Privacy Policy

DermApp Sàrl

Issued on: July 31, 2018

 

DermApp Sàrl (hereinafter: “DermApp“) is aware that the collection of Personal Data and Sensitive Data involves a great deal of trust on your part.

 

We take this trust very seriously and make it our priority to ensure the highest level of confidentiality and security for your Personal and Sensitive Data.

 

Please take a moment to read our privacy policy.

 

Terms not defined in our Privacy Policy (hereinafter: the “Privacy Policy“) are specified in the Site’s Terms and Conditions.

 

By using the Site, you agree to the practices described below:

 

 

1. Personal Data and Sensitive Data

“Personal Data” refers to the definition under Article 3(a) of the Swiss Federal Act on Data Protection (FADP; RS 235.1) and the Swiss Ordinance to the Federal Act on Data Protection (OFADP; RS 235.11), meaning any information relating to an identified or identifiable person.

 

“Sensitive Data” refers to the definition under Article 3(c)(2) FADP, i.e., personal data concerning health, intimate sphere, or racial origin, which in this context are contained in the Photos, the Questionnaire, the Evaluation Request and/or the Diagnosis and/or any message exchanged via the Site with a Dermatologist.

 

 

2. Data Controller

The data controller of your Personal Data (i.e., the legal entity responsible for the data file’s purpose and content) is DermApp Sàrl, Route de Bursinel 28, 1195 Dully, Switzerland, info@dermapp.ch.

 

The data controller of your Sensitive Data is the Dermatologist who has taken charge of your Evaluation Request.

 

3. Purpose of the Privacy Policy

DermApp provides this Privacy Policy to clarify the type of personal data collected through the Site and its procedures for collecting, processing, storing, transferring, using, and disclosing your Personal Data.

 

This Policy applies to any use or visit of the Site, regardless of the method or device used. It details the conditions under which your Personal Data and your Sensitive Data are collected when you use the Site.

 

4. Consent

When using or visiting the Site, whether as a User, Dermatologist, or Visitor (hereinafter: “You“), You agree that DermApp collects and processes your Personal Data and that Dermatologists collect your Sensitive Data in accordance with this Privacy Policy.

 

By accessing, browsing, or using the Site, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by it as well as to comply with all applicable laws and regulations.

 

5. Modification of the Privacy Policy

DermApp reserves the right to make changes to its Privacy Policy. If so, you will be informed by email or notification, and your consent to these changes will be required. If you disagree with these changes, you may close your Account. In this case, we guarantee the portability of your Personal Data.

 

6. Sensitive Data that may be collected through the Site

By submitting Photos, the Questionnaire, and/or an Evaluation Request through the Site, you are submitting Sensitive Data about yourself to the Dermatologist. You expressly agree that DermApp processes such Sensitive Data through the Site and that the Dermatologist providing a Diagnosis stores them on their server and/or on their Account opened with DermApp.

 

7. Personal Data that may be collected

  1. Personal Data provided by the User and/or the Dermatologist

 

When you register on the Site, create or modify your Account and/or use the Site, we will collect, process, and store your Personal Data. We may also collect the Personal Data you provide while browsing the Site.

 

  1. User registration data

 

Certain features of the Site are reserved for Users or Dermatologists who have created an Account.

 

When you register as a User or Dermatologist, log in to the Site, or otherwise interact with DermApp (including by email), you may be asked to provide certain information, including (but not limited to):

These details are required to identify you and to enable (i) the creation, modification, execution, and termination of a contractual relationship, (ii) communication with you regarding the Site and its functionalities, and (iii) prevention of any breach of the Terms of Use.

 

  1. Dermatologist registration data

 

  • your contact details, including first name, last name, company, mailing and email address, telephone number;
  • your date of birth;
  • your gender;
  • your professional address;
  • your preferred correspondence language;
  • your Site registration data, such as your login and password;
    • your AVS number;
    • your criminal record extract;
    • your degrees and diplomas;
    • your specializations;
    • your federal medical registry number;
    • your professional liability insurance details.

 

  • For the newsletter

 

If you have agreed to receive the DermApp newsletter, your email address will be used for group mailings by DermApp. You may unsubscribe from the newsletter at any time by clicking the unsubscribe link at the bottom of each newsletter.

 

  1. Data collected in connection with the use of the Site or via emails

 

When you access, visit, or browse the Site, or when you receive and/or respond to emails from DermApp, the Site’s server automatically records details about your access and actions. This includes:

 

– the date and time of your visit;

– the browser you use;

– your IP address;

– your connection location;

– the volume of data transmitted;

– the links you may follow;

– the web pages and content you view;

– the duration of such viewing;

 

as well as any other similar information and statistics relating to your interactions (scrolling, clicks, mouse movements), or how you exit the Site.

 

When visiting the Site via a computer, DermApp collects information from your device, such as operating system, device type, browser used, and connection dates and times.

 

When visiting the Site via a mobile device, we automatically collect data about the device type, IMEI, operating system, and device identifier.

 

This information and data are collected automatically, notably through cookies (performance and tracking cookies, functional cookies, technical cookies, browsing cookies, etc.) and web beacons. They are also collected and analyzed by third-party tools and applications, such as Google Analytics (see sections 10 and 11).

 

DermApp also stores the history of your Evaluation Requests (excluding their content).

 

  1. Data collected via electronic communication protocols

 

In addition to the cases detailed above, DermApp may collect information about your use of the Site through electronic communication protocols. DermApp will receive from you information related to your connection, such as network routing details (your location), information about your device (browser used), and the date and time of the connection.

 

This enables us to track and analyze Site traffic to improve its functionality and usability.

 

8. Use of your Personal Data

DermApp primarily uses your Personal Data to improve the Site and to provide you with the Services through a Dermatologist.

 

You consent to DermApp using your Personal Data (excluding Sensitive Data) for the following purposes:

 

  1. Site operation

 

Your Personal Data will be used by DermApp to provide all Site features to Users and Dermatologists, to enable the proper functioning of all Site features, to interact with Users and Dermatologists, and to respond to questions and comments from Users and Dermatologists.

 

DermApp will also use your Personal Data for the following purposes:

 

  • process your Evaluation Requests via a Dermatologist;
  • perform the Diagnosis via a Dermatologist;
  • invoice you for the Diagnosis;
  • better respond to your requests;
  • continuously improve the Site and/or our Services;
  • conduct studies and gather statistical data on the habits of Users and/or Dermatologists;
  • generate anonymous provisional reports for internal or external partners;
  • manage your Account;
  • communicate with you;
  • respond to your questions and emails;
  • send you the DermApp newsletter, as long as you are subscribed to it;
  • prevent illicit or illegal activities;
  • ensure the security of the Site;
  • enhance the Site’s functionality;
  • enforce the Site’s Terms of Use;
  • access third-party services if you log in through such services.

 

  1. Marketing

 

DermApp may use Personal Data to send you information about Services offered through the Site, tailored emails and newsletters, or promotional offers, and to develop a direct relationship with each User. You may also receive messages from DermApp, including targeted advertising. DermApp may use your Personal Data collected through or via the Site to personalize promotional offers you may see, notably based on your activity.

 

Your Personal Data may also be used to develop partnerships with third parties as well as new services, features, or Site activities, based notably on your profile, your Site usage, and the information provided during registration.

 

However, DermApp commits not to sell your Personal Data. A transfer of DermApp’s assets is expressly reserved.

 

  1. Personalization

 

DermApp may use the data and information to analyze your preferences and habits, personalize your use of the Site, and improve the Site and all its features. This may also allow the Site content to be better tailored to each User’s interests.

 

  1. System logs and maintenance

 

For operational and maintenance reasons, DermApp or a third party may collect files recording your Site activity (system logs) or use other Personal Data (such as IP or IMEI addresses) for this purpose.

 

9. Use and Storage of Your Sensitive Data by Dermatologists

Your Sensitive Data will be processed exclusively by Dermatologists registered on the Site, who will act as data controllers.

 

DermApp solely facilitates the transmission of this Sensitive Data to Dermatologists. You agree that the Dermatologist is solely responsible for processing your Sensitive Data, with DermApp having no liability whatsoever.

 

Sensitive Data will only be used by the Dermatologist to respond to your Evaluation Request and to establish the Diagnosis. You consent to Dermatologists transferring your Sensitive Data to another Dermatologist registered on the Site for the purposes of establishing the Diagnosis and/or if their schedule does not allow them to deliver the Diagnosis in time. You expressly agree that your Sensitive Data may be disclosed to Dermatologists and stored on the server and/or the Account of the Dermatologist who performed the Diagnosis.

 

You also consent to the Dermatologist handling your Evaluation Request submitting your Sensitive Data to a colleague if they are unable to establish a Diagnosis.

 

DermApp disclaims all liability in the event of security breaches or cyberattacks related to Sensitive Data processed and/or hosted by the Dermatologists.

 

10. Cookies, Web Beacons and Similar Technologies

A cookie is a piece of information that is automatically placed on your computer or mobile device’s hard drive when you access certain websites or apps (hereinafter: a “Cookie“).

 

The Cookie uniquely identifies your browser to the server. Cookies allow DermApp to store information on the server (e.g., language preferences, technical information, access path or click data, etc.) that help enhance your experience of the Site and perform analyses and performance assessments of the Site. Most web browsers are set to accept Cookies, although you can reset your browser to refuse all Cookies and to indicate when a Cookie is being sent. Please note, however, that some parts of the Site may not function properly if you refuse Cookies.

 

DermApp uses Cookies, Web Beacons on the Site (also known as “action tags” or “invisible GIFs”), and other tracking technologies to facilitate your access to the Site, analyze traffic and usage of the Site, and identify failures. This also allows DermApp to improve your experience with the Site as well as its content and design.

 

DermApp may collaborate with other companies that place Cookies, Web Beacons, or other tracking technologies on the Site. These companies assist DermApp in operating the Site. The use of these technologies by such third parties is subject to their own policies, privacy rules, and terms of use, which are not covered by this Policy and for which DermApp accepts no responsibility.

 

11. Google Analytics

The Site may use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses Cookies, which are text files placed on your computer to help analyze how Users use the Site. The data generated by the Cookies about your use of the Site (including your IP address) will be transmitted to and stored by Google on servers located in the United States. Google will use this information to evaluate your use of the Site, compile reports on Site activity for its publisher, and provide other services related to Site activity and internet usage. Google may transfer this information to third parties where required by law or when such third parties process the information on Google’s behalf, including notably the publisher of this Site. Google will not cross-reference your IP address with any other data held by Google.

 

You can disable the use of Cookies by selecting the appropriate settings in your browser. However, disabling Cookies may prevent you from using certain functions of the Site. By using the Site, you expressly consent to the processing of your Personal Data by Google under the conditions and for the purposes described above.

 

To learn more about how to opt out of being tracked by Google Analytics across all websites, visit tools.google.com/dlpage/gaoptout.

 

12. Data Sharing and Disclosure

  1. To subcontractors

 

Aside from DermApp, Personal Data may be made accessible to individuals responsible for operating the Site (administration, sales, marketing, legal, system administration) or to third parties based in Switzerland or the European Union (such as technical service providers, email services, hosting, IT maintenance, or communication agencies) mandated by DermApp to process this Personal Data. An updated list of these external parties can be requested at any time from the data controller.

 

DermApp may share your Personal Data with subcontractors located in Switzerland or the European Union who work on behalf of DermApp. Such transfer is made to assist or participate in the operation of the Site, in particular for managing, hosting, or maintaining the Site, advertising, conducting research, monitoring, and analyzing network status. It may also be used to help carry out business transactions, including providing customer service.

 

Although DermApp may share your Personal Data with its service providers for the purposes mentioned above, such as Site hosting or webmastering, we require that the processing by these third parties be limited and carried out within the framework defined by this Privacy Policy.

 

Your Personal Data will be hosted in Switzerland on the servers of Infomaniak, in Satigny.

 

  1. To third parties with your consent

 

Your Personal Data (excluding Sensitive Data) may be shared with third parties involved in the completion of a contract via the Site, such as Payment Providers, only with your consent.

 

  1. To comply with legal obligations or defend our rights

 

Your Personal Data may also be shared to respond to legitimate requests from government authorities or when required by applicable laws, court orders, or government regulations, as well as when deemed appropriate for audits or to investigate or respond to claims or security threats, or otherwise to defend the interests of DermApp.

 

13. No Recording of Payment Information

We do not record or request any banking or credit card information. External providers process credit card payments. We do not act as a financial intermediary or payment institution for transactions carried out through the Site, which are operated via Six (hereinafter: “Payment Provider“).

 

You agree that DermApp will have payments processed through the Payment Provider. You expressly consent to provide your payment data directly to the Payment Provider, along with any information required by them.

 

For credit card payments, the Payment Provider uses a secure payment system; this is SSL-secured payment. This payment protocol is standard and globally recognized for protecting data transmitted over the internet. It is available on virtually all browsers. The Personal Data you provide in connection with your credit card (number, expiration date, CVM, etc.) is encrypted before being sent from your device to the payment server.

 

The Payment Provider carries out the credit card transaction in compliance with PCI/DSS and TPPP standards. You agree and consent to this payment scheme by the Payment Provider.

 

You expressly agree to be bound by the terms and conditions of the external Payment Provider operating the payment, to pay any applicable fees, and to grant all necessary banking authorizations for the transaction to be processed via your bank or credit card.

 

You conduct the credit card transaction at your own risk. DermApp cannot be held liable for any delays in bank authorization, loss or theft of payment data, or any damages that may occur in connection with the transaction carried out through the Site.

 

14. International Data Transfers

The Personal Data processed by DermApp will be stored in Switzerland but may also be transferred to other countries with an adequate level of data protection. In such cases, DermApp will comply with all applicable rules and regulations and take all required and necessary measures prior to any data transfer abroad.

 

Sensitive Data is processed by the Dermatologist who issued the Diagnosis. In the event of the Site’s closure, your Sensitive Data will be retained by the Dermatologist who provided the Diagnosis.

 

15. Security

The security of your Personal Data and Sensitive Data is very important to us. DermApp is committed to processing your Personal and Sensitive Data appropriately and will take all technical and organizational security measures to prevent unauthorized access, disclosure, alteration, or destruction of your Personal and Sensitive Data.

 

DermApp uses advanced security technologies and measures, rules, and other procedures to protect your personal information from unauthorized access, misuse, disclosure, loss, or destruction. Security firewalls and industry-standard password protections are also used to safeguard your identification data.

 

However, you acknowledge that the use of the internet is not secure and carries risks for your Personal and Sensitive Data. DermApp will do everything in its power to protect your Personal and Sensitive Data, but cannot guarantee or ensure that the data you provide to DermApp will be safe and protected from theft or unauthorized access by third parties, for which we disclaim all liability.

 

It is your responsibility to ensure that the computer you use is properly secured and protected against malicious software such as trojans, computer viruses, and worms. You are aware that without adequate security measures (including a secure browser configuration and up-to-date antivirus software), there is a risk that the data and passwords you use to protect your access to your data may be disclosed to unauthorized third parties.

 

If your Personal or Sensitive Data has been improperly accessed by an unauthorized person or there is reason to believe it has been, the applicable law requires us to notify you. DermApp commits to immediately report any such breach to you via email or notification.

 

16. Access Rights and Data Portability

As a User and/or Dermatologist, you may request DermApp to confirm whether it processes Personal Data about you, receive a copy of the data processed (for this purpose, DermApp will require a copy of an official form of identification), and subsequently instruct DermApp to correct any inaccurate and/or delete any Personal Data.

 

You may, at any time, request access to your Personal Data collected by DermApp, the correction of any inaccurate information, or the deletion of all your Personal Data collected.

 

Any User may also withdraw their consent to the processing of their Personal Data at any time.

 

DermApp guarantees the portability of your Personal Data and agrees to transfer your Personal Data to any third-party service upon your written request.

 

If you wish to exercise any of these rights, please contact DermApp by email at info@dermapp.ch or by postal mail at the following address: DermApp Sàrl, Route de Bursinel 28, 1195 Dully, Switzerland. You may be required to include a copy of an official identity document (ID card, driver’s license, or passport).

 

Please note that any information copied by us may still remain for a certain time after your deletion request in our backup systems. Even then, none of your Account’s Personal Data will remain in the active database of our Users and/or Dermatologists. Remember that Personal Data transferred to third-party services, such as social networks, is not stored on our servers and therefore cannot be deleted from the internet by DermApp.

 

17. Data Deletion and Backup Systems

In principle, all Personal Data (excluding Sensitive Data) collected through the Site (either automatically or provided by the User and/or Dermatologist) will be deleted upon account termination or Site closure, except where there is a legal obligation to retain such data or if payment has not been made.

 

All Personal Data collected through the Site may be retained and stored even after account termination or Site closure, at least temporarily, particularly in case of backup systems. Anonymous information may be retained indefinitely. Sensitive Data will be retained by the relevant Dermatologists for ten (10) years. Sensitive Data will be returned to the Dermatologist in a structured, commonly used, and machine-readable format.

 

18. Links

If certain pages of the Site contain links to websites or pages belonging to third parties, those websites or pages do not apply the same Privacy Policy.

 

If you choose to visit one of these third-party websites or pages, you will be redirected there. We do not have control over third-party websites or pages and therefore recommend that you refer to the privacy policies of these sites or pages to learn about their procedures for collecting, using, and sharing Personal Data.

 

19. Compliance with Law and Law Enforcement

In the event of a legal obligation, DermApp cooperates with government representatives, judicial authorities, and private parties to enforce and comply with the law. In such cases, we may share all your Personal Data with such representatives if we deem it necessary to comply with our legal obligations, respond to legal proceedings (including, in particular, subpoenas with fines), defend the property and rights of DermApp, protect public or individual safety, or prevent or stop any activity that may be or is suspected to be illegal or subject to legal action. For compliance matters, please contact: [info@dermapp.ch].

 

 

20. Asset Transfers

DermApp may sell, assign, transfer, or exchange all or part of its assets, including your Personal Data, as part of a merger, acquisition, reorganization, asset sale, or in the event of bankruptcy or insolvency (hereinafter: “Transfers“). Your acceptance of this Privacy Policy and submission of your Personal Data constitutes your explicit agreement to such Transfers.

 

21. Governing Law and Jurisdiction

This Policy, as well as all issues arising from or related to it (including non-contractual claims or disputes and their interpretation), shall be governed by Swiss law, excluding conflict of law rules.

 

All disputes, claims, or disagreements between a User/Dermatologist and DermApp regarding any matters related to this Policy shall be subject exclusively to the competent courts at DermApp’s registered office, subject to appeal to the Swiss Federal Court.

 

Dully, 31 July 2018