This Policy applies indistinctly and generally to any Patient and Medical Professional using the Service (collectively “Users”).
1. Collection of Information
We collect different types of information from or through the Service. The legal bases for our processing of Personal Information are primarily that the processing is necessary for providing the Service and/or healthcare services to you and that the processing is carried out in our legitimate interests, which are further explained in the “Use of Information” section. We may also process Personal Information upon your consent, asking for it as appropriate.
a) User-Provided Information
When User uses the Service, you may provide, and we may collect certain information that personally identifies you or could be used to personally identify you (“Personal Information”). Personal Information includes (but is not limited to) the following categories of information: name, postal address, email address and telephone number, gender, date of birth, photos, etc. Personal Information also includes other information, such as preferences, when any such information is linked to information that identifies a specific individual. You may provide us with Personal Information in various ways on the Service. For example, when you use the Service, send us customer service-related requests, register for an account, etc. If you choose to withhold any Personal Information requested by us, it may not be possible for you to gain access to certain parts of the Service.
b) Medical Professional-Provided Information
When Medical Professional uses the Service, you may provide and we may collect Personal Information about Patients, including contact details but also health-related information (which is also known as a “special category of personal data” under the General Data Protection Regulation (GDPR), meaning that it must be handled even more sensitively). The special categories of Personal Information we hold about Patients may include the following: ethnic origin, skin colour, skin condition, body image, skin images, diagnosis, medical notes and other related health information.
You are accountable for collecting Patient acceptance to this Policy, maintaining secure Patient special categories of Personal Information, not disclosing them with unauthorised third parties and comply with all applicable laws.
c) Information from Other Sources
We may obtain information, including Personal Information, from third parties and sources other than the Service, such as our partners or advertisers. If we combine or associate information from other sources with Personal Information that we collect through the Service, we will treat the combined information as Personal Information in accordance with this Policy.
d) Automatically Collected Information
When you use the Service, we may automatically record certain information from your device by using various types of technology, including cookies, “clear gifs” or “web beacons.” This automatically collected information may include IP address or other device address or ID, web browser and/or device type, the web pages or sites visited just before or just after using the Service, the pages or other content you view or interact with on the Service, and the dates and times of the visit, access, or use of the Service. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you open, click on, or forward a message. You may limit the automatic collection of certain information by our Service, for instance by disabling the cookies using your browser options. Please be aware that by doing so it may prevent you from using specific features on our Service, such as maintaining an online account. We use automatically collected information and other information collected on the Service through cookies and similar technologies to: (i) personalize our Service, such as remembering your information so that you will not have to re-enter it during a visit or on subsequent visits; (ii) provide customised advertisements, content, and information; (iii) monitor and analyse the effectiveness of Service and third party marketing activities; (iv) monitor aggregate site usage metrics such as total number of visitors and pages viewed; and (v) track your entries, submissions, and status in any promotions or other activities on the Service.
2. Use of Information
We take steps designed to ensure that only those employees who need access to your Personal Information to fulfil their employment duties will have access to it. We use the information that we collect in a variety of ways in providing the Service and operating our business, including:
- to operate, maintain, enhance and provide all features of the Service (including research and development purposes), to provide the services and information that you request, to respond to comments and questions and to provide support to users of the Service.
- to understand and analyse the usage trends and preferences of our users, to improve the Service, and to develop new products, services, feature, and functionality.
- to send you communications in compliance with applicable laws; or
- to comply with legal and regulatory requirements, where applicable.
3. Communication of Information
In certain circumstances, in order to perform the Service, we may disclose certain information that we collect from you:
- within our family of companies, including parents, corporate, affiliates, subsidiaries, business units and other companies that share common ownership.
- with third party service providers who provide website, application development, hosting, maintenance, and other services for us. These third parties may have access to or process Personal Information as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information;
- with other doctors and health care professionals to provide a shared care subject to Patient consent or at Medical Professional discretion upon Patient consent;
- with law enforcement and governmental entities when required by law. For greater clarity, we may disclose Personal Information or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies; and
If we disclose your Personal Information to third parties, we take reasonable measures to ensure that the rules set forth in this Policy are complied with and these third parties provide sufficient guarantees to implement appropriate technical and organisational measures.
We may finally make certain automatically collected, aggregated, or otherwise non-personally identifiable information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding your interests, habits, and usage patterns for certain programs, content, services, and/or functionality available through the Service.
4. Security and Retention
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate physical, technical and administrative safeguards to protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorised alteration, unauthorised disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards. If you believe your Personal Information has been compromised, please contact us as set forth in the “Contact Us” section. If we learn of a security systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.
We will only keep your Personal Information for as long as reasonably necessary to fulfil the relevant purposes set out in this Policy and in order to comply with our legal and regulatory obligations. If you would like further information regarding the periods for which your Personal Information will be kept, please contact us as set forth in the “Contact Us” section.
5. Data Transfer
Depending on where you use the Service, subject to applicable laws, your Personal Information may be stored and processed locally by certified cloud service providers in Germany, Canada, the United States or Australia. By using the Service, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules than in your country. While such information is outside of your country of residence, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country. However, our practices regarding your Personal Information will at all times continue to be governed by this Policy and, if applicable, we will comply with the GDPR requirements providing adequate protection for the transfer of Personal Information from the EU/EEA to third country.
6. Third-Party Services
The Service may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.
7. Rights Regarding Personal Information
On written request and subject to proof of identity, you may access the Personal Information that we hold, used or communicated and ask that any necessary corrections be made, where applicable, as authorised or required by law. However, to make sure that the Personal Information we maintain about you is accurate and up to date, please inform us immediately of any change in your Personal Information by mail or e-mail.
Additional Rights for Europeans Users
Please note that the term Personal Information used in this Policy is equivalent to the term “personal data” under the GDPR and other applicable European data protection laws. Under the GDPR, you may be entitled to additional rights, including: (i) the right to withdraw consent to processing where consent is the basis of processing; (ii) the right to access your Personal Information and certain other supplementary information, under certain conditions; (iii) the right to object to unlawful data processing, under certain conditions; (iv) the right to erasure of Personal Information about you, under certain conditions; (v) the right to demand that we restrict processing of your Personal Information, under certain conditions, if you believe we have exceeded the legitimate basis for processing, processing is no longer necessary, or believe your Personal Information is inaccurate; (vi) the right to data portability of personal data concerning you that you provided us in a structured, commonly used, and machine-readable format, under certain conditions; (vii) the right object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you, under certain conditions; (viii) the right to lodge a complaint with data protection authorities. If you want to learn more about your rights under the GDPR, you can visit the European Commission’s page on Data Protection at: http://ec.europa.eu/justice/dataprotection/index_en.htm.
You may exercise your rights by using the Report button when your logged in to Dermicus web application or contacting us as indicated under the “Contact Us” section.
Patients right to complain:
If you have any concerns about our use of your personal information, you can make a complaint to your National Health Service (NHS) Provider, directed to their Caldicott Guardian, who is responsible for safeguarding patient information and ensuring good practices are implemented.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
8. Children’s Privacy
The Service is not directed to children under the age of 16, and we do not knowingly collect Personal Information from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Information has been collected on the Service from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has provided Personal Information, then you may alert us as set forth in the “Contact Us” section and request that we delete that child’s Personal Information from our systems.
You may be asked to complete surveys when you visit the Site. We use information from surveys to better understand the needs of our users and to gather information about health care trends and issues. We may share anonymized information from surveys with third parties who perform data management services for our site. Those third parties have agreed to keep all data from surveys confidential. Also, we may share information from surveys in an aggregated, anonymised form with third parties with whom we have a business relationship.
Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision, and will comply with applicable law. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.
11. Contact Us
If you have any questions or comments about this Policy or your Personal Information, to make an access or correction request, to exercise any applicable rights, to make a complaint, or to obtain information about our policies and practices with respect to any service providers outside Canada, our Privacy Officer (or Data Protection Officer) can be reached by post or email using the following contact information:
Gnosco AB. Upplandsgatan 64, 113 28, Stockholm, Sweden