Dermicus AB and its affiliates (“We”) are committed to protecting and respecting your privacy. This policy sets out the legal basis on which any personal data we collect from you, or that you provide to us, will be processed by us, in respect of our contractual requirements, legal obligations, and the legitimate interests of our business.
2. Who is responsible for the processing of your data?
Dermicus AB, Swedish company reg.no 556979-2822 (“we”, “our”, “us”) is responsible (data controller) for the processing of your personal data described herein under the applicable data protection laws such as the EU General Data Protection Regulation 2016/679, the Swedish data protection law Patiendatalag (2008:355) and the UK DATA Protection Act 2018.
Please do not hesitate to contact us if you have any questions regarding your personal data. Please note that we may also process your personal data on behalf of the company you represent, e.g. if you have a user account in our service. If so, that company will be responsible (data controller) for the processing of your data.
3. How do we collect your data?
We may collect and process the following data:
- Information that you provide by filling in forms on our site. This includes information provided at the time of registering to use our site, subscribing to our service, or requesting further services.
- Information provided by health professionals about patients to facilitate health services.
- If you contact us e.g. by email, we may keep a record of that correspondence.
- Details of transactions you carry out through our site and of the fulfillment of your orders.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs, and other communication data.
- Personal information (e.g. your contact information, job details and feedback) when you attend our events, take part in surveys, or through other business or marketing interactions we may have with you.
- Data from publicly available sources (e.g. your contact details from your employer’s website), third party social networks (e.g. LinkedIn), contact information service providers and other similar reliable sources.
You can always choose not to provide us with certain information. However, some information may be necessary for us to interact with our customers, suppliers and partners for business purposes. Not providing such information can prevent our provision of services that you, or the company you represent, might expect from us. We will let you know when this is the case.
4. What types of personal data do we process?
The categories of personal data we collect about you will depend on the nature of our relationship with you and the purpose for which the information is being collected. For example, we may collect and process the following categories of personal data about you:
- Contact details, eg. your name, email address, postal address, social network details, phone number and other information that would allow us to contact you. Contact information may identify you personally.
- Organisational data, eg. the name of the company you represent, your title and place of work. Organisational data may identify you personally.
- Contractual data, eg. personal information included in agreements between us and the company you represent. Contractual data may identify you personally.
- Billing information, eg. information you are required to provide to us to enable us to be paid for the Services, or for a third party to provide services through us to you. Examples of billing information may include credit card number, bank information, PayPal id, billing address, billing contact name, telephone numbers and email address. Billing information may identify you personally.
- Password information, eg. information that allows you to access the Services, technical support, our ticketing system and any third party services provided through us. Examples of password information may include user id, account number and password. Password information does not identify you personally, but when associated with other information, it may.
- Messages and documents, eg. personal information included in emails and attached files, text messages, letters and documents you share with us.
- Personal interests and other individual data,g. preferred language, photos.
- Notes, eg. memory notes taken during phone calls or meetings, including the date, time and subject of the conversation. Eventual audio/ video record during onboarding calls.
- Event data, eg. information related to event registration, including allergies and other food preferences.
- IP addresses and cookies, eg. we may collect information about your computer, including your IP address, operating system, and browser type, for system administration and to report aggregate information to our advertisers. Such technical information does not identify you personally, but when associated with other information, it may.
Sensitive personal data. We do not seek to collect or otherwise process sensitive personal data about you. If we need to process your sensitive personal data, we will inform you of such processing in advance. Since email communications are not always secure, we encourage you to not include sensitive data in your emails to us.
4.1 Patient Data
We understand the sensitivity of patient data and have implemented rigorous security measures to protect this information. Patient data is only accessed by authorized personnel and is used solely for providing healthcare services. We do not use patient data for marketing purposes.
4.2 Accountability for Consent
5. How do we use your Personal Data?
We will only use your personal data when the law allows us to. Most commonly, we may process your personal data in the following circumstances:
- To initiate and manage our business relationship. We will process your personal data to manage our business relationship with you and the company you represent. For example, we will process your data to negotiate and enter into commercial agreements with the company you represent and to fulfil our promises and obligations under such agreements.
- To communicate with you. We will process your contact details and messages to communicate with you and answer the incoming correspondence we receive. When we talk on the phone or in person, we might take notes to help us remember and follow up on the matters we discussed.
- To manage our daily business operations. We will process your personal data to manage our daily business operations according to lawful and fair business practices, like billing for our services, calculating taxes, or conducting required audits. This may also include sending you emails, invoices and reminders about outstanding payments.
- To provide you with customer success services. We will process your personal data for customer success purposes, including responding to your enquiries. This typically requires the use of your contact details, organizational data, messages and notes from our previous meetings. Please note that when we process your personal data for technical support and customer support, we normally act as the data processor on behalf of the company you represent.
- To promote our services (direct marketing) and invite you to events. We may use your contact details to contact you by email or phone, to introduce ourselves and tell you more about our services. Where we have an ongoing business relationship with you, we may also send you periodic newsletters, information about our services and invitations to events. You can always ask us to stop sending you emails or contact you.
- To invite you to participate in our surveys. We may use your contact details to invite you to participate in our customer satisfaction surveys and similar surveys.
- To protect our legitimate interests. We will process your personal data when necessary to protect or exercise our rights or business interests, e.g. to defend us against claims from you or third parties.
- To meet legal requirements. We will process your personal data when necessary to comply with our legal obligations under laws, court rulings or other appropriate legal mechanisms, e.g. to respond to lawful requests by public authorities.
We process your personal data based on our legitimate interests. For example, we have a strong interest in promoting and keeping you up to date on our services and in creating or maintaining good business relationships with our customers, suppliers and other business partners. When we process your personal data for accounting, tax and other legal purposes, we do so to comply with our legal obligations.
6. Who can access your data/disclosure of your information?
We will never sell your data. You specifically authorize the engagement of Dermicus AB’s Affiliates and any other third parties as Subprocessors.
However, sometimes we share your information with trusted parties. For example, your personal data will be shared with:
- Our employees and consultants. We share your personal data with our employees and consultants on a need-to-know basis. For example, our customer success team will have access to your contact details and other data to provide you with customer success services.
- Service providers. We will share your personal data with service providers who provide us with IT services like email, billing system, document hosting, backup services, etc. Our service providers and their selected staff are only allowed to access and use your data on our behalf for the specific tasks that they have been requested to carry out, based on our instructions.
- Banks, legal advisors and other suppliers. We may share your personal data with legal advisors and accountants, banks, auditing firms, debt collection companies or transport service providers. Normally, these recipients will be responsible (data controllers) for their processing of your personal data.
- Public authorities. Legal obligations may require us to share information about you, e.g. to respond to lawful requests from law enforcement agencies, regulatory agencies, and other public and government authorities. Public authorities are responsible (data controllers) for their processing of your personal data.
- Legal process. We may disclose personal data about you to courts, legal advisors and other parties when needed in connection with a legal process, e.g. to enforce our terms and conditions and to protect our rights.
- Business transfers. We may share or transfer your personal data in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Other parties. We may also share your personal data when you ask or permit us to, e.g. when we make a referral to another company. You may also be included in email conversations together with other external parties.
7. How long do we keep your personal data?
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, contractual, accounting, or reporting requirements.
- During our business relationship. We keep your contact details and other relevant information until we no longer conduct business with the company you represent. If you leave your current job/position, please let us know.
- Liability periods and claims. Normally, we also keep your contact details, messages, notes and other relevant information during warranty or liability periods (even after our business relationship has ended). Should any relevant legal claim be brought, we may also continue to process your personal data for such additional time necessary in connection with that claim.
- Communication and direct marketing. We will process your contact details and messages for as long as motivated by the context. We will stop using your contact details for direct marketing purposes when you ask us to stop contacting you.
- Tax and accounting. We may keep your personal data (e.g. invoices and other accounting data) longer where necessary to comply with our legal obligations under tax and accounting rules. We regularly review our need to keep your data, considering the applicable legislation. When we no longer need your data, we will either delete or render it anonymous.
8. Where do we store you data?
All information you provide to us is stored on secured servers that may only be accessed by a limited number of persons holding special access rights and with respect to the nature of the data.
Despite these measures, due care should be taken when storing and/or sharing your personal data and login, particularly when connecting via unsecure or public networks.
We always strive to store your personal data within the EU/EEA. However, your personal data will in certain situations be transferred to and processed outside of the EU/EEA. Please note that privacy laws in countries outside of the EU/EEA may not be the same as, and in some cases may be less protective than, privacy laws in your country. However, we will always ensure that your personal data is processed safely and that adequate safeguards (e.g. EU standard Contractual Clauses) are in place to protect your personal data. You can always contact us for more information about the applicable safeguards.
9. How do we protect your personal data?
We want you to feel confident about always providing us with your personal data. We have taken appropriate privacy measures to protect your personal data against unauthorized access, alteration, and erasure. Should a privacy breach occur that may materially impact you or your personal data (e.g. risk of fraud or identity theft), we will contact you to explain what action you can take to mitigate any potential adverse effects of the breach.
10. What are your rights?
Under certain circumstances, you have the following rights under data protection laws in respect of our processing of your personal data:
- Right to object. You have the right to object to processing based on legitimate interest. You can contact us for more information on the balance test that we have made. You also have an absolute right to object to direct marketing.
- Right to access and transfer your data (data portability). You have the right to ask us for copies of your personal information. There are some exemptions, which means you may not always receive all the information we process. You may in certain circumstances also have the right to transfer your information to another data controller.
- Right to rectification. You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to erasure (‘right to be forgotten’). You have the right to ask us to erase personal information about you in certain circumstances. Normally, we will honor your request unless deleting the information prevents us from carrying out necessary business functions.
- Right to restriction. You have the right to request that the processing of your personal data should be limited until inaccurate or incomplete information about you has been corrected, or until an objection from you has been handled.
- Right to withdraw your consent. You may at any time withdraw any consent you have given us. However, please note that it will not affect any processing that has already taken place.
Want to exercise your rights? Please contact us on email@example.com
Should you feel that we have not complied with our obligations regarding your personal data, please contact us on firstname.lastname@example.org.
You may also raise your concern with IMY (Swedish Authority for Privacy Protection) or with the supervisory authority in the country where you live or work.
411 19 Gothenburg