Privacy Policy

Last Updated: November 25, 2024

1. Introduction

3DNA Technology Ltd ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the 3DNA Link mobile application (the "App").

This policy complies with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

3DNA Technology Ltd
Email: privacy@3dna-eyewear.org

For data protection inquiries, please contact us at the email address above.

3. Data We Collect

We collect and process the following categories of personal data:

a) Biometric Data (Special Category Data under GDPR Article 9):

  • 3D face scans and facial measurements
  • Facial geometry and texture data
  • Face mesh data in OBJ format

b) Account Information:

  • Name and username
  • Email address
  • Phone number
  • Password (encrypted)
  • Postal address

c) Order and Transaction Data:

  • Purchase history
  • Payment information (processed by Stripe)
  • Designer consultation records

d) Device and Technical Data:

  • Device identifiers
  • IP address
  • App usage statistics
  • Location data (with your permission)

4. Legal Basis for Processing

We process your data based on the following legal grounds:

a) Consent (GDPR Article 6(1)(a) and Article 9(2)(a)):

  • You have given explicit consent for processing your biometric data
  • You can withdraw consent at any time through Privacy Settings

b) Contractual Necessity (GDPR Article 6(1)(b)):

  • Processing necessary to provide our eyewear customization service
  • To fulfill orders and process payments

c) Legitimate Interests (GDPR Article 6(1)(f)):

  • To improve our services and user experience
  • For security and fraud prevention

5. How We Use Your Data

We use your personal data for the following purposes:

  • Create accurate 3D models of your face for eyewear fitting
  • Process your orders for custom eyewear
  • Connect you with eyewear designers via video consultations
  • Provide customer support
  • Improve our App and services
  • Send you order updates and service notifications
  • Comply with legal obligations

We do NOT use your biometric data for:

  • Facial recognition or identification
  • Sharing with third parties for marketing
  • Any purpose other than eyewear customization

6. Data Storage and Security

a) Storage Location:

  • Your face scan data is stored on Amazon Web Services (AWS) S3 in encrypted form
  • Data is stored in the US-East-1 region

b) Security Measures:

  • End-to-end encryption for data transmission
  • Encrypted storage using AES-256 encryption
  • Secure authentication using AWS Cognito
  • Regular security audits and updates
  • Access controls and authentication

c) Data Protection:

  • Only authorized personnel have access to your data
  • All data transfers use SSL/TLS encryption
  • We implement industry-standard security practices

7. Data Retention

We retain your personal data for the following periods:

  • Face Scans: Until you delete them or close your account
  • Account Data: For the duration of your account
  • Order History: 7 years for accounting and legal purposes
  • Marketing Consent: Until you withdraw consent

You can request deletion of your data at any time through the Privacy & Data settings.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

a) Right of Access (Article 15):

Request a copy of your personal data

b) Right to Rectification (Article 16):

Correct inaccurate or incomplete data

c) Right to Erasure (Article 17):

Request deletion of your data ("right to be forgotten")

d) Right to Restrict Processing (Article 18):

Limit how we use your data

e) Right to Data Portability (Article 20):

  • Receive your data in a machine-readable format
  • Transfer your data to another service provider

f) Right to Object (Article 21):

Object to processing based on legitimate interests

g) Right to Withdraw Consent (Article 7(3)):

  • Withdraw your biometric consent at any time
  • Note: This will prevent use of face scanning features

h) Right to Lodge a Complaint:

File a complaint with your data protection authority

To exercise these rights, contact privacy@3dna-eyewear.org or use the Privacy & Data settings in the App.

9. Data Sharing

We may share your data with:

a) Eyewear Designers:

  • We share your 3D face scan with designers you choose to work with
  • This is necessary to provide the customization service

b) Service Providers:

  • AWS (cloud storage)
  • Stripe (payment processing)
  • Zoom (video consultations)

c) Legal Requirements:

  • When required by law or legal process
  • To protect our rights or prevent fraud

We do NOT sell your personal data to third parties.

10. International Data Transfers

Your data may be transferred to and stored in countries outside the European Economic Area (EEA):

  • AWS S3 storage in US-East-1 region
  • We use appropriate safeguards including:
    • EU Standard Contractual Clauses
    • AWS Data Processing Addendum
    • Encryption and security measures

11. Children's Privacy

Our App is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through:

  • In-app notifications
  • Email notifications
  • Prominent notice in the App

Your continued use of the App after changes constitutes acceptance of the updated policy.

13. Automated Decision-Making

We do not use your biometric data for automated decision-making or profiling that would have legal or significant effects on you.

14. Contact Us

For any questions, concerns, or requests regarding your privacy or this policy:

Email: privacy@3dna-eyewear.org

To exercise your GDPR rights or file a complaint with a supervisory authority, please contact your local data protection authority:

15. Consent Record

By accepting this Privacy Policy and providing biometric consent in the App:

  • You acknowledge you have read and understood this policy
  • You consent to the collection and processing of your biometric data
  • You understand you can withdraw consent at any time
  • You understand the consequences of withdrawing consent

Your consent is recorded with:

  • Date and time of consent
  • Version of privacy policy accepted
  • IP address and device information