Privacy policy for apps

Some of our mobile applications (in particular AR apps, 3D viewer apps, museum apps and visualization apps, e.g. developed with Unity) use camera and face-tracking functions – where functionally required – to display interactive content in real time (e.g. augmented reality, spatial overlays, object-sensitive visualization or tracking of reference points).

Processing takes place exclusively locally on the user’s device (on-device processing).

No storage or processing of biometric data

We explicitly state:

No face-tracking data is stored.

No camera captures, images or videos are stored.

No biometric profiles or templates are created.

No identification of natural persons is performed.

No server-side processing takes place.

No transmission to our servers or to third parties takes place.

No profiling or user tracking takes place.

No merging with other data sources takes place.

All information processed in the context of face tracking or camera use is processed exclusively transiently in the device’s working memory and is automatically deleted immediately after the respective function ends.

Technical implementation (Unity, ARKit, ARCore, system frameworks)

Depending on the device and operating system, our apps may access the following system technologies:

Unity (including AR Foundation)

Apple ARKit (iOS/iPadOS)

Google ARCore (Android)

Native camera and sensor interfaces of the operating system

These frameworks process camera and tracking data exclusively locally on the device.
We do not obtain access to the operating system’s biometric raw data and we do not store or export any facial or sensor data.

Any evaluation takes place exclusively to provide the technical function in real time (e.g. positioning 3D models in space or interactive AR display).

Data protection classification under the GDPR

To the extent that, in the context of purely local, transient technical processing, a personal reference could be assumed at all, the processing is carried out exclusively on the following legal basis:

Art. 6(1)(b) GDPR (performance of a contract), insofar as the AR or tracking function is an integral part of the app, or

Art. 6(1)(a) GDPR (consent), insofar as use is activated optionally (e.g. camera/AR function)

No processing of special categories of personal data within the meaning of Art. 9 GDPR (in particular biometric data for the purpose of uniquely identifying a natural person) takes place because:

no identification is performed,

no biometric reference data is stored,

no permanent processing takes place, and

there is no purpose of identification.

Camera permission and user control

Access to the camera takes place exclusively:

after prior explicit approval by the user via the system permission prompt (iOS/Android),

exclusively to provide the respective AR or visualization function, and

without storage of the camera data.

Permission can be revoked at any time in the device settings.

No data transfer and no disclosure to third parties

In connection with face tracking, AR or camera use, there is:

no transmission to servers of ArcTron 3D GmbH,

no cloud processing,

no disclosure to third parties, and

no use for advertising, analytics or tracking purposes.

In particular, no face-tracking, camera or sensor data is transmitted to analytics tools, SDKs or external platforms.

Retention period

No face-tracking, camera or sensor data is stored.
Processing takes place exclusively transiently during active use of the respective function and ends automatically when it is terminated.

Log data and telemetry (separation)

The face-tracking and camera functions are technically strictly separated from any general app log data (e.g. crash reports or technical usage data).
Such log data contains no biometric data, no camera data and no face-tracking information.