Privacy policy
The protection of your personal data is not only important to you, but also to us, the persons jointly responsible for the "dermanostic" app (hereinafter "we", "us"). We appreciate your trust that we will handle your personal data conscientiously and in accordance with the law. Your data will be treated confidentially by us.
With this data protection notice, we would like not only to comply with our legal obligations under Art. 13 and 14 DS GVO, but also to describe to you in an understandable way what personal data is processed when you use this app and how we handle it. Dermanostic GmbH processes and uses personal data that is processed during the installation and use of the app in compliance with the data protection regulations applicable in the Federal Republic of Germany.
Controller
The controller pursuant to Art. 24 GDPR for the processing of personal data in connection with the operation of the app and the mediation of treatment requests is:
Dermanostic GmbH
Merscheider Straße 1
42699 Solingen
GermanyThe following cooperating dermatology practices are responsible for the medical treatment pursuant to Art. 24 GDPR:
Privatpraxis Dr. med. Ole Martin, Merscheider Straße 1, 42699 Solingen
CentroDerm, Heinz-Fangman-Straße 57, 42287 Wuppertal-Barmen
Dermatologie am Groner Tor, Groner-Tor-Straße 25, 37073 GöttingenContact details of the data protection officer
You can contact the data protection officer of Dermanostic GmbH by email.
If your request concerns medical treatment, please contact the respective practice directly.
1 Provision of the Mobile App
Additionally, we clarify which of your data we process in the event of error messages while using the app, in order to resolve them promptly.
1.1 Provision of the Mobile App
1.1.1 Purposes
This processing serves to establish a connection between our server and your device for the use of our app.
1.1.2 Data types
We process connection data (access data and device data) as categories of data relating to you.
1.1.3 Legal basis
The legal basis is your consent to the app user agreement pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR.
1.1.4 Necessity
The processing of the above-mentioned data relating to you is necessary for the use of our app. If you do not provide us with the above-mentioned data relating to you, we cannot process your request.
1.1.5 Storage period
The storage period lasts until the end of the session.
1.1.6 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
1.1.7 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings by deleting your user account.
1.2 App Security
1.2.1 Purposes
This processing serves to ensure the smooth operation of the app.
1.2.2 Data types
We process connection data (access data and device data) and system information as categories of data relating to you.
1.2.3 Legal basis
The legal basis is our legal obligation to ensure the secure processing of personal data pursuant to Art. 6 para. 1 subpara. 1 lit. c in conjunction with Art. 24 and 32 GDPR.
1.2.4 Storage period
The storage period is 30 days for logging access to the interface between the app and server and two months for transmitted system crashes.
The storage period for this processing of the above-mentioned data relating to you is two months in Google Firebase Crashlytics and 14 months in Google Analytics.
1.2.5 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
The above-mentioned data relating to you will be transmitted to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
The above-mentioned data relating to you will be transferred to the United States as a third country with an adequacy decision pursuant to Art. 45 GDPR.
1.3 Consent Management
1.3.1 Purposes
This processing serves the management and documentation of your consents.
1.3.2 Data types
We process consent data as data relating to you.
1.3.3 Legal basis
The legal basis is our obligation to provide proof pursuant to Art. 6 para. 1 subpara. 1 lit. c in conjunction with Art. 7 para. 1 GDPR.
The storage of a technically necessary cookie on your device for managing and documenting your consent is based on Art. 5 para. 2 GDPR in conjunction with Art. 6 para. 1 subpara. 1 lit. c GDPR in conjunction with § 25 para. 2 no. 2 TTDSG.
1.3.4 Necessity
The processing of the above-mentioned data relating to you is necessary to fulfill our legal obligations.
1.3.5 Storage period
The storage period for this processing of the above-mentioned data relating to you lasts until you withdraw your consent. We retain a deletion log for three years to fulfill our obligation to provide proof.
1.3.6 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
1.4 User Account Management
1.4.1 Purposes
This processing serves the security of user account management.
1.4.2 Data types
We process user account data, session data and login data as categories of data relating to you.
1.4.3 Legal basis
The legal basis is Art. 6 para. 1 subpara. 1 lit. f GDPR. Our legitimate interest is the security of user account management.
1.4.4 Storage period
The storage period for user account data is ten years after the end of treatment or until you withdraw your consent.
The storage period for login data is 24 hours, until logout from the app, until three incorrect PIN entries, until resetting the PIN or until deletion of your user account.
The storage period for session data lasts until you withdraw your consent. We retain a deletion log for three years.
1.4.5 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
1.4.6 Your right to object
Pursuant to Art. 21 GDPR, you have the right to object to the processing of data relating to you described above if reasons arise from your particular situation or if your objection is directed against direct marketing.
You may exercise your right to object at any time by sending an email to datenschutz@dermanostic.com.
2 Arrangement of Teledermatological Treatment
2.1 Arrangement of Teledermatological Treatment
2.1.1 Purposes
This processing serves the creation of a case within the app for dermatological consultation of users by a consulting physician user as well as the arrangement of teledermatological treatment through the app with a treating physician.
2.1.2 Data types
We process patient master data, mediation data and treatment data as categories of data relating to you.
2.1.3 Legal basis
The legal basis is your consent to the app user agreement pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
2.1.4 Necessity
The processing of the above-mentioned data relating to you is necessary for arranging your teledermatological treatment, i.e. for the performance of the user agreement with us.
Access by the “dermanostic” app to your device camera is necessary to create images of your skin condition. If you wish to upload images of your skin condition from your image gallery, the “dermanostic” app requires access to your storage for this purpose. If you do not provide us with the above-mentioned data relating to you, we cannot perform the user agreement with you.
2.1.5 Storage period
The storage period for this processing of the above-mentioned data relating to you lasts until you withdraw your consent. We retain a deletion log for three years.
The storage period for the processing of user account data is ten years after the end of treatment or until you withdraw your consent.
2.1.6 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
If a physician wishes to translate the above-mentioned data relating to you into your language, these data will be transmitted to DeepL SE, Maarweg 165, 50825 Cologne, Germany.
2.1.7 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings by deleting your user account.
2.2 Push Notifications Regarding Treatment Progress
2.2.1 Purposes
If you use the “dermanostic” mobile app, this processing activity serves to inform you about relevant events in the context of teledermatological treatment (completion of the assessment of a request submitted by you, the possibility of receiving a prescription, reminders of outstanding payments, or follow-up questions from the treating physician).
2.2.2 Data types
We process your user identification number and the content of push notifications as categories of data relating to you.
2.2.3 Legal basis
The legal basis is your explicit consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
2.2.4 Storage period
The storage period for this processing of the above-mentioned data relating to you lasts until you withdraw your consent. We retain a deletion log for three years.
2.2.5 Recipient
The above-mentioned data relating to you will be transmitted to our cloud service provider Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
The above-mentioned data relating to you will be transmitted for devices with iOS operating systems to Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland and Apple Inc., One Apple Park Way, Cupertino, California 95014, United States.
The above-mentioned data relating to you will be transmitted for devices with Android operating systems to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
The above-mentioned data relating to you will be transferred to the United States as a third country with an adequacy decision pursuant to Art. 45 GDPR.
2.2.6 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
- You can withdraw your consent on Apple devices under: Settings > dermanostic > Notifications
- On Android devices under: Settings > Applications / Apps > dermanostic > by removing the check mark for “Notifications”.
2.3 Patient Support
2.3.1 Purposes
This processing serves the handling of medical patient inquiries.
2.3.2 Data types
We process patient master data and treatment data as categories of data relating to you.
2.3.3 Legal basis
The legal basis is your consent to the app user agreement pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
2.3.4 Necessity
The processing of the above-mentioned data relating to you is necessary for handling your request. If you do not provide us with the above-mentioned data relating to you, we cannot process your request.
2.3.5 Storage period
The storage period for this processing of the above-mentioned data relating to you lasts until you withdraw your consent. We retain a deletion log for three years.
2.3.6 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
If patient support wishes to translate the above-mentioned data relating to you into your language, these data will be transmitted to DeepL SE, Maarweg 165, 50825 Cologne, Germany.
2.3.7 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings by deleting your user account.
2.4 Prescription Transfer to a Local Pharmacy
2.4.1 Purposes
This processing serves to find and select pharmacies to which prescriptions can be sent directly from the dermanostic app.
2.4.2 Data types
We process your master data, prescription data, the contact details of the prescribing physician, the destination pharmacy, the postal address of the destination pharmacy and the fax number of the destination pharmacy as categories of data relating to you.
2.4.3 Legal basis
The legal basis is your explicit consent to the transmission of prescriptions pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
2.4.4 Storage period
The storage period is ten years after completion of the treatment.
2.4.5 Recipient
Your prescription data will be sent to the pharmacy selected by you.
The above-mentioned data relating to you will be transmitted to our cloud service provider Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
The above-mentioned data relating to you in the context of the pharmacy search will be transmitted to Google Ireland Ltd., Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
The above-mentioned data relating to you will be transferred to the United States as a third country with an adequacy decision pursuant to Art. 45 GDPR.
2.4.6 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings by deleting your user account.
2.5 Prescription Transfer to Mail-Order Pharmacies
2.5.1 Purposes
This processing serves the selection of mail-order pharmacies to which prescriptions from the “dermanostic” app can be sent for the direct purchase and delivery of your medication to your home.
2.5.2 Data types
We process your master data, prescription data and the contact details of the prescribing physician as categories of data relating to you.
2.5.3 Legal basis
The legal basis is your explicit consent to the transmission of prescriptions pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
2.5.4 Storage period
The storage period is ten years after completion of the treatment.
2.5.5 Recipient
The above-mentioned data relating to you will be transmitted to the mail-order pharmacy selected by you:
- IhreApotheken GmbH & Co. KGaA, Mülheimer Str. 20, 53840 Troisdorf, Germany
- Shop-Apotheke B.V., Erik de Rodeweg 11-13, 5975 WD Sevenum, Netherlands
- APO Pharmacy BV, Express 2, 6921 RB Duiven, Netherlands
The above-mentioned data relating to you will also be transmitted to our cloud service provider Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
2.5.6 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings by deleting your user account.
2.6 Payment of Teledermatological Treatment
2.6.1 Purposes
This processing serves the payment of the arrangement and transmission of your teledermatological treatment.
2.6.2 Data types
We process payment data and, in the case of payment via PayPal, PayPal user master data as categories of data relating to you.
2.6.3 Legal basis
The legal basis is your consent to the app user agreement pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
2.6.4 Necessity
The processing of the above-mentioned data relating to you is necessary for payment processing as part of the user agreement concluded with us for our app.
If you do not provide us with the above-mentioned data relating to you, your user agreement with us cannot be carried out.
2.6.5 Storage period
The storage period lasts until you withdraw your consent. We retain a deletion log for three years.
2.6.6 Recipient
The above-mentioned data relating to you will be transmitted, depending on the selected payment method, to Stripe Deutschland GmbH, Stresemannstr. 123, 10963 Berlin (payment by credit card or Apple Pay) or PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.
The above-mentioned data relating to you will be transferred to the United States as a third country with an adequacy decision pursuant to Art. 45 GDPR.
2.6.7 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings by deleting your user account.
2.7 Skin Type Analysis
2.7.1 Purposes
This processing serves the analysis and determination of a skin type.
2.7.2 Data types
We process registration data and analysis data as categories of data relating to you.
2.7.3 Legal basis
The legal basis is your consent to the app user agreement pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
2.7.4 Necessity
The processing of the above-mentioned data relating to you is necessary for processing your request. If you do not provide us with the above-mentioned data relating to you, we cannot process your request.
2.7.5 Storage period
The storage period lasts until you withdraw your consent. We retain a deletion log for three years.
2.7.6 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
2.7.7 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings by deleting your user account.
3 Contact
3.1 Contacting Us via the Support Ticket System Within the App
3.1.1 Purposes
This processing serves the support of app users.
3.1.2 Data types
We process your user identification, the identification of your treatment request, the content of your request and any additional information that you provide to us as categories of data relating to you.
3.1.3 Legal basis
The legal basis is your consent to the app user agreement pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
3.1.4 Necessity
The processing of the above-mentioned data relating to you is necessary for contacting us. If you do not provide us with the above-mentioned data relating to you, we cannot respond to your request through this channel.
3.1.5 Storage period
Support requests are stored for ten years after completion of the treatment or until the withdrawal of consent.
3.1.6 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
If patient support wishes to translate the above-mentioned data relating to you into your language, these data will be transmitted to DeepL SE, Maarweg 165, 50825 Cologne, Germany.
3.1.7 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings by deleting your user account.
4 Product Development
The processing of this data is carried out under strict confidentiality and the highest security requirements.
4.1 Research of an AI-Supported Teledermatological Diagnosis
4.1.1 Purposes
This processing serves the development of an AI-supported teledermatological treatment for faster and more effective diagnosis.
4.1.2 Data types
We process photographs uploaded by you and medical history data as categories of data relating to you.
4.1.3 Legal basis
The legal basis is your explicit consent to “product development” pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
4.1.4 Storage period
The storage period for this processing of the above-mentioned data relating to you lasts until you withdraw your consent. We retain a deletion log for three years.
4.1.5 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany and Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.
4.1.6 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings under the section “AI development”.
4.2 Product Development Through User Behavior Analysis
4.2.1 Purposes
This processing serves product development through the analysis of user behavior via Mixpanel.
4.2.2 Data types
We process user behavior data such as event data, device data and demographic characteristics as categories of data relating to you.
4.2.3 Legal basis
The legal basis is your explicit consent to “product development” pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
4.2.4 Storage period
The storage period for this processing of the above-mentioned data relating to you lasts until you withdraw your consent. We retain a deletion log for three years.
4.2.5 Recipient
The above-mentioned data relating to you will be transmitted to Mixpanel Inc., 1 Front Street, 28th Floor, San Francisco, CA 94111, United States.
The above-mentioned data relating to you will be transferred to the United Kingdom and the United States as third countries with an adequacy decision pursuant to Art. 45 GDPR.
Your data will be transferred to the following third country without an adequacy decision: Singapore. The legal basis for transferring your data to the aforementioned third country without an adequacy decision is the use of standard contractual clauses pursuant to Art. 46 GDPR. The company provides appropriate safeguards for data protection, which you may request by contacting datenschutz@dermanostic.com.
4.2.6 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings under the section “Product Development”.
5. Marketing
5.1 Subscription to Our Newsletter and User Behavior Analysis
5.1.1 Purposes
This processing serves marketing purposes and the analysis of user behavior.
5.1.2 Data types
We process your contact data (name and email address), consent data, access data and connection data, email user behavior data (event data, device data and demographic characteristics), user profile data of the app and the overarching category of the diagnosis made (which constitutes health data) as categories of data relating to you.
No data from your medical questionnaires, the images of your skin conditions created by you, or the specific diagnosis or therapy recommendations are processed.
5.1.3 Legal basis
The legal basis for subscribing to and analyzing user behavior for our newsletter is your explicit consent to the newsletter subscription and the analysis of newsletter user behavior pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
5.1.4 Storage period
The storage period lasts until you withdraw your consent. We retain a deletion log for three years.
5.1.5 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany, our email server host Neue Medien Münnich GmbH, Hauptstr. 68, 02742 Friedersdorf, Germany, as well as our user behavior analysis service provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
The above-mentioned data relating to you will be transferred to the United States and Canada as third countries with an adequacy decision pursuant to Art. 45 GDPR.
Your data will be transferred to the following third country without an adequacy decision: India. The legal basis for transferring your data to the aforementioned third country without an adequacy decision is the use of standard contractual clauses pursuant to Art. 46 GDPR. The company provides appropriate safeguards for data protection, which you may request by contacting datenschutz@dermanostic.com.
5.1.6 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time using the unsubscribe link at the end of each newsletter.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time within the app via the account settings under “Newsletter”.
5.2 Direct Advertising via Push Notifications
5.2.1 Purposes
This processing serves direct advertising.
5.2.2 Data types
For direct advertising via push notifications we process your user identification number and the content of the push notifications as categories of data relating to you.
5.2.3 Legal basis
The legal basis is Art. 6 para. 1 subpara. 1 lit. f GDPR. Our legitimate interest is direct advertising.
5.2.4 Storage period
The storage period lasts until you object. Your objection status will be stored until the deletion of your user account.
5.2.5 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany and to our email server host Neue Medien Münnich GmbH, Hauptstr. 68, 02742 Friedersdorf, Germany.
For direct advertising via push notifications the above-mentioned data relating to you will be transmitted on devices with the iOS operating system to Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, T23 YK84, Ireland and Apple Inc., One Apple Park Way, Cupertino, California 95014, United States and on devices with the Android operating system to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
The above-mentioned data relating to you will be transferred to the United States as a third country with an adequacy decision pursuant to Art. 45 GDPR.
5.2.6 Your right to object
Pursuant to Art. 21 GDPR you have the right to object to the processing of data relating to you described above if reasons arise from your particular situation or if your objection is directed against direct advertising.
You can exercise your right to object at any time by sending an email to datenschutz@dermanostic.com.
You can exercise your right to object at any time on
- iOS devices under: Settings > dermanostic > Notifications;
- Android devices under: Settings > Applications or Apps > dermanostic > by removing the check mark for “Direct advertising”.
5.3 User Behavior Analysis
5.3.1 Purposes
This processing serves the analysis of user behavior.
5.3.2 Data types
We process your access data, your usage data, the number of cases created by you in the app, data on your interaction with our advertisements, conversion data, your demographic data and your device data as categories of data relating to you.
5.3.3 Legal basis
The legal basis is your explicit consent to marketing analysis pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR.
5.3.4 Storage period
The storage period of Dermanostic GmbH for this processing of the above-mentioned data relating to you is
- 14 months for Adjust,
- 6 months for Meta for Business,
- 24 months for Meta Ads Manager,
- 14 months for Google Analytics (demographic data 2 months),
- 24 months for Google Ads Tracking,
- 2 months for Google Firebase Crashlytics,
- 18 months for TikTok Pixel,
- 14 months for Apple Search Ads.
5.3.5 Recipient
The above-mentioned data relating to you will be transmitted to Adjust GmbH, Saarbrücker Str. 37a, 10405 Berlin, Germany.
The above-mentioned data relating to you will be transmitted to Google Ireland Ltd., Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
The above-mentioned data relating to you will be transmitted to Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland and Meta Platforms Inc., 1 Meta Way, Menlo Park, California 94025, United States.
The above-mentioned data relating to you will be transmitted to TikTok Information Technologies UK Limited Kaleidoscope, 4 Lindsey Street, London EC1A 9HP, United Kingdom and TikTok Technology Limited, 110 Earlsfort Terrace, Dublin, D02 T380, Ireland.
The above-mentioned data relating to you will be transmitted to Apple Inc., One Apple Park Way, Cupertino, California 95014, United States.
The above-mentioned data relating to you will be transferred to the United States and the United Kingdom as third countries with an adequacy decision pursuant to Art. 45 GDPR.
5.3.6 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings under “Marketing analysis”.
6. Rights of data subjects
6.1 Contact details of the data protection officer
You have the following rights towards us regarding the personal data concerning you:
- Right of access and to receive a copy of your data,
- Right to rectification,
- Right to erasure and to be forgotten,
- Right to restriction of processing,
- Right to object to processing,
- Right to data portability.
You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.
6.2 Your data subject rights
6.2.1 Purposes
This processing serves the data protection compliant handling of data subject rights.
6.2.2 Data types
We process all categories of data as categories of data relating to you.
6.2.3 Legal basis
The legal basis is Art. 6 para. 1 subpara. 1 lit. c GDPR in conjunction with Chapter III GDPR.
6.2.4 Necessity
The processing of the above-mentioned data relating to you is necessary for the fulfillment of our legal obligations.
6.2.5 Storage period
The storage period is three years.
6.2.6 Recipient
The above-mentioned data relating to you will be transmitted to our external data protection officer.
6.3 Withdrawal of Consent
If we base the processing of your personal data on your consent (Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR), you may withdraw this consent at any time with effect for the future.
In the event of withdrawal, we will no longer continue the processing based on that consent for the respective purpose. The lawfulness of the processing carried out until the withdrawal remains unaffected.
The withdrawal may result in certain functions or services of the app no longer being available or only being available to a limited extent (for example push notifications, marketing analysis, newsletter or product development features). Processing based on other legal grounds (e.g. statutory retention obligations or contract fulfillment) remains unaffected.
6.4 Right to Object Pursuant to Art. 21 GDPR
Subject to statutory exceptions, you may object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 letters e) or f) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.
If we process your personal data for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for such advertising purposes. This also applies to profiling insofar as it is related to such direct advertising. If you object to processing for direct advertising purposes, we will no longer process your personal data for these purposes.
You can contact us at: datenschutz@dermanostic.com