DERMIE.AI - PRIVACY POLICY VERSION 1.5

Last updated July 25, 2024

Dermie.AI - Privacy Policy Version 1.5

1. Introduction

At Dermie.AI we are committed to protecting and safeguarding the personal data you share with us when you use any of our services. In this Privacy Policy we outline the data we use and how we use it. Any questions regarding our policies are welcome; please contact us via the contact details listed at the end of this Policy.

We reserve the right to update and amend this Privacy Policy from time to time and so advise that you read this page regularly in order to understand what we do. If we do make changes that are relevant to your consent and underlying information, we will always make you aware before you use our services.

If you do not agree with our processing of personal data as outlined in this Privacy Policy, you cannot continue the use of our Services. If you do agree with our Privacy Policy, we welcome you to our service and invite you to interact with our software. These policies are in place as we require the minimum quantity of data we request in order to provide you with a safe and effective medical device.

Below you can find summaries of the information in this Privacy Policy.

1.1. The personal data that Dermie.AI collects

To support you monitoring the health of your skin, certain information is necessary for us to be able to provide you with our Services. You can sign up for our service in the App using your email address. We collect information about the device you use to access our App or Websites. The type of information we collect can, for example, include the type of your device, the software you use, location, device language and your IP address. In addition to this, we collect the data you provide in the App including the answers to the questionnaire regarding your general health profile and the pictures you take.

1.2. Why Dermie.AI collects your data

We use your data to assist you in the best possible way, and provide you with a safe and effective medical device. We need certain data in order to provide you with our full service and assist you with your health journey, alongside providing you personalised recommendations based on the data you provide. We may also use your data for clinical and research purposes to improve our service. Furthermore, your information may be used for customer service, marketing, communications, and for legal purposes.

1.3 Dermie.AI through your health insurance company

When you access Dermie.AI Services through your health insurance company, we may process additional data.

1.4. Dermie.AI and third parties

Dermie.AI has third party service providers that help us provide or improve our service, this includes service providers, payment providers and financial institutions, business partners or research institutions.

1.5. Dermie.AI and social media

In our App, we have share and like buttons to enable you to share our content with your network.

1.6. Privacy, data security, and data retention

Dermie.AI has implemented various measures and procedures to safeguard your personal data, as stipulated by UK & European data protection Law.

1.7. Personal data of children

Our service can only be used when you have reached the age of eighteen (18) years or when you are older.

1.8. Your rights – access to your information

At any time you can make a request to review, correct, delete, obtain your data. You are also entitled to withdraw consent for the processing of the personal data we hold of you. You can do this by mail or email, using the addresses listed below. You can also request that Dermie.AI deletes your personal and health data. In that case, you can send your request via [email protected].

1.9 Scientific research consent

Handling your data safely and securely is a priority for Dermie.AI. We want to make sure you are fully aware of how we collect and process personal data to support our research purposes. Your data is used in order to improve the Dermie.AI Service. Alongside this, from time to time your data may be used for scientific purposes. The aim of doing so is to study the impact of the use of Dermie.AI, and/or the accuracy of the Dermie.AI software. These activities do not pose risk to your privacy, as all information security will be handled in accordance with GDPR regulation, and ISO 27001 standard. Please note that any insurance claim will not be affected by this study, as data will not be analysed on an individual level. We retain the data that we process during a scientific research for the purpose of further research and/or improvement of the Services we provide, unless provided otherwise.

1.10. Responsible party for the processing

Base Plus Limited - Trading as Dermie.AI, located in England, United Kingdom, is the owner and operator of the service and is the controller of personal data processed via the Website and the App. Please find the full explanation on how we process your data below.

2. The personal data that Dermie.AI collects

2.1 Personal data you provide to us

The data you provide to us is collected and used ("processed") by us to provide you with our best service. The minimum information that you are asked to provide us with is your email address, sex, skin type information, skin concern, history of skin concerns and ethnicity, in order to access our service. This is because these factors are variables that support with the understanding and detection of skin conditions and concerns.

In our App, you can optionally provide further information regarding your name. We also process the pictures you take of your skin lesions and the way you store, organise and comment on them. Without your explicit consent, we are not allowed to store this type of information, and we cannot provide you with our service. Other information we collect is your payment information and the information you provide to complete your personal profile: your first name and last name, profile picture, gender, date of birth, location, phone number, language.

When you use our Check & Track services and submit a picture of your skin lesion for analysis by our service, we store the photos and collect the information of your assessment. We do this to be able to assist you with your health journey. To provide the Dermie.AI Services, we need to be able to securely handle your health data. This means that we process your photo with our algorithms to look for irregular patterns commonly found in skin diseases. We will store the photo on our servers so you can compare photos of lesions over time and monitor them for change. Furthermore, our in-house team of experts and dermatologists need permission to check the photos for the purposes of quality control. If our team detects any signs that need to be reviewed further, it will contact you and will advise you on the next steps to take.

We will ask for your explicit consent to allow us to store this type of information before you use such service, without your consent we cannot provide you with our service. By accepting this Privacy Policy, you consent to the processing of your health data.

As part of your health journey, we may send you follow-up emails regarding the provided advice and to assist you by reminding you to seek medical attention when necessary. If you wish to reply to these emails and get in touch with our Customer Support we will collect the information that you provide in these replies from you too.

When you use our App, we also collect data that identifies your mobile device and your use of the platform. The information we store includes notification access, device-specific settings and characteristics, system activity, location details, IP address, language settings, app crashes and other device event information, access data and times of your usage of the app.

We collect information when you give us feedback via your Apple App Store, Google Play Store or the questionnaire.

2.2 Personal information you provide us regarding the health of others

Our service is exclusively meant for your personal use. If you want to help others, please do so by encouraging them to download their own version of Dermie.AI. This will help them with their health journey and ensures that any health-related messages will be delivered to the right person.

2.3 Automatically collected personal data

During your visit to our Website or App, we automatically collect certain information about you, your visit of the service and the device you are using. This data includes data on the hardware, software, operating system, internet browser, IP address, language and application settings and version. We also collect data about when and how you used the service, including interaction with the elements on it and which pages you visited in the App or on the Website.

3. Why Dermie.AI collects your data

We use your data to assist you in the best possible way, your data may be used for the following reasons:

Health journey:

The main reason why we collect your personal data is to supply you with our core service: assistance with your skin health journey and assist you with the early detection of irregular patterns on your skin, which can be a potential sign of a variety of skin diseases.

Management and improvement of our Services:

We use the data you provide us with to manage our Website, App, and business and to improve our services continuously.

Customer Service:

Our customer service is here to help you and we use your data to do so. We may send you email notifications and/or in-App messages relating to the results of the analysis, this includes emails in which we provide you with information and ask you to provide us with information about possible follow-up actions.

Marketing:

In order to keep you informed, we may send you communications relating to our business, by email or other contact details you provided to us. If you submit personal information for publication on our Website, we will use that information in accordance with the licence you grant to us. Besides that Dermie.AI uses a marketing tool in order to support Dermie.AI with business insights into user behaviours. Please note that your health data is never being processed for marketing purposes.

Communications:

We will send you communication regarding assessments you make via the App. If you opt-in for our mailing list, we may send you non-commercial communications, including our newsletter. When you use our services, we may send you a questionnaire or invite you to provide a review of your experiences with our service. We also may get in touch with you regarding feedback, inquiries, and complaints you made regarding our Website and App.

Research activities:

In order to support the research on skin diseases and detection methods, we may use your data, pseudonymised (without a direct link to your identity) or anonymised (without us being able to identify you at all), for research purposes. This may include sharing your data with carefully selected third party research institutions. By uploading your images in the App, you explicitly consent to the images being processed for the purposes of the provision of the services and to be used anonymously for the purposes of research and testing of our services. As such, your images may be reviewed by our employees or third-party consultants who work for us and who are bound by strict confidentiality.

Legal purposes:

In certain cases, we may need to use your information to handle and resolve legal disputes, for regulatory investigations and compliance, or to enforce the terms of use of the service as reasonably Expected.

We collect and process your data based on the following legal grounds:

Contractual necessity:

In order to fulfil the contract you enter into with us when you use our Services, we have to process some essential information. When you wish to use one of our paid services we may need to process your email address, pictures of skin lesions, risk assessment, payment Information.

Legitimate interests:

We are committed to improving and growing our service. Some of your data can help us to improve and promote our Service and Website, other data we may need for administrative, legal purposes or anti-fraud activities.

Legal obligations:

We have to comply with certain laws and (country specific) regulations. In order to comply with these, we need information about your location and date of birth.

Consent:

For certain promotional and marketing activities, we may ask additional consent. When you wish to withdraw your consent, please contact us via the contact details at the bottom of this Policy.

Explicit consent:

Data regarding the health of your skin and risk assessments is a more sensitive category of data. In order to lawfully process this data for you, we will ask your explicit consent before we can assist you. When you wish to withdraw your consent, please contact us via the contact details at the bottom of this Policy. When you withdraw your consent, we will not be able to provide you with our Services and you should discontinue using our Services.

4. Dermie.AI through your health insurance company

When you access Dermie.AI Services through your health insurance company, we may process additional data. For example, we may ask you to fill in your personal identity number if we are required by local law to process this information before we can provide you the service.

5. Dermie.AI and third parties

For some specific reasons, Dermie.AI may share your personal data with carefully-selected third parties. These parties are Processors for your personal and health data. We will update a list of the categories of our third parties from time to time here:

[ ]

6. Dermie.AI and social media

Dermie.AI uses social media for various reasons. On our Website, we integrated social media like and share buttons (Facebook, Twitter, LinkedIn, Reddit), which allows you to share the content you like directly with your network. The social media plugins may process your personal data when you choose to share or like any content of our Website with your network. Dermie.AI does not control and is not responsible for the processing of personal data by these networks.

7. Data privacy, security, and data retention

7.1 Privacy

All data you provide to us and we collect from you is stored on secure cloud servers (the Servers) in the territory of the European Union, or stored by trusted third party service providers outside of the EU, which are held to similarly high standards. As a result, your personal information may be transferred to and stored at a destination outside your country. By submitting your personal information, you agree to the transfer of your personal information to the servers.

Personal information may also be processed by staff or by other third party service providers operating outside your country who work for us. We take such steps as are necessary for the circumstances to ensure that any third party service providers treat your data securely and in accordance with applicable laws.

7.2 Data security

We store your account information and your digital images in separate data stores. The cloud server infrastructure is protected using firewalls and monitoring.

We work with appropriate procedures to prevent unauthorised access to and/or misuse of your personal data. Dermie.AI uses appropriate procedures and business systems to safeguard your personal data. Furthermore, we use security procedures and technical and physical restrictions for accessing and using the personal data on our servers. Only authorised personnel can access your personal data.

7.3 Data retention

Dermie.AI will destroy or de-identify your personal information once it is no longer required for the purpose or purposes for which it was collected. If you terminate the Services and delete your account, we will retain your personal information for a period of 12 months, after which we will delete your data. We will retain the images you have uploaded prior to termination in anonymous form only, for the purposes of medical, clinical and commercial research, and for testing of the Services. We will retain (electronic) documents containing personal information:

  • to the extent that we are required to do so by law;
  • if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
  • in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).

8. Personal data of children

Our service can only be used when you have reached the age of eighteen (18) years or when you are older. When we identify personal information of children younger than eighteen (18) years old, we shall delete the data

9. Your rights – access to your information

We will, upon your request, provide you with access to your personal information that is held by us. We will provide the data to you in a structured, understandable and machine readable way. We request that you provide us with appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport plus an original copy of a utility bill showing your current address). We will require you to make your personal identification number and picture invisible to us.

In your request for access, we also request that you identify, as clearly as possible, the type(s) of information you wish to have access to. We will comply with your request to provide access to your personal information within 30 days and if you agree, we may charge you our reasonable costs incurred in supplying you with access to this information.

At any time you can make a request to review, correct, delete, or obtain your data. You can also withdraw consent for the processing of the personal data we hold of you. You can make such request by mail or email, using the addresses listed below. You also have the right to contact the Data Protection Authority when you have concerns about your rights, or if you feel that we are unlawfully processing your data.

You may oppose the processing of personal information concerning you, even if they are relevant to the purpose of the collection.

You may instruct us at any time not to process your personal information for marketing purposes and we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.

10. Scientific research consent

Handling your data safely and securely is a priority for Dermie.AI. We want to make sure you are fully aware of how we collect and process personal data to support our research purposes.

All the photos that are processed and stored on our servers are anonymised and used to help our technology become more accurate in detecting skin diseases, improving diagnostic accuracy and saving lives. If we find one of your photos to show a suspicious skin spot, we might reach out to ask for further information regarding the skin spot in the photo, i.e. access to an histopathology report. This information helps to further improve our service and it assists more people in detecting suspicious moles and other skin spots with increased accuracy.

Besides that, your data may be used for scientific purposes. The aim is to study the impact of the use of Dermie.AI the efficacy and accuracy of the Dermie.AI Service.

There is no risk to your privacy, as information security will be handled in accordance with GDPR regulation, and ISO 27001 standard. Please note that your insurance claim will not be affected by this study, as data will not be analysed on an individual level.

Depending on the circumstances, you may obtain access to our app for the purposes of a scientific research study. By taking part in the research and using our app you consent to Dermie.AI processing your data for the purpose of research and improvement of the app. The images shall be stored exclusively within Dermie.AI servers, unless agreed otherwise with you, the user of the app.

Research institutions may only use our Services for research purposes following Dermie.AI's written consent over the study protocol. Research institutions may use data collected via Dermie.AI Services only following Dermie.AI's written consent.

11. Responsible party for the processing of your data

The Websites and the Application are owned and operated by Dermie.AI, 111 Power Road, London, W4 5PY. You can contact us by writing to the business address given above, by using our Website contact form or the feedback form in the App, or by sending an email to the Data Privacy Officer at [email protected]