Privacy policy
Dear visitor to this website,
The protection of your personal data is not only of great concern to you, but also to us, the persons jointly responsible for the app "dermanostic" (hereinafter "we", "us"). We appreciate your trust that we will handle your personal data conscientiously and in accordance with the law. Your data will be treated confidentially by us.
With this data protection notice, we not only wish to comply with our legal obligation under Articles 13 and 14 of the German Data Protection Regulation (DS-GVO), but also to provide you with an understandable description of what personal data is collected when you visit our website and how we handle it.
Responsible for processing in accordance with Art. 24 GDPR is
Dermanostic GmbH Merowingerplatz 1 40225 Düsseldorf
You can contact the controller with your concerns at any time using the contact details above or by e-mail to datenschutz@dermanostic.com.
You can contact the data protection officer of the controller by sending an e-mail to datenschutzbeauftragter@dermanostic.com.
Website information
In this section, you can find out which of your data we process to ensure the provision of our website.
3.1. Purposes
This processing is used to achieve the following purpose: Public presentation.
3.2. Data types
We process the following categories of data that can be related to you: Connection data (access data and device data).
3.3. Legal basis
The legal basis is the implementation of necessary pre-contractual measures and fulfillment of contracts pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR.
3.4. Necessity
The processing of the above mentioned data relating to you is necessary for you to contact us. If you do not provide us with the above information relating to you, we will not be able to display our website to you.
3.5. Storage period
The storage period is limited to the duration of the browser session.
3.6. Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany, and our website host, Neue Medien Münnich GmbH, Hauptstr. 68, 02742 Friedersdorf, Germany.
The above-mentioned data relating to you will be transmitted to Alphabet, Inc, 901 Cherry Ave, San Bruno, CA 94066, USA.
The above-mentioned data relating to you will be transferred to the USA as a third country with an adequacy decision pursuant to Art. 45 GDPR.
4.1. Purposes
This processing serves to ensure the trouble-free operation of the website.
4.2. Data Types
We process connection data (access data and terminal device data) and your system information as categories of data that can be related to you.
4.3. Legal basis
The legal basis is Art. 6 para. 1 subpara. 1 lit. f GDPR. Our legitimate interest is to ensure the trouble-free operation of the website.
4.4. Storage period
The storage period is 30 days.
4.5. Recipients
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany.
4.6. Your right to object
In accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data as described above if there are grounds relating to your particular situation or if your objection is directed against direct marketing.
You can exercise your right to object by sending an email to datenschutz@dermanostic.com
5.1. Purposes
This processing serves to manage and document your consent.
5.2. Data types
We process consent data as data that can be related to you.
5.3. Legal basis
The legal basis is our obligation to provide evidence pursuant to Art. 6 para. 1 subpara. 1 lit. c GDPR in conjunction with Art. 5 para. 2 and Art. 7 para. 1 GDPR.
5.4. Storage period
The storage period is until you withdraw your consent. We keep a deletion log for three years.
5.5. Recipient
The above data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn.
Mitarbeiterprogramm
In diesem Kapitel erfahren Sie, welche Ihrer Daten wir bei Ihrer Anmeldung zum Mitarbeiterprogramm verarbeiten.
6.1. Zwecke
Diese Verarbeitung dient der Benutzerverwaltung des Mitarbeiterprogramms.
6.2. Datenarten
Wir verarbeiten dabei Ihre E-Mail-Adresse sowie Zugriffsdaten als Kategorien auf Sie beziehbarer Daten.
6.3. Rechtsgrundlage
Die Rechtsgrundlage ist Ihre ausdrückliche Einwilligung ins Mitarbeiterprogramm gem. Art. 6 Abs. 1 UAbs. 1 lit. a DS-GVO.
6.4. Speicherdauer
Die Speicherdauer ist bis zum Widerruf Ihrer Einwilligung. Wir bewahren für drei Jahre ein Löschprotokoll auf.
6.5. Empfänger
Die oben genannten auf Sie beziehbaren Daten werden an die Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, und unseren E-Mail-Server-Hoster, die Neue Medien Münnich GmbH, Hauptstr. 68, 02742 Friedersdorf, übermittelt.
6.6. Ihr Recht auf Widerruf Ihrer Einwilligung
Sie haben das Recht, Ihre Einwilligung jederzeit mit Wirkung für die Zukunft zu widerrufen. Die Rechtmäßigkeit der aufgrund Ihrer Einwilligung bis zum Widerruf erfolgten Verarbeitung wird davon nicht berührt.
Sie können Ihre Einwilligung in diese Verarbeitungstätigkeit jederzeit per E-Mail an datenschutz@dermanostic.com widerrufen.
Sie können Ihre Einwilligung in diese Verarbeitungstätigkeit jederzeit in Ihren Kontoeinstellungen unter dem Punkt "Mitarbeiterprogramm" durch Löschen des Anmeldecodes widerrufen.
Contact
In this chapter, you will find out how you can contact us and which of your data we process when you contact us.
7.1. Purposes
Processing by telephone and email is used to answer inquiries and for customer acquisition, contract processing, press/data protection inquiries and user and patient support.
Processing via chat serves the external presentation of our company and is not patient support.
7.2. Data types
We process your contact data and the content of your request as categories of data that can be related to you. If you contact us via chat, we also process your connection data (access data and terminal device data) as categories of data relating to you.
7.3. Legal basis
The legal basis is the implementation of necessary pre-contractual measures and fulfillment of contracts pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR.
7.4. Necessity
The processing of the above-mentioned data relating to you is necessary for the processing of your request. If you do not provide us with the above-mentioned data relating to you, we will not be able to process your request.
7.5. Storage period
The storage period is six months, unless a contract has been concluded. The data relevant to the contract will then be stored in accordance with the relevant regulations.
7.6. Recipient
If you contact us by e-mail, the above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany, and our e-mail server host, Neue Medien Münnich GmbH, Hauptstr. 68, 02742 Friedersdorf, Germany.
If your request is directed to our sales department, the above-mentioned data relating to you will be transmitted to Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia.
If you contact us via chat, the above-mentioned data relating to you will be transmitted to Userlike UG, Probsteigasse 44-46, 50670 Cologne, Germany.
Marketing
Read this section to find out which of your data we use when you click on our advertisements. The analysis of your user behavior helps us to improve our advertisements and our offer as well as the website based on your user behavior. If you have subscribed to our newsletter and click on links to our articles, we will explain which of your data is used.
8.1. Purposes
This processing is used to analyze user behavior.
8.2. Data types
We process your connection data (access and end device data), your usage data, data on your interaction with our advertisements, your demographic data, your unique advertising identifier and your unique device identifier as categories of data that can be related to you.
8.3. Legal basis
The legal basis is your express consent to the marketing analysis pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR.
8.4. Storage period
The storage period of Dermanostic GmbH for this processing of the above-mentioned data relating to you is
14 months for Google Analytics (demographic data 2 months),24 months for Google Ads tracking,24 months for Meta Pixel,6 months for Meta for Business,24 months for Meta Ads Manager,180 days for Microsoft Advertising,6 months for Pinterest Advertising,180 days for Spotify Ads,6 months for Twitter Advertising,and 180 days for LinkedIn Insight Tag.
8.5. Recipient
The above-mentioned data relating to you will be transmitted to Google LLC, 1600 Amphitheatre Pkwy, Mtn. View, CA 94043, USA.
The above-mentioned data relating to you will be transmitted to Meta Platforms Ireland Limited, 4 Grand Canal Place Grand Canal Harbour, Dublin 2, Ireland, and Meta Platforms, Inc, 1 Hacker Way Menlo Park, California 94025, CA, USA.
The above-mentioned data relating to you will be transmitted to Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
The above-mentioned data relating to you will be transmitted to Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
The above-mentioned data relating to you will be transmitted to Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden, and Spotify USA Inc, 150 Greenwich Street, Floor 62, New York, NY 10007, USA.
The above-mentioned data relating to you will be transmitted to Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, and Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
The above-mentioned data relating to you will be transmitted to LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, and LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA.
The above-mentioned data relating to you will be transferred to the USA as a third country with an adequacy decision pursuant to Art. 45 GDPR.
8.6. Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of your consent until you withdraw it.
You can withdraw your consent to this processing activity at any time at </datenschutz/#optOut>.
You can withdraw your consent to this processing activity at any time by sending an email to datenschutz@dermanostic.com.
Purposes
This processing is used for marketing and user behavior analysis.
Data types
We process your e-mail address, your access data, e-mail user behavior data, your end device data, your connection data, your consent data and the number of cases you have submitted in the app as categories of data that can be related to you.
Legal basis
Dermanostic GmbH's legal basis for this processing of the above-mentioned data relating to you is consent to subscribe to the newsletter in accordance with Article 6 (1) UAbs. 1 lit. a GDPR.
Storage period
The storage period is until you withdraw your consent. We keep a deletion log for three years.
Recipient
The above-mentioned data relating to you will be transmitted to Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, and our e-mail server host, Neue Medien Münnich GmbH, Hauptstr. 68, 02742 Friedersdorf.
Your right to withdraw your consent
You have the right to withdraw your consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of your consent until you withdraw it.
You can withdraw your consent to this processing activity at any time by clicking on the unsubscribe link at the end of each newsletter.
You can withdraw your consent to this processing activity at any time by sending an email to datenschutz@dermanostic.com.
Social media presences
In this section, we have listed the platforms on which we, i.e. Dermanostic GmbH, are represented and which of your data is processed when you visit the dermanostic site within the respective platform.
10.1. Purposes
This processing serves the external presentation of our company.
10.2. Data types
We process the content of your request, your user data and the date of communication as categories of data relating to you.
10.3. Legal basis
The legal basis is the implementation of necessary pre-contractual measures and fulfillment of contracts pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR.
10.4. Necessity
The processing of the above-mentioned data relating to you is necessary for the processing of your request. If you do not provide us with the above-mentioned data relating to you, we will not be able to process your request.
10.5. Storage period
With a registered account, the storage period is until the data within the account is deleted by the user or until the entire account is deleted by the user, as well as 5 years for technically necessary cookies. Without a registered account, the storage period is 5 years for technically necessary cookies.
10.6. Recipient
The above-mentioned data relating to you will be transferred to Meta Platforms Ireland Limited, 4 Grand Canal Place Grand Canal Harbour, Dublin 2, 2 Ireland, and Meta Platforms, Inc, 1 Hacker Way Menlo Park, California 94025, CA, USA.
The above-mentioned data relating to you will be transferred to the USA as a third country with an adequacy decision pursuant to Art. 45 GDPR.
10.7. Learn more about Shared Responsibility
We have entered into a joint controllership agreement with Meta Platforms Ireland Limited, 4 Grand Canal Place Grand Canal Harbour, Dublin 2, 2 Ireland: https://www.facebook.com/legal/terms/page_controller_addendum.
In accordance with this agreement, the company assumes the fulfillment of transparency obligations and you can find out more about the processing of your personal data here: https://www.facebook.com/legal/terms/information_about_page_insights_data.
11.1. Purposes
This processing serves the external presentation of our company.
11.2. Data types
We process the content of your request, your user data and the date of communication as categories of data relating to you.
11.3. Legal basis
The legal basis is the implementation of necessary pre-contractual measures and fulfillment of contracts pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR.
11.4. Necessity
The processing of the above-mentioned data relating to you is necessary for the processing of your request. If you do not provide us with the above-mentioned data relating to you, we will not be able to process your request.
11.5. Storage period
With a registered account, the storage period is until the data within the account is deleted by the user or until the entire account is deleted by the user, as well as 5 years for technically necessary cookies. Without a registered account, the storage period is 5 years for technically necessary cookies.
11.6. Recipient
The above-mentioned data relating to you will be transferred to Meta Platforms Ireland Limited, 4 Grand Canal Place Grand Canal Harbour, Dublin 2, 2 Ireland, and Meta Platforms, Inc, 1 Hacker Way Menlo Park, California 94025, CA, USA.
The above-mentioned data relating to you will be transferred to the USA as a third country with an adequacy decision pursuant to Art. 45 GDPR.
11.7. Learn more about Shared Responsibility
We have entered into a joint controllership agreement with Meta Platforms Ireland Limited, 4 Grand Canal Place Grand Canal Harbour, Dublin 2, 2 Ireland: https://www.facebook.com/legal/terms/page_controller_addendum.
In accordance with this agreement, the company assumes the fulfillment of transparency obligations and you can find out more about the processing of your personal data here: https://www.facebook.com/legal/terms/information_about_page_insights_data.
12.1. Purposes
This processing serves the external presentation of our company..
12.2. Data types
We process the content of your request, your user data and the date of communication as categories of data relating to you..
12.3. Legal basis
The legal basis is the implementation of necessary pre-contractual measures and fulfillment of contracts pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR.
12.4. Necessity
The processing of the above-mentioned data relating to you is necessary for the processing of your request. If you do not provide us with the above-mentioned data relating to you, we will not be able to process your request.
12.5. Storage period
If an account is logged in, cookies are stored until the user deletes the entire account and technically necessary cookies until they are deleted by the user or browser. Without a registered account, technically necessary cookies are stored in the browser until they are deleted by the data subject.
12.6. Recipient
The above-mentioned data relating to you will be transmitted to LinkedIn Ireland Unlimited Company, Gardner House, Wilton Plaza, Wilton Place, Dublin 2, Ireland, and LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA.
The above-mentioned data relating to you will be transferred to the USA as a third country with an adequacy decision pursuant to Art. 45 GDPR.
12.7. Learn more about Shared Responsibility
We have entered into a joint controllership agreement with LinkedIn Ireland Unlimited Company, Gardner House, Wilton Plaza, Wilton Place, Dublin 2, Ireland: https://legal.linkedin.com/pages-joint-controller-addendum.
In accordance with this agreement, the company assumes the fulfillment of transparency obligations and you can find out more about the processing of your personal data here: https://legal.linkedin.com/pages-joint-controller-addendum.
13.1. Purposes
This processing serves the external presentation of our company.
13.2. Data types
We process the content of your request, your user data and the date of communication as categories of data relating to you.
13.3. Legal basis
The legal basis is the implementation of necessary pre-contractual measures and fulfillment of contracts pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR.
13.4. Necessity
The processing of the above-mentioned data relating to you is necessary for the processing of your request. If you do not provide us with the above-mentioned data relating to you, we will not be able to process your request.
13.5. Storage period
The storage period is until the deletion of the data within the account by the user or until the deletion of the entire account by the user and, in the case of session cookies, until the browser session is closed and, in the case of permanent cookies, until the data in the browser is deleted by the data subject.
13.6. Recipient
The above-mentioned data relating to you will be transmitted to Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
The above-mentioned data relating to you will be transferred to the USA as a third country with an adequacy decision pursuant to Art. 45 GDPR.
14.1. Purposes
This processing serves the external presentation of our company.
14.2. Data types
We process the content of your request, your user data and the date of communication as categories of data relating to you.
14.3. Legal basis
The legal basis is the implementation of necessary pre-contractual measures and fulfillment of contracts pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR.
14.4. Necessity
The processing of the above-mentioned data relating to you is necessary for the processing of your request. If you do not provide us with the above-mentioned data relating to you, we will not be able to process your request.
14.5. Storage period
The storage period is 18 Month.
14.6. Recipient
The above-mentioned data relating to you will be transferred to TikTok Information Technologies UK, 125 Kingsway, London, WC2B 6NH, United Kingdom, and TikTok Technology Limited, 10 Earlsfort Terr., Dublin, D02 T380, Ireland.
The above-mentioned data relating to you will be transferred to the United Kingdom and South Korea as third countries with an adequacy decision pursuant to Art. 45 GDPR.
Your data will be transferred to the following third countries without an adequacy decision USA, Singapore and Russia. The legal basis for the transfer of your data to the aforementioned third countries without an adequacy decision are standard contractual clauses pursuant to Art. 46 GDPR. The company offers suitable guarantees for data protection, which you can view on request at datenschutz@dermanostic.com.
14.7. Learn more about Shared Responsibility
We have reached a joint responsibility agreement with TikTok Information Technologies UK, 125 Kingsway, London, WC2B 6NH, UK, and TikTok Technology Limited, 10 Earlsfort Terr., Dublin, D02 T380, Ireland: < https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms >. The company undertakes to comply with transparency obligations in accordance with this agreement and you can find out more about the processing of your personal data here: < https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms >.
15.1. Purposes
This processing serves the external presentation of our company.
15.2. Data types
We process the content of your request, your user data and the date of communication as categories of data relating to you.
15.3. Legal basis
The legal basis is the implementation of necessary pre-contractual measures and fulfillment of contracts pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR.
15.4. Necessity
The processing of the above-mentioned data relating to you is necessary for the processing of your request. If you do not provide us with the above-mentioned data relating to you, we will not be able to process your request.
15.5. Storage period
With a registered account, the storage period is a maximum of 18 months until the user deletes the data within the account or until the entire account is deleted by the user, and technically necessary cookies are stored for up to 13 months. Without a registered account, technically necessary cookies are stored for up to 13 months.
15.6. Recipient
The above-mentioned data relating to you will be transmitted to Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
The above-mentioned data relating to you will be transferred to the USA and Japan as third countries with an adequacy decision pursuant to Art. 45 GDPR.
15.7. Learn more about Shared Responsibility
We have entered into a joint controllership agreement with Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
In accordance with this agreement, the company assumes the fulfillment of transparency obligations and you can find out more about the processing of your personal data here: https://twitter.com/de/privacy.
16.1. Purposes
This processing serves the external presentation of our company.
16.2. Data types
We process the content of your request, your user data and the date of communication as categories of data relating to you.
16.3. Legal basis
The legal basis is the implementation of necessary pre-contractual measures and fulfillment of contracts pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR.
16.4. Necessity
The processing of the above-mentioned data relating to you is necessary for the processing of your request. If you do not provide us with the above-mentioned data relating to you, we will not be able to process your request.
16.5. Storage period
If an account is logged in, the storage period is until the user deletes the data within the account or until the user deletes the entire account and technically necessary cookies until they are deleted by the user or browser. Without a registered account, technically necessary cookies are stored until they are deleted by the user or browser.
16.6. Recipient
The above-mentioned data relating to you will be transmitted to Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden, and Spotify USA Inc, 150 Greenwich Street, Floor 62, New York, NY 10007, USA.
The above-mentioned data relating to you will be transferred to the USA as a third country with an adequacy decision pursuant to Art. 45 GDPR.
17.1. Purposes
This processing serves the external presentation of our company.
17.2. Data types
We process the following categories of data relating to you: audio and audiovisual content.
17.3. Legal basis
The legal basis is the implementation of necessary pre-contractual measures and fulfillment of contracts pursuant to Art. 6 para. 1 subpara. 1 lit. b GDPR.
17.4. Necessity
The processing of the above-mentioned data relating to you is necessary for the processing of your request. If you do not provide us with the above-mentioned data relating to you, we will not be able to process your request.
17.5. Storage period
The storage period is until the YouTube channel is deleted.
17.6. Recipient
The above-mentioned data relating to you will be transmitted to Alphabet, Inc, 901 Cherry Ave, San Bruno, CA 94066, USA.
The above-mentioned data relating to you will be transferred to the USA as a third country with an adequacy decision pursuant to Art. 45 GDPR.
Data subjects' rights
Data protection gives you, as a data subject, rights over the handling of data relating to you. We guarantee that you will implement your existing data subject rights vis-à-vis us. You can find out more about this in this section.
You can contact the data protection officer of the “dermanostic” app jointly responsible for the “dermanostic” app by sending an e-mail to datenschutzbeauftragter@dermanostic.com (mailto:datenschutzbeauftragter@dermanostic.com).
19.1. Purposes
This processing serves the data protection-compliant handling of data subject rights.
19.2. Data types
We process all categories of data as categories of data relating to you.
19.3. Legal basis
The legal basis of Dermanostic GmbH is Art. 6 para. 1 subpara. 1 lit. c GDPR in conjunction with Chapter III GDPR.
19.4. Necessity
The processing of the above-mentioned data relating to you is necessary to fulfill our legal obligations.
19.5. Storage period
The storage period for Dermanostic GmbH to process the above-mentioned data relating to you is three years.
19.6. Recipient
The above data relating to you will be transmitted to our external data protection officer Dr. Werner Schäfke-Zell, Caladan GmbH, datenschutzbeauftragter@dermanostic.de.