Privacy Notice - Hearing Number App

Last Updated: 12 November 2024

The Hearing Number app (“App” or “HNA”) was created by the Johns Hopkins Bloomberg School of Public Health and developed under contract by Mimi Hearing Technologies GmbH. The App enables iOS and Android users to learn their Hearing Number, which is also known as the four-frequency pure tone average, or PTA4. Measurement of the Hearing Number with this App meets ANSI/CTA-2118 (Four Frequency Pure Tone Average Testing Methodology and Hearing Wellness Reporting Metric for Consumer-Facing Hearing Solutions). This standard describes the assessment and use of the PTA4 as a common hearing metric for consumer-facing devices in order to establish consistent terminology around hearing wellness and promote awareness of hearing wellness across the life course.

The terms “we”, “us”, “our”, and “Mimi” refer to “Mimi Hearing Technologies GmbH”, a German company with limited liability and its offices at Boxhagener Str. 82, 10245 Berlin. Learn more about the Hearing Number and how to use it at www.HearingNumber.org.

This notice describes how the App collects only essential anonymized data required for smooth functionality, performance improvements, and issue fixes.

We are committed to safeguarding the privacy of our users. We are not collecting personal data and therefore will not misuse such.

How to reach us?

Mimi Hearing Technologies GmbH
Registered address: Boxhagener Str. 82, 10245 Berlin, Germany
Contact email address: privacy@mimi.io

Johns Hopkins Bloomberg School of Public Health
Registered address: 615 N. Wolfe St., Baltimore, Maryland, 21205 USA
Contact email address: support@hearingnumber.org

You may also contact our appointed Data Protection Officer:
Fresh Compliance GmbH
Philipp Heindorff
Schönhauser Allee 43a
10435 Berlin, Germany
info@freshcompliance.de

Microphone Permission

In order to take the hearing test, we need a Microphone Permission from your device for capturing the sounds around you.

Acceptable Age

We do not intend to collect nor process the data of individuals under 18 years old. Minors require their parents’ or legal guardians’ approval to download or use the App. 

1. Data we collect from you

1.1 Hearing Number App

1.1 Hearing Number App

When you access the App you can take the hearing test without registering an account.

At this point, we will assign a randomly generated ID to you, which will allow us to distinguish your records from others, but this does not allow us to understand who you are in any way. Therefore, we consider your test results to be anonymized. 

1.1.2 Data processed by taking hearing tests

Processing activity

Purpose

Data points

Headphone correction

Allows us to provide more accurate test results.

Connection Type

Category

Name

Manufacturer

Results delivery

Delivering the results by the App to the user.

Hearing test results

– Hearing Number

Debugging analysis

Allows us to collect (and analyze) aggregated crash logs from the Apple Store and Google Play for debugging purposes.

Host Device Type and Model

Host Operating System and Version

Host Region and Language

Host Device Audio Sample Rate

Runtime Headphones info (Connection Type (wired/Bluetooth/disconnected), Identification)

Runtime Ambient Noise information

Improving the App

Improvement of the app/product (device info).

Host Device Type and Model

Host Operating System and Version

Host Region and Language

Host Device Audio Sample Rate

Runtime Headphones info (Connection Type (wired/Bluetooth/disconnected), Identification)

Runtime Ambient Noise information

Full Mixpanel list of events

Gathering backend system and application logs

 

Monitoring the performance, alerting on system misbehavior, visualizing analytics data, debugging individual problems, and business Intelligence.

User location, Country, City, User IP (it identifies the network, not the individual user device), User unique identifier (anon_id), User device operating system and OS version, HTTP referrer (the URL of the page that referred them to our API), Timestamps of app/backend interactions, Partner client unique identifier, this identifies the app they are using.

 

Gathering backend server, application and business metrics

 

Monitoring server, application and business performance using aggregated anonymous data.

Used for visualization and alarms for maintenance purposes, and for Business Intelligence.

Partner client unique identifier, this identifies the app they are using, All backend metrics in our metrics database (influx) are not linked to any individual user, Data in our analytics database (ADA) are linked to the user’s internal unique id. This includes:

User’s hearing test result data.

1.1.3 Legal basis for processing

Processing activity

Legal base

Available rights

Headphone correction

Performance of a contract

GDPR Art. 6.1.b.

Access, rectification, erasure, restriction, portability and to object.

Delivering test results (via app)

Performance of a contract

GDPR Art. 6.1.b.

Access, rectification, erasure, restriction, portability and to object.

Debugging analysis

Legitimate interest

GDPR Art. 6.1.f. 

Access, rectification, erasure, restriction and to object.

Improving the App

Legitimate interest

GDPR Art. 6.1.f. 

Access, rectification, erasure, restriction and to object.

Displaying hearing test results

Consent

GDPR Art. 6.1.a)

Access, rectification, erasure, restriction, portability and to object.

Gathering backend system and application logs

 

Legitimate interest

GDPR Art. 6.1.f. 

Access, rectification, erasure, restriction, and to object.

Gathering backend server, application and business metrics

 

Legitimate interest

GDPR Art. 6.1.f. 

Access, rectification, erasure, restriction and to object.

Analytics (Gathering mobile application events)

Legitimate interest

GDPR Art. 6.1.f.

Access, rectification, erasure, restriction and to object.

1.1.4 Storage periods and deletion

To ensure the implementation of legal requirements, we have developed internal deletion processes and a deletion concept, which guarantees that personal data, for which no legal retention period exists, are deleted according to the requirements of the storage limitation pursuant to Art. 5 1 e) GDPR. If you would like more information about individual storage periods, you can request this at any time at the e-mail address mentioned above.

1.1.5 Communications with us

Occasionally, we collect user feedback and provide technical support if you have any inquiries regarding the Hearing Number App. We use this information to provide you with the help you might need, fix and improve our services, and analyze our efficiency in marketing and product efforts, including by creating statistics of inquiries. We will store your communications with us for our legitimate interests and further analysis, we will store the data for 365 days after the last communication with you. If we need to further use this information, we will fully anonymize it first.

2. Third-party Access to Information

2.1 Third-party service providers

The following categories of third-party providers are used to enable the work of the App:

  • Email notification provider (for support purposes);
  • Client Relationship Management software provider, by means of which we manage our communications with users;
  • Cloud storage providers.

 

The involvement of email notification and cloud storage providers implies the transfer of personal data outside of the European Economic Area. To ensure compliance with data protection requirements on international transfers, the Standard Contractual Clauses (SCC) as adopted by the European Commission are signed with these providers. If you would like to obtain a copy of the SCC signed with the service providers, feel free to contact us by the means provided at the beginning of this document. 

Please note, that the third-party providers can only process your data on our behalf and do not use it for their own purposes.

2.2 Analytics

We use the technology of Mixpanel, Inc (405 Howard St, Floor 2, San Francisco, CA 94105, USA) (“Mixpanel”) to perform statistical analyses that enable us to optimize product functions and make them more appealing.

For our products related to internet security, Mixpanel uses cookies to record the type of browser you are using, your operating system, your language settings, the search terms you enter and your IP address, and then to transmit this data to a Mixpanel server. We only receive your IP address from Mixpanel in anonymized form to ensure that your privacy remains protected.

As a protective measure, the data is not evaluated on the basis of your person, but only on a statistical basis. We have also concluded a special data protection agreement that stipulates the protection of your data through technical and organizational security measures. As Mixpanel is based in the USA, further security measures are required to ensure an adequate level of data protection. We have therefore concluded so-called EU standard contractual clauses with Mixpanel. The purpose of using Mixpanel is the anonymized analysis of your usage behavior on our websites. The insights gained from this help us to improve our offering. The legal basis is consent in accordance with Art. 6 para. 1 lit. a GDPR. In addition, a data processing agreement has been concluded in accordance with the requirements of Art. 28 GDPR.

3. Local storage

The following information is processed from the devices and stored in local storage, based on the device’s operating system.

  1. User Auth Token and User Object stored in the Keychain.
  2. Images of loaded headphones are cached in the UserDefaults storage.
  3. Data persisted by the Mixpanel SDK.
  4. Cached MSDK Remote configuration data (available hearing test paradigms).

 

This information is stored until the user deletes the Hearing ID.

4. Your rights

To maintain control of your data, you may exercise certain rights regarding your information. In particular, you have the right to:

  • Object to the processing of your information. If we process your information in our legitimate interests, e.g., for our marketing purposes, you can object against it. We will consider your request and, if there are no compelling interests to refuse it, stop the processing for such purposes;
  • Access your information. You have the right to know if we process your information; obtain disclosure regarding certain aspects of the processing; and obtain a copy of the information undergoing processing.
  • Verify your information and seek its rectification. If you find that we process inaccurate or out-of-date information, you can verify the accuracy of your information and/or ask for it to be updated or corrected;
  • Restrict the processing of your information. When you contest the accuracy of your information, believe we process it unlawfully or want to object against the processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent. In this case, we will not process the information for any purpose other than storing it until the circumstances of restriction cease to exist;
  • Ask us to delete/destroy/otherwise remove your information. If we are not obliged to keep the data for legal compliance, we will remove your information upon your request; and
  • Ask us to transfer your information to another organization if we process the information based on your consent or on the necessity to perform the contract.

 

You can complete the request to exercise your right by contacting us at privacy@mimi.io

If you believe that our use of personal information violates your rights, you can lodge a complaint with the competent data protection authority which can be contacted here: 

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61, 10555 Berlin, Germany
Phone: +4930138890, Email: mailbox@datenschutz-berlin.de

5. Security of Information

We take necessary and sufficient measures to protect your information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.

Internally, immediate access to the data is only allowed to our authorized employees involved in maintaining the App and conducting other processing activities. Those employees include our backend software developer and research employees, as well as our safety officer. Such employees keep strict confidentiality and prevent unauthorized third-party access to personal information.

6. Changes to This Notice

We may update this privacy notice from time-to-time by posting a new version on our website and/or App. We advise you to check this page occasionally to ensure you are happy with any changes. However, we will endeavor to provide you with an announcement about any significant changes.