MORPHCAST EMOTION AI AND PERSONAL DATA PROCESSING
Effective November 24th, 2022
The technology developed and distributed by Cynny S.p.A. (hereinafter “Cynny“), called “MorphCast® EMOTION AI HTML5 SDK” and/or the other available products, services and features that integrate it (e.g. MorphCast Web Apps) is an image processing software from a video stream that allows you to establish, with varying degrees of probability, the emotional state of the framed subject and some other apparent characteristics such as, for example, the cut or color of the hair, the apparent age and gender, in any case without any identification of the subject (hereinafter, the “Software“).
The Software does not process biometric data that allow the univocal identification of a subject, but only an instant (volatile) processing of personal data during the processing of images (frames), read from the video stream (for example of a camera) provided by the End User’s browser. Cynny does not carry out any processing or control over such personal data as they are processed through the Software automatically and directly on the End User’s device.
Notwithstanding the foregoing, as the supplier of the Software, Cynny (a) warrants that it has adopted all appropriate security measures in the design of the Software also with regard to the processing of personal data and; (b) makes itself available to collaborate with the Customer (who assumes the title of Data Controller pursuant to EU Regulation 2016/679, hereinafter “GDPR“) for any processing of personal data relating to the End User, showing and explaining all the functions of the Software, in order to enable it to carry out a precise risk analysis with respect to the fundamental rights and freedoms of the persons concerned (including any impact assessments, where necessary and / or appropriate, in the opinion of the Data Controller). In fact, it will be the Data Controller who will have to establish the purposes, methods and legal basis of the processing, the time and place (physical or virtual) for the storage of personal data relating to End Users, also providing them with specific online information. with the applicable legislation for the protection of personal data (including the GDPR).
It is also specified that the Software operates integrated in a private corporate hardware / software context of the Client’s End User (on end-point resources, including web pages belonging to the Client’s domain and therefore under its control) equipped with security necessary to avoid the compromise of the data affected by the processing by the Software. In line with the foregoing, the consequent responsibilities relating to the processing of personal data of End Users by the Customers fall exclusively on the Customer.
For these reasons Cynny, to the extent necessary and to the maximum extent permitted by applicable law, declines all responsibility for the content of the images and / or videos generated by the Customer, including through the use of the Software, as well as collected, stored and processed exclusively by the Data Controller and therefore cannot in any case be responsible for the correctness and / or legitimacy of such contents pursuant to the applicable legislation (including, by way of example, the regulations on privacy, copyright, morality, public order, etc.).
Cynny, while providing the Software as a tool that allows the processing of personal data relating to End Users, is not in a position to know (i) how such Software will be integrated and used by its Customers and End Users; nor, even less, (ii) which categories of personal data will be processed. In this regard, Cynny therefore qualifies as a “third party” pursuant to the GDPR, which has not received from the Customer any legitimacy to process any personal data of the End Users, as this treatment is reserved exclusively to the Customer. In any case, as indicated above, Cynny, in compliance with the general principles for the protection of privacy, has been concerned with the security aspects of the Software, making available to the Customer a Software that integrates the security measures of the host environment, against the violation or compromise of personal data (with the express exclusion of biometric data, which, as indicated above, are in no way processed by the Software) represented by the images read by the camera stream.
Each image of the video stream remains in the volatile memory of the device (e.g. smartphone, tablet, PC etc.) of the End User, accessible from the Software within the browser sandbox, only for the time strictly necessary for processing the result, estimated in about 100ms, then destroyed and overwritten by the next image. Even the last frame of the stream is destroyed as soon as it is processed; therefore, no content is stored either in the browser of the End User device or, even less, within tools under the control of Cynny.
Cynny therefore has no control over these images, which therefore can never be transmitted, archived or shared with others by the latter.
In any case, for any clarifications and / or problems related to the operation of the Software with respect to privacy, please contact [email protected].