time to apply your sunscreen. In addition, you can create your personal holiday checklist and remember any important documents or items when packing your travel bag.

If we have the app permissions to access your location data (see IV. App permissions), we offer you under “Today” a recommendation for the time interval until the next application of a sunscreen product recommended by IONIQ based on your determined skin type, the weather and the UV radiation at your location. The timer reminds you of the recommendation by means of push notification and vibration or sound at the end of the time interval. The push notifications are sent to the terminal using a feature of the Google Firebase software development kit (described below under XIII. b)).

2. Legal basis for data processing

Processing serves the aforementioned purpose and is carried out in accordance with point (a) of Art. 6(1) GDPR on the basis of your voluntary consent by registering with and logging into the IONIQ App or by voluntarily depositing individual calendar entries and checklists as well as activating the timer.

3. Duration of storage

After saving your calendar entry as well as your checklist, it will be saved on our server at HEROKU until your withdrawal or deletion of the entries or deletion of your entire IONIQ profile.

By using the timer, no data is stored on our servers.

4. Possibility of objection and removal

As a user, you have the possibility at any time to withdraw your consent to the processing of personal data or to delete the respective calendar entry or your checklist. The respective calendar entry can be deleted at any time by clicking on “DELETE ROUTINE?” In addition, all checklist items may be deleted or your objection may be sent to the following e-mail address: app@ioniqskin.com. In this case, all personal data stored in the course of the respective calendar entry or within a checklist will be erased and your routine will no longer be displayed in the calendar. You can reset the timer at any time by clicking on “Turn off”.

In addition, we offer you the option of deleting your profile with all stored data via the app setting (see above).

X. Newsfeed and comment function

1. Description, purpose and scope of data processing

Within the App you will find news about our offers for IONIQ products and the topics sun protection, skin care and holiday tips under “Explore”. Our user has the choice between the categories “IONIQ”, “Trends” and “Fast Facts” as well as the possibility to choose between different types of holidays (“Winter”, “Summer”, “Outdoor” and “Extreme Sport”) to display articles according to personal preference. There is no additional personalisation in form, that is, the display of the articles varies exclusively on the basis of the filters you used. We also offer our app users the opportunity to comment on articles within the newsfeed. We use the functions of the newsfeed to communicate with our users or to offer our users a platform for communication and to exchange information about our products and articles.

2. Legal basis for data processing

Processing serves the aforementioned purpose and is carried out in accordance with point (a) of Art. 6(1) GDPR on the basis of your voluntary consent by registering with and logging into the IONIQ App or by voluntarily submitting your comment on the respective article.

3. Duration of storage

After saving your comment, it will be displayed together with your name or your profile name (when registering via Facebook or Google) as well as your profile picture in the App for all users and will be saved on our server at HEROKU until your withdrawal or deletion of your entire IONIQ profile.

4. Possibility of objection and removal

As a user, you have the possibility at any time to withdraw your consent to the processing of personal data or to delete the comment. The withdrawal can be made at any time via the respective comment by clicking on the “Delete” icon, which is displayed in the comment, as well as at the following e-mail address app@ioniqskin.com. In this case, all personal data stored in the course of the respective comment will be erased and your comment will no longer be displayed in the newsfeed.

In addition, we offer you the option of deleting your profile with all stored data via the app setting (see above).

XI. Newsletter and newsletter tracking

1. Description and scope of data processing

You can request an e-mail newsletter within our App or during registration. If you subscribe to our newsletter, we will use the required e-mail address to send you our e-mail newsletter in accordance with your consent. We send newsletters at regular intervals to distribute news, offers and information about sun protection, skin care and IONIQ products.

If you have registered for the newsletter, IONIQ collects, processes and uses the data provided by you for sending the newsletter. For the technical implementation of the dispatch, your personal data will be transmitted to the Newsletter platform MailChimp and sent via the service “Mandrill”. These are offers of the Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta Georgia 30308, USA (hereinafter collectively referred to as “MailChimp”), which will process the data provided in compliance with the necessary measures for data security as a processor for us within the meaning of Art. 28 GDPR. The contractual relationship was agreed in accordance with data protection laws. The data is used by MailChimp to send the newsletter, to evaluate the success of the newsletter and to optimise or improve its own services.

If you subscribe to an electronic newsletter and other electronic communications, we process in particular the following data: (1) your name, (2) your e-mail address, (3) information as to whether you have consented to or objected to receiving such communications, including date and time.

Subscription to the e-mail newsletter is done via a double opt-in procedure set up by the system. This means that after entering your data you will receive an e-mail with a confirmation link. This confirmation e-mail serves to authorise the receipt of the newsletter by the owner of the e-mail address provided. The e-mail address will only be added to the distribution list after confirmation.

In the context of the success evaluation of our newsletters a tracking system based on a “web-beacon” is used. The web-beacon is a pixel-sized file, which is called by the Mail-Chimp server when the newsletter is opened. MailChimp receives information about your browser, your operating system, your IP address and the time and place (your geo-location using your IP address) of access to our newsletter. In addition, the following information about the newsletter will be evaluated: the status of the receipt of the e-mail, success evaluation of the clicked links in the newsletter via a counting link and the terminal the customer uses to receive the newsletter.

The evaluations are made available to us by MailChimp.

Further information about MailChimp and data processing by MailChimp can be found at https:/mailchimp.com/legal/privacy.

2. Legal basis for data processing

The legal basis for the processing of data transmitted in the course of consenting to the sending of the newsletter is point (a) of Art. 6(1) GDPR. The legal basis for the temporary anonymisation and storage of anonymised data for the evaluation of success is point (f) of Art. 6(1) GDPR. We have a legitimate interest in direct advertising and in evaluating the success of your response to the contents of the newsletter in order to successfully compete on the market.

3. Purpose of data processing

The processing of personal data by us and our service provider MailChimp serves us solely to process and send a newsletter and to evaluate the success of each newsletter. Anonymous statistics about your use and response to our newsletter help us better tailor our offerings to the interests of our subscribers. This is also the necessary legitimate interest in the processing of the data.

4. Duration of storage

Your data will be stored on MailChimp servers in the USA. MailChimp uses this information to send and evaluate the newsletter use on our behalf, as well as for service optimisation. The data will not be used independently by MailChimp, e.g. for contacting, or passed on to third parties. The data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data, this is the case when the consent for processing is withdrawn.

5. Possibility of objection and removal

You have the possibility at any time to withdraw your consent to the processing of your personal data in order to receive the newsletter. You can unsubscribe at any time by e-mail (app@ioniqskin.com) or via the unsubscribe link provided in the newsletter.

XII. E-mail contact

1. Description and scope of data processing

Within the App as well as via the contact data in the imprint or this Privacy Policy, contact can be established via the e-mail address provided. In this case the transmitted personal data of the user will be stored. The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the conversation.

2. Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is point (a) and (f) of Art. 6(1) GDPR. If the purpose of the contact is to conclude a contract, an additional legal basis for the processing is point (b) of Art. 6(1) GDPR.

3. Purpose of data processing

The processing of your personal data voluntarily provided to IONIQ by e-mail serves us solely to process the establishment of contact. This is also the necessary legitimate interest in the processing of the data.

4. Duration of storage

The data will be erased immediately as soon as they are no longer required for the purpose of their collection. For the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the facts in question have been conclusively clarified.

5. Possibility of objection and removal

The user has the possibility to withdraw his or her consent to the processing of personal data at any time. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. The withdrawal can be made at any time via the contact data in the imprint of the App, as well as under the following e-mail address app@ioniqskin.com. In this case, all personal data stored in the course of establishing contact will be erased.

XIII. Passing on personal data to third parties

We use extensions and offers from third parties within our App. Personal data is often passed on or transferred automatically to third parties. The type, scope and purpose of this processing of personal data are listed and explained below:

XIII. a) Google Crashlytics

1. Description and scope of data processing

Our App uses the error diagnostic service “Crashlytics”, provided by Google Ireland Ltd, Google Building Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”), which is provided by Google through the integrated Google Crashlytics SDK. If the App crashes during use or unexpected errors occur, specific information such as device type, operating system version, date and time of the error, country from which the query is made, and the operating system language is sent to Crashlytics. The error analysis by Crashlytics uses an anonymous IP address. Anonymisation is automatically taken over by Crashlytics.

Further information on Crashlytics and data processing by Google can be found at https://firebase.google.com/terms/crashlytics.

2. Legal basis for data processing

The legal basis for processing the data transmitted in the course of error diagnosis is point (f) of Art. 6(1) GDPR.

3. Purpose of data processing / duration of storage

Processing takes place in order to record and evaluate errors. The information obtained in this way serves to maintain and improve our App and therefore represents our legitimate interest pursuant to the first sentence of point (f) of Art. 6(1) GDPR. The data collected will be stored on a Google server and erased or anonymised by Google 90 days after their collection, unless there is a suspicion of misuse or another system security error.

Through the use of Crashlytics, personal data may be transmitted to Google. Google works for us as a service provider within the scope of data processing. Google also processes your data in the USA and has submitted to the EU-US Privacy Shield.

Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.

4. Possibility of objection and removal

If you do not consent to the processing of your data for the above purpose, you may opt out of such use for the future by sending an e-mail to support@crashlytics.com. Please use the text “Privacy Shield” in the subject line.

XIII. b) Google Firebase

1. Description and scope of data processing

Within our App we use the analysis service “Google Analytics for Firebase” or “Google Firebase” by Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”), which is provided by the integrated Google Firebase Analytics SDK.

For statistical purposes, Google uses unique identifiers for mobile devices (including Android Advertising ID or Advertising Identifier for iOS (IDFA) – hereinafter referred to collectively as “User ID”) and cookie-like technologies. This User ID allows Google to assign data, sessions and interactions across multiple devices to a single User ID, enabling Google to analyse a user’s activities across devices. The User ID and the collected usage data are transmitted anonymously to Firebase or Google, so that our users cannot be traced or identified.

The information generated by the cookie and User ID about your use of our App is usually processed on a Google server in the USA. Before this, however, it is anonymised within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. The User ID provided by your device as part of Google Firebase will not be merged with other Google data.

Through the use of Google Firebase, personal data may be transmitted to Google anonymously. Google works for us as a service provider within the scope of data processing. Google also processes your data in the USA and has submitted to the EU-US Privacy Shield.

Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.

Further information on the processing of data by Google and on data protection in connection with Google Firebase can be found at: https://www.firebase.com/terms/privacy-policy.html or https://firebase.google.com/terms/.

2. Legal basis for data processing

The legal basis for the processing of data transmitted to Google in the course of statistical evaluation is point (f) of Art. 6(1) GDPR.

3. Purpose of data processing / duration of storage

On behalf of IONIQ, Google uses the above-mentioned data to evaluate the use of the App, to compile reports on activities and to provide the operator with further services associated with the use of the App. We use the analysis and tracking technologies carried out with Google Firebase on the basis of point (f) of Art. 6(1) GDPR to carry out data analyses, to statistically record the use of our App and for the purpose of optimising our offer for you on the basis of the analysis results as well as for the continuous improvement and administration of our offer.

The time limit for campaigns can be a maximum of 14 months. The collected data will be deleted afterwards.

4. Possibility of objection and removal

You may object to using Google Firebase features at any time. You can reset the User ID or log off using your settings on the terminal used depending on the operating system:

For Android: Settings > Google > Ads > Reset advertising ID For iOS: Settings > Privacy > Advertising > No Ad Tracking

XIII. c) Feedback via SurveyPlanet

1. Description and scope of data processing

In the App you have the possibility to send us feedback about the IONIQ App under your profile settings. We use the services of the provider SurveyPlanet LLC, 11835 W Olympic Blvd., Los Angeles, California 90064, USA (hereinafter referred to as SurveyPlanet) for the creation and evaluation of surveys.

Selecting the “Feedback” button will take you to a SurveyPlanet website or WebView. Your participation in the following feedback survey for the evaluation of the App is voluntary. We therefore recommend that you inform yourself about the data processing processes in the provider’s privacy policy before calling up the website.

SurveyPlanet may collect and process personal data such as your e-mail address through the use of SurveyPlanet services. SurveyPlanet works for us as a service provider within the scope of data processing. SurveyPlanet also processes your data in the USA and has therefore submitted to the EU-US Privacy Shield. SurveyPlanet uses the data collected (e-mail address and survey results) as stated in our order and for service optimisation. The data will not be used independently by SurveyPlanet or passed on to third parties. These data will not be stored together with other personal data of the participant of the survey.

For more information about SurveyPlanet’s processing of data and about SurveyPlanet’s privacy practices, please visit: https://surveyplanet.com/legal or https://docs.surveyplanet.com/.

2. Legal basis for data processing

Participation is on a voluntary basis and the respondents thereby declare their consent to the processing of their personal data in accordance with point (a) of Art. 6(1) GDPR. The legal basis for the temporary storage of data by SurveyPlanet for the evaluation of your feedback is point (a) of Art. 6(1) GDPR. We have a legitimate interest in evaluating your response and opinion on the content of the IONIQ App in order to successfully compete on the market.

3. Purpose of data processing / duration of storage

The processing is carried out in order to collect and evaluate the feedback of our users. The information obtained in this way serves to maintain and improve our App and therefore represents our legitimate interest pursuant to the first sentence of point (f) of Art. 6(1) GDPR.

The data is stored for the duration of the survey and evaluation for 1 year. At the end of the feedback surveys, we erase the collected data from our SurveyPlanet account.

4. Possibility of objection and removal

You have the possibility at any time to withdraw your consent to the processing of your personal data within the scope of the feedback survey. You can unsubscribe at any time by e-mail (app@ioniqskin.com). A subsequent correction of individual answers after the survey has been sent is not possible.

XIII. d) Determination of weather data via Weatherbit

1. Description and scope of data processing

If we have the app permissions to access your location data (see IV. App permissions), we offer you the current weather, a weather forecast for the coming week and an estimate of the level of UV radiation at your location (hereinafter referred to collectively as “Weather”) under “Today” using the location data transmitted by your terminal. We use the features of Weatherbit Weather API, a service provided by Weatherbit LLC, 300 Fayetteville St, P.O. Box 101, Raleigh, North Carolina 27602, USA (hereinafter referred to as “Weatherbit”) to determine your location and to display and retrieve the Weather. The location-specific Weather data is retrieved by transmitting the location data (longitude and latitude) received from your terminal to Weatherbit.

Weatherbit processes the data provided for us in compliance with the necessary data security measures as a processor within the meaning of Art. 28 GDPR. The contractual relationship was agreed in accordance with data protection laws. The data is used by Weatherbit exclusively for the transmission of location-specific Weather data.

For more information about Weatherbit’s processing of data and privacy practices in connection with the Weatherbit Weather API, please visit https://www.weatherbit.io/privacy or https://www.weatherbit.io/terms.

2. Legal basis for data processing

The access to your location data as well as the transmission of the location data takes place on the basis of your consent to the corresponding app permission according to point (a) of Art. 6(1) GDPR (cf. IV. App permissions).

3. Purpose of data processing / duration of storage

The transmission of your location data to Weatherbit takes place because we want to give you a recommendation for the time interval until the next application of a recommended sunscreen product on the basis of your determined skin type, the Weather and the UV radiation at your location. The timer (see IX. Calendar, checklist and timer) reminds you of the recommendation by means of push notification and vibration or sound after the time interval has elapsed.

The API function call log files are stored for a maximum of 2 weeks on a Weatherbit server in the USA and/or Canada and then deleted.

4. Possibility of objection and removal

You can change, restrict and/or deactivate the app permissions for location access at any time using your settings on the terminal used depending on the operating system used. More detailed information on the procedure for each operating system can be found here:

For Android: Settings > Apps / Application Manager > App Selection > Reset location access by swiping For iOS: Settings > Privacy > Service Selection Location access > Withdraw IONIQ App permission by swiping

Please note: If access to your location data for our App is deactivated, we can no longer offer you our recommendations.

XIV. Rights of the data subject

If your personal data is processed, you are the data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:

1. Right to information

You can request confirmation from the controller as to whether personal data concerning you are processed by us.

In the event of such processing, you may request the following information from the controller: (1) the purposes for which the personal data are processed; (2) the categories of personal data processed; (3) the recipients or categories of recipient to whom the personal data concerning you have been or will be disclosed; (4) the envisaged duration for which the personal data concerning you will be stored, or, if it is not possible to provide specific information in this regard, criteria used to determine that period; (5) the existence of the right to request from the controller rectification or erasure of personal data concerning you or restriction of processing of personal data concerning you or to object to such processing; (6) the right to lodge a complaint with a supervisory authority.

You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

To exercise your right to free information, please contact us directly via the contact details in our imprint or contact us (see Section I).

2. Right to rectification

You have the right to have your personal data rectified and/or completed by the controller if the personal data processed concerning you is inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

3. Right to restriction of processing

Under the following conditions, you may obtain restriction of the processing of your personal data: (1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data; (2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; (3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or (4) if you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours.

Where the processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If restriction of processing has been obtained in accordance with the above conditions, you shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Erasure obligation

You may obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase this data without undue delay where one of the following grounds applies: (1) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed: (2) you withdraw your consent on which the processing is based according to point (a) of Art. 6(1) GDPR and where there is no other legal ground for the processing; (3) you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR; (4) the personal data concerning you have been unlawfully processed; (5) the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; (6) the personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

b) Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links, or copy or replication of, those personal data.

c) Derogations

The right to erasure does not exist to the extent that processing is necessary. (1) for exercising the right of freedom of expression and information; (2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (3) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to under section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or (4) for the establishment, exercise or defence of legal claims.

5. Right of information

If you have exercised your right to rectification, erasure or restriction of processing against the controller, the latter is obliged to communicate such rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You shall have the right against the controller to be informed about those recipients.

6. Right to data portability

You shall have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit those data to another controller without hinderance from the controller to which the personal data have been provided, where (1) the processing is based on consent pursuant to point (a) of Art. 6(1) GDPR or on a contract pursuant to point (b) of Art. 6(1) GDPR; and (2) the processing is carried out by automated means.

In exercising this right, you shall also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. Freedoms and rights of others shall not be adversely affected by this.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) or (f) of Art. 6(1) GDPR.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

8. Right to withdraw a declaration of consent under data protection law

You shall have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

The data protection authority responsible for us is

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Street address: Königstraße 10a, 70173 Stuttgart, Germany Postal address: Postfach 10 29 32, 70025 Stuttgart, Germany Further information can be found on the Internet at www.baden-wuerttemberg.datenschutz.de.

XV. Links to other websites

This Privacy Notice applies exclusively to the App of IONIQ Skincare GmbH & Co. KG. Contents in the App may contain links to websites of third parties. Our Privacy Policy does not extend to these websites. When you leave our App, it is recommended that you carefully read the privacy statements of each website that collects personal data.

XVI. Safety and security

We take the necessary security measures to protect your personal data against unlawful or accidental access or erasure, alteration or loss and against unauthorised disclosure. We encrypt your data during transmission via our website, App and to third-party providers and use so-called SSL (Secure Socket Layer) connections. We secure our App and our other systems and personal data in particular against loss, destruction, unauthorised access, alteration or disclosure to third parties through suitable technical and organisational measures.

XVII. Availability and changes

You can view this Privacy Policy under [Link…]. You may also save or print this Privacy Policy by using the appropriate features of your browser.

In the event of discrepancies between the English translation and the original German text, the original German text shall prevail.

We reserve the right to change this Privacy Policy from time to time or to adapt it to legal requirements and therefore ask you to check the current Privacy Policy every time you visit our App.

Version: August 2019