Privacy policy
With this data protection notice, we would like not only to comply with our legal obligations under Art. 13 and 14 DS GVO, but also to describe to you in an understandable way what personal data is processed when you use this app and how we handle it. Dermanostic GmbH processes and uses personal data that is processed during the installation and use of the app in compliance with the data protection regulations applicable in the Federal Republic of Germany.
1. Controller
The controller pursuant to Art. 24 GDPR for the processing is Dermanostic GmbH,
Merscheider Straße 1, 42699 Solingen, Germany.You can contact the controller at any time using the contact details above or via email at
datenschutz@dermanostic.com.2. Contact details of the data protection officer
You can contact the controller’s Data Protection Officer via email at datenschutzbeauftragter@dermanostic.com
1 Provision of the Professional App
1.1 Provision of the Professional App
1.1.1 Purposes
This processing serves to establish a connection between our server and your device for your use of our Professional App.
1.1.2 Data types
We process connection data (access data and device data) as categories of data relating to you.
1.1.3 Legal basis
The legal basis is your consent to the Professional App user agreement pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR.
1.1.4 Necessity
The processing of the above-mentioned data relating to you is necessary for your use of our Professional App. If you do not provide us with the above-mentioned data relating to you, we cannot process your request.
1.1.5 Storage period
The storage period lasts until the end of the session.
1.1.6 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
1.1.7 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings by deleting your user account.
1.2 Security of the Professional App
1.2.1 Purposes
This processing serves to ensure the proper operation of the Professional App.
1.2.2 Data types
We process connection data (access data and device data), the installed version of the Professional App and your system information as categories of data relating to you.
1.2.3 Legal basis
The legal basis is our legal obligation to ensure the secure processing of personal data pursuant to Art. 6 para. 1 subpara. 1 lit. c in conjunction with Art. 24 and 32 GDPR.
1.2.4 Storage period
The storage period for logging access to the interface between the Professional App and server is 30 days and for transmitted system crashes two months.
The storage period for this processing of the above-mentioned data relating to you is two months in Google Firebase Crashlytics and 14 months in Google Analytics.
1.2.5 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
The above-mentioned data relating to you will be transmitted to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
The above-mentioned data relating to you will be transferred to the United States as a third country with an adequacy decision pursuant to Art. 45 GDPR.
1.3 Consent Management
1.3.1 Purposes
This processing serves the management and documentation of your consent.
1.3.2 Data types
We process consent data as categories of data relating to you.
1.3.3 Legal basis
The legal basis is our obligation to provide proof pursuant to Art. 6 para. 1 subpara. 1 lit. c in conjunction with Art. 7 para. 1 GDPR.
The storage of a technically necessary cookie on your device for the management and documentation of your consent is based on Art. 5 para. 2 GDPR in conjunction with Art. 6 para. 1 subpara. 1 lit. c GDPR in conjunction with § 25 para. 2 no. 2 TTDSG.
1.3.4 Necessity
The processing of the above-mentioned data relating to you is necessary for the fulfilment of our legal obligations.
1.3.5 Storage period
The storage period for this processing of the above-mentioned data relating to you lasts until you withdraw your consent. To comply with our obligation to provide proof, we retain a deletion log for three years.
1.3.6 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
1.4 User Account Management
1.4.1 Purposes
This processing serves the security of user account management.
1.4.2 Data types
We process user account data, session data and login data as categories of data relating to you.
1.4.3 Legal basis
The legal basis is Art. 6 para. 1 subpara. 1 lit. f GDPR. Our legitimate interest is the security of user account management.
1.4.4 Storage period
The storage period for the processing of user account data is ten years after the end of the treatment or until you withdraw your consent.
The storage period for the processing of login data is 24 hours, until logout from the Professional App, until the PIN has been entered incorrectly three times, until the PIN has been reset or until the deletion of your user account.
The storage period for the processing of session data lasts until you withdraw your consent. We retain a deletion log for three years.
1.4.5 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
1.4.6 Your right to object
Pursuant to Art. 21 GDPR you have the right to object to the processing of the data relating to you described above if reasons arise from your particular situation or if your objection is directed against direct advertising.
You can exercise your right to object at any time by sending an email to datenschutz@dermanostic.com.
2 Mediation of Teledermatological Treatment
2.1 Mediation of Teledermatological Treatment
2.1.1 Purposes
This processing serves the creation of a case within the Professional App for dermatological consultation of users by a consulting physician user as well as the mediation of teledermatological treatment through the Professional App to a treating physician.
2.1.2 Data types
We process patient master data, mediation data and treatment data as categories of data relating to you.
2.1.3 Legal basis
The legal basis is your consent to the Professional App user agreement pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
2.1.4 Necessity
The processing of the above-mentioned data relating to you is necessary for mediating your teledermatological treatment, i.e. for the execution of the user agreement with us.
The access of the Professional App “dermanostic” to the camera of your device is necessary for creating images of your skin condition. If you would like to upload images of your skin condition from your image gallery, the Professional App “dermanostic” requires access to your storage.
If you do not provide us with the above-mentioned data relating to you, we cannot perform the user agreement with you.
2.1.5 Storage period
The storage period for this processing of the above-mentioned data relating to you lasts until you withdraw your consent. We retain a deletion log for three years.
The storage period for the processing of user account data is ten years after the end of treatment or until you withdraw your consent.
2.1.6 Recipient
The above-mentioned data relating to you are collected by employees of the respective care facility or clinic and disclosed to them.
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
If a physician wishes to translate the above-mentioned data relating to you into your language, these data will be transmitted to DeepL SE, Maarweg 165, 50825 Cologne, Germany.
2.1.7 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings by deleting your user account.
2.2 Patient Support
2.2.1 Purposes
This processing serves the handling of medical patient inquiries.
2.2.2 Data types
We process patient master data and treatment data as categories of data relating to you.
2.2.3 Legal basis
The legal basis is your consent to the Professional App user agreement pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
2.2.4 Necessity
The processing of the above-mentioned data relating to you is necessary for processing your request. If you do not provide us with the above-mentioned data relating to you, we cannot process your request.
2.2.5 Storage period
The storage period for this processing of the above-mentioned data relating to you lasts until you withdraw your consent. We retain a deletion log for three years.
2.2.6 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
If patient support wishes to translate the above-mentioned data relating to you into your language, these data will be transmitted to DeepL SE, Maarweg 165, 50825 Cologne, Germany.
2.2.7 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings by deleting your user account.
2.3 Prescription Dispatch by Post to the Stored Patient Address
2.3.1 Purposes
This processing serves to send your prescription by post to the stored postal address.
2.3.2 Data types
We process your postal address as a category of data relating to you.
2.3.3 Legal basis
The legal basis is your explicit consent to the transmission of prescriptions pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
2.3.4 Storage period
The storage period is ten years after completion of treatment.
2.3.5 Recipient
The above-mentioned data relating to you will be transmitted to our cloud service provider Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
The above-mentioned data relating to you will be transferred to the United States as a third country with an adequacy decision pursuant to Art. 45 GDPR.
2.3.6 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings by deleting your user account.
3 Contact
3.1 Contacting Us via the Support Ticketing System Within the Professional App
3.1.1 Purposes
This processing serves the support of Professional App users.
3.1.2 Data types
We process your user ID, the ID of your treatment request, the content of your request and any additional information you provide as categories of data relating to you.
3.1.3 Legal basis
The legal basis is your consent to the Professional App user agreement pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
3.1.4 Necessity
The processing of the above-mentioned data relating to you is necessary for contacting us. If you do not provide us with the above-mentioned data relating to you, we cannot respond to your request via this channel.
3.1.5 Storage period
Support requests are stored for ten years after completion of treatment or until withdrawal of consent.
3.1.6 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany.
If patient support wishes to translate the above-mentioned data relating to you into your language, these data will be transmitted to DeepL SE, Maarweg 165, 50825 Cologne, Germany.
3.1.7 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings by deleting your user account.
4 Product Development
4.1 Research of an AI-Supported Teledermatological Diagnosis
4.1.1 Purposes
This processing serves the development of an AI-supported teledermatological treatment for faster and more effective diagnosis.
4.1.2 Data types
We process images uploaded by you and anamnesis data as categories of data relating to you.
4.1.3 Legal basis
The legal basis is your explicit consent to “product development” pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR in conjunction with your explicit consent to the processing of health data pursuant to Art. 9 para. 2 subpara. 1 lit. a GDPR.
4.1.4 Storage period
The storage period for this processing of the above-mentioned data relating to you lasts until you withdraw your consent. We retain a deletion log for three years.
4.1.5 Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 149, 53227 Bonn, Germany and Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.
4.1.6 Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out on the basis of your consent until the withdrawal remains unaffected.
You can withdraw your consent to this processing activity at any time via email to datenschutz@dermanostic.com.
You can withdraw your consent to this processing activity at any time in your account settings under the section “AI development”.
5 Data Subject Rights
5.1 Your Data Subject Rights
You have the following rights with regard to your personal data:
- Right of access and to receive a copy of your data,
- Right to rectification,
- Right to erasure and to be forgotten,
- Right to restriction of processing,
- Right to object to processing,
- Right to data portability.
You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.
5.2 Data Subject Rights Management
5.2.1 Purposes
This processing serves the data protection compliant handling of data subject rights.
5.2.2 Data types
We process all categories of data as categories of data relating to you.
5.2.3 Legal basis
The legal basis is Art. 6 para. 1 subpara. 1 lit. c GDPR in conjunction with Chapter III GDPR.
5.2.4 Necessity
The processing of the above-mentioned data relating to you is necessary for the fulfilment of our legal obligations.
5.2.5 Storage period
The storage period is three years.
5.2.6 Recipient
The above-mentioned data relating to you will be transmitted to our external data protection officer datenschutzbeauftragter@dermanostic.com.
5.3 Withdrawal of Consent
If we base the processing of your personal data on your consent (Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR), you may withdraw this consent at any time with effect for the future.
In the event of withdrawal, we will no longer continue the processing based on that consent for the respective purpose. The lawfulness of the processing carried out until the withdrawal remains unaffected.
The withdrawal may result in certain functions or services of the app no longer being available or only being available to a limited extent (for example push notifications, marketing analysis, newsletter or product development features). Processing based on other legal grounds (e.g. statutory retention obligations or contract fulfilment) remains unaffected.
5.4 Right to Object Pursuant to Art. 21 GDPR
Subject to statutory exceptions, you may object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 letters e) or f) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.
If we process your personal data for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for such advertising purposes. This also applies to profiling insofar as it is related to such direct advertising.
If you object to processing for direct advertising purposes, we will no longer process your personal data for these purposes.