Privacy policy
The protection of your personal data is important not only to you but also to us, the controller of the KI Skin Condition Analysis web app (hereinafter “we” or “us”). We appreciate your trust that we handle your personal data carefully and in compliance with the law. Your data will be treated confidentially.
With these privacy notices, we not only fulfill our legal obligations under Articles 13 and 14 GDPR, but also aim to clearly explain which personal data is processed when using this web app and how we handle it. Dermanostic GmbH processes and uses personal data in compliance with the data protection regulations applicable in the Federal Republic of Germany.
Controller
The controller pursuant to Art. 24 GDPR for the processing is Dermanostic GmbH,
Merscheider Straße 1, 42699 Solingen, Germany.You can contact the controller at any time using the contact details above or via email at
datenschutz@dermanostic.com.Contact details of the Data Protection Officer
You can contact the controller’s Data Protection Officer via email at
1 Provision of the Web App
1.1 Provision of the Web App
1.1.1 Purposes
This processing serves to establish a connection between our server and your device for your use of our web app.
1.1.2 Data types
We process connection data (access data and device data) as categories of data relating to you.
1.1.3 Legal basis
The legal basis is your consent to the web app user agreement pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR.
1.1.4 Necessity
The processing of the above-mentioned data relating to you is required for your use of our web app. If you do not provide us with the above-mentioned data relating to you, we cannot process your request.
1.1.5 Storage period
The storage period lasts until the end of the session.
1.1.6 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
1.2 Security of the Web App
1.2.1 Purposes
This processing serves to ensure the proper operation of the web app.
1.2.2 Data types
We process connection data (access data and device data) and your system information as categories of data relating to you.
1.2.3 Legal basis
The legal basis is our legal obligation to ensure the secure processing of personal data pursuant to Art. 6 para. 1 subpara. 1 lit. c in conjunction with Art. 24 and 32 GDPR.
1.2.4 Storage period
The storage period for logging access to the interface between the web app and server is 30 days and for transmitted system crashes two months.
The storage period for this processing of the above-mentioned data relating to you is 30 days in Google Tag Manager.
1.2.5 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
The above-mentioned data relating to you will be transmitted to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
The above-mentioned data relating to you will be transferred to the United States as a third country with an adequacy decision pursuant to Art. 45 GDPR.
1.3 Skin Condition / Skin Type Analysis
1.3.1 Purposes
This processing serves the analysis and determination of a skin condition and skin type.
1.3.2 Data types
We process analysis data as categories of data relating to you.
If you have consented to linking the analysis data with a user account of the dermanostic app, we process registration data and analysis data as categories of data relating to you.
1.3.3 Legal basis
The legal basis is your consent to the web app user agreement pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
1.3.4 Necessity
The processing of the above-mentioned data relating to you is necessary for processing your request. If you do not provide us with the above-mentioned data relating to you, we cannot process your request.
1.3.5 Storage period
The storage period lasts until you withdraw your consent. We retain a deletion log for three years.
1.3.6 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
2 Product Development
2.1 Product Development Through User Behavior Analysis
2.1.1 Purposes
This processing serves product development through the analysis of user behavior using Mixpanel.
2.1.2 Data types
We process user behavior data such as event data, device data and demographic characteristics as categories of data relating to you.
2.1.3 Legal basis
The legal basis is your explicit consent to “product development” pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
2.1.4 Storage period
The storage period for this processing of the above-mentioned data relating to you lasts until you withdraw your consent. We retain a deletion log for three years.
2.1.5 Recipient
The above-mentioned data relating to you will be transmitted to Mixpanel Inc., 1 Front Street, 28th Floor, San Francisco, CA 94111, United States.
The above-mentioned data relating to you will be transferred to the United Kingdom and the United States as third countries with an adequacy decision pursuant to Art. 45 GDPR.
Your data will be transferred to the following third country without an adequacy decision: Singapore. The legal basis for transferring your data to the aforementioned third country without an adequacy decision is the use of standard contractual clauses pursuant to Art. 46 GDPR. The company provides appropriate safeguards for data protection, which you may request by contacting datenschutz@dermanostic.com.
3 Marketing
3.1 User Behavior Analysis
3.1.1 Purposes
This processing serves the analysis of user behavior.
3.1.2 Data types
We process your usage data, the number of cases you create in the web app, data about your interaction with our advertisements, conversion data, your demographic data and your device data as categories of data relating to you.
3.1.3 Legal basis
The legal basis is your explicit consent to marketing analysis pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR.
3.1.4 Storage period
The storage period of Dermanostic GmbH for this processing of the above-mentioned data relating to you is
- 14 months for Adjust,
- 14 months for Google Analytics (demographic data 2 months),
- 24 months for Google Ads Tracking,
- 2 months for Google Firebase Crashlytics
3.1.5 Recipient
The above-mentioned data relating to you will be transmitted to Adjust GmbH, Saarbrücker Str. 37a, 10405 Berlin, Germany.
The above-mentioned data relating to you will be transmitted to Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
The above-mentioned data relating to you will be transferred to the United States and the United Kingdom as third countries with an adequacy decision pursuant to Art. 45 GDPR.
4 Data Subject Rights
4.1 Your Data Subject Rights
You have the following rights with regard to your personal data:
- Right of access and to receive a copy of your data,
- Right to rectification,
- Right to erasure and to be forgotten,
- Right to restriction of processing,
- Right to object to processing,
- Right to data portability.
You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.
4.2 Data Subject Rights Management
4.2.1 Purposes
This processing serves the data protection compliant handling of data subject rights.
4.2.2 Data types
We process all categories of data as categories of data relating to you.
4.2.3 Legal basis
The legal basis is Art. 6 para. 1 subpara. 1 lit. c GDPR in conjunction with Chapter III GDPR.
4.2.4 Necessity
The processing of the above-mentioned data relating to you is necessary for the fulfillment of our legal obligations.
4.2.5 Storage period
The storage period is three years.
4.2.6 Recipient
The above-mentioned data relating to you will be transmitted to our external data protection officer, datenschutzbeauftragter@dermanostic.com.
4.3 Withdrawal of Consent
If we base the processing of your personal data on your consent (Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR), you may withdraw this consent at any time with effect for the future.
In the event of withdrawal, we will no longer continue the processing based on that consent for the respective purpose. The lawfulness of the processing carried out until the withdrawal remains unaffected.
The withdrawal may result in certain functions or services of the app no longer being available or only being available to a limited extent (for example push notifications, marketing analysis, newsletter or product development features). Processing based on other legal grounds (e.g. statutory retention obligations or contract fulfillment) remains unaffected.
4.4 Right to Object Pursuant to Art. 21 GDPR
Subject to statutory exceptions, you may object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 letters e) or f) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.
If we process your personal data for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for such advertising purposes. This also applies to profiling insofar as it is related to such direct advertising.
If you object to processing for direct advertising purposes, we will no longer process your personal data for these purposes.