Mimi Health Privacy Notice

+ Acceptable Age

We do not intend to collect nor process the data of individuals under 18 years old. Only individuals who are already 18 years old may use the Hearing Test and provide information to us.

If we become aware that someone under the age of 18 has provided or attempted to provide us their personal data and/or registered an account, we will use our best efforts to remove the information permanently from our files and delete this account.

+ Information We Collect from You

Mimi.health Website

Contact form

The following data points are collected from you when you leave your inquiry on the website: full name, email address, subject and content of the message. You can always contact us directly by email, in which case we will collect your email address and the content of your message.

We will use this information to reach out to you and help you with your inquiry. We can also use the content of your request to improve our products and services or analyse our marketing efficiency if it contains valuable information.

Newsletter subscription

When you subscribe to our newsletter through the website, we collect your full name and email address. We use this information to prepare, personalise (by including your name) and send our newsletter to you.

Cookies

A cookie is a small text file that is downloaded onto your device (e.g. a computer or smartphone) when you access our website. It allows us to recognize your device and store some information about your preferences or past actions.

There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are erased when you close your browser. Persistent cookies remain on your device for a pre-defined period.

We use cookies to enable the work of our website (strictly necessary cookies). Strictly necessary cookies do not require user consent as they are always placed on your device by default. However, you may manage your cookie settings in your browser settings at any time.

Please keep in mind that simply disabling all cookies or all of our cookies in your browser settings may lead to certain sections or features of our Website not working.

Hearing Test

Taking a hearing test

When you access the Hearing Test, you can take the test without registering an account.

We will assign a randomly generated ID to you, which will allow us to distinguish your records from others, but at this point does not allow us to understand who you are in any way. Therefore, we consider your test results being anonymised unless you register the account.

After you create the user account, we will collect your explicit consent to process test results as health data to store and provide them to you along with your account data.

Age Group. Before conducting the test, we will collect your year of birth to compare your results against the average of your age group.

Hearing test Data. During the test, we will collect the following data points from you: test type you take (Pure Tone Threshold Test / Masked Threshold), raw test results, including hearing performance indicators (frequency, in hertz) on which you responded to the test using your left and right ears, 5-degree scale interpretation of the test results, date and time when you take the test, and an average ambient noise over time during the test. When you choose to undergo a Pure Tone Threshold Test, we also collect and further provide to you your audiogram.

Device Calibration. To calibrate your test results based on the settings of your device, we also collect details about your device: operating system and its version, SDK version installed on the device, headphone connection types, and a region where your phone is set to.

We collect the data points described above:

• to provide you with hearing tests and calibrating the results in accordance with your device setting;
• to improve the quality of our services;
• to share the hearing test results with our partners, in particular with the companies that use Hearing Test for their products;
• in the case of necessity, to share your details with our internal Safety officer, who ensures compliance with relevant safety law requirements; and
• for scientific and other research purposes.

Please note, that unless you register the account, we are unable to identify you. Thus we consider the data being anonymous at this point. As such, your test data can be kept for an indefinite period of time as long as it is anonymous.

Account registration and maintenance

After you take the test, you can register an account to keep, export and later access your hearing test results. For this purpose, we will collect your email address, password, and nickname to assign them to your user ID.

As soon as you create the account, we will be able to identify you and thus our activities will be considered personal data processing.

We use your account information to:

• create and maintain your user account, including securing the access to it by password features;
• allow you to access your historical hearing tests, switch devices, delete and export your test results from Mimi Hearing Test mobile application and other devices implementing Hearing Test;
• contact you regarding the work of Mimi and/or your account;
• provide you with technical support;
• where requested, provide your hearing test results to you via email;
• based on your consent, to send you marketing emails.

Joint controllership. When you create an account, the data is shared with our parent company Mimi Hearing Technologies GmbH as a joint controller. The account you create for Hearing Test will simultaneously be used as the account for Mimi Hearing Test mobile application, Mimi SDK, and other implementations of Mimi software, the publisher and controller of which is Mimi Hearing Technologies GmbH. The account data will also be used for joint research and improvement activities.

Mimi Hearing Technologies GmbH is ultimately responsible for managing and administering the database with your account data. They ensure the technical and organisational measures for protecting the data, conclude agreements and manage relationships with service and software providers to maintain the database, and provide technical support to the users.

You can exercise your rights regarding the account by contacting Mimi Hearing Technologies GmbH at:

Mimi Hearing Technologies GmbH

Address: Boxhagener Str. 82, 10245 Berlin, Germany

Email address: privacy@mimi.io

Please note that you may also exercise your rights by contacting us directly.

Jointly with Mimi Hearing Technologies GmbH, we will store your account data for as long as you use our services and have the account. We will delete your data 365 days after your last user session.

IP logs/Crash Logs data

During your use of Hearing Test, we collect IP logs and Crash Logs from your device. As we are continuously testing the application, certain traffic from Hearing Test is collected automatically. The data categories we receive may include the model of the device, operating system version, country of geolocation, user ID, date, time, and duration of the user session, pages viewed, buttons clicked, error code, and error message. This data is provided to us in an aggregated way, without the possibility of identifying a particular user.

We use this data exclusively for debugging, quality management, and improvement purposes.

Communications with us

Occasionally, we collect user feedback and provide technical support if you have any inquiries regarding the work of our Hearing Test. We use this information to provide you with the help you might need, fix and improve our services, and analyse our efficiency in marketing and product efforts, including by creating statistics of inquiries.

We will store your communications with us for our legitimate interests and further analysis for the same period as for your account data. If you did not register the account, we will store the data for 365 days after the last communication with you. If we need to further use this information, we will fully anonymise it first.

+ Legal Basis for Processing

Performance of Contract

We process your hearing test results and account data, requests for technical support, your communications with us to provide you with the Hearing Test services. Without this information, we will be unable to provide you with the full Hearing Test functionality.

Your Consent

For the e-mails with our newsletters, announcements, and other offers (marketing emails), we will obtain the consent from you first, which serves as a legal base for the processing of your information.

We process your inquiries left by email and subscription to our newsletter left on the website because you provided them entirely voluntarily, i.e. based on your consent.

If you create the account, we will also ask for your consent to connect your account with test results and allow you to access them along with the account data.

You can withdraw your consent at any time by contacting us directly. The withdrawal will not affect the lawfulness of processing based on consent before. You can also opt-out from the e-mail subscription by clicking the appropriate button in our emails to you.

Legitimate Interests

For improving the quality of the Hearing Test and debugging its work, we process your test results, IP and Crash Logs, as well as the content of your inquiries, in our legitimate interests.

We will also process your hearing test results for research purposes in our legitimate interests. We will ensure that suitable safeguards, such as pseudonymisation of your data, will be in place, if the test results are already tied to your account.

Legal Compliance

If we are subject to any legal requirements to retain the health data of our users, we will process the collected details to comply with law requirements. The example of such a situation will be the reporting of your data and/or request to our Safety Officer and their team, who are responsible for handling emergency situations connected with the use of the Hearing Test. In this scenario, the legal ground for the processing will be compliance with our legal obligations.

+ Third-party Access to Information

Partner organisations that integrate Hearing Test

The partners that integrate our SDK into their products often ask us to share your hearing test results for their internal business purposes.

Third-party service providers

The following categories of third-party providers are used to enable the work of Hearing Test:

• Our affiliate company that provides us with the development and other organisational resources;
• Email notification provider;
• Client Relationship Management software provider, by means of which we manage our communications with users;
• Cloud storage providers.

The involvement of email notification and cloud storage providers implies the transfer of personal data outside of the European Economic Area. To ensure compliance with data protection requirements on international transfers, the Standard Contractual Clauses (SCC) as adopted by the European Commission are signed with these providers. If you would like to obtain a copy of the SCC signed with the service providers, feel free to contact us by the means provided at the beginning of this document.

Please note, that the third-party providers can only process your data on our behalf and do not use it for their own purposes.

Other Disclosures

In addition to the disclosures for the purposes identified before, we may disclose information about you:

• if we are required to do so by law, in connection with any legal proceedings or to establish, exercise or defend our legal rights; and
• in case we sell, license or otherwise assign our company, corporate rights, Mimi or its separate parts or features to third parties.

Except as provided in this privacy notice, we will not sell, share or rent your information to third parties.

+ Your Rights

To maintain control of your personal data, you may exercise certain rights regarding your information. In particular, you have the right to:

• Object to the processing of your information. If we process your information in our legitimate interests, e.g., for our marketing purposes, you can object against it. We will consider your request and, if there are no compelling interests to refuse it, stop the processing for such purposes;

• Access your information. You have the right to know if we process your information; obtain disclosure regarding certain aspects of the processing; and obtain a copy of the information undergoing processing.

• Verify your information and seek its rectification. If you find that we process inaccurate or out-of-date information, you can verify the accuracy of your information and/or ask for it to be updated or corrected;

• Restrict the processing of your information. When you contest the accuracy of your information, believe we process it unlawfully or want to object against the processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent. In this case, we will not process the information for any purpose other than storing it until the circumstances of restriction cease to exist;

• Ask us to delete/destroy/otherwise remove your information. If we are not obliged to keep the data for legal compliance, we will remove your information upon your request; and

• Ask us to transfer your information to another organisation if we process the information based on your consent or on the necessity to perform the contract.

You can complete the request to exercise your right by contacting us at privacy@mimi.health

If you believe that our use of personal information violates your rights, you can lodge a complaint with the competent data protection authority.

+ Security of Information

We take necessary and sufficient measures to protect your information from unauthorised or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.

Internally, immediate access to the data is only allowed to our authorised employees involved in maintaining our website and Hearing Test, and conducting other processing activities. Those employees include the backend software developer and research employees engaged in the processing, as well as our safety officer. Such employees keep strict confidentiality and prevent unauthorised third-party access to personal information.

Third-party services

Our Website may contain links to third-party services and platforms, including those posted by our partners and affiliate companies. Although we choose our partners thoroughly and diligently, we cannot be responsible for the content, terms and conditions or privacy policies of third-party services.

We encourage users to be aware when they leave our Website and to read the privacy statements of the services that collect personally identifiable information.

Third-party websites may contain their own cookies. We are not responsible for their usage of cookies.

+ Changes to This Notice

We may update this privacy notice from time-to-time by posting a new version on our website. We advise you to check this page occasionally to ensure you are happy with any changes. However, we will endeavour to provide you with an announcement about any significant changes.