top of page

Privacy Policy
for IQONIC.AI

We reserve the right to amend this Privacy Policy.

The protection of your personal data is a matter of great importance to us, SkinTech Corp. GmbH, as the controller of the IQONIC.AI web app. With this Privacy Policy, we provide you with transparent and understandable information about the processing of personal data when using our web app and website in accordance with the EU General Data Protection Regulation (GDPR).

 

1. Data Controller

The entity responsible for data processing is:

SkinTech Corp. GmbH

Zimmerstraße 50

10117 Berlin
GERMANY

Email: info@iqonic.ai

Phone: +49 351 27513874

 

2. Data Protection Officer

Email: daten@iqonic.ai

Post address: SkinTech Corp. GmbH, Zimmerstraße 50, 10117 Berlin

 

3. Purposes and Legal Bases for Processing

We process personal data for the following purposes and on the following legal bases:

 

a) Provision of the web app and performance of a contract (Art. 6(1)(b) GDPR)

We process your data to provide you with the features of the IQONIC.ai web app, in particular the AI-powered skin and hair analysis and the product recommendations based on it. This includes your input data (e.g., uploaded images, answers to medical history questions) as well as technical usage data.

b) Improvement and optimization of our services (Art. 6(1)(f) GDPR)

Based on our legitimate interest, we analyze pseudonymized usage data to make our web app and website more user-friendly. Our legitimate interest lies in the continuous improvement of our offerings.

 

c) Research and development (Art. 6(1)(a) GDPR)

With your consent, we process health and analysis data (e.g., skin images, hair data, pseudonymized metadata) for the purpose of training and further developing our AI-based analysis and recommendation systems.

d) Marketing and Communication (Art. 6(1)(a) GDPR)

If you have consented to receiving marketing communications, we use your email address to inform you about new features and offers.

 

e) Compliance with Legal Obligations (Art. 6(1)(c) GDPR)

We process data to the extent necessary to comply with legal requirements, in particular commercial and tax law retention obligations.

 

4. Research and Development (R&D)

With your consent pursuant to Art. 6(1)(a) GDPR, we process the following data for R&D purposes:

  • Skin images and hair data

  • Information about your skin type and cosmetic preferences

  • User interactions within the analysis functions

  • Pseudonymized metadata​

The purpose is to train and further develop our AI-based analysis and recommendation systems in the beauty and cosmetics sector. The analysis serves exclusively cosmetic purposes and does not constitute a health-related evaluation.

 

5. Services Used and Disclosure to Third Parties

We use the following service providers to provide and improve our services:

a) Google Firebase
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose: Storage and processing of usage data; provision of the app infrastructure.
Data: Usage data, technical data.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

b) Google Cloud Platform and Google BigQuery
Provider: Google Ireland Limited.
Purpose: Hosting and storage of application data, as well as performing data analyses to improve our services.
Data: Usage data, analytical data, technical data.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in optimizing our services).

c) Google Analytics
Provider: Google Ireland Limited.
Purpose: Analysis of user behavior on the website to optimize our offering. We use Google Analytics with IP anonymization.
Data: Pseudonymized usage data, truncated IP address, device and browser information.
Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner on the website).

d) OpenAI (ChatGPT API)
Provider: OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA.
Purpose: AI-powered analysis of hair images as part of the hair analysis feature.
Data: Images (hair images) uploaded by the user for analysis.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract – image analysis is a core component of the service).

e) SendGrid
Provider: Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, USA.
Purpose: Sending emails (e.g., transactional emails, notifications).
Data: Email address, message content.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

f) Amplitude
Provider: Amplitude, Inc., 201 Third Street, Suite 200, San Francisco, CA 94103, USA.
Purpose: Analysis of usage behavior within the web app for product improvement.
Data: Pseudonymized usage data, device information.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in optimizing our web app). Amplitude is used within the web app; consent is obtained as part of the Terms of Use prior to each use.

g) ipgeolocation
Provider: ipgeolocation, a brand of Starter Data LLC, 4925 Greenville Ave, Suite 200, Dallas, TX 75206, USA.
Purpose: Determining the user’s approximate location to check the availability of partner stores in the respective region and display corresponding product recommendations.
Data: User’s IP address.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract—regional availability is a prerequisite for displaying relevant product recommendations).

 

6. Transfer to third countries

Some of the service providers mentioned are based in the United States. The transfer of personal data to the United States is based on the following principles:​

  • EU-US Data Privacy Framework (Art. 45 GDPR): Provided that the respective provider is certified under the DPF, the transfer is based on the EU Commission’s adequacy decision.

  • EU Standard Contractual Clauses (Art. 46(2)(c) GDPR): In addition or as an alternative, we enter into EU Standard Contractual Clauses with all U.S. service providers.

7. Product Recommendations and Partner Data

IQONIC.ai is provided as an embedded tool on our partners’ websites. The AI-powered skin and hair analysis generates product recommendations based on a recommendation algorithm curated by our partners. SkinTech Corp. GmbH is the data controller responsible for processing user data in the context of the analysis. The transfer of analysis results to our partners takes place within the framework of data processing agreements in accordance with Art. 28 GDPR.

 

8. Cookies and Cookie Banners

Our website uses cookies. We set technically necessary cookies based on our legitimate interest (Art. 6(1)(f) GDPR). We use analytics and marketing cookies only with your prior consent (Art. 6(1)(a) GDPR), which we obtain via our cookie banner (provided by Wix).

You can adjust your cookie settings at any time via the cookie banner or disable cookies via your browser settings.

 

9. Rights of Data Subjects

In accordance with the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR): You may request information about your personal data that we process.

  • Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate data.

  • Right to erasure (Art. 17 GDPR): You may request the erasure of your data, provided that no legal retention obligations prevent this.

  • Right to restriction of processing (Art. 18 GDPR): You may request the restriction of processing.

  • Right to data portability (Art. 20 GDPR): You may receive your data in a structured, commonly used format.

  • Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests.

  • Right to Withdraw Consent (Art. 7(3) GDPR): You may withdraw any consent you have given at any time with future effect.

  • Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority.

10. Retention Period

We store your personal data only for as long as necessary for the respective purpose or as required by statutory retention obligations:​

  • R&D data: 24 months from collection, followed by anonymization or deletion.

  • Usage and analytics data: 24 months from collection.

  • Commercial and tax documents (invoices, accounting records): 10 years in accordance with § 147 AO, § 257 HGB.

  • Business letters and communications: 6 years in accordance with § 257 HGB.

 

11. Use by Minors

Use of IQONIC.ai is permitted only for individuals aged 18 years and older. We do not offer any services specifically tailored to children or adolescents.

 

12. Links to Third-Party Providers

Our web app and website may contain links to external websites. This Privacy Policy applies exclusively to IQONIC.ai. We have no influence over data processing on linked sites.

 

13. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy as necessary. The current version is always available at https://www.iqonicai.com/privacy.

bottom of page