Back

Oculid and GDPR – a short guide

Discover how we protect your personal data whether you are a customer or test participant.

At Oculid, we take your data very seriously and are committed to implementing the principles of privacy and data protection according to GDPR. We make remote testing easy for our customers while making sure we protect the participants' data. 

Testing is easy

Companies use our platform for creating eye tracking tests, which are conducted via the Oculid app for smartphones with the consent of participants. The app uses an eye tracking method created by Oculid to record the eye movements of the participant when viewing test objects displayed in the app. We also aggregate evaluations from the data, which are displayed to the customers via the platform.

If you are a participant

If you join a test on Oculid’s app your identity is protected since we rely exclusively on demographic and aggregated data. This means we do not store any personal information such as name or email address but use a Tester ID instead to protect your privacy. 

We only start collecting data once you have downloaded our app, joined a test, and given your consent explicitly to every new test you are joining. If by the end of the test you decide not to send the data, you have the option to not upload the results and no data will be stored. When you upload the data, you can withdraw your consent at any moment by getting in contact with us. We will then proceed to delete all of your data. 

We only start recording your eyes’ movements when you allow and we stop immediately at the end of the test. You are informed through the app about when, how, and which data we collect. The data is used solely for research purposes and deleted according to GDPR.  

If you are a customer

At Oculid, we process personal data only following the applicable legal regulations, in particular, the General Data Protection Regulation (GDPR) as well as Germany’s Federal Data Protection Act (BDSG).

We act as data processors for our customers that create studies with us. A data processor is the one who processes personal data on behalf of the data controller. Processing means any action performed on data, such as collecting, recording, storing, and erasing. 

That means:

  • We are only allowed to process personal data as agreed upon with the customer.
  • We are only allowed to process extraneous data for extraneous purposes. Oculid is not allowed to use any personal participant data for other purposes or ways than agreed upon in the data processing agreement of the customer.


Our customers are the data controllers. A data controller is a person or organization who decides how and why personal data will be processed. 

That means:

  • The customer is responsible for the execution of the tests in compliance with data protection law.
  • The customer assumes the fulfilment of all data protection information obligations, in particular from Art 13 or 14 of GDPR, towards data subjects from his own sphere of responsibility, in particular employees, for processing of personal data by Oculid for the execution of the contract.
  • The customer must provide a legally compliant privacy notice and/or consent for the test subjects and to include this in the test.

To make GDPR compliance easier for our customers, our platform provides a template for privacy notice and in-app consent form. When creating a test, you can simply use the templates designed together with Oculid’s data privacy officer and consult with your legal department and/or data protection officer (DPO) to make any necessary adjustments. 

If you have any more queries about Oculid's data protection policies, you can access our GDPR blog article, or get in touch with us. We are more than happy to ensure you have a smooth journey creating and joining an Oculid test.

Product

April 7, 2022