With this privacy notice, we, Mirror Labs GmbH, inform you about the data processing on our website www.sugar.health ("website") and your rights under data protection law.
1. Name and address of the controller
The controller within the meaning of Art. 4 No. 7 GDPR for the website and the associated data processing is
MirrorLabs GmbH
Fürstenstrasse 11
80331 Munich
E-mail address: sweet@sugar.health
2. Data protection officer
You can reach our data protection officer via the following contact:
E-mail address: email@iitr.de
3. Provision of the website
3.1 Description and scope of data processing
Each time you visit our website, our system, i.e. the web server, automatically collects information from your computer or end device.
We collect the following data:
- Internet Protocol (IP) addresses
- Date/time a webpage or feature is accessed
- User agent string that identifies the browser or operating system to the server
- Installed fonts
- Mime-typesbrowser language and time zone
- Silverlight data
- Installed plugins
- HTTP headers
- Screen resolution
If you so request, we will pass on your data to cooperating laboratories, doctors or nutritionists of your choice so that you can make use of various services that supplement the functions of the Sugar App (e.g. blood sampling, recommendations for improving your health or health-related behaviour, etc.). Depending on the type of service, we receive data back from the cooperation partners, which is displayed to you in the Sugar App (e.g. the presentation of blood parameters collected by a clinical laboratory).
3.2 Purpose of data processing
The collection and further processing of your IP address by our system is necessary to enable you to use our website.
3.3 Legal basis for data processing
The legal basis for the processing of this data is Art. 6 (1) (f) GDPR (balancing of interests). Our legitimate interest is the provision of a functional website.
3.4 Duration of storage
We delete the data as soon as the respective use of our website has ended.
3.5 Recipient of the data
We use the external service provider Webflow Inc, 398 11th Street, 2nd Floor San Francisco, CA 94103 to operate the website. This service transfers personal data to the USA. The EU Commission has decided that the USA offers an adequate level of data protection (EU-U.S. Data Privacy Framework), under which this service is certified. Further information can be found here: https://webflow.com/legal/eu-privacy-policy
4. Entry in the waiting list
4.1 Description and scope of data processing
You can use the registration form on our website to add your e-mail address to a waiting list. We will send you an e-mail to this e-mail address as soon as you can use our products.
4.2 Legal basis for data processing
The legal basis for the processing of your e-mail address in connection with the waiting list is Art. 6 (1) (f) GDPR (balancing of interests). Our legitimate interest lies in the exchange of information about the time of usability of our products.
4.3 Purpose of data processing
We process your e-mail address only for the purpose of informing you when our products are available for use.
4.4 Duration of storage
We store your e-mail address for the purpose of the waiting list until we have informed you about the usability of our products. If you are placed on the waiting list but do not confirm the confirmation e-mail that we send you following your registration, we will delete your e-mail address after 52 weeks.
5. Consent management platform
5.1 Description and scope of data processing
We use the Consent Management Platform ("CMP") Cookiebot, from Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany (Usercentrics). To provide the service, certain customer (settings and login data) and user data (Consent ID, Consent number, time of Consent, type of consent (implicit or explicit), opt-in or opt-out, banner language, customer setting, customer setting version, template and template version) and device data (HTTP agent, HTTP referrer and the device ID) are collected from you.
5.2 Legal basis for data processing
The legal basis for the use of the CMP is our legitimate interest in obtaining legally effective consent in accordance with Art. 6 (1) (f) GDPR.
5.3 Purpose of data processing
We process the data for the purpose of obtaining and managing the legally required (data protection) consent of website users for data processing.
5.4 Duration of storage
Your personal data will be deleted on a regular basis after 12 months.
6. Cookies and website analysis
6.1 Cookies
Our website uses cookies or similar technologies. Cookies are small text files that are stored on your end device and saved by your browser. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases or exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functions of our website may be restricted.Cookies that are required to provide certain functions that you wish to use are stored on the basis of Art. 6 (1) (f) GDPR and our legitimate interest in ensuring the technically error-free and optimized provision of our website. We also use cookies for analysis purposes (e.g. cookies to analyze your surfing behavior), see below. You can find more information on this below and in our cookie settings.
6.2 Website analysis with Google Analytics
Our website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).
To use Google Analytics, cookies are set in your browser and information (e.g. data from the cookies set, device or browser data, IP address and your website activities) is collected. This data is transmitted to Google and processed there. Google uses this data to create statistical evaluations of the use of our website by our users and provides us with these evaluations in aggregated form. It is not possible for us to identify individual users within the scope of these statistical evaluations.
This service transfers personal data to the USA. The EU Commission has decided that the USA offers an adequate level of data protection (EU-U.S. Data Privacy Framework), under which this service is certified. Further information can be found here: https://business.safety.google/intl/en/adsdatatransfers/.
The storage of Google Analytics cookies and the use of this analysis tool is based on your consent in accordance with Art. 6 (1) (a) GDPR. Once you have given your consent, you can revoke it at any time without affecting the legality of the cookies used and data processing carried out on the basis of the consent until revocation.
The collection of data by cookies and the processing of this data by Google Analytics can also be prevented by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. The personal data processed by Google Analytics is deleted or anonymized as soon as the data is no longer required for statistical analysis. In particular, user and event data will be deleted or anonymized in Google Analytics after a storage period of 14 months at the latest.
6.3 Microsoft Clarity
Our website uses functions of the web analysis service Microsoft Clarity. The provider of this service is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.To use Microsoft Clarity, cookies are set in your browser and information (e.g. data from the cookies set, device or browser data, IP address and your website activities) is collected. This data is transferred to Microsoft and processed there. Microsoft uses this data to carry out statistical evaluations about the use of our website (e.g. about the access behavior of the content on our website or general surfing behavior on our website) by our users and provides us with these evaluations in aggregated form. It is not possible for us to identify individual users identify individual users within the scope of these statistical evaluations.
This service transfers personal data to the USA. The EU Commission has decided that the USA offers an adequate level of data protection (EU-U.S. Data Privacy Framework), under which this service is certified. Further information can be found here: https://privacy.microsoft.com/en-gb/privacystatement.
The storage of Clarity cookies and the use of this analysis tool is based on your consent in accordance with Art. 6 (1) (a) GDPR. Once you have given your consent, you can revoke it at any time without affecting the legality of the cookies used and data processing carried out on the basis of the consent until revocation.
The personal data processed with Microsoft Clarity is deleted or anonymized as soon as the data is no longer required for statistical evaluations. Recording data is deleted after 30 days. Headmap data is deleted or anonymized at the latest after a storage period of 13 months in Microsoft Clarity or anonymized.
7. Applikation
7.1 Description and scope of data processing
In the "Hiring (Join Us)" section of our website, you have the opportunity to apply for open vacancies or send us an unsolicited application.
We collect the following personal data from you for this purpose:
- Title, name, address,
- E-mail address,
- Other personal data that you send us by submitting your application documents (e.g. cover letter, CV, references).
7.2 Legal basis for data processing
The legal basis for the processing of your personal data as part of the application process is Art. 6 (1) (b) GDPR.
7.3 Purpose of data processing
We process your personal data exclusively in order to be able to make a decision on the establishment of an employment relationship with you. Your data will only be forwarded internally to those contacts who will decide whether to fill the position you have applied for. If you have submitted an unsolicited application, we will use your data to compare all vacancies at the time of application that match your requirements or stated wishes.
7.4 Duration of storage
We store your data for 6 months after completion of the application process. After this retention period has expired, your data will be deleted immediately in the event that no employment relationship is established with you.
8. Your rights
- You have the following rights vis-à-vis us as the controller:You have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR) and the right to restriction of processing of your personal data (Art. 18 GDPR). You are also entitled to exercise your right to data portability (Art. 20 GDPR).
- In accordance with Art. 21 GDPR, you have the right to object at any time to the processing of your personal data in accordance with Art. 6 (1) (e) or (f) GDPR.
- If you have given us your consent, you can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
8.1 Necessity of the provision of personal data
The provision of your personal data is neither legally nor contractually required and you are not obliged to provide us with personal data. However, we cannot conclude any contracts with you without the provision of personal data.
8.2 Automated decision making
We do not process your data in the context of automated decision-making.
8.3 Note on complaints to a supervisory authority
You have the right to lodge a complaint with the competent data protection supervisory authority if you are of the opinion that the processing of your personal data by us violates the GDPR.
9. Updating this data protection notice
We update this data protection notice from time to time if legal, technical or business developments give rise to this.
The last update took place on 07.03.2024.