Privacy Policy

Article 1. Objective and scope

1.1. Privacy and Personal Data protection is important to Skindr BV and the dermatologists working with Skindr BV. This Privacy Policy has been established to inform Data Subjects about the management of Skindr BV and the dermatologists, in the context of the Skindr Platform, of Personal Data and how Data Subjects can exercise control over their Personal Data. Data Subjects should carefully read this Privacy Policy before using the Skindr Platform.

This Privacy Policy applies to the Processing of Personal Data within the Skindr Platform.

1.2. This Privacy Policy has been established in implementation of the General Data Protection Regulation, other European regulations incorporating data protection and privacy provisions, as well as applicable national data protection and privacy laws and implementing decisions.

Article 2. Definitions

For the implementation of this Agreement, the following definitions shall apply:

• ‘General Data Protection Regulation’: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, with its amendments and European implementing legislation.
• ‘Anonymous data’: any data that cannot be linked (any longer) to an identified or identifiable person and therefore are not (any longer) personal data.
• ‘Data subject(s)’: the patients and dermatologists whose personal data are being processed within the context of the Skindr Platform.
• ‘Third party’: any party that is not a Data Subject, (sub)Processor or Controller under the Agreement. 
• ‘Dermatologist’: any physician-specialist in dermatology who registers as a professional user, in their capacity as a natural person – whether or not as the business manager of a legal person – on the platform of the Skindr web application and/or the Skindr mobile application with the aim of providing remote dermatological care to patients.  
• ‘Pseudonymised data’: the Personal Data that is processed in such a way that it can no longer be linked to a specific natural person without additional data being used, provided that those additional data are stored separately and that technical and organisational measures are taken to ensure that the Personal Data is not linked to an identified or identifiable natural person. Therefore, it is not Anonymous Data, as the natural person is still identifiable after pseudonymisation.

• ‘Terms of use’: the terms of use of Skindr BV in relation to the use of the Skindr Platform.

• ‘Personal data breach’: a breach of security that accidentally or unlawfully leads to the destruction, loss, modification or unauthorised disclosure of, or unauthorised access to, data transmitted, stored or otherwise processed.

• ‘Patient’: the natural person registering as a private user on the platform of the Skindr web application and/or the Skindr mobile application with the aim of receiving remote dermatological care services.

• ‘Personal data’: any information about an identified or identifiable natural person (‘the Data Subject’).

• ‘Privacy Policy’: the privacy notice regarding the use of the Skindr Platform and the related processing of Personal Data.

• ‘Skindr Platform’: Skindr’s digital platform consisting of the Skindr mobile application and/or the Skindr web application, as well as the Skindr website, which is publicly accessible.

• ‘Processor’: a natural or legal person, public authority, agency or other body that processes Personal Data on behalf of the Controller.

• ‘Processing’: any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

• ‘Controller’: a natural or legal person, a public authority, agency or other body that, only in cooperation with others, determines the purposes for which and the means by which Personal Data is processed.

• ‘Data Protection Legislation’: the General Data Protection Regulation, other European legislation that includes provisions on data protection and privacy, as well as the applicable national data protection and privacy legislation in the Member States with its amendments and implementing decisions, including industry-applicable approved codes of conduct as referred to in Article 40 of the General Data Protection Regulation.
  

‍

Article 3. Categories of persons whose personal data is processed

The collection and processing of Personal Data shall be carried out for all Patients, Dermatologists and website visitors registered on the Skindr Platform.

Article 4. Nature of collected personal data

4.1. The following Personal Data of Patients are collected and processed while using the Skindr Platform (the Skindr mobile application and/or the Skindr web application).

Category 1

Types of Personal Data

The identification, administrative, contact and payment details of the individual Patient.

The details

First and last name, e-mail address, telephone number, postcode, date of birth and national identification number.

Category 2

Types of Personal Data

The health data, genetic data and biometric data of the individual Patient.

The details

Gender, possible allergies, possible pregnancy or contraception, diagnosis, symptoms, dermatological symptoms, medical reports, medication intake, (possible) treatments, (possible) background information, and pictures of dermatological symptoms.

4.2. The following Personal Data of Dermatologists are collected and processed while using the Skindr Platform (the Skindr mobile application and/or the Skindr web application).

Category 3

Types of Personal Data

The identification, administrative, contact and payment details of the individual Dermatologist.

The details

First and last name, the business address, the professional e-mail address, the telephone number, the NIHDI number, the VAT number and the invoice address.

Category 4

Types of Personal Data

The biometric data of the individual Dermatologist.

The details

The profile picture.

4.3. The following Personal Data of website visitors will be collected and processed when visiting the Skindr website.

Category 5

Types of Personal Data

The contact details of the individual website visitor.

The details

First and last name, and the e-mail address.

Article 5. Purposes of processing personal data

5.1. The collected Personal Data of the patients, as described in Article 4.1 of the Privacy Policy, are processed only for the following purposes.

Category 1

The objectives

1. Regarding the registration on the Skindr web application and/or the Skindr mobile application to create a profile with an individual account.
2. Regarding the identification and authentication while logging into the individual account via the Skindr web application and/or the Skindr mobile application.
3. To consult the list of available Dermatologists included in the Skindr web application and/or the Skindr mobile application, as well as to contact an assigned Dermatologist.
4. For contact related to the services of the Skindr web application and/or the Skindr mobile application.
5. For the implementation of technical support.
6. For processing the payment through a Third Party payment platform.
7. For collecting feedback, adverse events and/or complaints concerning Skindr Services and the services provided by Dermatologists.
8. For the development of services and/or products, as well as for the improvement of services and/or products.
9. For statistical and/or scientific research, in cooperation with external stakeholders, education and/or research institutions or otherwise.

Category 2

The objectives

1. To remotely establish a therapeutic relationship and to obtain dermatological care (including consultation, research, diagnosis and/or treatment) from an assigned Dermatologist.
2. For the quality assessment of care provided by the Dermatologists.
3. For the development of services and/or products, as well as for the improvement of services and/or products.
4. For the development of services and/or products, as well as for the improvement of services and/or products.

‍

5.2. The collected Personal Data of the Dermatologists, as described in article 4.2 of the Privacy Policy, are processed only for the following purposes.

Category 3

The objectives

1. Regarding the registration on the Skindr web application and/or the Skindr mobile application to create a profile with an individual account.
2. Regarding the identification and authentication while logging into the individual account via the Skindr web application and/or the Skindr mobile application.
3. To be mentioned on the list of available Dermatologists on the Skindr web-application.
4. To provide medical care to Patients.
5. For contact related to the services of the Skindr web application and/or the Skindr mobile application.
6. For the implementation of technical support.
7. For processing the payment through a Third Party payment platform.
8. For collecting feedback, adverse events and/or complaints concerning Skindr Services and the services provided by Dermatologists.
9. For the development of services and/or products, as well as for the improvement of services and/or products.
10. For statistical and/or scientific research, in cooperation with external stakeholders, education and/or research institutions or otherwise.

Category 4

The objectives

1. If desired, to add a picture to the profile of the Dermatologist.

‍

5.3. The collected Personal Data of the website visitors, as described under Article 4.3 of the Privacy Policy, are processed only for the following purposes.

Category 5

The objectives

1. For signing up for the Skindr newsletter through the Skindr website.
2. For managing the pre-contractual relationship established through the contact form on the Skindr website.

‍

5.4. Under no circumstances shall any Personal Data be included in such processing other than those necessary for the purposes set out in this Article 4, nor shall such Personal Data be processed further in a manner incompatible with those purposes.

Article 6. Legal basis for processing personal data

6.1. The processing of Patients’ Personal Data is based on:

• The implementation of the Agreement with the Patient regarding objectives 1.1 to 1.7 as described in Article 5.1 of the Privacy Policy.
• The legitimate interest of objectives 1.8 and 1.9 as described in Article 5.1 of the Privacy Policy.
• The Patient's explicit consent regarding objectives 2.1 to 2.4 as described in Article 5.1 of the Privacy Policy.

‍

6.2. The Processing of the Dermatologists’ Personal Data is based on:

• The implementation of the agreement with the Dermatologist regarding objectives 3.1 to 3.8 as described in Article 5.2 of the Privacy Policy.
• The legitimate interest of objectives 3.9 and 3.10 as described in Article 5.2 of the Privacy Policy.
• The Dermatologist’s explicit consent regarding objective 4.1 as described in Article 5.1 of the Privacy Policy.

‍

6.3. The Processing of website visitors' Personal Data is based on their explicit consent regarding objectives 5.1 and 5.2 as described in Article 5.3 of the Privacy Policy.

Article 7. Duration of processing personal data

7.1. The Personal Data of Patients are stored for the following periods:

• Category 1: For as long as the Patient's account is active and the subsequent 5 years.
• Category 2: For as long as the Patient's account is active and the subsequent 7 years.
• Sometimes the time period can be longer, for instance in order to comply with legal obligations or in case of a dispute.

‍

7.2. The Personal Data of Dermatologists are stored for the following periods:

• Category 3: As long as the Dermatologist's account is active and the subsequent 5 years.
• Category 4: As long as the Dermatologist's account is active and they are listed on the list of available healthcare professionals on the Skindr Platform.
• Sometimes the time period can be longer, for instance in order to comply with legal obligations or in case of a dispute.

‍

7.3. The Personal Data of the website visitors are stored for the following periods:

• Category 5: For as long as the website visitor has not explicitly unsubscribed via the contact form on the Skindr website or up to three months after a reminder e-mail to reaffirm the opt-in has gone unanswered.
• Sometimes the time period can be longer, for instance in order to comply with legal obligations or in case of a dispute.

‍

7.4. If the retention period has expired, the Personal Data will be destroyed and erased from the files on the initiative of Skindr BV, within a period of one year.

However, the erasure may be ignored when the preservation is required by a legal requirement, or the preservation is considered reasonably important from a medical or ethical point of view or regarding the Patient's life expectancy, or regarding the defence of their legitimate interests or those of their dependants.

7.5. If the Personal Data has been processed in such a way that makes it reasonably impossible to trace it back to individuals, the data may be stored in an anonymised form.

‍

Article 8. Security and confidentiality

8.1. Skindr BV and the Dermatologists have developed security measures adapted on technical, administrative and organisational levels to avoid the destruction, loss, falsification, modification, unauthorised access or inadvertent disclosure to Third Parties of the Personal Data and any unauthorised Processing of the data.

In the event that the aforementioned breach would occur and would involve Personal Data, Skindr BV will inform the Data Subject, in cooperation with the Dermatologists, of the breach, including a description of the potential impact and a recommendation to limit the potentially negative consequences of the breach.

8.2. Skindr BV and the Dermatologists provide a safe, controlled environment for the use of the Skindr Platform.

8.3. Under no circumstances may Skindr BV or a Dermatologist be held liable by a Patient or a website visitor for any direct or indirect damage resulting from an incorrect or unlawful use of the Personal Data by a Third Party.

8.4. Each Data Subject is liable for preserving the privacy and security of their individual account on the Skindr Platform. For example, by not allowing a Third Party to use their personal login and by avoiding all unauthorised access to their account.

Each Patient and Dermatologist is personally liable for the use of the Skindr web application and/or the Skindr mobile application on their devices, IP address and identification data as well as its confidentiality.

8.5. Each Patient and Dermatologist should immediately notify Skindr BV of unauthorised use of their account by sending an e-mail to care@skindr.com.

Article 9. Transmission of personal data

9.1. If necessary, the following categories of recipients are entitled to receive Personal Data of Patients from Skindr BV and/or the Dermatologists:

• The support staff, staff and/or appointees (healthcare professionals or otherwise) of the Dermatologists responsible for the (medical and/or organisational) follow-up of patient care referred to in Article 5 of the Privacy Policy. Skindr BV is not liable for any non-compliance with professional confidentiality regarding the Dermatologists.
• External treating healthcare professionals of the patient and/or intermediate healthcare institutions where the healthcare professionals are working, in the context of patient care.
• External (sub)Processors on which Skindr BV and/or the Dermatologists rely for the Processing of Personal Data, such as Mediris.
• External service providers of payment platforms that Skindr BV uses to process the payments.
• Remote web hosting services, analysis companies and/or research institutions on which Skindr BV relies to help optimise the functionality of the Skindr Platform.
• The health insurance company of the Patient and the National Institute for Health and Disability Insurance (NIHDI) and/or foreign competent bodies regarding financial benefits for the Patient, to the extent imposed by or under the law or with the consent of the Patient.
• Public authorities authorised to do so by a government decision.
• Insurance companies to the extent imposed by or under the law or with the consent of the Patient and the professional liability insurer of a hospital or of a Dermatologist, without the consent of the Patient, to the extent that communication is necessary for the defence of legal claims or for the institution or Dermatologist, exercise or defence of a legal claim;
• Other bodies and organisations, as imposed by or under the law or with the Patient's consent;
• Affected Patients or their representatives within the limits set by the law of 22 August 2002 on patients' rights.

‍

9.2. Apart from the cases set out in Article 9.1 of the Privacy Policy, only Anonymous Data can be exchanged with other persons, bodies and organisations.

Article 10. Rights of data subjects

10.1. Right to be informed.

No later than the time of collection of Personal Data relating to the Data Subject shall the Data Subject be informed, in accordance with the provisions of the General Data Protection Regulation, through this Privacy Policy about the Processing of their data and the legal basis for such Processing.

In addition, the Data Subject has the right to obtain the following from Skindr BV, if they request it:

• the existence or absence of Processing of Personal Data relating to them;
• the Personal Data that is being Processed and all available information on the origin of that Personal Data, unless the right to access those Personal Data is prohibited by law;
• the objectives of the Processing;
• the categories of Personal Data related to the Processing and the retention period of the Personal Data;
• the categories of recipients to whom the Personal Data is disclosed;
• the existence of automated decision-making based on the Personal Data, as well as the underlying logic and the consequences of that decision-making.

‍

10.2. Right of access.

The Data Subject has the right to have access to their collected Personal Data and the usage of the data in the context of the Processing by Skindr BV and the Dermatologists at any time.

10.3. Right to rectification, erasure and restriction.

• The Data Subject is free not to disclose certain Personal Data to Skindr BV and the Dermatologists. However, certain Personal Data are essential to ensure the optimal functioning of the Skindr Platform, such as the name, the national identification number and the date of birth.
• The Data Subject has the right to request Skindr BV to have their collected Personal Data that are incomplete or inaccurate rectified or completed. In case of objectively incorrect or incomplete data, a completion of the data will be allowed upon simple request. A rectification of a Data Subject's Personal Data regarding reports containing medical information may be authorised upon the approval of the treating Dermatologist.
• The Data Subject may also request restrictions on the Processing of certain Personal Data if the Data Subject considers the data inaccurate.
• The Data Subject shall have the right to request Skindr BV to delete certain Personal Data. If the Data Subject refuses to disclose certain Personal Data or requests that certain Personal Data be deleted, it is possible that the Skindr Platform no longer functions optimally.
• Unless the Processing is necessary for imperative legitimate reasons, the Data Subject may discontinue the Processing of their Personal Data based solely on the legitimate interests or the performance of a task carried out in the public interest or in the exercise of official authority by submitting an objection. Pending the reply of Skindr BV, at any time, the Data Subject may request that their Personal Data is temporarily withheld from Processing (except in a number of legally determined cases). At any time, any Processing for direct marketing purposes may be stopped by the Data Subject by withdrawing their consent or submitting an objection.

‍

10.4. Right to object

The Data Subject shall have the right to object to the Processing of their Personal Data if they have serious and legitimate reasons to do so.

10.5. Right to data portability

Within certain limits, the Data Subject shall have the right to receive the Personal Data concerning them that is processed on the Skindr Platform in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller.

10.6. Right to withdraw consent

The Data Subject shall have the right to withdraw their prior consent to the Processing of their Personal Data. If the Data Subject withdraws their consent to Processing Personal Data, it is possible that the Skindr Platform no longer functions optimally.

10.7. Rights related to automated decision making including profiling

The Data Subject shall have the right not to be subject to a decision based solely on automated Processing, including profiling, that produces legal effects concerning the Data Subject or similarly significantly affects the Data Subject.

10.8. Exercise your rights

The Data Subject may exercise their rights by contacting Skindr BV by e-mail: care@skindr.com.

10.9. Right to lodge a complaint

The Data Subject shall have the right to lodge a complaint with the Belgian Data Protection Authority:

Data Protection Authority Drukpersstraat 35, 1000 Brussels,

Tel: +32 (0)2 274 48 00, Fax: +32 (0)2 274 48 35,

Email: contact@apd-gba.be

This shall be without prejudice to cases covered in civil court. If the Data Subject would suffer as a result of the Processing of their Personal Data, the Data Subject can claim compensation.

Article 11. Questions, concerns and complaints

11.1. The Data Subject can always contact Skindr BV if they have questions and concerns about the protection of their data. Requests to exercise rights may also be submitted to Skindr BV. Upon submission of the Data Subject's request, they will receive an acknowledgement of receipt and Skindr BV will inform them about the actions that will be taken regarding the request as soon as possible and within one month. In case of complex or multiple requests, this period may be extended to three months from the date of submission of the request. In that case, Skindr BV will notify the Data Subject within one month.

11.2. Skindr BV reserves the right to verify the identity of the requester for each submitted request and to ask for additional information in case of doubt about the identity of the requester. If the requester refuses to provide the necessary information, Skindr BV may refuse the request.

Article 12. Amendments

Skindr BV reserves the right to change its Privacy Policy at any time.

Article 13. Completeness of the agreement

This Privacy Policy is governed by Belgian law. Disputes shall be submitted to the courts/tribunals in the judicial district Oost-Vlaanderen, section Gent, which have exclusive territorial jurisdiction.

‍

‍

Terms & Conditions