top of page

Privacy Policy

The topic of data protection is a core value of SkinTech Corp. GmbH. We strive to make the subject as transparent as possible and explain what data is used for and how. Data is handled responsibly and only within the scope of applicable data protection laws, especially the EU General Data Protection Regulation (EU GDPR).

In particular, we constantly work to improve the SQIN app and all related offers and services, tailoring them better to users' needs. This can only succeed by observing and analyzing how these offers and services are used. Below, the user is fully informed about what happens with their data—especially what, how, and why. All information required under the EU GDPR is also provided here.

Responsible for the protection of personal data and compliance with the EU GDPR is SkinTech Corp. GmbH, Zimmerstraße 50, 10117 Berlin (hereinafter briefly: “SQIN” or the “Provider”). It operates the above-mentioned services. Further contact details, contacts, and mandatory information can be found in the imprint or on the website http://www.sqin.co as well as inside the SQIN app.

If you have questions about data protection or wish to exercise your data protection rights (see below), you can contact the data protection officer of SkinTech Corp. GmbH at info@sqin.co or by postal mail at SkinTech Corp. GmbH, Zimmerstraße 50, 10117 Berlin.

This privacy policy applies to all online offers and services available under the brand “SQIN”: the SQIN smartphone app for iOS and Android, the SQIN app website under www.sqin.co, and other domains referring thereto. These offers and services are hereinafter simply called “Services.”

Contents:

  • Summary at a glance

  • I. What data is collected when using SQIN Services?

  • II. Why is this data processed?

  • III. Is data shared with third parties or transferred outside the EU?

  • ► User rights as a data subject

  • ► Details of data processing
    A. Data processing for providing SQIN Services
    B. Improvement of SQIN Services
    C. Optimization of communication and marketing channels

  • ► Changes to the privacy policy

  • ► Contact persons and data protection officer

Summary at a glance

I. What data is collected when using SQIN Services?

  • Direct input of personal data (“clear data”): When registering, logging in, buying premium content, or using contact forms for support, personal data is collected (e.g., name, email, password). For paid services, additional contact and payment data may be collected. Users may voluntarily provide additional personal info in their profile. There are no special services for children.

  • Data enrichment: Data may be enriched based on usage patterns, e.g., assuming interest if a user started a unit to remind them to continue.

  • Data provision by third parties: Some personal data may be received from third parties, e.g., when logging in via Facebook.

  • Pseudonymized data: Data that does not directly identify users but may track behavior under a pseudonym for app usage analysis, e.g., screen clicks.

II. Why is this data processed?

  • Personalization: Show user progress, recommend relevant content, notify about offers.

  • Optimization: Improve services by analyzing user behavior.

  • Operation security: Detect and prevent attacks, ensure system stability, avoid unwanted emails.

  • Financing: Process premium content orders, provide personalized discounts.

  • Customer relationship and direct marketing: Inform about new offers and features.

  • Fraud prevention and address verification.

  • Compliance with legal obligations, including tax and commercial laws.

Processing is lawful based on user consent, contract fulfillment, legal obligations, or legitimate interests as per GDPR Article 6(1)(a), (b), (c), and (f). Users can revoke consent or object to processing.

III. Is data shared with third parties or transferred outside the EU?

SQIN does not sell or rent personal data. Some service providers may access data strictly under GDPR-compliant contracts and safeguards, including transfers to non-EU countries under standard contractual clauses. Some data may be further processed independently by third parties, e.g., Facebook when using Facebook login.

App Permissions

  • Camera access is required to take anamnesis photos and is only used for that purpose.

  • Access to storage is needed to upload photos from the gallery.

  • Optional push notification consent for treatment status updates.

  • iOS users are asked for consent to track activity for marketing (Apple Search Ads).

User rights as a data subject

Under the GDPR, users have rights to access, correct, delete, restrict processing, data portability, revoke consent, object to processing, and file complaints with data protection authorities.

Detailed data processing

A. Data processing to provide SQIN Services

  • Account registration and profile management with email address.

  • Data stored with Google Ireland Limited under GDPR-compliant contracts. Users may request deletion or opt-out anytime.

B. Data processing upon app installation

  • Certain technical data (e.g., time of access, IP address, device info) collected and stored for 30 days for system security and smooth operation.

C. Data processing with adjust (marketing analytics)

  • Adjust analyzes app interaction data, such as app access times, device info, location, demographics, and advertising IDs, with user consent.

  • Data sent to Google Analytics and adjust GmbH, including servers in the USA with standard contractual clauses to ensure data protection.

  • Users can reset or disable advertising IDs anytime.

Your Right to Withdraw Consent
You have the right to withdraw your consent at any time. The withdrawal of your consent to processing activities for user behavior analysis using Google Analytics can be made within our app via the menu under "Marketing Analysis" by deactivating the "Marketing Analysis" function under Menu > Edit Account > Marketing Analysis. The legality of the processing carried out based on your consent until withdrawal is not affected.

Data Processing for User Account

Purpose
For the purpose of creating and managing a user account, we process the following data about you.

Data Types
When creating your user account, we process the data you provide to set up and manage the account and enable you to use the teledermatology consultation services we offer.
When you log into the app, a session identifier is stored locally on your device, which uniquely and immutably identifies you for all subsequent requests.

Legal Basis
The legal basis for processing related to this is your user agreement with us for the use of our app, according to Art. 6 para. 1 lit. b GDPR.

Necessity
Creating a user account for teledermatology consultation via the "SQIN" app is a technical and organizational measure to ensure the secure processing of your data in accordance with data protection requirements and to guarantee protection of your rights as a data subject. Without a user account, you cannot use the teledermatology consultation service.

Storage Duration
We store the session identifier of your user account until you log out, uninstall the app, or a verification fails. The session identifier is valid for a maximum of one year, after which a new identifier is automatically assigned.

Recipients
We use a server located in Germany for providing the app’s database and storing your doubly encrypted patient records.

Data Processing for Teledermatology Consultation

Purpose
The purpose of processing your data is to conclude and carry out a treatment contract between you and the dermatologists, as well as for billing purposes.

Data Types
To process your request, you must provide the treating dermatologist with the following information:

  • Name

  • First name

  • Date of birth

  • Gender

  • Address

  • Email

  • Photos of the skin condition

  • Answers to the provided questionnaire (including photos of medical reports, medication lists, allergy passes)

  • Responses to dermatologist’s follow-up questions

If the dermatologist requires additional personal data for the treatment contract, they collect it directly from you.

For quality assurance of diagnoses, treating dermatologists may consult an interdisciplinary expert panel if an expert opinion is needed.

Legal Basis
The legal basis for processing your data by SkinTech Corp. GmbH as responsible for the SQIN app is your user agreement with us according to Art. 6 para. 1 lit. b in conjunction with your consent to the processing of your health data under Art. 9 para. 2 lit. a GDPR.
For the treatment contract with the dermatologists within the SQIN app, the legal basis is Art. 9 para. 4 GDPR in conjunction with § 22 para. 1 lit. b BDSG and Art. 9 para. 2 lit. h and para. 3 GDPR in conjunction with §§ 630a ff. BGB.

Necessity
Processing the above data is necessary for teledermatological consultation. Without this information, your request cannot be processed.

The app requires camera access to create images of your skin condition. If you upload images from your gallery, the app needs storage access.

Storage Duration
Your patient record is stored for ten years after treatment completion in accordance with statutory retention periods (§ 630f para. 3 BGB).

Recipients
Your doubly encrypted patient record is stored on a server located in Germany.

The assessing dermatologist receives relevant medical information to make a diagnosis. If needed, the interdisciplinary expert panel (including specialists in ENT, gynecology, urology, ophthalmology, rheumatology, etc.) may be consulted.

If medical follow-up is required or desired, it is performed by medical staff on behalf of the dermatologists, who contact patients via the app or phone.

Contact Form and Support Requests (via Email Service Provider)

When you contact the SQIN app, Google Ireland Limited (Google) processes your contact data and inquiry content. Emails and contact forms may include communication and contract data as well as user history. Requests submitted via the app store contact form are sent to the provider via email and treated confidentially. Data is stored for follow-up and evidence of successful handling.

Processing is based on legitimate interests, solely to answer your inquiry.

SkinTech Corp. GmbH has a data processing agreement with Google Ireland Limited, which processes data strictly under SkinTech’s instructions, possibly outside the EU/EWR (especially in the USA) under EU standard contractual clauses.

Deletion requests and newsletter unsubscribe requests are stored for proof of processing and deleted after 13 months.

Opt-out: User inquiries are deleted after 5 years or immediately upon direct request to info@sqin.co.

If data must be retained longer for legal reasons (e.g., tax laws), data is blocked or restricted accordingly.

Data Processing for AI-Supported Processes

If you consent to processing related to research on AI-supported teledermatological diagnosis during registration or account settings, your uploaded photos and completed questionnaires are used for AI research aimed at improving teledermatological diagnosis to help future patients faster and better.

Data is processed confidentially in a specialized IT lab in Germany under strict security.

Legal Basis
Your consent under Art. 9 para. 2 lit. a GDPR.

Storage Duration
Data is used until you revoke consent.

Recipients
Data stored on a server in Germany; AI research conducted exclusively in Germany under confidentiality and high security.

Right to Withdraw
You can withdraw consent anytime in app settings under “Product Development.” Previous processing remains lawful.

Data Processing for Payment Transactions

Payment related to your invoice for teledermatology consultation is processed jointly by SQIN app controllers.

Payment options include PayPal and Stripe (credit card and Apple Pay).

Purpose
Processing payment transactions related to your invoice.

Data Types

  • Case ID

  • Transaction ID

  • Date

  • Amount

  • Payment gateway (Stripe or PayPal)

  • For PayPal, additionally PayPal email and name

Legal Basis
Your consent for billing and data transfer for payment collection to SkinTech Corp. GmbH under Art. 9 para. 2 lit. a GDPR.

Storage Duration
Invoices and documents are stored for ten years per legal obligations (§ 147 para. 3 AO).

Recipients
Data transmitted encrypted to payment service Braintree (PayPal product). PayPal processes data as controller and may share with third parties as needed.

Apple Pay processing details at https://support.apple.com/de-de/HT201469.

Right to Withdraw
You can withdraw consent anytime via info@sqin.co. Withdrawal stops treatment.

Data Processing for Prescription Delivery

For locating and selecting pharmacies for prescription delivery, the Google Maps API is used.

Data Types

  • Search query data

  • Target pharmacy

  • Pharmacy address and fax number

Patient address is sent to Google Maps API for nearest pharmacies search; only the provider’s IP is sent.

Legal Basis
Legitimate interest to enable easy prescription shipping per Art. 6 para. 1 lit. f GDPR.

Storage Duration
Pharmacy address stored for ten years with your prescription per patient record law (§ 630f para. 3 BGB).

Recipients
Data sent to Google Ireland Limited (Ireland) and Google LLC (USA) under standard contractual clauses.

Prescription sent to chosen pharmacy.

Data Processing for Medication Delivery

You can send your prescription to the pharmacy for direct medication purchase and home delivery via the SQIN app.

Data Types

  • Patient master data (name, address, birth date, phone)

  • Prescription details (dosage, package size, intake instructions)

  • Prescribing doctor’s contact info

Legal Basis
Your consent for health data transmission to the pharmacy under Art. 9 para. 2 lit. a GDPR.

Storage Duration
Transmission record stored for ten years per patient record law (§ 630f para. 3 BGB).

Recipients
Data stored on a server in Germany; pharmacy acts as independent data controller.

Data Processing for Push Notifications

If you consent to receiving push notifications, you get alerts about treatment status changes (diagnosis completion, prescription availability, payment reminders, follow-up requests).

Your device registers with platform push services (Apple Push Notification for iOS, Google Cloud Messaging for Android), creating a registration token to route messages.

Legal Basis
Your consent under Art. 6 para. 1 lit. a GDPR.

Storage Duration
Registration data stored until app uninstall.

Recipients
Push notifications sent via Apple Inc. (USA) and Google LLC (USA) services.

Your Right to Withdraw Consent
You can withdraw your consent to receive push notifications at any time via your app settings.
You can also withdraw your consent to receive push notifications at any time via your device’s operating system as follows:

  • Apple devices: Settings > SQIN > Notifications;

  • Android devices: Settings > Applications or Apps > SQIN > Uncheck “Notifications.”

Data Processing Related to Aftercare

Purpose
We operate a patient support system for aftercare, which collects feedback from you about your treatment and symptom development. Based on your feedback, we can monitor the therapy’s success, adjust your treatment if necessary, or make recommendations. This serves quality assurance of aftercare and especially optimizes the treatment plan to ensure a positive course of treatment.
Aftercare is only possible if you provide us with your phone number.

Data Types
The following data types are processed during aftercare:

  • Your patient data (name, address, date of birth, gender, photos, medical history questionnaire, diagnosis, and therapy recommendation)

  • Date of inquiry

  • Your phone number

  • Answers to the provided questionnaire (including photos of medical reports, medication lists, allergy passes)

  • Responses to dermatologist’s follow-up questions

Legal Basis
For SkinTech Corp. GmbH as jointly responsible with the dermatologists for the SQIN app, the legal basis is your user agreement with us according to Art. 6 para. 1 lit. b in conjunction with your consent to the processing of your health data under Art. 9 para. 2 lit. a GDPR.
For the dermatologists, as joint controllers with SkinTech Corp. GmbH, the legal basis is your treatment contract with the dermatologists pursuant to Art. 9 para. 4 GDPR in conjunction with § 22 para. 1 lit. b BDSG and Art. 9 para. 2 lit. h (variants 3 and 6) GDPR, Art. 9 para. 3 GDPR, and §§ 630a ff. BGB.

Necessity
Aftercare is necessary within the scope of dermatological treatment, particularly for quality assurance of diagnoses and therapy suggestions. It is an optional service and not mandatory. You will not be disadvantaged if you choose not to participate.

Storage Duration
Your patient record is stored for ten years after treatment completion in accordance with statutory retention periods (§ 630f para. 3 BGB).

Recipients
Data processed during aftercare is handled by medical staff on behalf of the dermatologists.
Patient records are stored on a server located in Germany.

Data Processing for Newsletters

Purpose
Our newsletters provide you with news about SQIN as well as recommendations and information in the fields of dermatology and everyday life topics.

Data Types
To receive the newsletter, only your email address is required. We process the time of your newsletter subscription and the IP address assigned by your Internet Service Provider (ISP), which we convert into an anonymized user ID. This helps detect if someone has misused your email address to subscribe.

Legal Basis
Your consent under Art. 6 para. 1 lit. a GDPR.

Storage Duration
We use your email address to send newsletters until you withdraw your consent.
To comply with data protection accountability obligations (Art. 5 para. 2 GDPR), we keep a deletion log of your email unsubscribe request for up to three years. This is based on our legal obligation (Art. 6 para. 1 lit. c GDPR).

Recipients
We use a German data processor with a German server location for email services.
Our app’s database is hosted on a server in Germany.

Data Types Processed for Newsletter Analytics

  • Email open and click behavior (open and click rates within the newsletter)

  • Device type (desktop, tablet, mobile)

  • Whether you are a user or patient of our app

  • Time and date of your access to specific newsletter emails

  • Redirect URL (websites you open via newsletter links)

Legal Basis
Our legitimate interest under Art. 6 para. 1 lit. f GDPR to provide a targeted and user-friendly newsletter.

Storage Duration
Data stored until newsletter unsubscription. Deletion logs are kept for up to three years per legal obligation.

Data Processing for Review Requests

Purpose
To ask existing customers for reviews, you will receive a one-time review request after each treatment, helping us improve our services based on your feedback.

Data Types
We process your email address provided during registration in the SQIN app for sending review requests.

Legal Basis
Our legitimate interest (Art. 6 para. 1 lit. f GDPR) to improve services via personalized direct marketing.

Storage Duration
Email address used for sending review requests until you object to its use for direct marketing.
Upon user account deletion, your email address will be deleted and no further direct marketing will be sent.

Recipients
Our app’s database hosted on a server in Germany.

Data Processing for Mailings

Purpose
To keep existing customers informed about offers and services, provide valuable content, and request reviews. User behavior is analyzed for targeted design and optimization of mailings and services.

Data Types

  • Email open and click behavior

  • Device type

  • User or patient status

  • Time and date of newsletter access

  • Redirect URLs

Legal Basis
Legitimate interest (Art. 6 para. 1 lit. f GDPR) for personalized direct marketing.

Storage Duration
Emails removed from direct marketing upon objection; deletion logs kept for three years.

Recipients
German data processor and app database server in Germany.

Data Processing for Contact Form Submissions

Purpose
You can contact us anytime via the app’s contact form for questions related to app use, if logged into your account.

Data Types
User ID, case ID, and message content; additional info provided voluntarily.

Legal Basis
User agreement with SkinTech Corp. GmbH (Art. 6 para. 1 lit. b GDPR) plus your consent for health data processing (Art. 9 para. 2 lit. a GDPR).

Storage Duration
If related to treatment contract, data kept in patient record for ten years (§§ 630a ff. BGB). Otherwise, data deleted after inquiry resolution.

Recipients
App server located in Germany.

Data Processing for Contact by Phone or Email

Purpose
You may contact us via email or phone listed on our website. Please do not send health data via these channels.

Data Types
Email or phone number you provide, plus any voluntarily shared info necessary for your inquiry.

Legal Basis
Contract fulfillment or pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

Storage Duration
If related to treatment contract, data kept in patient record for ten years. Otherwise deleted after inquiry completion.

Recipients
German data processor for email services.

Data Processing with Meta (Facebook and Instagram)

Purpose
We use Facebook Pixel to advertise on Facebook and Instagram for users who visited our website or showed interest in related topics.
Facebook is informed when you interact with our ads or website.

Data Types
Access time and location, activity status, recurring user status, demographics (gender, age, interests), language, device model, and OS. If you have Facebook/Instagram accounts, data linked to your profile. If not, Facebook stores your IP and identifiers.

Legal Basis
Your explicit consent (Art. 6 para. 1 lit. a GDPR) given via cookie banner selection.

Storage Duration
24 months.

Recipients
Facebook Ireland Ltd., under a data processing agreement, standard contractual clauses for international data transfers.

Data Processing with TikTok

Purpose
TikTok Pixel is used to show ads to TikTok users interested in our services and analyze campaign effectiveness.

Data Types
User behavior on TikTok, including ad views, clicks, app registrations, case creation, and purchases; OS and device ID; anonymized aggregate data for custom audiences.

Legal Basis
Consent under Art. 6 para. 1 lit. a GDPR.

Storage Duration
18 months.

Recipients
TikTok Technology Limited, Dublin, Ireland. Data transferred to the USA under standard contractual clauses.

Data Processing with Social Media Plugins

Purpose
Embedded social media plugins on our website (Instagram and TikTok) let you access social profiles directly.

Data Types
Browser info, IP address, visited website page, displayed content, language, device model, and platform.

Legal Basis
Your consent (Art. 6 para. 1 lit. a GDPR).

Storage Duration
24 months.

Recipients
Web host in Germany; Facebook and TikTok process data under data processing agreements and standard contractual clauses.

Data Processing with Pinterest

Purpose
Pinterest Tag is used to optimize Pinterest campaigns and measure success, tracking your actions if you arrived via a Pinterest ad.

Types of Data
With your consent to the analysis of your usage behavior within our app, i.e., the “Marketing Analysis,” the following data are also processed:

  • Your last exposure to our advertisement (relevant for conversions),

  • The number of advertisements you have viewed and your clicks on our advertisements (frequency),

  • Your access time and location when using our app,

  • Whether you are currently actively using our app,

  • Whether you are a returning user of our app,

  • Events triggered by you within the app, such as your registration, creation of cases, and payment for treatment of cases you created within our app,

  • The language, device type, and operating system (e.g., iOS or Android) of your device,

  • Demographic data (gender, age, and interests).

We receive the above data about your and other users’ last exposure to our ads and the number of viewed and clicked ads per placement from Pinterest in the form of statistical evaluations. This means we receive counts of how many users clicked on our ads and were forwarded to the app or play store.

Legal Basis
The legal basis for this processing activity is your consent for processing for the purpose of marketing analysis under Art. 6 (1) lit. a GDPR, if you gave this consent when registering your user account or via user account management.

Storage Duration
The personal data processed for advertising purposes are deleted after 180 days.

Recipients
The data mentioned above relating to you are processed on our behalf by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). The data relating to you are transferred to the USA. We have concluded a data processing agreement pursuant to Art. 28 (3) GDPR including standard contractual clauses under Art. 46 GDPR with Pinterest.
You can find information about the appropriate or adequate guarantees Pinterest provides for the international data transfer at https://policy.pinterest.com/de/privacy-policy.

Your Right to Withdraw Consent
You have the right to withdraw your consent at any time. The withdrawal of your consent to processing activities for usage behavior analysis is possible within our app via the menu under “Marketing Analysis” by deactivating the “Marketing Analysis” function. The lawfulness of processing carried out based on your consent until withdrawal is not affected.

Data Processing in Connection with YouTube

Purpose
To optimize our web presence, we embed videos via YouTube on our website.

Types of Data
When you visit a page containing an embedded video, a connection to YouTube servers is established. The following types of data are processed about you:

  • Browser used,

  • Page of this website visited,

  • Device-specific information including your device’s IP address,

  • YouTube content displayed to you.

We use YouTube’s “enhanced privacy mode.” According to YouTube, in this mode the above data are only transmitted to YouTube servers in the USA if you watch the video.

Legal Basis
The legal basis for this processing is our legitimate interest under Art. 6 (1) lit. f GDPR to complement our offer with dermatological information.

Storage Duration
Further information can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de&gl=de

Recipients
The data are processed by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a Google Inc. company. We have concluded a data processing agreement with YouTube as our processor under Art. 28 (3) GDPR. The legal basis for cross-border data transfer is standard contractual clauses under Art. 46 GDPR. Google offers suitable data protection guarantees at https://privacy.google.com/businesses/processorterms/.
If you have a YouTube account and are logged in when accessing the page, the data processed will be assigned to your account unless you logged out beforehand.
More information on YouTube data protection can be found at https://policies.google.com/privacy?hl=de&gl=de.

Processing in Connection with Apple Search Ads

Purpose
We use Apple Ads to promote our app within the App Store. Data about persons with similar interests are grouped into “segments.” These segments support personalized advertising. Using your personal data, it is determined which segments your data belong to and which ads you will see.

Types of Data
The following data types are processed during the campaign:

  • Number of ads viewed,

  • Number of clicks on our ad,

  • Number of app installations triggered by the ad,

  • Search terms that triggered our ad.

Additionally, the following personal data are processed:

  • Your IP address,

  • Information about your device ID,

  • Your device type,

  • Operating system of your device.

Legal Basis
We process your data based on our legitimate interest under Art. 6 (1) lit. f GDPR to conduct effective marketing.

Storage Duration
Personal data processed for the ad are deleted after 14 months.

Recipients
The data are processed by Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. The data are transferred to the USA. Apple provides appropriate data protection guarantees at https://searchads.apple.com/de/privacy/.

Right to Object
If you do not want to receive personalized advertising, you can disable personalized ads on your iPhone, iPad, iPod touch, or Mac.
More information at: https://support.apple.com/de-de/HT202074

HealthKit and Google Fit Integration

Apple HealthKit
The provider uses the HealthKit framework from Apple (Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA), which provides a central repository for health and fitness data on iPhone and Apple Watch and allows apps to communicate with the HealthKit store to access and share data with explicit user consent. This must be activated by the user via system settings and can be deactivated anytime. After deactivation, no data are exported. The provider processes data such as steps, calories, distance, duration, and heart rate obtained via HealthKit and Apple CoreMotion, with explicit user consent. New data attributes may be added that require user approval.

Google Fit SDK
The provider uses Google’s Fit SDK, an open platform enabling users to control fitness data. The provider processes data such as steps, calories, distance, duration, and heart rate obtained via the Google Fit SDK with user consent. New data attributes may be added requiring consent.

The SQIN app and analytics providers may analyze activity data for research to offer personalized services and promote healthy habits. With user consent, SQIN may share HealthKit or Google Fit data with third parties for medical research. SQIN does not use these data for advertising. Users can prevent access anytime by changing device settings. Users should secure their smartphones with strong passcodes.

Cookies and Website Usage
Cookies are small configuration files used on the SQIN website to enhance usability and customize the website experience. A cookie-banner cookie remembers if the user has accepted cookies, according to the EU’s E-Privacy Directive. The cookie expires after three months, after which the banner reappears. Cookies may be set by SQIN or third parties like Google. Some cookies remain after a session ends.

General Browser Data: The SQIN website collects data such as browser and OS details, referring URLs, IP address, and request time for statistical analysis. Pseudonymized usage data are stored long-term but never linked to personally identifying data from app registrations.

Opt-Out: Users can disable or delete cookies via browser settings. Help is available for major browsers. Analytical cookies from Google and Facebook are also used; users may object at any time for future use.

B. Improvement of SQIN Service

Storage and Processing of App Usage Data (via GF)
Google Firebase (GF) stores user profiles and usage data like login and progress on behalf of SQIN, enabling smooth app function continuation and preference retention. Data processing complies with GDPR and standard contractual clauses for transfers outside the EU/EEA (notably the USA).

Opt-Out: Users can request deletion of their profile and data at any time by emailing info@sqin.co. Accounts inactive for three years are deleted. Data needed for legal retention are blocked rather than deleted, e.g., tax law requires up to 10 years retention (see §147 AO).

Evaluation of User Behavior on SQIN Website and Web App (via Google Analytics)
Google Analytics is used to evaluate user behavior on the SQIN website with IP anonymization. Data include usage info and IP addresses (partially anonymized). Google uses these for reports and other services.

Opt-Out: Users can install a Google browser plugin to disable tracking: http://tools.google.com/dlpage/gaoptout?hl=de

Evaluation of App Usage Behavior in SQIN App (via Google Analytics for Firebase)
Google Analytics for Firebase is used for A/B testing app features and understanding user behavior, processing IP, demographics, device data, app usage, and purchase actions. It enables personalized offers and advertising targeting. Data is transferred to Google servers in the USA under GDPR-compliant contracts.

Opt-Out: Users can request access, correction, restriction, or deletion of data by contacting info@sqin.co, forwarded to Google. Legal retention periods apply.

Evaluation of SQIN Services Usage Behavior (via smartlook)
Smartlook records session videos for behavior analysis if the user consents. No personal data are stored by the provider; only anonymized usage logs are kept for 30 days and deleted automatically. Cookies are used, which the user can manage via browser settings. Opt-out is possible here: https://www.smartlook.com/opt-out

C. Optimization of Our Communication and Marketing Activities

Marketing Campaigns with Custom Audiences (via Facebook Pixel and Custom App Events via Facebook SDK)
The provider uses services of the social network Facebook, represented by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, in its services. To measure and optimally control marketing campaigns, the provider uses so-called “remarketing tags” in the SQIN services. On the SQIN website, this is the so-called “Facebook Pixel,” which is activated when a page is visited and sends information to Facebook that the page has been accessed. In the apps, so-called “Custom App Events” are activated, which communicate via an interface in the app (SDK) to Facebook which pages a user visits in the app. When the user uses the SQIN services, a direct connection to the Facebook server is established via the remarketing tags. Facebook receives information based on the user’s IP address that the SQIN services have been used and documents several individual actions within the SQIN app services for which the ads are optimized.
When using the website, the following actions are distinguished and recorded:

  • Access to a specific landing page (e.g., homepage)
    When using the app, in addition to the above actions, information that is only possible during app usage is recorded. These actions can be assigned to the user’s account. The information obtained in this way can be used by SQIN for more targeted advertising on Facebook. The provider points out that SQIN has no knowledge of the content of the data transmitted via Facebook Pixel or Facebook SDK or their use by Facebook.
    With the help of usage data processed via Facebook Pixel or Facebook SDK, SQIN can display ads on Facebook and other Facebook marketing channels (e.g., Instagram) that are more relevant to the user, as they better consider individual user behavior. Moreover, the provider can measure whether marketing campaigns lead to the desired result (e.g., app install). SkinTech Corp. GmbH uses Facebook’s services under the EU General Data Protection Regulation based on the legitimate interest in distributing advertising budgets more effectively and optimizing advertising effectiveness. In the described data processing, data are transmitted to and stored on Facebook servers. Facebook also transfers data collected via Facebook Pixel to the parent company Facebook, Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA. Further information can be found in Facebook’s privacy policy.

Right to Withdraw / Opt-Out Option:
If the user does not want advertising on Facebook based on their interests and usage behavior, they can object to this at any time in the Facebook settings.

Marketing Optimization and Evaluation of App Usage Behavior in the SQIN App (via Adjust)
For evaluating the success of advertising campaigns and the analysis of usage behavior within SQIN, the provider uses the service Adjust, operated by adjust GmbH, headquartered at Saarbrücker Str. 37A, 10405 Berlin. When a user interacts with SQIN’s advertised campaigns, usage data are forwarded to Adjust. Based on these data, Adjust evaluates user reactions to SQIN advertising campaigns and enables analyses of campaign effectiveness. Data processing includes IP address, MAC address, device identification number, and HTTP header with related information. Data collection ranges from interaction with advertising campaigns (e.g., clicks on ads), through app download, to interactions with the app after download.
The SQIN app uses Adjust services within the framework of the EU GDPR based on legitimate interest in distributing advertising budgets more effectively and optimizing advertising impact.

Right to Withdraw / Opt-Out Option:
If the user wishes to object to processing by Adjust, they can revoke their consent at any time by emailing info@sqin.co. We forward this request to Adjust, which commits to comply with our instructions. Data deletion is carried out in accordance with legal requirements, including statutory retention and documentation obligations. Additionally, the user can opt out of tracking by Adjust via https://www.adjust.com/forget-device/.
Users can also deactivate tracking in the SQIN app profile under “Privacy Notices” by activating the “Disable Tracking” option, which disables data analysis by Adjust.

If data linked to the user account can and must still be used for purposes that have not yet expired at the time of the requested or planned deletion, the data will be blocked instead of deleted or restricted to certain processing purposes. This particularly applies to statutory retention obligations, such as those under commercial and tax law, which can last up to 10 years (see § 147 Abs. 3 Abgabenordnung).

► Change of Privacy Policy
The provider will update the privacy policy if necessary. The use of user data is subject to the current version, which can be accessed at http://www.sqin.co/privacy-policy. In case of changes affecting essential areas (e.g., change of authorization, new functions), the user will be notified by email with which they registered for the service. If the user continues to access and use the service after the change becomes effective, they consent to be legally bound by the revised privacy policy.

► You Have the Right

  • According to Art. 15 GDPR, to request information about your personal data processed by us, including the purposes of processing, categories of personal data, recipients, storage duration, your rights to correction, deletion, restriction, objection, the right to lodge a complaint, data origin if not collected by us, and the existence of automated decision-making including profiling with meaningful details;

  • According to Art. 16 GDPR, to request immediate correction of inaccurate or completion of incomplete personal data;

  • According to Art. 17 GDPR, to request deletion of your stored data unless processing is necessary for freedom of expression, legal obligations, public interest, or asserting or defending legal claims;

  • According to Art. 18 GDPR, to request restriction of processing if data accuracy is disputed, processing is unlawful but deletion refused, data not needed anymore but required for legal claims, or objection under Art. 21 GDPR was raised;

  • According to Art. 20 GDPR, to receive your personal data in a structured, commonly used, machine-readable format or request transmission to another controller;

  • According to Art. 7 (3) GDPR, to withdraw your once given consent at any time with effect for the future, which stops processing based on consent but does not affect the lawfulness of processing before withdrawal;

  • According to Art. 77 GDPR, to lodge a complaint with a supervisory authority, generally your usual place of residence, work, or our headquarters. Our competent supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin, phone: +49 30 13889-0, email: mailbox@datenschutz-berlin.de.

Links to Other Providers’ Websites:
Our app may contain links to providers of other internet content, e.g., via links to our social media platform presences. This privacy policy applies exclusively to this app’s processing. We have no influence on processing on linked sites. Please refer to their privacy policies there.

Storage and Deletion of Data:
We generally store your personal data only as long as necessary to fulfill our contractual obligations. Therefore, all stored personal and pseudonymized usage data are deleted when no longer needed for their purposes or if you explicitly request deletion and no statutory retention obligations apply. Such obligations can arise from commercial, tax, or civil law, sometimes with retention periods of 10 years or more. Deletion then happens automatically after the legal retention period expires.

Disclosure of Personal Data:
Except for the recipients mentioned above, we do not share your personal data with third parties, except when

  • You have given explicit consent under Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR,

  • Disclosure is necessary under Art. 6 (1) lit. f GDPR for asserting, exercising, or defending legal claims without overriding interests by you,

  • There is a legal obligation under Art. 6 (1) lit. c GDPR, or

  • Disclosure is permitted under Art. 6 (1) lit. b GDPR for contract execution with you.

► Contact for Data Protection and Data Protection Officer:
For questions about collection, processing, or use of personal data, for information, correction, blocking or deletion of data, or withdrawal of consent, users can contact us anytime via email at info@sqin.co or by mail at SkinTech Corp. GmbH, Zimmerstraße 50, 10117 Berlin.
Our data protection officer can be reached at info@sqin.co or by mail at SkinTech Corp. GmbH, Zimmerstraße 50, 10117 Berlin.

Status: May 2023 – We reserve the right to adapt this privacy policy.

bottom of page