Privacy Policy

Privacy Policy



  1. Responsibility
  2. Purpose and lawfulness
  3. Recipients
  4. Storage limitation
  5. Protection of the rights of data subjects
  6. Confidentiality
  7. Data security
  8. Website


The protection of personal data with respect to data processing is important to medaia GmbH, Reininghausstraße 13a, 8020 Graz, as the data controller. Consequently, when using personal data, medaia GmbH complies with all the provisions of the General Data Protection Regulation (GDPR) and the Data Protection Act (DSG) and strives for the best possible transparency.

medaia GmbH processes personal data in accordance with the principles of lawfulness, good faith, transparency, accuracy, purpose limitation, data minimization and storage limitation.


The data protection officer is Mr. Marko Drndarevic.

Questions can be sent to the following address: Marko Drndarevic, medaia GmbH, Reininghausstraße 13a, 8020 Graz,


medaia GmbH processes personal data exclusively in the context of the use of its SkinScreener app and the homepage. The following legal justifications are considered:

2.1. Performance of a contract pursuant to Art. 6(1) point (b) GDPR

The processing of personal data is required for authentication in the app in the context of fulfilling contractual obligations.

The purposes of processing:

The processing activities are carried out for the purpose of enabling the use of the app in an authenticated manner and thus the correct allocation of the purchased scans or annual subscriptions. The data for authentication is provided by Google or Apple via their plug-in.

Categories of data:

Google ID

Apple ID

2.2. Legitimate interests pursuant to Art. 6(1) point (f) GDPR

The processing of personal data is necessary within the scope of the legitimate interests of medaia GmbH to answer customer feedback and enquiries.

Purposes of data processing:

The processing activities are carried out for the purpose of responding to customer feedback and providing targeted answers to enquiries within the scope of customer surveys.

Categories of data:

  • Google account/Apple account email address

You have the right to object to the processing of such data. In the event of an objection, we would like to point out that it is not possible to answer your questions within the framework of the customer surveys and customer feedback.

2.3. Processing of anonymized image data

All images taken with the SkinScreener app as well as the analyses and recommendations are stored on your device. If the app is deleted from the device, all recorded images are also deleted.

For testing and further development of the artificial intelligence of our app, anonymized analysed images with the risk assessment, information about the device type and operating system are transmitted via an encrypted connection to the data centre and stored and processed for research purposes and further development of the SkinScreener app. The images are anonymized and given an internal ID before transmission to our data centre and can no longer be traced to you.


Recipients of personal data are medaia GmbH employees who require this data to fulfil contractual obligations and to safeguard legitimate interests.

Your data are not transferred to third parties or processed outside of Austria.

Depending on the purpose of the processing, medaia GmbH will pass the data to processors commissioned by it, insofar as they need the data to fulfil the respective task. medaia GmbH pays attention to compliance with data protection regulations when selecting its processors and has entered into agreements with the processors which ensure that personal data are processed confidentially and carefully.

medaia GmbH uses the Raiffeisen Computing Centre Graz of Raiffeisenrechenzentrum GmbH for order processing. This processor has the appropriate ISO certifications and processes data exclusively in accordance with data protection regulations.


The personal data are stored for the period of the business relationship and beyond in accordance with the statutory retention periods. In this respect, MIAMI medical applications GmbH is subject to retention obligations pursuant to the following laws:

  • Austrian Business Code (UGB),
  • Federal Fiscal Code (BAO),
  • Austrian General Civil Law (ABGB),


You have a right to information, correction, erasure and restriction of the processing of personal data by medaia GmbH.

Complaints can be lodged with the Austrian Data Protection Authority (


All employees of medaia GmbH are subject to strict confidentiality with regard to information entrusted to or made known to them in the course of their work.


Data security is of great importance to us. medaia GmbH has taken all necessary technical and organizational measures to ensure the security of data processing and to process personal data in such a way that it is protected against access by unauthorized third parties. The IT infrastructure of medaia GmbH as well as of the processor complies with current security requirements and is checked regularly.


The website is operated by medaia GmbH as the data controller in terms of data protection. We use this notice to inform you about the personal data we process within the scope of this website. It is possible to use the website without providing personal data.

8.1. Visiting our website 

Legitimate interest pursuant to Art. 6(1) point (f) GDPR

medaia GmbH processes the data within the scope of its overriding legitimate interest pursuant to Art 6(1) point (f) GDPR to achieve the stated purposes, in particular to make the website available.

The purposes of processing:

The processing of your data serves the purpose of provision of the website as well as system security and improvement of the website and thus the public image of medaia GmbH.

Categories of data:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved data
  • Amount of data transmitted
  • Message whether the retrieval was successful
  • Identification data of the browser and operating system used
  • Website from which the access is made
  • Name of your Internet access provider

8.2. Cookies

Our website uses what are known as cookies. These are small text files that are stored on your end device with the help of the browser. They do no harm. We use cookies to make our offer user-friendly. Some cookies remain stored on your end device until you delete them. They enable us to recognize your browser the next time you visit us. If you do not want this, you can set up your browser so that it informs you about the setting of cookies and you can then allow this only in individual cases. If you disable cookies, the functionality of our website may be limited.

In addition to the cookies which are absolutely necessary for technical reasons, the website also uses analysis tools as well as marketing and social media plug-ins.

Analysis tools

Legitimate interest pursuant to Art. 6(1) point (f) GDPR

medaia GmbH processes the data within the scope of its overriding legitimate interest pursuant to Art 6(1) point (f) GDPR to achieve the stated purposes for improving the web presence. You can object to the use of the analysis tools using this link. In the event of an objection, we would like to point out that it is possible that not all functions and contents of the website will be usable to the fullest extent.

The purposes of processing:

The processing of your data serves web usage analysis purposes, in particular to compile reports on website activities and thus to be able to improve our web presence.

  • Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google Analytics uses cookies for this purpose which enable an analysis of your use of our website. The information generated by the cookie about your use of this website is transmitted to a Google server in the USA and stored.

We use Google Analytics with the extension “_anonymizeIp()”, so that the IP addresses transmitted to Google are only processed in truncated form in order to rule out any direct personal reference. Google will use this information for the purpose of evaluating your visit to the website, compiling reports on website activity for our website and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties if required by law to do so or if third parties process this data on behalf of Google. Under no circumstances will Google link your IP address to other Google data. You can prevent the installation of the cookie for Google Analytics by selecting the appropriate settings on your browser, however please note that if you do so you might not be able to use all of the functions of our website fully. It is possible to object to the collection and storage of data for Google Analytics at any time with effect for the future by means of a browser plug-in from Google ( You can find further information about Google Analytics here: (

Social media plug-ins

Consent pursuant to Art. 6(1) point (a) GDPR

This website only uses social media plug-ins, such as Facebook or Twitter, based upon your consent. You can revoke your consent to the use of the individual social media plug-ins at any time using this link. If you do not consent to the processing or revoke your consent, we point out that it might not be possible to use all functions and contents of the website to the fullest extent.

Purposes of processing:

The processing is done for the purpose of designing our social media presence and thus our public image within the framework of our website.

  • Facebook

This website uses social media plug-ins of the social network, which is operated by Facebook Inc. 1601 South California Avenue, Palo Alto, CA 94304, USA. After activating the plug-in, a direct connection is established between your browser and the Facebook server. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook “Like Button” while you are logged in to your Facebook account, you can link the contents of our pages on your Facebook profile. This allows Facebook to associate visits to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to the Facebook privacy policy at If you do not want Facebook to be able to associate visits to our pages with your Facebook user account, please log out of your Facebook user account.

  • Twitter

This website uses the Twitter feed and a follow plug-in of the network Twitter ( The feed is provided by Twitter Inc. 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. Additionally, a follow plug-in is used which is installed below the Twitter feed.  With the plug-in it is possible to follow us on Twitter. When you visit one of our websites that contains such a plug-in, your browser establishes a direct connection to the Twitter server. The content of the plug-in is transmitted from Twitter directly to your browser. We have no influence on the amount of data that Twitter collects. The user’s IP address and the URL of the respective website are transmitted to Twitter when the plug-in is clicked, but they are only used for the purpose of displaying the plug-in. Further information about the plug-in can be found here ( Information on data protection can be found in the Twitter privacy policy (

Interaction with social networks

We work together with various social networks. When you use this service, your browser is automatically connected to the relevant network. In doing so, it transmits your IP address and also other information, such as cookies, if you have visited the platform in question before.

We avoid, as far as possible, this type of data transfer until you actually interact with one of the platforms. By clicking on the relevant icon (e.g. the Facebook logo), you indicate that you are willing to communicate with the selected platform and for information about you, such as your IP address, to be sent to this social network.

8.3. Period of storage

We store your personal data for a period of 3 months. A longer storage period only takes place as far as this is necessary to investigate attacks on our website.