Privacy notice for Knuckle Down ID App

How we use your information

The primary aim of this research is to assess human variation of the dorsal knuckle crease and the impact of digital flexion on their appearance in digital images. The aim of Knuckle Down ID is the development of a large ground truth database of hand images with which we conduct this research.

If you choose to provide personal data in response to any of our questions, you should understand that we will hold and process that information in the dataset we generate from the survey responses.

We will retain the raw data from the submission responses (12 JPEG images, associated meta data, survey answers, consent and newsletter preferences) until the end of Academic Year 2031 on the LRCFS internal repository, when it will be deleted. We will retain our anonymous analysis and reporting.

If consent for the 12 JPEG images and survey answers to be made accessible to other researchers via controlled access is given, the associated meta data will be wiped and further anonymisation will be carried out with the removal of your unique identification number. After the 30.06.2022 we will retain the data within the controlled access database on the grounds of Article 17, S.3(d) of GDPR as changes to the controlled access dataset would make the work of researchers impossible or seriously impair the research process.

If you are interested in getting news and updates from the Knuckle Down ID Team regarding the research you can choose to receive a newsletter. The University of Dundee will require some of your personal data to provide this service to you. The information you provide will be used to enable the University to administer the sending of the newsletter. Each communication you receive will include instructions of how to stop receiving the newsletter, once you have made a request to withdraw your details and to stop receiving the newsletter the University will act upon your withdrawal request.

You are under no obligation to complete this project.

Personal data

The types of Personal Data that this Application collects, by itself or through third parties, are set out below.

By default, these permissions must be granted by the User before the respective information can be accessed. Once the permission has been given, it can be revoked by the User at any time. In order to revoke these permissions, Users may refer to the device settings or contact the Owner for support at the contact details provided in the present document.

The exact procedure for controlling app permissions may be dependent on the User’s device and software.

If User grants any of the permissions listed below, the respective Personal Data may be processed (i.e accessed to, modified or removed) by this Application.

1. Camera permission

Used for accessing the camera or capturing images and video from the device.

2. Managing contacts and sending messages

This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.

These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.

3. Contact with the User (Mailing list or newsletter)

By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Application.

Personal Data processed: email address.

4. Campaign Monitor (Campaign Monitor Pty Ltd)

Campaign Monitor is an email address management and message sending service provided by Campaign Monitor Pty Ltd. This service will be used if you choose to receive the newsletter.

Personal Data processed: email address.

For information on how this service secures your data please see: https://www.campaignmonitor.com/policies/#privacy-policy  

5. Google Play/ Apple Store

This Application is distributed on the Google Play Store, a platform for the distribution of mobile apps, provided by Google LLC or by Google Ireland Limited, depending on the location this Application is accessed from. This Application is also distributed through Apple’s App Store, a platform for the distribution of mobile apps, provided by Apple Inc.

By virtue of being distributed via the Play store app store, Google collects usage and diagnostics data and share aggregate information with the Owner. Much of this information is processed on an opt-in basis. Users may opt-out of these analytics features directly through their device settings. More information on how to manage analysis settings can be found on this page.

By virtue of being distributed via the Apple store, Apple collects basic analytics and provides reporting features that enable the Owner to view usage analytics data and measure the performance of this Application. Much of this information is processed on an opt-in basis. Users may opt-out of this analytics feature directly through their device settings. More information on how to manage analysis settings can be found on this page.

Google

Personal Data processed: Usage Data.

Place of processing: United States –Privacy Policy; Ireland – Privacy Policy.

Apple

Personal Data processed: Usage Data

Place of processing: United States – Privacy Policy.

6. Survey

You will be asked to complete a short survey. The personal data requested by this survey will be: your age and biological sex.

7. Device permissions for Personal Data access

This Application requests certain permissions from Users that allow it to access the User’s device Data as described below.

Personal Data processed: Camera permission.

8. Special categories of personal data

The special category data collected by the Application is biometric information contained with the images uploaded using the Application. 

Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application.

Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.

Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.

Any use of Cookies – or of other tracking tools – by this Application or by the owners of third-party services used by this Application serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy, if available.

Users are responsible for any third-party Personal Data obtained, published or shared through this Application and confirm that they have the third party’s consent to provide the Data to the Owner.

Methods of processing

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, legal, system administration) or external parties (such as third-party technical service providers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.

Data controller

The University of Dundee will be the data controller for the information you provide. Data will be processed using the University’s core business system Microsoft 365 and stored on a designated area on the UoD LRCFS server in addition to a secure area on OneDrive.

Lawful processing

The lawful grounds for processing the personal data within this form are:

• processing is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller.

The lawful grounds for processing the special category personal data within this form are:

• that processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

If you choose to provide personal data in response to our questions, it will be processed on the basis of your consent indicated within the Application. You can withdraw your consent at any time up until 30.06.2022 through the Application. After this date, data included in the controlled access database is further anonymised and your data will not be able to be withdrawn as it will no longer be personally identifiable.

To withdraw your consent to the processing of your personal data, select your preferences within the Application or email: Lilly Dan (l.a.dan@dundee.ac.uk) with the unique identification number provided after your submission.

Your rights

The University respects your rights and preferences in relation to you. If you wish to update, access, erase, or limit the use of your information please let us know through the Application Knuckle Down ID or though Lilly Dan: l.a.dan@dundee.ac.uk.

If you wish to complain about the University’s use of your information please contact the University’s Data Protection Officer in the first instance by emailing dataprotection@dundee.ac.uk. You may also wish to contact the Information Commissioner’s Office.