Skip to main content

Privacy Policy

Last updated: April 2026

1. Controller

Ninety Labs UG (haftungsbeschränkt)
Am Hafensteig 7
23730 Neustadt in Holstein
Germany

Email: privacy@eyvo.health
Website: https://eyvo.health

2. Overview

We only process personal data as necessary to provide our website and services. We do not sell your data.

By creating an account, you consent to the processing of your personal data as described in this Privacy Policy. By using the face scan feature, you explicitly consent to the processing of your facial photographs and the generation of biometric face embeddings for identity verification (Art. 9(2)(a) GDPR). By connecting Apple Health, you explicitly consent to the processing of your health data. By enabling Location & Weather, you consent to the one-time use of your device location to fetch local weather data. By enabling Photo Processing, you consent to the storage of your scan photos for analysis algorithm improvement.

Types of data processed:

  • Contact data (email address)
  • Account data (name, password hash)
  • Face scan data (photographs)
  • Health data (if you connect Apple Health)
  • Weather data (if you enable Location & Weather)
  • AI-generated insights (derived from aggregated, anonymized data)
  • AI chat conversations (with Clara, your AI skin companion)
  • Usage data (app interactions)
  • Technical data (IP address, device type)

3. Legal Basis

We process your data based on:

  • Art. 6(1)(a) GDPR: Your consent (for face scans, health data sync, location & weather, photo processing for analysis improvement)
  • Art. 9(2)(a) GDPR: Your explicit consent (for biometric data used in identity verification)
  • Art. 6(1)(b) GDPR: Contract performance (for providing the service)
  • Art. 6(1)(f) GDPR: Legitimate interest (for technical operation and security)

4. Face Scan Data

When you use the face scan feature, we collect and process facial photographs. We process two distinct types of face data:

4.1 Face Analysis (Skin Biomarkers)

We analyze your facial photographs to calculate appearance-based biomarker scores (such as skin texture, redness, dark circles, and puffiness). These scores measure visible skin indicators and they do not uniquely identify you.

Storage: Images are stored on our EU-based S3 storage (Hetzner, Germany). Biomarker scores are stored in our EU-based database. You can control how long your scan photos are stored via the Photo Retention setting in the app (options: Immediately, 24 Hours, 7 Days, 30 Days, or Never). Biomarker scores always remain regardless of this setting.

Purpose: To track changes in facial biomarkers over time and correlate them with your lifestyle data.

Legal basis: Art. 6(1)(a) GDPR (your explicit consent)

4.2 Face Identity Verification (Biometric Data)

To enforce our one-account-per-person policy, we generate a mathematical representation (embedding) of your face. This embedding is biometric data as defined by Art. 4(14) GDPR because it can uniquely identify you.

Where the embedding is generated: A first embedding is computed on your device. A second, more robust embedding is generated on our EU servers (Hetzner, Frankfurt) from the scan photo you send us with every scan. Both values are used exclusively for identity verification and are subject to the same protections as all biometric data.

What we store: A numerical vector (face embedding) derived from your facial geometry. This is not a photograph and it cannot be reverse-engineered into an image of your face.

Purpose: To verify that each account belongs to one person and prevent misuse. We do not use face embeddings for surveillance, advertising, or any purpose other than account security.

Legal basis: Art. 9(2)(a) GDPR (your explicit consent to process biometric data for identity verification)

Consent record: When you first tap "Open Camera," the timestamp of your explicit consent is recorded in our database.

4.3 Proportionality & Necessity

We have assessed the proportionality of using face embeddings for identity verification as part of our Data Protection Impact Assessment (DPIA). Face embeddings are necessary because alternative methods (such as email-only verification) are insufficient to prevent multi-account abuse in a health tracking context where data integrity per person is critical. The embedding is a one-way numerical vector that cannot reconstruct the original image. We apply the principle of data minimization by storing only the embedding, not the source image used to generate it, for identity verification purposes.

4.4 Retention & Deletion

Biomarker scores and face embeddings are retained as long as your account is active. Scan photos are subject to your chosen Photo Retention setting: you can choose to have photos deleted immediately after closing scan results, after 24 hours, 7 days, 30 days, or never (kept until account deletion). The default is "Never." When photos are deleted, the Face Zone Map for that scan will also no longer be available. When you delete your account, all facial data is permanently and irreversibly deleted from our servers, including S3 storage.

Inactivity policy: If your account is inactive for more than 36 months (no logins, no scans), we will notify you via email. If you do not respond within 30 days, your account and all associated data, including face embeddings, will be permanently deleted.

4.5 Sharing

We do not share facial data with third parties. All analysis and identity verification is performed on our own EU-based infrastructure. Face embeddings are never transmitted to external services.

4.6 Passive Photo Collection for Analysis Improvement

You may voluntarily consent to having your scan photos stored and processed to improve our analysis algorithms. This consent is entirely optional and does not affect your use of the app or the quality of your personal results.

What is stored: A copy of your scan photo is stored in a separate, protected storage area on our EU-based servers (Hetzner, Germany). This copy is independent of your Photo Retention setting.

Purpose: The photos are used to calibrate and improve our skin analysis algorithms, e.g. to refine biomarker detection (skin texture, redness, dark circles), to improve quality assessment under different lighting conditions, and to validate new analysis methods.

Legal basis: Art. 6(1)(a) GDPR (your explicit, separate consent)

Retention: Photos are stored until you revoke your consent or delete your account, whichever comes first.

Control: You can revoke this consent at any time in your Profile settings under "Photo Processing". Upon revocation, all stored copies of your photos are immediately and permanently deleted.

Sharing: Photos stored for analysis improvement are never shared publicly or with third parties.

4.7 Feedback Photos for Algorithm Correction

If, after a scan, you indicate that the calculated scores do not match how your skin actually feels, you may consent on a per-scan basis, and explicitly separate from Section 4.6, to keep that single photo together with the underlying raw measurements for the purpose of improving the analysis. This consent applies only to the specific scan, is opt-in by default disabled, and is granted only after your active confirmation.

What is stored: The photo of the specific scan (in a separate path from 4.6) and a sidecar file with the raw measurement values at that point in time, the biomarker scores, the algorithm version, the items you marked as "doesn't match", and your optional free-text comment. Both are stored on our EU servers (Hetzner, Germany) in a dedicated storage area.

Purpose: Correction records are used exclusively to recalibrate thresholds of individual biomarker detectors and to identify systematic gaps between score and skin perception. There is no sharing with third parties and no automated individual decision-making.

Legal basis: Art. 6(1)(a) GDPR (your explicit, scan-specific consent), separate from the consent under Section 4.6.

Retention: Until you revoke consent or delete your account.

Control: In Profile settings under "ML Training & Feedback" you can delete all retained feedback photos at any time in one action. Revocation takes effect immediately.

Sharing: Feedback photos are never shared publicly or with third parties.

5. Health Data (Apple Health)

If you choose to connect Apple Health, we may access:

  • Sleep duration
  • Step count
  • Heart rate
  • Other health metrics you choose to share

Processing: Health data is synced to our EU servers only with your explicit permission.

Purpose: To correlate lifestyle factors with your face scan results and provide personalized insights.

Legal basis: Art. 6(1)(a) GDPR (your explicit consent)

Control: You can disconnect Apple Health at any time in the app settings. Upon disconnection, we stop syncing new health data.

Deletion: Health data is deleted when you delete your account.

5.5 Location & Weather Data

If you choose to enable the Location & Weather feature, EYVO requests access to your device location ("When In Use" only) to fetch local weather conditions from the Open-Meteo API, a free, open-source weather service.

What we collect

  • Temperature, humidity, and UV index for your location (once per day)
  • A general weather description (e.g. "Sunny", "Cloudy")

What we do NOT collect

  • Your GPS coordinates are never stored on our servers
  • Your location is never shared with third parties
  • We do not track your movements or location history

How it works: Your device fetches weather data directly from the Open-Meteo API using your current coordinates. Only the resulting weather values (temperature, humidity, UV index) are sent to our servers and stored alongside your health data. Your coordinates are discarded immediately after the weather lookup.

Purpose: To correlate environmental factors (temperature, humidity, UV exposure) with your skin health over time.

Legal basis: Art. 6(1)(a) GDPR (your explicit consent)

Control: You can disable Location & Weather at any time in Profile settings. Weather data already stored will remain until you delete your account.

Third-party service: Open-Meteo (https://open-meteo.com) is a free, open-source weather API. It receives your coordinates for the weather lookup but does not store them or link them to your identity. Open-Meteo operates servers in the EU.

6. Subscriptions & Payments

Payments are processed directly by Apple through StoreKit. We do not receive or store your payment information (credit card numbers, bank details).

We only receive from Apple:

  • Subscription status (active/expired/trial)
  • Product identifier purchased
  • Expiration date
  • Transaction identifiers

Legal basis: Art. 6(1)(b) GDPR (contract performance)

For payment-related inquiries, please contact Apple directly or manage your subscription in your device's App Store settings.

7. Age Requirement

EYVO is intended for users aged 16 and older. We do not knowingly collect personal data from users under 16 years of age. If you believe a child under 16 has provided us with personal data, please contact us at privacy@eyvo.health.

8. Hosting

Our services are hosted by:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany

All data processing occurs within the European Union. Hetzner does not transfer data outside the EU.

More information: https://www.hetzner.com/legal/privacy-policy

9. DNS & CDN

Our domain DNS and content delivery is managed by:

BunnyWay d.o.o. (bunny.net)
Dunajska cesta 165
1000 Ljubljana
Slovenia

bunny.net is an EU-based company fully committed to GDPR compliance. IP Anonymization is enabled by default. All logs are stored within the EU.

More information: https://bunny.net/privacy/

10. Email Service

For sending emails (account verification, notifications), we use:

Lettermint B.V.
Netherlands

Lettermint is a fully EU-based email service. All servers are located in the Netherlands. No data is transferred outside the European Union.

Data processed: Email address, signup timestamp, open rates (anonymized).

Legal basis: Art. 6(1)(a) GDPR (your consent) and Art. 6(1)(b) GDPR (service delivery)

More information: https://lettermint.co/legal/privacy

11. Analytics (TelemetryDeck)

We use TelemetryDeck for privacy-friendly product analytics to understand how users interact with the App and improve the experience.

TelemetryDeck GmbH
Von-der-Tann-Str. 54
86159 Augsburg, Germany

TelemetryDeck is a German company that processes all data within Germany. No personal data is collected or transferred. User identifiers are double-hashed before transmission, making re-identification impossible.

11.1 What TelemetryDeck collects

  • Anonymous usage events (e.g. "scan completed", "journal saved", "screen viewed")
  • Device type and operating system
  • Uncaught exceptions for error tracking (error type and message only)

11.2 What TelemetryDeck does NOT receive

  • Facial photographs or scan images
  • Health data from Apple Health
  • Journal entries or personal notes
  • Biomarker scores or EYVO Score values
  • Your email address, name, or any personal identifiers
  • Your subscription tier or account details

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in improving the service)

More information: https://telemetrydeck.com/privacy

11.3 Website Analytics (Umami)

For our website (eyvo.health) and user dashboard, we use Umami, a privacy-friendly, open-source web analytics solution.

Self-hosted: Umami runs on our own infrastructure at Hetzner in Germany. No data is transmitted to third parties.

What Umami collects

  • Page views and visited URLs
  • Referral sources (referrer)
  • Browser type and operating system
  • Device type (desktop, mobile, tablet)
  • Country (derived from IP address, the IP itself is not stored)

What Umami does NOT collect

  • Cookies or device-specific identifiers
  • IP addresses (not stored or shared)
  • Personal data, names, or email addresses
  • Cross-site tracking or fingerprinting

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in improving our website)

Umami is cookie-free and GDPR-compliant without a consent banner. More information: https://umami.is/privacy

12. AI-Generated Insights

EYVO uses artificial intelligence to generate personalized health insights based on your scan and lifestyle data.

12.1 AI Service Provider

We use Mistral AI for text generation:

Mistral AI SAS
15 rue des Halles
75001 Paris
France

Mistral AI is an EU-based company. All data processing occurs within the European Union.

More information: https://mistral.ai/terms/#privacy-policy

12.2 What We Send to the AI Service

We only send aggregated, anonymized numerical data:

  • Numerical biomarker scores (e.g., texture: 75/100, redness: 60/100)
  • Overall EYVO Score (0 to 100)
  • Trend directions (improving, stable, declining)
  • Aggregate activity statistics (e.g., "5 scans this week", "3 active days")
  • Lifestyle factor names used in correlations (e.g., "sleep_hours", "caffeine_cups"), not your individual measurements
  • Statistical correlation values (direction, strength, confidence level)

12.3 What We Never Send to the AI Service

  • Your name, email, or any personally identifiable information
  • Your user ID or account identifiers
  • Facial photographs or face embeddings
  • Your IP address, location, or device data
  • Raw health data from Apple Health
  • Journal entries or personal notes

12.4 Purpose

To generate personalized text summaries, weekly reviews, and lifestyle recommendations based on your aggregated health data.

Legal basis: Art. 6(1)(b) GDPR (contract performance, providing the subscribed service)

12.5 AI Chat (Clara)

EYVO includes Clara, your AI skin companion for skin-related questions. Clara uses the same Mistral AI service described above.

What we store

  • Your chat messages and Clara's responses
  • Session metadata (your data stage, anonymized context snapshot)

Purpose

Chat data is stored to analyze and improve Clara's response quality, for example, to identify frequently asked questions, detect poor answers, and improve the AI system prompt.

Consent

Chat analytics are only stored when you have explicitly enabled Personalized Insights in the app. Disabling Personalized Insights stops all chat functionality and data collection.

Retention

Chat data is automatically deleted after 90 days. If you delete your account, all chat data is permanently deleted immediately.

What we never store from chats

  • Your name, email, or personal identifiers in chat logs
  • Chat data from users who have not enabled Personalized Insights

12.6 Important Note

AI-generated insights are for informational purposes only. They do not constitute medical advice, diagnoses, or treatment recommendations. The AI is explicitly instructed to never make medical diagnoses or recommend medications.

13. Push Notifications

If you enable push notifications, we use Apple Push Notification Service (APNs) to deliver reminders and updates. We store a device token to send notifications. You can disable notifications at any time in your device settings.

14. Server Logs and Backups

When you use our services, our servers automatically collect:

  • IP address (anonymized after 7 days)
  • Date and time of access
  • Endpoints accessed
  • Device type and operating system

This data is used solely for technical operation, security, and debugging. It is not combined with other data sources.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation)

Retention of server logs: 7 days, then deleted or anonymized.

Retention of application logs (Vector): 30 days, then automatically rotated and overwritten.

Backups: Encrypted database backups are stored on EU servers (Hetzner, Germany) and rotated (overwritten) after 35 days. In the event of account deletion, personal data is removed from active systems immediately; in backups it becomes inaccessible through the rotation within 35 days. Pursuant to Art. 17(3)(b) GDPR, restoration of such data for reuse is excluded.

15. Cookies

We do not use marketing cookies or advertising cookies.

We may use technically necessary session cookies for authentication. These do not store personal data beyond your session and are deleted when you log out or close the app.

TelemetryDeck is cookieless and does not store any device identifier or tracking cookie. Umami (our website analytics) is also fully cookie-free.

16. Third-Party Services

We do not use:

  • Google Analytics
  • Facebook Pixel
  • Any advertising or retargeting services

We use TelemetryDeck (German company, Augsburg) for anonymous product analytics as described in Section 11. TelemetryDeck uses double-hashed identifiers and collects no personal data.

17. Sub-Processors

We use the following sub-processors to provide our services. We have concluded data processing agreements (Auftragsverarbeitungsverträge / AVVs) with each sub-processor in accordance with Art. 28 GDPR:

  • Hetzner Online GmbH (Germany): Server hosting, S3 storage, database hosting
  • Mistral AI SAS (France): AI text generation for insights and Clara chat
  • BunnyWay d.o.o. / bunny.net (Slovenia): DNS management and CDN
  • Lettermint B.V. (Netherlands): Transactional email delivery
  • Soverin B.V. (Netherlands): Email hosting for @eyvo.health mailboxes. Processes email metadata (sender, recipient, subject, timestamps) and email content for company email accounts including privacy@eyvo.health, which is the contact point for GDPR data subject requests. Data processing agreement is integrated into Soverin's Privacy Statement per Art. 28 AVG. All data stored in the Netherlands (EU).
  • Zeeg GmbH (Germany): Appointment scheduling for external meetings. Processes name, email address, and optionally phone number of persons booking appointments via EYVO's scheduling links. Sub-processors: Open Telekom Cloud (Germany/Netherlands) for hosting, Brevo/Sendinblue GmbH (Berlin, Germany) for booking confirmation emails. Data processing agreement (AVV) concluded per Art. 28 DSGVO. All data processed in the EU.
  • TelemetryDeck GmbH (Germany): Anonymous product analytics
  • Open-Meteo (EU): Weather API. The user's device calls Open-Meteo directly with current coordinates. Open-Meteo does not store the coordinates. No personally identifiable data is transmitted or retained; a data processing agreement under Art. 28 GDPR is therefore not required.
  • Apple Inc. (USA, covered by EU-US Data Privacy Framework): Payment processing via StoreKit, Push Notifications via APNs

All sub-processors except Apple are headquartered in the European Union. Apple processes only subscription metadata and device tokens. No health data, facial data, or personal content is shared with Apple beyond what is required for payment and notification delivery.

A current list of sub-processors is available upon request at privacy@eyvo.health.

18. International Data Transfers

We have designed EYVO with an EU-only data processing chain. All personal data, health data, and biometric data is processed and stored exclusively within the European Union.

No facial photographs, face embeddings, health data, or journal entries are transferred to countries outside the EU/EEA. The only exception is minimal metadata exchanged with Apple for subscription management and push notifications, which is covered by Apple's EU data processing commitments.

19. Data Protection Impact Assessment

Due to the processing of biometric data (face embeddings) and health data, we have conducted a Data Protection Impact Assessment (DPIA) in accordance with Art. 35 GDPR. The DPIA evaluates the necessity, proportionality, and risks of our data processing activities. Key findings:

  • Face embeddings are necessary for account integrity and cannot be replaced by less invasive methods in our specific use case
  • All biometric processing occurs on EU-based infrastructure with no third-party access
  • Users provide explicit, informed, granular consent before any biometric data is generated
  • Technical safeguards (encryption at rest, TLS in transit, access controls) mitigate residual risks
  • Automatic deletion after 36 months of inactivity limits data retention to what is necessary

The DPIA is reviewed annually or whenever significant changes are made to data processing activities. A summary is available upon request at privacy@eyvo.health.

20. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the competent supervisory authority (ULD Schleswig-Holstein) within 72 hours of becoming aware of the breach, in accordance with Art. 33 GDPR
  • Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms, in accordance with Art. 34 GDPR
  • Document the breach, its effects, and the remedial actions taken

Given that EYVO processes biometric and health data, we apply heightened breach detection and response procedures. Any unauthorized access to facial data or health data is treated as a high-risk breach requiring user notification.

21. Data Retention Summary

We retain your data only as long as necessary for the purposes described in this policy:

  • Account data: Until account deletion
  • Face photographs: Per your Photo Retention setting (Immediately, 24 Hours, 7 Days, 30 Days, or until account deletion)
  • Photos for analysis improvement: Until revocation of Photo Processing consent or account deletion
  • Biomarker scores: Until account deletion
  • Face embeddings: Until account deletion or 36 months of inactivity (whichever comes first)
  • Health data (Apple Health): Until account deletion or Apple Health disconnection
  • Weather data: Until account deletion
  • AI chat conversations: 90 days, then automatically deleted
  • Server logs: 7 days, then deleted or anonymized
  • Subscription metadata: Until account deletion

Upon account deletion, all personal data is permanently and irreversibly removed from all systems, including backups, within 30 days.

22. Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of your data (Art. 15)
  • Rectification: Correct inaccurate data (Art. 16)
  • Erasure: Request deletion of your data (Art. 17)
  • Restriction: Limit how we process your data (Art. 18)
  • Portability: Receive your data in a portable format (Art. 20)
  • Objection: Object to processing (Art. 21)
  • Withdraw consent: At any time, without affecting prior processing (Art. 7(3))

To exercise your rights, contact us at: privacy@eyvo.health

We will respond within 30 days. If we need more time (up to 60 additional days for complex requests), we will inform you within the initial 30-day period with an explanation of the delay.

23. Account Deletion

You can delete your account at any time in the app settings. When you delete your account:

  • All facial images are permanently deleted from S3 storage
  • All face embeddings are permanently deleted
  • All health data is permanently deleted
  • All journal entries are permanently deleted
  • All AI chat conversations are permanently deleted
  • All personal data is permanently deleted
  • Your email is removed from our systems and email service provider

This process is irreversible and completes within 30 days across all systems including backups. Some anonymized, aggregated statistical data (e.g., total scan counts) may be retained as it cannot be linked back to you.

24. Data Security

We implement comprehensive technical and organizational measures to protect your data:

24.1 Encryption

  • In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 (HTTPS). Internal service-to-service communication runs over isolated private networks.
  • Authentication Tokens: Refresh tokens are stored in your device's secure enclave (iOS Keychain / Android Keystore), protected by hardware-level encryption.
  • Passwords: User passwords are hashed using industry-standard adaptive hashing algorithms. We never store plaintext passwords.
  • API Keys: All service-to-service API keys are stored as cryptographic hashes. Raw keys are never logged or persisted.

24.2 Access Control

  • User Data Isolation: Every database query includes your authenticated user ID. Users can only access their own data. Requesting another user's data returns "not found," preventing even the existence of other records from being confirmed.
  • Image Access: Face scan images are stored in private cloud storage in Germany. Images are never publicly accessible. Access requires a cryptographically signed, short-lived URL that can only be generated by our authenticated backend.
  • Database Isolation: Our database is not accessible from the public internet. It runs on a private network accessible only to our application servers.
  • Server Access: Administrative server access requires SSH key authentication. Password-based login is disabled.

24.3 Biometric Security

  • Liveness Detection: Every face scan verifies that a real, live person is in front of the camera, not a photograph, video, or mask.
  • Anti-Spoofing: Machine learning models detect manipulation attempts in real-time during every scan frame.
  • Identity Enforcement: One face per account, one account per person. Face embeddings cannot be used across different accounts.
  • Security Thresholds: Scans that fail liveness or anti-spoofing checks are automatically blocked before any data is processed.

24.4 Monitoring & Audit

  • All administrative actions are recorded in an immutable audit log (who, what, when, IP address).
  • Role-based access controls limit what each administrator can see and do.
  • Multi-layer rate limiting protects against brute-force attacks on all endpoints.
  • Regular security updates and dependency audits are performed on all services.

24.5 Data Deletion

  • When you delete your account, all associated data is permanently and irreversibly removed, including scan images, face embeddings, health records, journal entries, and analysis history. No residual data is retained in backups or logs.

24.6 Data Residency

  • All servers are located in Germany.
  • AI text generation is processed in France.
  • No personal data, health data, or biometric data ever leaves the European Union.

25. Data Protection Officer

Ninety Labs UG (haftungsbeschränkt) is not obliged to appoint a Data Protection Officer under § 38 BDSG in conjunction with Art. 37 GDPR, because fewer than 20 persons are continuously engaged in automated processing of personal data, and our core activities do not consist of large-scale, regular, and systematic monitoring of data subjects or large-scale processing of special categories of data within the meaning of Art. 9 GDPR that would mandate such appointment. A Data Protection Impact Assessment (Art. 35 GDPR) has been carried out for the processing of biometric data.

For any data-protection-related matters, please contact us at privacy@eyvo.health.

26. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority.

For Germany:
Der Landesbeauftragte für Datenschutz Schleswig-Holstein (ULD)
https://www.datenschutzzentrum.de

List of EU authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en

27. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. The "Last updated" date at the top indicates the most recent revision. We will notify you of significant changes via email or in-app notification. If changes affect the processing of biometric or health data, we will request renewed consent where required by law.

28. Contact

For any privacy-related questions or requests:

Email: privacy@eyvo.health

This privacy policy was created in accordance with the EU General Data Protection Regulation (GDPR).