Privacy Policy

When using the SkinScanner, it is necessary for us to process your personal data. We will inform you in this Privacy Policy on the details of such processing and the rights that you may exercise in this respect. Please contact us if you have any concern.

DATA CONTROLLER

Your personal data is processed by the data controller, Dermus Limited Liability Company (“Dermus”). You can contact Dermus via regular mail (H-1116 Budapest, Sopron út 64., Hungary) or e-mail at privacy@dermusvision.com. Dermus processes your personal data for the below purposes only. 

A. GENERAL INFORMATION

1. Capitalized terms have the meaning as set out in the Terms and Conditions (of the SkinScanner product). Please make sure that you are familiar with such terms. 

2. You have the right to object against our data processing if the processing is based on our legitimate interest.

3. Dermus does not process patients’ data. Only generated patient ID, year of birth and gender are recorded ensuring anonymous processing. You are solely responsible for the processing of your patients’ non-anonymous personal data.

4. You are solely responsible to inform us without delay of the change in your personal data so that we can keep our records up-to-date. Dermus excludes his liability for any damage resulting from processing inaccurate personal data of yours.

5. The hosting service providers, indicated in the Terms and Conditions, act as sole data controllers in accordance with their own privacy policies. Our distributors act as sole data controllers when distributing the SkinScanner Device, although they may share Customer feedback or warranty claims with us (acting as our data processors in this regard). The Agreement does not create any joint controller or controller-processor status between Dermus and the Customer.

6. Dermus reserves the right to contact you in relation to future business offers. Please note that customer service messages (such as system updates or error reports) are not considered business offers or newsletters.

7. We may update this Privacy Policy from time to time of which we will inform you in a timely and notable manner.

8. Matters not regulated in this Privacy Policy are governed by the GDPR (the General Data Protection Regulation 2016/679 of the European Parliament and of the Council), and the respective Hungarian laws.
   
   B. PURCHASE OF SKINSCANNER

9. We process your name, e-mail address and phone number (optional) for the purchase of the SkinScanner Device and for providing customer service and warranty. In case of hard copy order, your signature is also processed.

10. If you are the Customer, then this processing is based on the legal basis “performance of a contract” as set out in Article 6(1)b of the GDPR. This means that providing these data is not mandatory, but Dermus cannot sell you the SkinScanner Device if you fail to provide them.

11. If the Customer is the company you represent, then this processing is based on our “legitimate interest” as set out in Article 6(1)f of the GDPR. This means that the legal or business interests of Dermus require the processing of your personal data against your interests in a justified and balanced manner.

12. Creating the Account: We also process your name, specialization and e-mail address for the registration of the SkinScanner Device. This processing is also based on the legal basis “performance of a contract”.

13. The processing lasts for 5 years after the termination of the Agreement. During this period, we may process your personal data for pursuing legal claims based on our legitimate interest. We will inform you if such processing becomes relevant.
    
    C. BILLING

14. If you are buying as a sole trader, your name, tax number, registration number and registered office (or billing address) are processed for billing purposes. The invoicing service is provided by http://KBOSS.hu Kft. (contact: H-1031 Budapest, Záhony utca 7., Hungary; kboss@kboss.hu) as data processor.

15. This processing is based on the compliance with a legal obligation as set out in Article 6(1)c of the GDPR. This means that processing is mandatory by virtue of law in order to comply with the applicable laws. In this case, compliance is mandatory with section 169(2) of Hungary’s Act C of 2000 on accounting, with sections 78(3) and 202(1) of Act CL of 2017 on rules of taxation and with sections 159(1), 169 and 179(1) of Act CXXVII of 2007 on value added tax.

16. This processing lasts for 8 years pursuant to section 169(2) of Act C of 2000.
    
    D. PROCESSING USER METADATA

17. We are obliged to retain certain metadata which is generated when you use encrypted communication. We must also share such metadata if requested by the competent authority.

18. For this purpose, we process the basic identification data of the User, the starting and ending dates of using SkinScanner Capture, the IP address and port number used for registration and accessing the SkinScanner Capture.

19. This processing is based on the compliance with a legal obligation as set out in Article 6(1)c of the GDPR, namely section 13/B of Act CVIII of 2001 on electronic commerce and on information society services.

20. This processing lasts for 1 year starting from when the metadata is generated, pursuant to section 13/B(1) of Act CVIII of 2001.
    
    E. CONTACTING DERMUS

21. Sending message to Dermus via our online contact form: We process your name, e-mail address, phone number, mobile phone number and the content of your message in order to reply your enquiry. 

22. Subscribing to the newsletter: You can also subscribe to our newsletter by checking the “Sign up for news and updates” box when filling in the contact form. The newsletter service is provided by HubSpot, Inc. (contact: 2 Canal Park, Cambridge, MA 02141, United States) as data processor.

23. This processing is based on your consent as set out in Article 6(1)a of the GDPR. This means that we only process your personal data if you give your prior consent to do so. You can withdraw this consent anytime, free of charges. Please note that such withdrawal of consent will not affect our prior data processing.

24. This processing lasts until you withdraw your consent (or when we terminate our online contact form or the newsletter.
    
    F. COOKIES

25. We use several cookies to measure and analyse the use of our website which help us improve our websites. Cookies are small files sent by our website and stored by your browser. Each cookie has a unique ID helping our website to recognize new and returning users, including you. Cookies can also store certain information of each visit which then can be used to improve the functionality of a website.

26. Reject cookies: You can reject the cookies in the settings or ‘Help’ menu of your browser. Please note that this may result in a less optimized operation of our website. 

27. Technically necessary cookies: Dermus may use cookies that are necessary for the website to function, based on our legitimate interest which is recognized by section 13/A(3) of the Act CVIII of 2001. This means that we do not need your consent to use these cookies.

28. Statistical or analytical cookies: We mainly use cookies for statistical/analytical purposes to measure, for example, how you navigate between the pages, which functions you prefer and frequently use in a session. (A ‘session’ means generally the time you spend on the website between its opening and closing.) We only apply these statistical/analytical cookies based on your consentwhich you can give us the first time you visit our website by clicking on the ‘I understand’ button of the cookie banner at the bottom of the page.
    
    G. YOUR RIGHTS

29. You can exercise these rights anytime by sending an e-mail to privacy@dermusvision.com. We may ask for further information to duly verify the requesting party, or to charge fees for requests which we consider unfounded or excessive. 

30. Dermus will do its best to fulfil your request within 30 (thirty) calendar days, although we may prolong this deadline by an extra 2 (two) months in case of extensive requests. We will inform you if your request cannot be fulfilled for any reason.

31. Right to access: You may request information on the details of the processing (e.g., what kind of personal data is processed, for what purpose and to whom such data is transferred).

32. Right to rectification: You may instruct us to correct or amend your personal data in case it is recorded incorrectly or incompletely.

33. Right to be forgotten: You may request the erasure of certain or all of your personal data. Dermus will erase your personal data automatically if the legal basis or the storage period of the personal data in question terminates.

34. Right to restriction: You may request the restriction of the processing if you think that the processing is unlawful or the stored personal data is not accurate. Furthermore, if Dermus is about to erase your personal data, you may request that we keep storing them for you in order to, for example, be able to pursue legal claims.

35. Right to object: You may object against our direct marketing activities or our data processing which is based on our legitimate interest. You may also request that Dermus restricts the relevant processing to storage only until we inspect the cause of the objection. If the objection is legitimate, Dermus will no longer process your personal data involved.

36. Right to data portability: You may request to transfer those personal data which we process in an automated manner and on the legal basis of ‘performance of a contract’. You may request the data transfer addressed to You or to an appointed data controller.

37. Right to lodge a complaint: You may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH), if you think that Dermus has violated the statutory provisions of the GDPR (NAIH contact information: postal address: Falk Miksa utca 9-11., Budapest, Hungary, zip code: 1055; e-mail address: ugyfelszolgalat@naih.hu; web: naih.hu; phone: +36 (1) 391-1400; fax: +36 (1) 391-1410).

38. Right to seek judicial remedy: You may seek judicial remedy with the regional court having jurisdiction over your place of Hungarian residence or abode by your choice, if you think that Dermus has violated your rights while processing your personal data. You may retrieve further information on judicial processes at the following website: birosag.hu.