Vedi anche in Italiano




Effective November 24th, 2022

The technology developed and distributed by Cynny S.p.A. (hereinafter “Cynny“), called “MorphCast® EMOTION AI HTML5 SDK” and/or the other available products, services and features that integrate it (e.g. MorphCast Web Apps) is an image processing software from a video stream that allows you to establish, with varying degrees of probability, the emotional state of the framed subject and some other apparent characteristics such as, for example, the cut or color of the hair, the apparent age and gender, in any case without any identification of the subject (hereinafter, the “Software“).

This technology, which Cynny makes available to its users (qualified as “Business Users”, pursuant to the applicable “Terms of Use”, and hereinafter referred to as “Customers“) has been specifically designed and developed so as not to identify the framed subjects. These subjects are the end users of the Software chosen by the Customer (hereinafter, the “End Users“), with whom Cynny has no relationship whatsoever.

The Software can be used autonomously by the Customer or be activated, by the Customer’s choice, in the context of use of the “MorphCast Emotional Interactive Video Platform”. In this second case, the relative Privacy Policy, available at this link, will also apply. This Privacy Policy will also apply with reference to the processing, by Cynny, of the Customer’s personal registration data.

The Software works as a Javascript library embedded in a web page belonging to the Customers’ domain, running in the browser of the End User device, which, as indicated above, has a relationship exclusively with the Customer (and not with Cynny).

The Software does not process biometric data that allow the univocal identification of a subject, but only an instant (volatile) processing of personal data during the processing of images (frames), read from the video stream (for example of a camera) provided by the End User’s browser. Cynny does not carry out any processing or control over such personal data as they are processed through the Software automatically and directly on the End User’s device.

Accordingly, the use of the Software is subject to the following terms of use, both of which are beyond Cynny’s control: (1) the terms of use of the End User’s browser in which the Software is incorporated and (2) any software or third party API required to allow the web page to function.

Notwithstanding the foregoing, as the supplier of the Software, Cynny (a) warrants that it has adopted all appropriate security measures in the design of the Software also with regard to the processing of personal data and; (b) makes itself available to collaborate with the Customer (who assumes the title of Data Controller pursuant to EU Regulation 2016/679, hereinafter “GDPR“) for any processing of personal data relating to the End User, showing and explaining all the functions of the Software, in order to enable it to carry out a precise risk analysis with respect to the fundamental rights and freedoms of the persons concerned (including any impact assessments, where necessary and / or appropriate, in the opinion of the Data Controller). In fact, it will be the Data Controller who will have to establish the purposes, methods and legal basis of the processing, the time and place (physical or virtual) for the storage of personal data relating to End Users, also providing them with specific online information. with the applicable legislation for the protection of personal data (including the GDPR).

According to the provisions of the Terms of Use of the Software, the same is aimed solely and exclusively at professional users, with the express exclusion of consumers and, therefore, of the use of the Software for domestic / personal purposes. In any case, whatever the type of processing carried out by the Customer, as Data Controller, the consequences deriving from the application of the applicable legislation, including that for the protection of personal data, are the sole responsibility of the Data Controller.

It is also specified that the Software operates integrated in a private corporate hardware / software context of the Client’s End User (on end-point resources, including web pages belonging to the Client’s domain and therefore under its control) equipped with security necessary to avoid the compromise of the data affected by the processing by the Software. In line with the foregoing, the consequent responsibilities relating to the processing of personal data of End Users by the Customers fall exclusively on the Customer.

For these reasons Cynny, to the extent necessary and to the maximum extent permitted by applicable law, declines all responsibility for the content of the images and / or videos generated by the Customer, including through the use of the Software, as well as collected, stored and processed exclusively by the Data Controller and therefore cannot in any case be responsible for the correctness and / or legitimacy of such contents pursuant to the applicable legislation (including, by way of example, the regulations on privacy, copyright, morality, public order, etc.).


Risk assessment

Cynny, while providing the Software as a tool that allows the processing of personal data relating to End Users, is not in a position to know (i) how such Software will be integrated and used by its Customers and End Users; nor, even less, (ii) which categories of personal data will be processed. In this regard, Cynny therefore qualifies as a “third party” pursuant to the GDPR, which has not received from the Customer any legitimacy to process any personal data of the End Users, as this treatment is reserved exclusively to the Customer. In any case, as indicated above, Cynny, in compliance with the general principles for the protection of privacy, has been concerned with the security aspects of the Software, making available to the Customer a Software that integrates the security measures of the host environment, against the violation or compromise of personal data (with the express exclusion of biometric data, which, as indicated above, are in no way processed by the Software) represented by the images read by the camera stream.

In fact, the video stream, for example from the camera of the host device of the End User, is made accessible to the Software, at the request of the End User, directly on the browser of that device; such access is allowed only with the authorization and control of the End User. The Software then reads the images of the stream on the End User’s browser, only if granted by the End User himself, only when the application is active and only for the purposes declared according to the specific privacy policy that will be provided by the Client to the Final user.

Each image of the video stream remains in the volatile memory of the device (e.g. smartphone, tablet, PC etc.) of the End User, accessible from the Software within the browser sandbox, only for the time strictly necessary for processing the result, estimated in about 100ms, then destroyed and overwritten by the next image. Even the last frame of the stream is destroyed as soon as it is processed; therefore, no content is stored either in the browser of the End User device or, even less, within tools under the control of Cynny.

Cynny therefore has no control over these images, which therefore can never be transmitted, archived or shared with others by the latter.

In any case, for any clarifications and / or problems related to the operation of the Software with respect to privacy, please contact [email protected].