Data protection notice for the "dermanostic" web app

Dear user of this web app,

The protection of your personal data is not only important to you, but also to us. We appreciate your trust that we will handle your personal data conscientiously and in accordance with the law.

With this data protection notice, we would like not only to comply with our legal obligations under Articles 13 and 14 DS-GVO, but also to describe to you in an understandable way what personal data is collected when you use this web app and how we handle it. DERMANOSTIC GmbH processes and uses personal data collected when accessing and using the app in compliance with the data protection regulations applicable in the Federal Republic of Germany.

For more information on the processing of your personal data, please refer to the Privacy Policy of our website.

Responsible

The persons responsible pursuant to Art. 24 DS-GVO for the processing are the persons jointly responsible pursuant to Art. 26 DS-GVO

Dermanostic GmbH
Merowingerplatz 1
40225 Düsseldorf

and

Practice Dr. Lang - specialist for dermatology
Kornstrasse 17 a
42719 Solingen.

Dermanostic GmbH is responsible for the technical development and provision of the app "dermanostic". Estefanía Lang, MD, is responsible for the medical design of the app.

If you wish to assert your data protection rights against the providers of the "dermanostic" app as a mediation platform, you can contact the data protection officer of Dermanostic GmbH by e-mail at datenschutz@dermanostic.com.

The jointly responsible parties of the app "dermanostic" offer you a convenient platform that can be accessed at any time and through which you can conclude a treatment contract with the responsible dermatologist.

The practice of Dr. Lang ensures that the requirements of § 7 para. 4 of the Model Professional Code of the German Medical Association are met.

Contact details of the data protection officer

You can contact the data protection officer of DERMANOSTIC GmbH at datenschutz@dermanostic.com.

Information on the necessity of cookies used

When you open our website, the cookie consent banner is displayed. This has three categories: (1) "Necessary", (2) "Statistics", and (3) "Other Media". If you consent to the necessary cookies, a session cookie will be set if you log into the web app. In case of consent for statistical purposes, cookies from Google Analytics, Google Tag Manager, Facebook Pixel as well as Pinterest Ads will be set. If you agree to the cookies of the third category "Other Media", the website chat will open and a cookie will be set by YouTube in case you watch a video embedded on our website.

Purposes

We process the types of data mentioned below for the following purposes:

  • Ensuring a smooth connection setup of the website,
  • Ensuring a comfortable use of our website,
  • evaluating system security and system stability, and
  • for other administrative purposes.

Rest assured that we will in no case use the collected data to draw conclusions about your person.

Types of data

When you access our website, personal data is processed. This is the data that the browser used on your end device (cell phone, laptop, PC or similar) sends to the server of our website. This information is temporarily stored in a so-called log file on our server.

The following data is processed without your intervention and stored until automated deletion:

  • IP address of your terminal device,
  • date and time of your access,
  • the content of your request, i.e. the specific web pages that you accessed,
  • name and URL of the files accessed,
  • website from which your access is made (referrer URL),
  • the browser you are using,
  • the operating system of your terminal device
  • the name of your access provider
  • the language settings of the browser software used by your end device,
  • the version of the browser software used by your terminal device,
  • the time zone difference from Greenwich Mean Time (GMT) of your end device,
  • the access status/HTTP status code.

The aforementioned processing is based on the legal basis of our legitimate interest pursuant to Art. 6 (1) UAbs. 1 lit. f DS-GVO. Our legitimate interest results from the aforementioned purposes of the processing.

Storage period

The data will be deleted 30 days after collection.

Recipients

We use a web hoster with server location in the European Economic Area to provide the database of our web app.

Possibility of objection

In accordance with Art. 21 DS-GVO, you may object to the processing of your personal data on grounds relating to your particular situation or if the objection is directed against direct marketing.

In any case, you can exercise your right of withdrawal simply by sending an email to info@dermanostic.com.

API call logs

When you access our web app, data is collected for an API call log each time you access it.

Purposes.

This processing is done for the following purposes:

  • Enabling the use of the web app,
  • System security,
  • Technical administration of the network infrastructure,
  • Evaluation of system security and system stability,
  • Ensuring a smooth connection establishment.

We do not match the processed data with other data files and in no case use the data to draw conclusions about your person.

Types of data

During installation and each access data collected following data until their automated deletion after 30 days stored:

  • Date and time of installation,
  • Date and time of access,
  • Name and URL of the accessed file or page,
  • amount of data transferred,
  • Access status (successful transfer of file, file not found, etc.),
  • Browsers and operating systems of the user's terminal device,
  • name of the provider of the user's Internet access.

The legal basis for this processing is the fulfillment of the usage contract entered into with you pursuant to Art. 6 para. 1 UAbs. 1 lit. b DS-GVO.

Storage period

The data collected during installation or each time the web app is accessed is automatically deleted after 30 days.

Recipients

We use a web hoster with server location in the European Economic Area to provide the database of our web app.

Possibility of objection

To object to the processing of your data in this context, please contact info@dermanostic.com.

Google Analytics

Purposes

We further use Google Analytics in our web app, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, which collects user data when using the web app specifically in relation to system crashes and errors. In addition, we use functions of Google Analytics to analyze user behavior in order to optimize both our web offer and our advertising. We use functions of the web analytics service Google Analytics to analyze user behavior in order to optimize both our web offer and our advertising.

Types of data

Google Analytics processes personal data on the following types of data:

  • access time and location to our web app,
  • whether they are a returning user of our web app,
  • the language, device model and platform of your terminal device,
  • case closure information,
  • end device information and technical details,
  • information helpful for troubleshooting, especially related to the user's software and hardware, as well as crashes,

The use of Google Analytics is necessary for the fulfillment of the User Agreement, as it is used to track real-time crashes of our web app. The program is thus a part of the necessary functional scope.

We have activated the IP anonymization function with regard to Google Analytics. This means that your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. On our behalf, Google will use this information for the purpose of evaluating your use of our web app, compiling reports on web app activity and providing other services relating to web app activity and internet usage to us. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

This processing is carried out on the legal basis of our legitimate interest in the stable operation of our app pursuant to Art. 6 (1) UAbs. 1 lit. f DS GVO.

Storage period

The data will be stored for 14 months.

Recipients

The data processed via Google Analytics is transmitted to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, and to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and processed in the USA. Google is our processor for this processing and we have concluded an order processing agreement pursuant to Art. 28 DS-GVO with Google for this purpose. The legal basis for this transfer are standard data protection clauses pursuant to Art. 46 DS-GVO.

More information on the handling of user data in connection with Google Analytics by Google can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Right to object

You have the right to object to this processing of data related to you at any time. To object to our processing of data related to you via Google Analytics, you can contact the data protection officer of Dermanostic GmbH by email at datenschutz@dermanostic.com.

Web analysis using Google Ads

Purposes

We use Google Ads to draw attention to our service on external websites. We use Google Ads tracking to analyze user behavior in order to optimize our web offer and advertising. This is used to determine the success of individual advertising measures.

When you click on an ad placed by Google, a cookie is set by Google for conversion tracking. If a user visits certain pages of this website and the conversion tracking cookie set by Google has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. The information collected using conversion tracking is also used to create conversion statistics for us.

These cookies are not used to personally identify you.

Types of data

As a rule, the following information is stored as analysis values for this cookie:

  • Unique cookie ID,
  • Last impression (relevant for conversions),
  • Number of ad impressions per placement (frequency),
  • Information about opt-out of the website visitor.

This information is used by Google to recognize your web browser. Provided that the cookie stored on your computer has not yet expired and you have clicked on one of our externally placed ads, Google and we can recognize that you have clicked on an ad and have been redirected to our site.

As Google Ads customers, we do not collect or process any personal data as part of the aforementioned advertising measures. We only receive statistical evaluations from Google on the above information, i.e. the total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking tag. We do not receive any information that allows us to identify you personally.

Due to the use of Google, your browser automatically connects to the Google server. If you have a user account with Google and are registered, Google can assign the visit to your user account. If you are not registered with Google or logged in, there is a possibility that Google will find out and store your IP address.

The legal basis for the use of these cookies is your express consent pursuant to Art. 6 (1) UAbs. 1 lit. a DS-GVO. You can give your consent to, among other things, this processing via our cookie banner if you select the category "Statistics" and consent.

Storage period

These cookies lose their validity after 30 days.

Recipients

The data processed via Google Ads is transmitted to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, and to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and processed in the USA. Google is our processor for this processing and we have concluded an order processing agreement pursuant to Art. 28 DS-GVO with Google for this purpose. The legal basis for the third country transfer are standard data protection clauses pursuant to Art. 46 DS-GVO. Google provides appropriate guarantees for data protection, which you can view at https://privacy.google.com/businesses/processorterms/.

More information on Google Ads and Google conversion tracking can be found in Google's privacy policy: https://privacy.google.com/intl/de/businesses/adsservices/ as well as https://services.google.com/sitestats/de.html.

The data collected for us is not visible to other Google Ads customers.

Possibility of revocation

You can revoke your consent at any time by clicking the following link:

Delete all cookies.

For more information about Google Ads and Google conversion tracking, please see Google's privacy policy: https://www.google.de/policies/privacy/.

Web analytics using Facebook Pixel

Purposes

We use Facebook Pixel, for advertising and optimization purposes. We use this tool to serve ads on Facebook to people who have visited our website or shown interest in certain topics. We use this information to improve our advertising efforts by targeting ads accordingly to your interests.

Types of data

When you consent to the analysis of your usage behavior of our website by Facebook Pixel, the following data about you will be collected:

  • your access time and access location to our website,
  • to what extent you are currently active on our website,
  • whether you are a returning user of our website,
  • your demographic data (gender, age group, interests),
  • the language, device model, and browser you use.

Facebook provides us with the collected data anonymously, so we cannot personally identify you or draw conclusions about your identity.

Through our use of Facebook Pixel, Facebook is informed when you have clicked on one of our ads on Facebook or accessed the corresponding web page of our website.

If you do not maintain a user account with Facebook, Facebook can assign this information to your account. If you have a user account with Facebook and are registered, Facebook can assign the visit to your user account. If you are not registered or logged in to Facebook, it is possible that Facebook will learn and store your IP address and possibly other identifiers.

The legal basis for the use of these cookies is your express consent pursuant to Art. 6 (1) UAbs. 1 lit. a DS-GVO. You can give your consent to, among other things, this processing via our cookie banner if you select the category "Statistics" and agree to it

Storage duration

The storage period is limited to 24 months. For more information on the related processing, please visit https://de-de.facebook.com/business/help/116118951805237.

Recipient

Facebook Pixel is a product of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland ("Facebook"). Facebook is our processor for this processing and we have entered into a processing agreement pursuant to Art. 28 DS-GVO with Facebook for this purpose. The legal basis for this transfer are standard data protection clauses pursuant to Art. 46 DS-GVO. You can find out about the appropriate or adequate safeguards that Facebook Pixel gives us for third country transfers here https://web.facebook.com/legal/terms/data_security_terms and here https://web.facebook.com/legal/EU_data_transfer_addendum.

Possibility of revocation

You can withdraw your consent at any time by clicking the following link:

Delete All Cookies.

You can object to this use of your data by Facebook Pixel in connection with your Facebook user account data by Facebook in Facebook's user area: https://www.facebook.com/settings?tab=ads.

Processing operations for logging into the user area of the "Dermanostic" web app via our website.

Purposes

If you have created a user account in the web app "dermanostic", you can log in to your user account via our website. Each time you are asked for authentication, your login details will be verified. This serves to recognize you as a logged-in user and thus validate the session.

Types of data

To provide the login function, we set a technically necessary, initially empty cookie with which we collect your login data when you enter it in the login area.

The legal basis for the collection of your data by the cookie is your usage agreement for the use of our web app pursuant to Art. 6 (1) UAbs. 1 lit. b DS-GVO.

Storage duration

The cookie has a maximum lifetime of 24 hours.

Recipient

We use a web hoster with server location in the European Economic Area for our service to provide the database of our web app.

Processing in connection with the management of your user account.

Purposes

Before you can order the teledermatological consultation via the web app "Dermanostic", it is necessary that you create a user account. After creating the user account, you will be able to use the teledermatological consultation.

Types of data

When creating the user account, we process the data you provide in the process in order to create and manage the account and to enable you to use the teledermatological services we offer. This includes your e-mail address.

The legal basis of the related processing operations is your usage contract for the use of our web app pursuant to Art. 6 (1) UAbs. 1 lit. b DS-GVO.

Necessity

The creation of a user account is for the teledermatological consultation via the app "dermanostic" is a technical and organizational measure for the processing of data related to you in accordance with the requirements of data protection and to ensure the protection of your data subject rights. If you do not create a user account, you will not be able to use the teledermatological consultation via the app "dermanostic".

Storage period

The above data will be stored until you delete your user account.

Recipient

We use a web hoster with server location in the European Economic Area to provide the database of our web app.

Processing in connection with the creation of a request for a teledermatological consultation.

Purposes

The purpose of processing in connection with the teledermatological consultation is the mediation of the treatment contract between you and the dermatologist preparing the findings, the processing of personal data for anonymized evaluations for scientific, statistical and analytical purposes, including the development of new data-based diagnostic procedures - in each case if and to the extent permitted by law - as well as processing for billing purposes.

Insofar as processing for scientific, statistical and analytical purposes takes place, this occurs

in the form of the evaluation of your information in the questionnaire without images, as well as the diagnoses made by the dermatologist. Statistics are created, which may also be made available to third parties. In this evaluation, only anonymized data is processed, i.e. the person concerned cannot be identified or can no longer be identified.

in the form of the "training" of an artificial intelligence ("AI"), in that the data from the questionnaires, including the photographs of the skin disease posted by you, together with the diagnosis and therapy suggestion, are fed into a computer program that can facilitate the physician's diagnosis.

Types of data

In order to process your request, it is necessary to provide the following information to the dermatologist treating you:

  • Name,
  • first name,
  • date of birth,
  • gender,
  • address,
  • e-mail,
  • pictures of the "skin problem",
  • answers to the given questionnaire as well as
  • if applicable, answers to the queries posed by the dermatologist.

Should the respective dermatologist require further personal data from you for the treatment contract, the dermatologist will collect them himself in direct contact with you.

In relation to Dermanostic GmbH as the party responsible for the app "dermanostic" together with the practice Dr. Lang, the legal basis for the processing of the data relating to you is your usage contract for our app with us pursuant to Art. 6 para. 1 UAbs. 1 lit. b i. V. m. your consent to our processing of health data about you pursuant to Art.°9°Abs.°2°lit.°a.

In relation to the practice of Dr. Lang as jointly responsible with Dermanostic GmbH for the app "dermanostic", the legal basis for the processing of data relating to you is your treatment contract with the practice Dr. Lang according to Art. 9 para. 4 DS GVO in conjunction with § 22 para. 1 UAbs. 1 lit. b BDSG in conjunction with Art. 9 para. 2 lit. h Var. 3 and Var. 6 DS-GVO in conjunction with Art. 9 para. 3 DS GVO in conjunction with § 630a ff. BGB.

The legal basis of the "training" of artificial intelligence ("AI") mentioned above is the processing for scientific purposes pursuant to Art. 9 (2) lit. j DS-GVO in conjunction with. Art. 89 DS-GVO and § 27 BDSG.

Necessity

The processing of the above-mentioned data is necessary for the teledermatological consultation. If you do not provide us with the information requested by you, we will not be able to process your request.

Storage period

We store the data as a processor of the responsible party for ten years after completion of the treatment in accordance with the statutory retention periods for patient records pursuant to Section 630f (3) of the German Civil Code (BGB).

Recipients

We use a web hoster with server location in the European Economic Area to provide the database of our web app.

Processing during payment transactions

Purposes

On behalf of the treating dermatologist, the joint responsible parties of the "Dermanostic" web app process the latter's payment transactions in connection with the invoice issued to you by the dermatologist as a processor.

You can use the following options to pay the remuneration caused by the teledermatological consultation: PayPal and via Stripe: credit card payment, Apple Pay, Google Pay and Klarna Pay now.

Types of data

As part of the payment processing, data of the following data types are processed:

  • Case ID,
  • Transaction ID,
  • Date,
  • Amount,
  • payment gateway (credit card via Stripe or PayPal),
  • and in case of PayPal additionally the used PayPal address as well as the PayPal name

We represent that the collection of the physician's claim by us is based on an effective assignment of the claim by the physician to us. All our employees are bound to confidentiality and are subject to professional secrecy.

A further prerequisite for the processing of payments through us is that you, as the patient, consent to the physician's billing and the associated processing. You thereby declare your consent to the forwarding of the information required in each case for the purpose of billing for the medical services rendered (name, date of birth, address, diagnosis, cost unit, examination and treatment data) as well as the assignment of the claim for the purpose of collection to DERMANOSTIC GmbH, Merowingerplatz 1, 40225 Düsseldorf. You may revoke this consent at any time with effect for the future vis-à-vis us or the dermatologist with the consequence that no corresponding processing will take place in the future.

These payment transactions involve the processing of personal data. The legal basis for this is your consent, which you give voluntarily by using the respective payment option.

Storage period

Invoices and receipts created in connection with the processing of the contract and your payment are stored for ten years in accordance with our legal obligations arising from Section 147 (3) Sentence 1 AO. The legal basis for this processing is Art. 6 para. 1 UAbs. 1 lit. c DS-GVO.

Recipient

For the credit card and PayPal payment methods, the personal data you enter is forwarded in encrypted form to the Braintree payment service, a product of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal. This mostly includes your name, address, telephone number, IP address, e-mail address or other information required for order processing, including information about your order. The legal basis for forwarding the data is Art. 6 (1) UAbs. 1 lit. b DS-GVO. The processing of personal data is carried out by PayPal as the responsible party. To the extent necessary for the fulfillment of the order, data may also be forwarded to third parties by PayPal. For more information about the processing by PayPal, please visit https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.

For information on processing when using the payment service provider Google Pay, see https://support.google.com/pay/answer/7020860?hl=de and https://policies.google.com/privacy.

For details on processing by Apple Pay, please see https://support.apple.com/de-de/HT201469.

You can find the data protection information of Klarna at https://www.klarna.com/de/datenschutz/.

Processing when subscribing to our newsletter

Purposes.

The purpose of our newsletters is to provide you with recommendations and information in the field of dermatology, as well as topics related to everyday life, in addition to news from dermanostic.

Types of data

To receive the newsletter, it is sufficient to provide an e-mail address. We process the time of your registration for the newsletter as well as your anonymized IP address entered by the Internet Service Provider (ISP) in order to be able to trace who has misused your e-mail address to register for the newsletter, if our newsletter was not registered by you for your e-mail address.

The legal basis for this processing is your explicit consent pursuant to Art. 6 (1) UAbs. 1 lit. a DS-GVO.

Storage period

We will use your e-mail address to send you our newsletter until you revoke your consent.

Recipient

We use a German order processor with a German server location for the provision of our e-mail server.

Possibility of unsubscribing by revocation

You have the right to revoke your consent at any time. Unsubscribing from our newsletter is possible at any time by revoking your consent to receive our newsletter via a link at the end of each newsletter. In addition, you are also welcome to send your unsubscribe request at any time to info@dermanostic.com via email. Within the app, you can unsubscribe from the newsletter via the account management. The lawfulness of the processing carried out on the basis of your consent until revocation is not affected by this.

Processing in connection with the newsletter dispatch

Purposes

Within the scope of our newsletter dispatch, we evaluate your user behavior. This evaluation serves the needs-based design and ongoing optimization of our newsletter.

Types of data

The following types of data are processed:

  • email reading/clicking behavior (opening rate, as well as click rate within the newsletter),
  • the type of device used (desktop, tablet, cell phone),
  • whether you are a user or patient of our app,
  • the time and date of access,
  • number of cases created in the (web) app;
  • the redirect URL (pages to which you are redirected).

The legal basis is based on our legitimate interest according to Art. 6 (1) UAbs. 1 lit. f DS-GVO to provide you with a promotional and user-friendly newsletter.

Storage period

We remove your email address from our newsletter distribution list as soon as you revoke your consent, i.e. unsubscribe from our newsletter.

In order to fulfill our accountability in data protection, to which we are subject according to Art. 5 (2) DS-GVO, we keep a deletion log of the unsubscription of your e-mail address for up to three years. The legal basis for this is the fulfillment of our legal obligation pursuant to Art. 6 para. 1 UAbs. 1 lit. c DS-GVO.

Recipient

We use a German order processor with a German server location to provide our email server.

Right of revocation

Pursuant to Art. 21 DS-GVO, you have the right to object to the processing of data relating to you described above if there are grounds arising from your particular situation or if your objection is directed against direct marketing.

You can exercise your right to object by sending an email to datenschutz@dermanostic.com.

Sending evaluation requests and information on service updates to existing customers.

Purposes.

To keep our existing accounts informed about our offers or services, provide them with valuable content and ask for reviews, we will send you a newsletter on a regular basis.

Types of data

We process your email address, which you provided when registering in the dermanostic app, for sending the newsletter.

The legal basis is based on our legitimate interest pursuant to Art. 6 (1) UAbs. 1 lit. f DS-GVO to conduct personalized direct advertising. This does not require any separate consent from you pursuant to Section 7 (3) UWG.

Storage period

We will use your e-mail address to send you our newsletter until you revoke our use of your e-mail address to send direct advertising to you.

In the event of deletion of your user account, we will delete your e-mail address and you will no longer be sent any direct advertising.

Recipient

We use a web hoster to provide our app.

For the provision of our email server, we use a German order processor with a German server location.

For the management of our newsletter subscriptions, we use an open source tool that is operated exclusively on servers in Germany.

Right of objection

Pursuant to Art. 21 DS-GVO, you have the right to object to the processing of data relating to you as described above, if there are grounds arising from your particular situation or if your objection is directed against direct marketing.

You may exercise your right to object by sending an email to datenschutz@dermanostic.com.

Processing in connection with the sending of evaluation requests to existing customers.

Purposes

In the context of sending evaluation requests and information on service updates, we evaluate your user behavior. This evaluation serves the needs-based design and ongoing optimization of our information letters.

Types of data

The following types of data are processed:

  • email read/click behavior (open rate, as well as click rate within the newsletter),
  • the type of device used (desktop, tablet, cell phone),
  • whether you are a user or patient of our app,
  • the time and date of access,
  • number of cases created in the (web) app;
  • the redirect URL (pages to which you are redirected).

The legal basis is based on our legitimate interest according to Art. 6 (1) UAbs. 1 lit. f DS-GVO to provide you with a promotional and user-friendly newsletter.

Storage period

We remove your email address from our newsletter distribution list as soon as you revoke your consent, i.e. unsubscribe from our newsletter.

In order to fulfill our accountability in data protection, to which we are subject according to Art. 5 (2) DS-GVO, we keep a deletion log of the unsubscription of your e-mail address for up to three years. The legal basis for this is the fulfillment of our legal obligation pursuant to Art. 6 para. 1 UAbs. 1 lit. c DS-GVO.

Recipient

We use a web hoster for the provision of our app.

For the provision of our email server, we use a German order processor with a German server location.

For the management of our newsletter subscriptions, we use an open source tool that is operated exclusively on servers in Germany.

Right of objection

Pursuant to Art. 21 DS-GVO, you have the right to object to the processing of data relating to you as described above, if there are grounds arising from your particular situation or if your objection is directed against direct marketing.

You can exercise your right to object by sending an email to datenschutz@dermanostic.com.

Contact via contact form

Purposes

Via our contact form within the web app, you have the opportunity to contact us at any time.

Types of data

As part of your contact, we process your user ID, your case ID and the content of your inquiry. Additional information can be provided voluntarily.

Processing for the purpose of contacting us is carried out for the fulfillment of a contract by you with us or for the implementation of pre-contractual measures with you by us pursuant to Art. 6 (1) lit. b DS-GVO or the processing of health data is based on your express consent pursuant to Art. 9 (2) lit. a DS-GVO.

Storage period

If contact is made within the framework of the treatment contract, we will retain your information within the framework of your patient file for ten years in accordance with §§ 630a ff. of the German Civil Code (BGB). Otherwise, we delete the personal data collected for the use of the contact form after completion of the request you have made. .

Necessity

The processing of your user ID and, if applicable, case ID is necessary for the processing of your inquiry in order to assign your inquiry to your patient file. If you submit your request via the contact form within the app, this information is automatically transmitted to us.

Recipient

We use a processor with server location within the EU to provide our app.

Right of withdrawal

If you transmit health data to us via this communication channel, we accept your explicit consent pursuant to Art. 9 (2) lit. a DS-GVO and you have the right to revoke your consent at any time, among others gladly by email to datenschutz@dermanostic.de. The lawfulness of the processing carried out on the basis of your consent until revocation is not affected by this.

Contact by e-mail or telephone

Purposes

You have the possibility to contact us via the e-mail addresses and telephone numbers provided on our website.

Types of data

In order to process your inquiry, we use the e-mail address or telephone number you have provided to us. We only collect other information directly from you where it is necessary and relevant to responding to your inquiry and is voluntarily provided to us by you.

Please do not submit health information to us via email.

The processing for the purpose of contacting us is carried out for the fulfillment of a contract by you with us or for the implementation of pre-contractual measures with you by us pursuant to Art. 6 (1) lit. b DS-GVO.

Please do not send us any health data by e-mail. If you do so nonetheless, the associated processing of health data is based on your express consent pursuant to Art. 9 (2) lit. a DS-GVO.

Storage period

If contact is made within the framework of the treatment contract, we will retain your information within the framework of your patient file for ten years in accordance with §§ 630a ff. of the German Civil Code (BGB). Otherwise, the data provided by you will be deleted by us after the request made by you has been dealt with.

Recipient

We use a German order processor with a German server location to provide our e-mail server.

Right of revocation

If you provide us with unsolicited health data via this communication channel, and we therefore assume your express consent pursuant to Art. 9 (2) lit. a DS-GVO, you have the right to revoke your consent at any time, including by sending an e-mail to datenschutz@dermanostic.de. The lawfulness of the processing carried out on the basis of your consent until the revocation is not affected.

Contact via WhatsApp

Purposes

You have the possibility at any time to contact us via the phone number provided on our website. This possibility of contacting us does not serve as patient support.

Types of data

In order to process your request, we use the telephone number provided to us by you. We only collect other information directly from you where it is necessary and relevant to responding to your inquiry and is voluntarily provided to us by you.

Please do not submit health information to us via chat.

The processing for the purpose of contacting us is carried out for the fulfillment of a contract by you with us or for the implementation of pre-contractual measures with you by us pursuant to Art. 6 (1) lit. b DS-GVO.

Please do not send us any health data via WhatsApp. If you do so nonetheless, the associated processing of health data is based on your express consent pursuant to Art. 9 (2) lit. a DS-GVO.

Necessity

The processing of your telephone number is necessary for the processing of your request in order to be able to contact you again in this context. If you do not provide us with your telephone number, we will not be able to process your request.

Storage period

The data provided by you will be deleted by us after completion of the request you have made.

Recipient

In the case of a contact request via WhatsApp, WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("WhatsApp"), a subsidiary of Facebook, processes your data. The data relating to you will be transferred to the USA. For this purpose, we have an order processing agreement pursuant to Art. 28 (3) DS-GVO under the terms of use, including standard data protection clauses pursuant to Art. 46 DS-GVO.
You can read about the appropriate or adequate safeguards WhatsApp gives us for third country transfers here https://www.whatsapp.com/legal/business-data-security-terms and here https://www.whatsapp.com/legal/business-data-transfer-addendum.

Contacting us via chat

Purposes

You the option to contact us via chat through our web presence.

Types of data

In order to process your request, we process the time of your request for technical reasons. In addition, we process the following types of data:

  • Your operating system used,
  • Your used browser type,
  • your domain
  • URL of the previously visited website.

Other information, such as first name, last name; email address and your request, we only collect directly from you where it is necessary and relevant to respond to your request and is provided to us voluntarily by you.

Please do not submit health information to us via chat.

The processing for the purpose of contacting us is carried out in accordance with Art. 6 (1) UAbs. 1 lit. b DS-GVO. However, we only provide the chat function after your express consent. You can give your consent to, among other things, this processing via our cookie banner if you select the category "other media" and consent.

Storage period

The personal data collected for the use of the contact form will be deleted after completion of the request you have made.

Recipients

We use chat software from the company Userlike UG, Probsteigasse 44-46, 50670 Cologne, Germany.

Processing in connection with our Facebook presence.

Purposes

We operate a page on Facebook to present our company and our offer.

Further information

Facebook Ireland Ltd. is responsible for processing your data when you visit our Facebook page. We are jointly responsible with Facebook for processing this data for the Insights tool for Facebook page operators: Facebook provides us, as page operators, with information about the user profiles that interact with the Facebook page we operate. The legal basis for this is our legitimate interest pursuant to Art. 6 (1) UAbs. 1 lit. f DS-GVO.

We have entered into a joint responsibility agreement with Facebook Ireland Ltd: https://www.facebook.com/legal/terms/page_controller_addendum. Pursuant to this agreement, Facebook assumes the fulfillment of transparency obligations and you can inform yourself about the processing of your personal data here: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Processing operations in connection with our Twitter presence.

Purposes.

We operate an account on Twitter to present our company and our offer.

Further information

Twitter is responsible for the processing of your data on Twitter. We are jointly responsible with Twitter for the processing of personal data in connection with your interaction with our company account. The legal basis for this is our legitimate interest pursuant to Art. 6 (1) UAbs. 1 lit. f DS-GVO.

We have entered into a joint responsibility agreement with Twitter: https://gdpr.twitter.com/en/controller-to-controller-transfers.html. Twitter assumes the fulfillment of transparency obligations in accordance with the joint responsibility. You can find out more about the processing of your personal data here: https://twitter.com/de/privacy.

Processing operations in connection with our Instagram presence.

Purposes.

We operate an account on Instagram to present our company and our offer.

Further information

Instagram is responsible for the processing of your data on Instagram. We are jointly responsible with Instagram for the processing of personal data in connection with your interaction with our company account. The legal basis for this is our legitimate interest pursuant to Art. 6 (1) UAbs. 1 lit. f DS-GVO.

We have entered into a joint responsibility agreement with Instagram: https://www.facebook.com/legal/terms/page_controller_addendum. Instagram takes over the fulfillment of transparency obligations in accordance with the joint responsibility. You can find out more about the processing of your personal data here: https://de-de.facebook.com/help/instagram/519522125107875/.

Purposes.

We operate an account on TikTok to showcase our company and our offerings.

Further information

TikTok is responsible for the processing of your data on TikTok. You can find out more about the processing of your personal data here: https://www.tiktok.com/legal/privacy-policy?lang=de.

Processing operations in connection with our LinkedIn presence.

Purposes.

We operate a page on LinkedIn to present our company and our offerings.

Further information

We have entered into a joint accountability agreement with LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum. LinkedIn takes over the fulfillment of transparency obligations in accordance with the joint accountability. You can find out more about how we process your personal data here: https://privacy.linkedin.com/de-de.

Processing operations in connection with our Pinterest presence.

Purposes.

We operate an account on Pinterest to present our company and our offer.

Further information

Pinterest is responsible for the processing of your data on Pinterest. You can find out more about the processing of your personal data here: https://policy.pinterest.com/en/privacy-policy.

Processing operations in connection with our Spotify presence.

Purposes.

We operate an account on Spotify to showcase our company and our offerings and to provide listeners with valuable content.

Further information

Spotify is responsible for processing your data on Spotify. You can find out more about how your personal data is processed here: https://www.spotify.com/de/legal/privacy-policy/ .

YouTube integration

Purpose

To optimize our web presence, we embed videos via YouTube on our website.

Types of data

When you call up a page that has an embedded video, a connection is established to the YouTube servers and the content is displayed on the website by notifying your browser. The following types of data are processed in the process: browser used, web page visited on this website, content displayed by YouTube.

We use the "extended data protection mode" option provided by YouTube. According to the information provided by YouTube, in "extended data protection mode" your data - in particular which of our web pages you have visited as well as device-specific information including the IP address - is only transmitted to the YouTube server in the USA when you watch the video.

If you have a user account with YouTube and are logged in there at the time of calling up the page, the data processed when calling up the page will be assigned to your user account if you have not logged out beforehand.

The legal basis for the use of YouTube via our website is your express consent pursuant to Art. 6 (1) UAbs. 1 lit. a DS-GVO. You can give your consent to, among other things, this processing via our cookie banner if you select the category "other media" and consent.

Storage period

We do not store any of the data related to you as part of this processing.

Recipients

Our website uses components from YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a Google Inc. company, Amphitheatre Parkway, Mountain View, CA 94043, USA. We have concluded an order processing agreement with YouTube as our processor pursuant to Art. 28 DS-GVO. Google provides appropriate guarantees for data protection, which you can view at https://privacy.google.com/businesses/processorterms/.

If you have a user account with YouTube and are logged in there at the time of calling up the page, the data processed when calling up the page will be assigned to your user account if you have not logged out beforehand.

For more information on data protection at YouTube, please refer to the privacy policy of Google (https://policies.google.com/privacy?hl=de&gl=de).

Possibility of revocation

You can revoke your consent at any time by clicking the following link:

Delete All Cookies.

Your rights in relation to our processing of your personal data.

You have the right to,

to request information about your personal data processed by us in accordance with Art. 15 DS-GVO. In particular, you can request information about the processing purposes, the category of personal data, the category of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;

  • pursuant to Art. 16 DS-GVO, to demand without undue delay the correction of inaccurate or the completion of your personal data stored by us;
  • pursuant to Art. 17 DS-GVO, to request the erasure of your personal data stored by us, unless the processing of such data is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • pursuant to Art. 18 DS-GVO, to request the restriction of the processing of your personal data, provided that the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DS-GVO;
  • pursuant to Art. 20 DS-GVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
  • in accordance with Art. 7 (3) DS-GVO, to revoke your consent once given to us at any time. This revocation has the consequence that we may no longer continue the processing based on this consent in the future, whereby the processing carried out up to the time of the revocation remains lawful;
  • to lodge a complaint with a supervisory authority in accordance with Art. 77 DS-GVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office for this purpose. The supervisory authority responsible for our registered office is the State Commissioner for Data Protection of North Rhine-Westphalia.

Your right to object

In cases where processing is carried out on the legal basis of our legitimate interest pursuant to Art. 6 (1) UAbs. 1 lit. f DS-GVO, you may object to the processing of your personal data pursuant to Art. 21 DS-GVO if there are grounds arising from your particular situation or if the objection is directed against direct advertising.

In the case of objection to direct marketing, you have a general right of objection, which is implemented by us without any indication of a particular situation.

In any case, you can exercise your right to object simply by sending an email to info@dermanostic.com.

In any case of processing based on your consent given pursuant to Art. 6 (1) UAbs. 1 lit. a or Art. 9 (2) lit. a DS-GVO, you may withdraw your consent at any time. This does not affect the lawfulness of the processing carried out up to the time of the revocation.

You can revoke the consent you have given us simply by sending an email to info@dermanostic.com.

Data transfer

In principle, we do not pass on your personal data to third parties. This only happens if

you have given your express consent in accordance with Art. 6 para. 1 UAbs. 1 lit. a or Art. 9 para. 2 lit. a DS-GVO,

  • the disclosure of your data pursuant to Art. 6 (1) (1) (f) DS-GVO is necessary for the assertion, exercise or defense of legal claims and there is no reason to believe that you have an overriding legitimate interest in not having your data disclosed,
  • there is a legal obligation for the disclosure pursuant to Art. 6 (1) UAbs. 1 lit. c DS-GVO, or
  • the disclosure is legally permissible and necessary for the processing of contractual relationships with you pursuant to Art. 6 (1) (1) (b) of the German Data Protection Regulation (DS-GVO).

We would like to point out at this point that we have concluded order processing contracts with external service providers in accordance with Art. 28 DS-GVO, for example with our IT provider. A processor is a natural or legal person, an authority, institution or other body that processes personal data on behalf of the controller. When selecting these processors, we have ensured that they provide sufficient guarantees that appropriate technical and organizational measures are implemented in such a way that the processing is in compliance with data protection requirements. We are authorized to issue instructions to the processors and regularly monitor whether the processing by the processors complies with the requirements of data protection law. For their part, the processors do not disclose the data to third parties.

Data security

To ensure adequate security of the processing of your personal data, we use appropriate technical and organizational measures. When visiting our website/web app, the so-called SSL procedure is used, combined with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. Only in exceptional cases where your browser does not support this encryption technology, a 128-bit v3 technology is used. You can very easily check whether a single page of our website is transmitted in encrypted form. The closed display of the key or a lock symbol in the lower status bar of your browser prove the encrypted transmission.

Together with our order processors, we regularly further develop the technical and organizational measures and strive to constantly improve the security conditions for your personal data.

Actuality of this data protection declaration

This privacy policy is valid and has the status of May 2021. As we always strive to keep up with technical progress, we continue to develop our website and its offerings, as well as the technical and organizational measures to protect your data. In this context, it may be necessary to adapt the data protection declaration accordingly. You can access and print out the current data protection declaration at any time at https://dermanostic.com/datenschutz-webapp.

Would you like to delete all cookies?