Document version: PP-001-24, 1.0
PRIVACY POLICY
Dermus Limited Liability Company
Effective from: 2 January 12 June 2024
When using our SkinScanner Capture and/or SkinAid Catalog web application(s)the SkinScanner, it is necessary for us to process certain your personal data of
yours. We will inform You you in this Privacy Policy on the details of such processing and the rights that You you may exercise in
connection therewith in this Privacy Policy.
Prior notice:
...
You have the right to object against our data processing any time in case such processing is based
on “legitimate interest,” as indicated below.
...
this respect. Please contact us if you have any concern.
DATA CONTROLLER
Your personal data is processed by the data controller, Dermus Limited Liability Company (“Dermus”). You can contact Dermus via regular mail (H-1116 Budapest, Sopron út 64., Hungary) or e-mail at privacy@dermusvision.com. Dermus processes your personal data for the below purposes only.
A. GENERAL INFORMATION
Capitalized terms have the meaning as set out in the
...
Terms and Conditions (of the SkinScanner product). Please make sure that
...
you are familiar with such
...
terms.
...
Please contact us first if you have any concern regarding our data processing.
...
II. General information on processing
...
You have the right to object against our data processing if the processing is based on our legitimate interest.
Dermus does not process patients’ data. Only generated patient ID, year of birth and gender are recorded ensuring anonymous processing. You are solely responsible for the processing of your patients’ non-anonymous personal data.
You are solely responsible to inform us without delay of the change in your personal data so that we can keep our records up-to-date. Dermus excludes his liability for any damage resulting from processing inaccurate personal data of yours.
The hosting service providers, indicated in the Terms and Conditions, act as sole data controllers in accordance with their own privacy policies. Our distributors act as sole data controllers when distributing the SkinScanner Device, although they may share Customer feedback or warranty claims with us (acting as our data processors in this regard). The Agreement does not create any joint controller or controller-processor status between
...
b. No processing of patient personal data: Dermus will only process your personal data if such processing has a specific purpose and an appropriate legal basis as set out in this Privacy Policy. Dermus does not process personal data of the Captured Data’s subject (the “patient”). Only non-identifiable patient data may be uploaded to the SkinAid Catalog (e.g., year of birth, sex, other associated metadata). Customer shall be solely responsible for any data processing which is the result of linking non-identifiable patient data recorded in the SkinAid Catalog with other patient data recorded separately by Customer/User or a third party, resulting in the (potential) identification of an actual patient.
c. Legal bases of processing: the following legal bases may apply pursuant to the general data protection regulation 2016/679 of the European Union (the “GDPR”):
i. performance of a contract [Section (1)b of Article 6 of the GDPR]: in this case, processing is not mandatory, but in the absence of such processing, the Service cannot be performed by Dermus;
...
Dermus and the Customer.
Dermus reserves the right to contact you in relation to future business offers. Please note that customer service messages (such as system updates or error reports) are not considered business offers or newsletters.
We may update this Privacy Policy from time to time of which we will inform you in a timely and notable manner.
Matters not regulated in this Privacy Policy are governed by the GDPR (the General Data Protection Regulation 2016/679 of the European Parliament and of the Council), and the respective Hungarian laws.
B. PURCHASE OF SKINSCANNERWe process your name, e-mail address and phone number (optional) for the purchase of the SkinScanner Device and for providing customer service and warranty. In case of hard copy order, your signature is also processed.
If you are the Customer, then this processing is based on the legal basis “performance of a contract” as set out in Article 6(1)b of the GDPR. This means that providing these data is not mandatory, but Dermus cannot sell you the SkinScanner Device if you fail to provide them.
If the Customer is the company you represent, then this processing is based on our “legitimate interest” as set out in Article 6(1)f of the GDPR. This means that the legal or business interests of Dermus require the processing of your personal data against your interests in a justified and balanced manner.
d. Transfer of personal data: Dermus is entitled to transfer your personal data to (i) its trusted data processors (acting on behalf of Dermus); and to (ii) its legal representatives (acting as a sole data controllers) if pursuing legal claims. The data storage and hosting service providers, indicated in the Dermus T&C, act as sole data controllers in accordance with their own privacy policies.
e. While using the Service, Dermus reserves the right to contact the User for future commercial purposes in connection with the Service or any future services of Dermus. System or error messages regarding the use of the Service are not considered business offers or newsletters.
f. Matters not regulated herein shall be governed by the GDPR and the relevant provisions of the respective Hungarian law. Dermus may from time to time update this Privacy Policy and will notify User in a timely and notable manner before such update becomes effective.
III. Purposes of processing
a. Registration (creating Account either in the SkinScanner Capture or in the SkinAid Catalog web application):
Purpose: | creating an Account for general use of the SkinScanner Capture and/or SkinAid Catalog web application(s) and the Service |
Legal basis: |
|
Storage period: | until the deletion of Account |
Categories of personal data: |
|
b. Providing the Service:
Purpose: | providing customer service and technical support during the use of the Service |
Legal basis: |
|
Storage period: | until the deletion of Account |
Categories of personal data: |
|
c. Processing metadata concerning the User:
Purpose: | mandatory retainment of metadata which is being generated when using encrypted communication in order to transfer such metadata upon the request of the competent authority |
Legal basis: | compliance with a legal obligation (i.e., Section § 13/B of Hungary’s Act CVIII of 2001 on Electronic Commerce and on Information Society Services; the “E-commerce Act”) |
Storage period: | 1 year starting from the generation of metadata [pursuant to subsection (1) of § 13/B of the E-commerce Act] |
Categories of personal data: |
|
d. Enforcement of legal claims:
Purpose: | pursuing legal claims by Dermus if the Agreement, the Dermus T&C or provisions regarding the Intended Use have been breached by the User |
Legal basis: | legitimate interest of Dermus |
Storage period: | in relation to that specific legal dispute:
whichever happens first |
Categories of personal data: |
which are necessary to process for Dermus in order to pursue legal claims, seek judicial remedy or otherwise enforce its legal claims. |
IV. Your rights relating of our data processing
...
Creating the Account: We also process your name, specialization and e-mail address for the registration of the SkinScanner Device. This processing is also based on the legal basis “performance of a contract”.
The processing lasts for 5 years after the termination of the Agreement. During this period, we may process your personal data for pursuing legal claims based on our legitimate interest. We will inform you if such processing becomes relevant.
C. BILLINGIf you are buying as a sole trader, your name, tax number, registration number and registered office (or billing address) are processed for billing purposes. The invoicing service is provided by http://KBOSS.hu Kft. (contact: H-1031 Budapest, Záhony utca 7., Hungary; kboss@kboss.hu) as data processor.
This processing is based on the compliance with a legal obligation as set out in Article 6(1)c of the GDPR. This means that processing is mandatory by virtue of law in order to comply with the applicable laws. In this case, compliance is mandatory with section 169(2) of Hungary’s Act C of 2000 on accounting, with sections 78(3) and 202(1) of Act CL of 2017 on rules of taxation and with sections 159(1), 169 and 179(1) of Act CXXVII of 2007 on value added tax.
This processing lasts for 8 years pursuant to section 169(2) of Act C of 2000.
D. PROCESSING USER METADATAWe are obliged to retain certain metadata which is generated when you use encrypted communication. We must also share such metadata if requested by the competent authority.
For this purpose, we process the basic identification data of the User, the starting and ending dates of using SkinScanner Capture, the IP address and port number used for registration and accessing the SkinScanner Capture.
This processing is based on the compliance with a legal obligation as set out in Article 6(1)c of the GDPR, namely section 13/B of Act CVIII of 2001 on electronic commerce and on information society services.
This processing lasts for 1 year starting from when the metadata is generated, pursuant to section 13/B(1) of Act CVIII of 2001.
E. CONTACTING DERMUSSending message to Dermus via our online contact form: We process your name, e-mail address, phone number, mobile phone number and the content of your message in order to reply your enquiry.
Subscribing to the newsletter: You can also subscribe to our newsletter by checking the “Sign up for news and updates” box when filling in the contact form. The newsletter service is provided by HubSpot, Inc. (contact: 2 Canal Park, Cambridge, MA 02141, United States) as data processor.
This processing is based on your consent as set out in Article 6(1)a of the GDPR. This means that we only process your personal data if you give your prior consent to do so. You can withdraw this consent anytime, free of charges. Please note that such withdrawal of consent will not affect our prior data processing.
This processing lasts until you withdraw your consent (or when we terminate our online contact form or the newsletter.
F. COOKIESWe use several cookies to measure and analyse the use of our website which help us improve our websites. Cookies are small files sent by our website and stored by your browser. Each cookie has a unique ID helping our website to recognize new and returning users, including you. Cookies can also store certain information of each visit which then can be used to improve the functionality of a website.
Reject cookies: You can reject the cookies in the settings or ‘Help’ menu of your browser. Please note that this may result in a less optimized operation of our website.
Technically necessary cookies: Dermus may use cookies that are necessary for the website to function, based on our legitimate interest which is recognized by section 13/A(3) of the Act CVIII of 2001. This means that we do not need your consent to use these cookies.
Statistical or analytical cookies: We mainly use cookies for statistical/analytical purposes to measure, for example, how you navigate between the pages, which functions you prefer and frequently use in a session. (A ‘session’ means generally the time you spend on the website between its opening and closing.) We only apply these statistical/analytical cookies based on your consentwhich you can give us the first time you visit our website by clicking on the ‘I understand’ button of the cookie banner at the bottom of the page.
G. YOUR RIGHTSYou can exercise these rights anytime by sending an e-mail to privacy@dermusvision.com.
...
We may ask for further information to duly
...
verify the requesting party, or to charge
...
fees for requests which we consider unfounded or excessive
...
.
...
Dermus will do its best to fulfil your request within 30 (thirty) calendar days, although
...
we may prolong this deadline by an extra 2 (two) months
...
in case of extensive requests.
...
We will
...
inform you if your request cannot be fulfilled for any reason.
...
Right to access: You may request information on the details of
...
the processing (
...
e.g., what kind of personal data
...
is processed, for what purpose and to whom such data is transferred).
...
Right to rectification: You may instruct us to correct or amend your personal data in case it is recorded incorrectly or incompletely.
...
Right to be forgotten: You may request the erasure of certain or all of your personal data. Dermus will erase your personal data automatically if the legal basis or the storage period of the personal data in question
...
terminates.
...
Right to restriction: You may request the restriction of the processing if
...
you think that the processing is unlawful or the stored personal data is not accurate. Furthermore, if Dermus is about to erase your personal data, you may request that we keep storing them for you in order to, for example, be able to pursue legal claims.
...
Right to object: You may object against our direct marketing activities or our
...
data processing which is based on our legitimate interest. You may also request that Dermus restricts the relevant processing to storage only until we inspect the cause of the objection
...
. If the objection is
...
legitimate, Dermus will no longer process your
...
personal data involved.
...
Right to data portability: You may request to transfer those personal data
...
which we process in an automated manner and on the legal basis of ‘performance of a contract’
...
. You may request the data transfer addressed to You or to
...
an appointed data controller.
...
Right to lodge a complaint: You may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH), if you think that Dermus has violated the statutory provisions of the GDPR (NAIH contact information: postal address: Falk Miksa utca 9-11., Budapest, Hungary, zip code: 1055; e-mail address: ugyfelszolgalat@naih.hu; web: naih.hu; phone: +36 (1) 391-1400; fax: +36 (1) 391-1410).
...
Right to seek judicial remedy: You may seek judicial remedy with the regional court having jurisdiction over your place of Hungarian residence or abode by your choice, if you think that Dermus has violated your rights while processing your personal data. You may retrieve further information on judicial processes at the following website: birosag.hu.