This notice describes how we collect and process users’ data through the Mimi Hearing Test Application (“Mimi App” or “HTA”).
The terms “we”, “us”, “our”, “Mimi” refer to “Mimi Hearing Technologies GmbH”, a German company with limited liability and its offices at Boxhagener Str. 82, 10245 Berlin. If you would like to access our Terms and Conditions, please visit the following link: https://www.mimi.io/terms.
Mimi Hearing Technologies would like to provide you with information about the processing of your personal data for the use of the services provided to you as a result of your use of the Hearing Test Application. By your use of Mimi Hearing Test Services you consent to the processing of your personal data, if any, for the purposes set out in this Privacy Policy.
We are committed to safeguarding the privacy of our users. We will not misuse your data.
Who are we?
From the data protection perspective, we act as a data controller for the information collected through the Mimi App.
You can contact us at:
Mimi Hearing Technologies GmbH
Registered address: Boxhagener Str. 82, 10245 Berlin, Germany
Contact email address: privacy@mimi.io
You may also contact our appointed Data Protection Officer:
Fresh Compliance GmbH
Philipp Heindorff
Fürbringerstr. 15
10961 Berlin
info@freshcompliance.de
Microphone Permission
In order to take the hearing test we need a Microphone Permission from your device for capturing the sounds around you.
Acceptable Age
We do not intend to collect nor process the data of individuals under 18 years old. Only individuals who are already 18 years old may use the hearing test and provide information to us. Minors require their parents’ or legal guardians’ approval. If we become aware that someone under the age of 18 has provided or attempted to provide us their personal data and/or registered an account, we will use our best efforts to remove the information permanently from our files and delete this account.
1. Data we collect from you
1.1 Mimi App
1.1.1 Hearing test without account registration.
When you access Mimi App you can take the hearing test without registering an account. At this point, we will assign a randomly generated ID to you, which will allow us to distinguish your records from others, but this does not allow us to understand who you are in any way. Therefore, we consider your test results to be anonymised unless you register the account.
1.1.2 Hearing test with account registration
As soon as you create the account, we will be able to identify you and thus our activities will be considered personal data processing.
We use your account information to
- create and maintain your user account, including securing the access to it by password;
- allow you to access your historical hearing tests, switch devices, delete your test results from the HTA and – if applicable in the respective operating system and/or country – export from the HTA and from other devices implementing Mimi SDK (such as headphones from other providers);
- contact you regarding the work of Mimi and/or your account in regards to any data breaches or support on app instructions;
- provide you with technical support;
- based on your consent, to send you marketing emails.
You can register an account to keep and later access your hearing test results. For this purpose, we will collect your email address, password, and nickname to assign them to your user ID. In order to make it possible for you to compare your test results and any changes in your hearing capability, the test results and account data will be stored for seven years unless you request the deletion of your account data. We will inform you of the upcoming deletion before this period expires.
1.1.3 Data processed by taking hearing tests with a registered account
Processing activity | Purpose | Data points |
Requesting account registration | Verifying identity of the person through email ownership to connect (if available in the last 7 days) their anonymous data to a registered account. | Email address |
Creating an account | Restoring historical tests, switching devices, deleting and exporting data, sending transactional email. | Email address Password Name/Nickname/ Pseudo |
Sound personalization | Providing personalization based on the hearing test results. | Hearing test result, sound calibration |
Headphone correction | Allows Mimi to provide more accurate test results. | Connection Type Category Name Manufacturer IP address (3/4 of IP address – not enough to deanonymize) & Timestamps (tracking analytics – Nginx & Mixpanel) full list of Mixpanel data points collected |
Delivering test results (via app) | Delivering the results by the app to the user (account creation needed). | Hearing test results – Hearing Loss Grade – Hearing Number – Hearing Capacity – Hearing Sensitivity (if applicable in respective OS/Country) |
Conducting research on account-related data | Understanding how hearing decays over time and improvement of the product. | Hearing test results – Hearing Loss Grade – Hearing Number – Hearing Capacity – Hearing Sensitivity (if applicable in respective OS/Country) |
Debugging analysis | Allows Mimi to collect (and analyse) aggregated crash logs from the Apple Store for debugging purposes. | Host Device Type and Model Host Operating System and Version Host Region and Language Host Device Audio Sample Rate Runtime Headphones info (Connection Type (wired/Bluetooth/disconnected), Identification) Runtime Ambient Noise information |
Improving the App | Improvement of the app/product (device info). | Host Device Type and Model Host Operating System and Version Host Region and Language Host Device Audio Sample Rate Runtime Headphones info (Connection Type (wired/Bluetooth/disconnected), Identification) Runtime Ambient Noise information |
Improving the App | Improvement of the app/product using demographic data. | User’s Year of Birth and Gender |
Sending marketing emails | Providing marketing updates to interested parties. | First Name, Last Name, Email |
Sharing data with partners (identified users) | Analysis of the hearing test results taken within the partner integration. | Hearing test results (no raw HT data) Timestamp of the HT Versions of SDK, engine, OS |
Displaying hearing test results | Displaying hearing test results within the Partner integration. | Hearing test result |
Giving test feedback | Allowing users to provide feedback about the hearing test and app. | Age category, Operating system on user’s device |
Providing user support | Allow end-users to communicate the issues they have with the app and to help resolve these issues. | Name, email address, user ID |
Gathering backend system and application logs | Monitoring the performance, alerting on system misbehaviour, visualising analytics data, debugging individual problems, and business Intelligence. | User location, Country, City, Approximate user postal code, User year of birth, if provided, User nickname, if provided, User IP, only the first 3 octets. This identifies the network, not the individual user device, User unique identifier (anon_id), User device operating system and os version, HTTP referrer (the URL of the page that referred them to our API), Timestamps of app/backend interactions, Partner client unique identifier, this identifies the app they are using. |
Gathering backend server, application and business metrics | Monitoring server, application and business performance using aggregated anonymous data. Used for visualisation and alarms for maintenance purposes, and for Business Intelligence. | User calculated the “hearing age” (internal concept). It’s a rough representation of the user’s hearing ability, Partner client unique identifier, this identifies the app they are using, All backend metrics in our metrics database (influx) are not linked to any individual user, Data in our analytics database (ADA) are linked to the user’s internal unique id. This includes: User’s hearing test result data, User’s email (encrypted), User’s password (one-way hashed and salted) |
Conducting analytics (Gathering mobile application events) | Maintenance of the Mimi solution. Debugging mobile SDK and backend services. Business intelligence based on analytics data. | User device and application information |
1.1.4 Legal basis for processing
Processing activity | Legal base | Available rights |
Requesting account registration | Performance of a contract GDPR art. 6.1.b. | Access, rectification, erasure, restriction, portability and to object. |
Creating an account | Performance of a contract GDPR art. 6.1.b. | Access, rectification, erasure, restriction, portability and to object. |
Sound personalization | Consent GDPR Art. 6.1.a) | Access, rectification, erasure, restriction, portability and to object. |
Headphone correction | Performance of a contract GDPR art. 6.1.b. | Access, rectification, erasure, restriction, portability and to object. |
Delivering test results (via app) | Performance of a contract GDPR art. 6.1.b. | Access, rectification, erasure, restriction, portability and to object. |
Debugging analysis | Legitimate interest GDPR Art. 6.1.f. | Access, rectification, erasure, restriction and to object. |
Improving the App | Legitimate interest GDPR Art. 6.1.f. | Access, rectification, erasure, restriction and to object. |
Improving the App (demographic data) | Legitimate interest GDPR Art. 6.1.f. | Access, rectification, erasure, restriction and to object. |
Sending marketing emails | Consent GDPR Art. 6.1.a) | Access, rectification, erasure, restriction, portability and to object. |
Sharing data with partners (identified users) | Consent GDPR Art. 6.1.a) | Access, rectification, erasure, restriction, portability and to object. |
Displaying hearing test results | Consent GDPR Art. 6.1.a) | Access, rectification, erasure, restriction, portability and to object. |
Giving test feedback | Consent GDPR Art. 6.1.a) | Access, rectification, erasure, restriction, portability and to object. |
Providing user support | Performance of a contract GDPR art. 6.1.b. | Access, rectification, erasure, restriction and to object. |
Gathering backend system and application logs | Legitimate interest GDPR Art. 6.1.f. | Access, rectification, erasure, restriction, and to object. |
Gathering backend server, application and business metrics | Legitimate interest GDPR Art. 6.1.f. | Access, rectification, erasure, restriction and to object. |
Analytics (Gathering mobile application events) | Legitimate interest GDPR Art. 6.1.f. | Access, rectification, erasure, restriction and to object. |
1.1.5 Storage periods and deletion
If not specified otherwise, we delete your data as soon as they are no longer required, e.g. your e-mail address after unsubscribing from our newsletter. Your personal data will be deleted as soon as the consent allowed us to process it is revoked or other permissions no longer apply (e.g. if the purpose of processing this data no longer applies or it is not required for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes. In other words, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person.
To ensure the implementation of legal requirements, we have developed internal deletion processes and a deletion concept, which guarantees that personal data, for which no legal retention period exists, are deleted according to the requirements of the storage limitation pursuant to Art. 5 1 e) GDPR. If you would like more information about individual storage periods, you can request this at any time at the e-mail address mentioned above.
1.1.6 Communications with us
Occasionally, we collect user feedback and provide technical support if you have any inquiries regarding the work of our SDK or Mimi App. We use this information to provide you with the help you might need, fix and improve our services, and analyse our efficiency in marketing and product efforts, including by creating statistics of inquiries. We will store your communications with us for our legitimate interests and further analysis for the same period as for your account data. If you did not register the account, we will store the data for 365 days after the last communication with you. If we need to further use this information, we will fully anonymize it first.
2. Joint controllership
When you create an account through the Mimi App or non-medical SDK, the data is shared with our subsidiary company Mimi Health GmbH as a joint controller. The account data will also be used for joint research and improvement activities.
We are ultimately responsible for managing and administering the database with your account data. We ensure the technical and organisational measures for protecting the data, conclude agreements and manage relationships with service and software providers to maintain the database, and provide technical support to the users.
You can exercise your rights regarding the account by contacting us directly. Please note that you may also exercise your rights by contacting Mimi Health GmbH:
Mimi Health GmbH
Boxhagener Str. 82, 10245 Berlin, Germany
hello@mimi.health
Jointly with Mimi Health GmbH, we will store your account data for as long as you use our services and have the account.
For all of our clients and partners, a Data Processing Agreement or a Joint Controllership Agreement is incorporated into our Master Service Agreement.
3. Third-party Access to Information
3.1 Third-party service providers
The following categories of third-party providers are used to enable the work of the Mimi App:
- Email notification provider;
- Client Relationship Management software provider, by means of which we manage our communications with users;
- Cloud storage providers.
The involvement of email notification and cloud storage providers implies the transfer of personal data outside of the European Economic Area. To ensure compliance with data protection requirements on international transfers, the Standard Contractual Clauses (SCC) as adopted by the European Commission are signed with these providers. If you would like to obtain a copy of the SCC signed with the service providers, feel free to contact us by the means provided at the beginning of this document.
Please note, that the third-party providers can only process your data on our behalf and do not use it for their own purposes.
3.2 Apple Health and Health Kit
Mimi will not exchange any personal data with the Apple iOS Health App without the prior consent of the user. If the user has given their consent, the Mimi App can interact with the iOS Health App from Apple on the user’s iOS device and sync hearing test data – if applicable in the respective operating system and/or country.
The user can also sync their hearing test results from the HTA to the Apple iOS Health App – if applicable in the respective operating system and/or country.
3.3 Analytics
For the Mimi App, we use Mixpanel, a service offered by Mixpanel Inc. (www.mixpanel.com) (“Mixpanel”), to collect user data from the applications in order to better understand how users are using the application. Mixpanel is used to understand and improve activities within the app.
Further information on the Mixpanel data protection declaration can be found under the following link: https://mixpanel.com/privacy/. You can exclude tracking by Mixpanel here: https://mixpanel.com/optout/ or https://mixpanel.com/privacy/
3.4 Other Disclosures
In addition to the disclosures for the purposes identified before, we may disclose information about you:
- if we are required to do so by law, in connection with any legal proceedings or to establish, exercise or defend our legal rights; and
- in case we sell, licence or otherwise assign our company, corporate rights, Mimi or its separate parts or features to third parties.
Except as provided in this privacy notice, we will not sell, share or rent your information to third parties.
4. Local Storage
The following information is processed from the devices and stored in local storage, based on the device’s operating system.
- User Auth Token and User Object stored in the Keychain.
- Images of loaded headphones are cached in the UserDefaults storage.
- Data persisted by the Mixpanel SDK.
- Cached MSDK Remote configuration data (available hearing test paradigms).
- MSDK Sound Personalization Processing Data, including the enabled, intensity and preset settings.
- If you wish and if applicable in the respective operating system and/or country, you can sync your hearing test results with the Apple Health Kit.
- If you wish and if applicable in the respective operating system and/or country, the hearing test results PDF can be exported to other apps (chosen email addresses, messaging apps (Whatsapp, Messenger etc.), Airdrop) or to the file system. Note: The Hearing Test Results PDF file is stored in a temporary directory before it can be shared.
This information is stored until the user logs out or deletes the Mimi Hearing ID (if an account with Mimi has not been created).
5. Your rights
To maintain control of your personal data, you may exercise certain rights regarding your information. In particular, you have the right to:
- Object to the processing of your information. If we process your information in our legitimate interests, e.g., for our marketing purposes, you can object against it. We will consider your request and, if there are no compelling interests to refuse it, stop the processing for such purposes;
- Access your information. You have the right to know if we process your information; obtain disclosure regarding certain aspects of the processing; and obtain a copy of the information undergoing processing.
- Verify your information and seek its rectification. If you find that we process inaccurate or out-of-date information, you can verify the accuracy of your information and/or ask for it to be updated or corrected;
- Restrict the processing of your information. When you contest the accuracy of your information, believe we process it unlawfully or want to object against the processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent. In this case, we will not process the information for any purpose other than storing it until the circumstances of restriction cease to exist;
- Ask us to delete/destroy/otherwise remove your information. If we are not obliged to keep the data for legal compliance, we will remove your information upon your request; and
- Ask us to transfer your information to another organisation if we process the information based on your consent or on the necessity to perform the contract.
You can complete the request to exercise your right by contacting us at privacy@mimi.io
If you believe that our use of personal information violates your rights, you can lodge a complaint with the competent data protection authority which can be contacted here:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61, 10555 Berlin, Germany
Phone: +4930138890
Email: mailbox@datenschutz-berlin.de
6. Security of Information
We take necessary and sufficient measures to protect your information from unauthorised or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.
Internally, immediate access to the data is only allowed to our authorised employees involved in maintaining the Mimi App and conducting other processing activities. Those employees include our backend software developer and research employees, as well as our safety officer. Such employees keep strict confidentiality and prevent unauthorised third-party access to personal information.
7. Third-party services
The Mimi App may contain links to third-party services and platforms, including those posted by our partners and affiliate companies. Although we choose our partners thoroughly and diligently, we cannot be responsible for the content, terms and conditions or privacy policies of third-party services.
We encourage users to be aware when they leave the Mimi App and to read the privacy statements of the services that collect personally identifiable information.
Third-party websites may contain their own cookies. We are not responsible for their usage of cookies.
8. Changes to This Notice
We may update this privacy notice from time-to-time by posting a new version on our website and/or Mimi App. We advise you to check this page occasionally to ensure you are happy with any changes. However, we will endeavour to provide you with an announcement about any significant changes.