Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

Dermus Limited Liability Company
Effective from: 24 May 2023

When using our SkinAid web application, it is necessary for us to process certain personal data of
yours. We will inform You on the details of such processing and the rights that You may exercise in
connection therewith in this Privacy Policy.

Prior notice:

  • You have the right to object against our data processing any time in case such processing is based
    on “legitimate interest,” as indicated below.

  • Definitions not specified in this Privacy Policy shall have the meaning as set out in the Agreement
    or the SkinAid T&C. Please make sure that You are familiar with such definitions.

  • Please contact us first if you have any concern regarding our data processing.

  1. Data controller and contact details:
    - Name: Dermus Limited Liability Company (“Dermus”).
    - Postal address: H-1114 Budapest, Kanizsai utca 2-10. C. ép. 2. em. 11. (Hungary);
    - E-mail: privacy@dermusvision.com

  2. General information on processing

    1. Customer as sole data controller: The Customer is regarded as a sole data controller on whose behalf You may process certain personal data of the Captured Data’s subject within the scope of the business or not-for-profit activity of the Customer and in compliance with the Local Provisions. Data processing of Dermus and Customer may not create any joint controller or controller-processor status between them.

    2. No processing of patient personal data: Dermus will only process your personal data if such processing has a specific purpose and an appropriate legal basis as set out in this Privacy Policy. Dermus does not process personal data of the Captured Data’s subject (the “patient”). Only non-identifiable patient data may be uploaded to the SkinAid Catalogue (e.g., year of birth, sex, other associated metadata). Customer shall be solely responsible for any data processing which is the result of linking non-identifiable patient data recorded in the SkinAid Catalogue with other patient data recorded separately by Customer/User or a third party, resulting in the (potential) identification of an actual patient.

    3. Legal bases of processing: the following legal bases may apply pursuant to the general data protection regulation 2016/679 of the European Union (the “GDPR”):

      1. performance of a contract [Section (1)b of Article 6 of the GDPR]: in this case, processing is not mandatory, but in the absence of such processing, the Service cannot be performed by Dermus;

      2. compliance with a legal obligation [Section (1)c of Article 6 of the GDPR]: in this case, processing is mandatory by virtue of law in order to comply with the applicable statutory provisions (e.g., mandatory data storage);

      3. legitimate interest [Section (1)f of Article 6 of the GDPR]: in this case, the legal or business interests of Dermus (e.g., pursuing claims) require the processing of certain of your personal data against your interests in a justified and balanced manner.

    4. Transfer of personal data: Dermus is entitled to transfer your personal data to (i) its trusted data processors (acting on behalf of Dermus); and to (ii) its legal representatives (acting as a sole data controllers) if pursuing legal claims. The data storage and hosting service providers, indicated in the SkinAid T&C, act as sole data controllers in accordance with their own privacy policies.

    5. While using the Service, Dermus reserves the right to contact the User for future commercial purposes in connection with the Service or any future services of Dermus. System or error messages regarding the use of the Service are not considered business offers or newsletters.

    6. Matters not regulated herein shall be governed by the GDPR and the relevant provisions of the respective Hungarian law. Dermus may from time to time update this Privacy Policy and will notify User in a timely and notable manner before such update becomes effective.

  3. Purposes of processing

    1. Registration (creating Account in the SkinAid web application):

Purpose:

creating an Account for general use of the SkinAid web application and the Service

Legal basis:

  • performance of contract (in case You are the Customer);

  • legitimate interest of Dermus (in case You act on behalf of Customer)

Storage period:

until the deletion of Account

Categories of personal data:

  • prefix, surname, first name;

  • specialization;

  • company/institute;

  • city/town, country;

b. Providing the Service:

Purpose:

providing customer service and technical support during the use of the Service

Legal basis:

  • performance of contract (in case You are the Customer);

  • legitimate interest of Dermus (in case You act on behalf of Customer)

Storage period:

until the deletion of Account

Categories of personal data:

  • name, 

  • e-mail address, 

  • user/usage analytics of the SkinAid web application in connection with the reported error

c. Processing metadata concerning the User:

Purpose:

mandatory retainment of metadata which is being generated when using encrypted communication in order to transfer such metadata upon the request of the competent authority

Legal basis:

compliance with a legal obligation (i.e., Section § 13/B of Hungary’s Act CVIII of 2001 on Electronic Commerce and on Information Society Services; the “E-commerce Act”)

Storage period:

1 year starting from the generation of metadata [pursuant to subsection (1) of § 13/B of the E-commerce Act]

Categories of personal data:

  • classification of the SkinAid web application,

  • basic identification data of the User and User ID, 

  • starting and ending dates of using the Service,

  • IP address and port number used for Registration and accessing the Service

d. Enforcement of legal claims:

Purpose:

pursuing legal claims by Dermus if the Agreement, the SkinAid T&C or provisions regarding the Intended Use have been breached by the User

Legal basis:

legitimate interest of Dermus

Storage period:

in relation to that specific legal dispute:

  • until the legal claims of Dermus can no longer be pursued by virtue of law or

  • until that specific legal dispute is closed with a decision which is not subject to appeal or other form or remedy

whichever happens first

Categories of personal data:

  • any of the above-mentioned categories of personal data and,

  • all relevant personal data of the User

which are necessary to process for Dermus in order to pursue legal claims, seek judicial remedy or otherwise enforce its legal claims.

4. Your rights relating of our data processing

You can exercise the following rights anytime by sending an e-mail to privacy@dermusvision.com. Dermus has the right to ask for further information to duly identify the requesting party, or to charge fee for unfounded or excessive requests. Dermus strive to fulfil your request within 30 days, although Dermus may prolong this by extra 2 months maximum in case of extensive requests. Dermus will notify You if your request cannot be fulfilled for any reason.

a. Right to access: You may request information on the details of our data processing (for example, what kind of personal data of yours is processed, for what purpose and to whom such data is transferred).

b. Right to rectification: You may instruct us to correct or amend your personal data in case it is recorded incorrectly or incompletely

c. Right to be forgotten: You may request the erasure of certain or all of your personal data. Dermus will erase your personal data automatically if the legal basis or the storage period of the personal data in question has been terminated.

d. Right to restriction: You may request the restriction of the processing if You think that the processing is unlawful or the stored personal data is not accurate. Furthermore, if Dermus is about to erase your personal data, you may request that we keep storing them in order to, for example, be able to pursue legal claims.

e. Right to object: You may object against our direct marketing activities or our ‘legitimate interest’-based data processing. You may also request that Dermus restricts the relevant processing to storage only until the cause of the objection is inspected by Dermus. If the objection is founded, Dermus will no longer process your affected personal data.

f. Right to data portability: You may request to transfer those personal data of yours which are processed by Dermus in an automated manner and on the legal basis of ‘performance of a contract’, either to You or to a selected data controller.

g. Right to lodge a complaint: You may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH), if you think that Dermus has violated the statutory provisions of the GDPR (contact information: postal address: Falk Miksa utca 9-11., Budapest, Hungary, zip code: 1055; e-mail address: ugyfelszolgalat@naih.hu; web: naih.hu; phone: +36 (1) 391-1400; fax: +36 (1) 391-1410).

h. Right to seek judicial remedy: You may seek judicial remedy with the regional court having jurisdiction over your place of Hungarian residence or abode by your choice, if you think that Dermus has violated your rights while processing your personal data. You may retrieve further information on judicial processes at the following website: birosag.hu.

  • No labels