Emotion AI Interactive Media Platform – Privacy Policy

Vedi anche in italiano

Effective March 3, 2024

Summary:

This policy emphasizes the commitment of Cynny to protect personal data in compliance with GDPR, detailing the collection, use, and disclosure of Business Users’ Personal Data exclusively through the specified Services. Acceptance of this Privacy Policy is mandatory for service usage. It outlines how personal data are collected, including through registration, interactions, and content upload, emphasizing the role of users in responsibly sharing and managing content that includes personal data. Cynny acts as a data controller, ensuring data security and confidentiality with industry-standard safeguards, and does not sell or improperly share personal data without consent. Business Users have the right to access, rectify, delete, or object to the processing of their personal data, with Cynny providing mechanisms for managing consent and addressing privacy concerns. Updates to the policy will be communicated, ensuring users are informed of any changes affecting their personal data handling.

MorphCast® Emotion AI Interactive Media Platform Privacy Policy

Cynny S.p.A. (“Cynny”), enrolled at the Business Registry of Florence, VAT number No. IT06340560488, D-U-N-S® number 434193325, is committed to maintaining the privacy and security of your personal data under the applicable privacy legislation, including the General Data Protection Regulation UE 2016/679 (“GDPR”). The contact details of Cynny are indicated within the “Questions?” section below. 

This Privacy Policy applies to the product MorphCast Emotion AI Interactive Video Platform called also “AI Media Platform” (the “MorphCast Emotion AI Interactive Media Platform”), which is composed, inter alia, by the MorphCast Studio (the “MorphCast Studio”), used to create Interactive Video and by MorphCast Emotion AI Media Player (“MorphCast Media Player”) which in users’ browsers plays interactive videos created with MorphCast Studio, which make Cynny’s MorphCast services available(collectively, the “Services”). This Privacy Policy explains Cynny’s  collection and disclosure practices of the Business Users’ Personal Data (as defined below) of the companies or organizations using the Services (“Business Users”) to which the Services are exclusively addressed, as explained by the relevant Terms of Use, and applies solely to the personal data that we collect through the MorphCast Studio and/or MorphCast Emotion AI Interactive Media Platform (and not also through the MorphCast website and/or other tools made available by Cynny). For the privacy regulation of other services offered by Cynny, including MorphCast Emotion AI HTML5 SDK, that may be activated by the Business User when using MorphCast Emotion AI Interactive Media Platform, you may refer to the other policies adopted by Cynny which may apply in this respect, as available at this mission page on our site.  

Acceptance of Privacy Policy

By using the Services, you signify your acceptance of the relevant provisions of this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use the Services.  Your continued use of the Services following the posting of changes to these terms will mean that you have accepted those changes.

Categories of personal data We collect and how we collect it

As for the modalities through which Cynny can collect the personal data of Business Users (“Business Users’ Personal Data”), please note that such modalities are determined by your use of the Services. By way of example, you may provide your personal data through MorphCast Studio, sending email in order to voluntarily contact Cynny, and through other interactions with the Services.

– Business Users who sign up for the MorphCast platform through the registration form available on the company’s website from December 12, 2023, by entering their email address and, in some cases, also their first and last name, will immediately receive an email from the company inviting them to verify their address through a link containing an encrypted code with a 4-hour expiration. If the user does not proceed with the verification of the email address by refraining from completing the verification, the company will delete the collected data (email and in some cases also first and last name) within 24 hours.

– You may provide personally identifiable information about yourself when you use the Services, by providing your name and other identifying information. Cynny processes the Business Users’ Personal Data, according to the terms of this Privacy Policy, as data controller. The specific categories of such Business Users’ Personal Data processed by Cynny consist of the following identifying information: name and surname of the Business User or organization  and of any related administrative contact, email address, physical address and other unique identifier, financial and payment processing information, as well as daily statistical data on the use of the Service,  aggregated by reference pages in which the Service is implemented such as, by way of example and as far as applicable, by the license key assigned to each Business User pursuant to the Terms of Use of the Service as available at the link Emotional AI Interactive Media Platform – Terms of Use and the Terms of Use of MorphCast other services, as available at this mission page on our site, domains and referring pages in which the Service has been implemented by the Business Users, number of times the Service has been requested, initialized, authorized and started, number of errors eventually occurred, number of frames analyzed and usage time spent using the Service.

– You may also provide personally identifiable information about yourself by uploading videos, pictures, materials and information (“Content”) that identifies you or other third parties portrayed in such materials (“Personal Data”). Moreover, Cynny may process the additional categories of Personal Data included in the Content uploaded by you solely for the purpose of their storage and the related accessibility by the Business User that has uploaded the Content, that is part of the Services pursuant to the applicable Emotional AI Interactive Media Platform – Terms of Use. In this respect, provided that Cynny has not any control whatsoever on the Content, Cynny shall be appointed by the Business User as external data processor of such Content, according to the data processing agreement made available by Cynny at this link: Emotion AI Interactive Media Platform – Appointment as Data Processor (DPA).

– In the event that the Business User initializes and uses the functionality “Statistics” made available by the Service through the MorphCast Studio tool, Cynny also collects and makes it visible to the Business User, statistical “emotional” data, aggregated daily, anonymous, not associated with natural persons, and therefore, to be considered currently not subject to any data protection regulation. For detailed information regarding such statistical data and the method of extraction and storage, please refer to the document at this link: Emotion AI – Responsibility.

– As for the specific emotional analytics data, made available to Business Users by the Service directly in the browser page or in the App of the Business Users who integrated the Service (on their own domain or on their clients’ domain), Cynny has no control over it, except for statistical purposes referred to in the previous paragraph. For detailed information regarding the method of extraction of such specific emotional analytics data, please refer to the document at this link: Emotion AI – Responsibility.

Cynny may also collect personal data when Business Users surf the MorphCast website via their browser’s cookies. In this case, please make reference to the Web Site Privacy & Cookie Policy available on the website. 

In any case, Cynny shall not collect any special category of personal data, as defined by Article 9 of GDPR.

Disclaimer on the sharing of the Content: When you share any Content through the Services, including Personal Data, you should think carefully about what you are uploading through the Services. Indeed, when you share any Content, including Personal Data, by email, chat, social networks or elsewhere on the web, without prejudice to the circumstance that Cynny has not any control whatsoever on the same, you must be aware that such information can be re-shared. This means that if you decide to share the Content, anyone who can see it, can share it with others, including with the games, applications and websites they use. Other people you share information with often want to share your information with applications or websites to make their experiences on those applications or websites more personalized and with social networks. Even if Cynny may provide you with some technical tools for sharing your Content, the modalities of such sharing and any related consequence shall be your responsibility only. 

For example, if you share a Content using the Services, someone viewing that Content could save it using tools or methods provided by their device or browser or app. Similarly, if you share your information with someone, they may be able to use the Services or third-party applications or devices to share that information. You should only share information with people you trust because they will be able to save it or re-share it with others, including when they synchronize the information to a third device. When you make a Content with MorphCast Studio and publish it through MorphCast Emotion AI Interactive Media Platform, the Content will be indexed by Google and other search engines on the Internet and will be usually available for third parties to view unless you choose to delete the Content in MorphCast Studio, so it will no longer be viewable.

Disclaimer on the uploaded Content: If, through the Services, you upload Content including pictures, video or other materials portraying yours or third parties’ Personal Data, you are solely responsible for that collection and sharing of their Personal Data as well as of their processing by Cynny according to the terms of the above-mentioned data processing agreement, and you guarantee that you have collected any necessary authorization or consent after having appropriately informed the person to whom the Personal Data belongs, provided that the Contents do not include any special category of personal data, as defined by Article 9 of GDPR. Moreover, any use of the Content made by the Business User (or by third parties further to the Business User’s sharing) shall be upon its exclusive responsibility, also with respect to the lawful processing of the Personal Data included in the Content. 

Methods of processing Business Users’ Personal Data

Cynny will process Business Users’ Personal Data using manual, paper, computer and electronic instruments, even to store, manage or process such Business Users’ Personal Data, suitable to ensure their security and confidentiality, according to the terms of this Privacy Policy and the applicable privacy legislation, including GDPR.  

Cynny will not sell, rent, license, or trade the Business Users’ Personal Data with third parties for their direct marketing use unless we receive your express consent to do so. 

Furthermore, Cynny may share specific Personal Data, such as the name and email address of Business Users, with TrustPilot solely for the purpose of allowing Trustpilot to send requests to review Cynny’s services. This sharing of information is done with the understanding that Business Users may receive review requests from TrustPilot as part of our effort to enhance our service quality. In this process, Cynny acts as the data controller for the personal data of the Professional Users. This means that we are responsible for the collection, processing, and management of your personal data in relation to the sending of these invitations. Trustpilot, on the other hand, serves as the data processor, managing the personal data of the Professional Users according to our instructions and in compliance with the applicable data protection laws.

Except for this specific purpose, and unless you provide us with permission, Cynny will not share Business Users’ Personal Data, as collected through the use of the Service covered by this Privacy Policy, other than as specified in this Privacy Policy.

Purposes and legal basis of the processing of the Business Users’ Personal Data 

We may use the Business Users’ Personal Data you provide to us, in compliance with the applicable privacy legislation, when you use the Services, in the following ways: 

  1. for the execution of pre-contractual and contractual obligations with the Business Users, including, without limitation, to allow us to provide you with a better service answering your requests and to quickly process your transactions. In this case, the legal basis for the processing of the Business Users’ Personal Data is the execution of an agreement of which you are part or, as applicable, the execution of pre-contractual measures adopted upon your request; 
  2. to comply with the obligations provided for by the laws, the regulations and, in general, by the law applicable from time to time, to fulfill fiscal and accounting obligations or other obligations deriving from an order of the Authority that are related, directly and/or indirectly, to the Services. In this case, the legal basis for the processing of the Business Users’ Personal Data is the fulfillment of a legal obligation of the data controller; 
  3. to exercise Cynny’s rights, including, but not limited to, the right to defence itself in Court and to carry out sale, assignment, merger or other transfer of all or a portion of Cynny’s business. In these cases, the legal basis for the processing of the Business Users’ Personal Data is the data controller’s legitimate interest.
  4. to send communications of promotional nature via email concerning the Services already purchased by the Business User and/or services similar to the same offered by Cynny (“Soft Spam Communications“); also in this case, the legal basis for the processing of the Business Users’ Personal Data is the data controller’s legitimate interest;
  5. to carry out direct marketing activities by sending newsletters. In this case the legal basis for the processing of the Business Users’ Personal Data is the consent that will be provided by the Business Users once they subscribe to the newsletter through the relevant consent form. 

The provision and processing of the Business Users’ Personal Data for the purposes under points a), b), and c) above is mandatory and does not require your consent. Any refusal to provide the requested Business Users’ Personal Data or their inaccuracy could make it impossible for you to use the Services. 

It is acknowledged that the Business User may revoke his/her consent to receive the newsletter and/or communicate its intention to interrupt the delivery of Soft Spam Communications by sending an email to Cynny or by using the link found in each newsletter email or Soft Spam Communication, as indicated in the following section “Rights of the Business Users”. 

Data retention. The Business Users’ Personal Data that are collected for the purposes identified under the above-mentioned section “Purposes and legal basis of the processing of the Business Users’ Personal Data” may be stored, in accordance with the proportionality principle, for the fulfillment of contractual and legal obligations, including those of a social security and/or tax nature, for a period not exceeding (i) the data retention period provided for by the regulations in force for each category of data, and (ii) the limitation period provided for by law in order to enforce or defend a legal claim against you or against third parties, provided that Business Users’ Personal Data collected for the sending of newsletter for the purposes identified under letter e) above will be stored for a maximum period of 24 months unless Business Users withdraw their consent previously.

At the end of the above-mentioned data retention periods, your Business Users’ Personal Data will be deleted or made anonymous. 

Business Users’ Personal Data of Business Users that delete their personal account, where applicable, will be no longer stored, unless such storage is specifically required by a legislative provision. 

Disclosures to Third Parties Assisting In Our Operations. Cynny may share the Business Users’ Personal Data under proper data processing agreements with other companies that work with, or on behalf of Cynny, to provide products and services, such as a cloud hosting service, a document storage company or payment processing services.  These companies shall have access only to Business Users’ Personal Data that are necessary to carry out their duties and, in any case, shall process the Business Users’ Personal Data in accordance with this Privacy Policy, the relevant data processing agreement and the applicable privacy legislation. However, these companies do not have any independent right to share this information. 

Disclosures Under Special Circumstances.  As already indicated under the section above “Purposes and legal basis of the processing of the Business Users’ Personal Data”, letter c), we may provide the Business Users’ Personal Data to respond to subpoenas, court orders, legal process or governmental regulations, or to establish or exercise our legal rights or defend against legal claims.  We believe it is necessary to share information in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any Business User or any other person, or as otherwise required by law.

Referrals/Links

The Services may contain links to third-party websites that may offer information of interest. This Privacy Policy does not apply to those websites. Therefore, Cynny recommends you to review those websites’ privacy policies individually.

Security 

Cynny understands that storing data in a secure manner is essential. Cynny stores the Business Users’ Personal Data and other data using industry standard physical, technical and administrative safeguards to secure data against foreseeable risks, such as unauthorized use, access, disclosure, destruction or modification.  Please note, however, that while Cynny has endeavored to create secure and reliable Services for Business Users, the confidentiality of any communication or material transmitted to or from the Services or via e-mail cannot be guaranteed in case of breaches attributable to third parties or in any case outside of Cynny’s control.

Important Notices to European Business Users 

The provided Business Users’ Personal Data and the Personal Data included in the Content  are stored within the European Union. However, considering that the Services are available worldwide, as a result of technical services provided by third parties, the Personal Data included in the Content and the Business Users’ Personal Data, may be transferred also to third countries outside the European Union subject to the verification of the existence of appropriate measures to ensure that the above-mentioned  Personal Data is adequately protected in the country of destination, such as the existence of an adequacy decision of the European Commission, the adoption of standard contractual clauses for the protection of personal data pursuant to Article 46, paragraph 2, letters c) and d) of GDPR, or the adoption of the binding corporate rules pursuant to Article 47 of GDPR. 

Rights of the Business Users

For EU regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22,

1. The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her exist, regardless of their being already recorded, and disclosure of such data in intelligible form, and the right to lodge a complaint with the supervisory authority.

2. The data subject has the right to be informed of:

  1. the source of the personal data;
  2. the purposes and methods of processing;
  3. the logic applied if the data are processed by electronic devices;
  4. the identification data concerning the Data Controller, the Data Processors and the representative designated as per article 5, comma 2;
  5. the entities or categories of entity to whom or which the personal data may be disclosed and who or which may get to know said data as designated representative in the State’s territory, as data processors or as persons in charge of the processing.

3. The data subject is entitled to obtain:

  1. the updating, rectification or, where interested therein, integration of the data;
  2. the erasure, anonymisation or blocking of data that have been unlawfully processed, including data whose retention is not necessary for the purposes for which they were collected or subsequently processed;
  3. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected;
  4. the portability of the data.

4. The data subject has the right to object, in whole or in part:

  1. on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
  2. to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.

At any time, you may ask Cynny to verify and obtain access to the Business Users’ Personal Data that Cynny has collected in order to integrate, update, rectify, cancel or request the limitation of the processing of such data, or object to the processing (including the nature of the same in case of automated processing). You have also the right to receive the above-mentioned Personal Data in a readable and commonly used format, and have the right to transmit those data to another controller without any obstacle from Cynny. Business Users may also oppose the processing of the Business Users’ Personal Data for the sending of newsletters as well as to refuse to continue receiving Soft Spam Communications. 

You can send your request via email to [email protected].

If you prefer, you can also mail your request to the following postal address: Cynny S.p.a., Via Delle Mantellate n. 8, 50129 Firenze (Italy). 

With particular regard to newsletter emails or Soft Spam Communications, Business Users may object to receiving such communications also by clicking on the link contained in each newsletter email or Soft Spam Communication they have received. 

Pursuant to Article 13 of the GDPR, if you believe that the processing of your Business Users’ Personal Data infringes the legislation on the protection of personal data, you will also have the right to lodge a complaint with the competent Authority for the protection of personal data or, alternatively, appeal to the competent judicial authority.

Policy Updates

This Privacy Policy may be revised from time to time as we add new features and services, as laws change, and as industry privacy and security best practices evolve.  We display an effective date on the policy in the upper right corner of this Privacy Policy so that it will be easier for you to know when there has been a change. If we make any change to this Privacy Policy regarding use or disclosure of the Business Users’ Personal Data, we will provide advance notice through the MorphCast Studio tool reporting any changes to allow you to exercise your rights under the applicable privacy legislation. Small changes or changes that do not significantly affect individual privacy interests may be made at any time and without prior notice.

Questions?

If you have any questions about this Privacy Policy or about Cynny’s handling theBusiness Users’ Personal Data, please contact [email protected] or mail your request to the following postal address: Cynny S.p.a., Via Delle Mantellate n. 8, 50129 Firenze (Italy). 

You can use the contact details above also if you need to obtain a copy of the list of third parties to whom the Business Users’ Personal Data may be disclosed, pursuant to the terms of this Privacy Policy; this list is constantly updated and, together with a copy of the appropriate or suitable guarantees, is available at Cynny’s head office.

Cynny has also appointed a Data Protection Officer, who may be reached at the email address [email protected].