1.1. Privacy and Personal Data protection is important to Skindr BV and the dermatologists working with Skindr BV. This Privacy Policy has been established to inform Data Subjects about the management of Skindr BV and the dermatologists, in the context of the Skindr Platform, of Personal Data and how Data Subjects can exercise control over their Personal Data. Data Subjects should carefully read this Privacy Policy before using the Skindr Platform.
This Privacy Policy applies to the Processing of Personal Data within the Skindr Platform.
1.2. This Privacy Policy has been established in implementation of the General Data Protection Regulation, other European regulations incorporating data protection and privacy provisions, as well as applicable national data protection and privacy laws and implementing decisions.
For the implementation of this Agreement, the following definitions shall apply:
‘Terms of use’: the terms of use of Skindr BV in relation to the use of the Skindr Platform.
‘Personal data breach’: a breach of security that accidentally or unlawfully leads to the destruction, loss, modification or unauthorised disclosure of, or unauthorised access to, data transmitted, stored or otherwise processed.
‘Patient’: the natural person registering as a private user on the platform of the Skindr web application and/or the Skindr mobile application with the aim of receiving remote dermatological care services.
‘Personal data’: any information about an identified or identifiable natural person (‘the Data Subject’).
‘Privacy Policy’: the privacy notice regarding the use of the Skindr Platform and the related processing of Personal Data.
‘Skindr Platform’: Skindr’s digital platform consisting of the Skindr mobile application and/or the Skindr web application, as well as the Skindr website, which is publicly accessible.
‘Processor’: a natural or legal person, public authority, agency or other body that processes Personal Data on behalf of the Controller.
‘Processing’: any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘Controller’: a natural or legal person, a public authority, agency or other body that, only in cooperation with others, determines the purposes for which and the means by which Personal Data is processed.
‘Data Protection Legislation’: the General Data Protection Regulation, other European legislation that includes provisions on data protection and privacy, as well as the applicable national data protection and privacy legislation in the Member States with its amendments and implementing decisions, including industry-applicable approved codes of conduct as referred to in Article 40 of the General Data Protection Regulation.
The collection and processing of Personal Data shall be carried out for all Patients, Dermatologists and website visitors registered on the Skindr Platform.
4.1. The following Personal Data of Patients are collected and processed while using the Skindr Platform (the Skindr mobile application and/or the Skindr web application).
Types of Personal Data
The identification, administrative, contact and payment details of the individual Patient.
The details
First and last name, e-mail address, telephone number, postcode, date of birth and national identification number.
Types of Personal Data
The health data, genetic data and biometric data of the individual Patient.
The details
Gender, possible allergies, possible pregnancy or contraception, diagnosis, symptoms, dermatological symptoms, medical reports, medication intake, (possible) treatments, (possible) background information, and pictures of dermatological symptoms.
4.2. The following Personal Data of Dermatologists are collected and processed while using the Skindr Platform (the Skindr mobile application and/or the Skindr web application).
Types of Personal Data
The identification, administrative, contact and payment details of the individual Dermatologist.
The details
First and last name, the business address, the professional e-mail address, the telephone number, the NIHDI number, the VAT number and the invoice address.
Types of Personal Data
The biometric data of the individual Dermatologist.
The details
The profile picture.
4.3. The following Personal Data of website visitors will be collected and processed when visiting the Skindr website.
Types of Personal Data
The contact details of the individual website visitor.
The details
First and last name, and the e-mail address.
5.1. The collected Personal Data of the patients, as described in Article 4.1 of the Privacy Policy, are processed only for the following purposes.
The objectives
The objectives
5.2. The collected Personal Data of the Dermatologists, as described in article 4.2 of the Privacy Policy, are processed only for the following purposes.
The objectives
The objectives
5.3. The collected Personal Data of the website visitors, as described under Article 4.3 of the Privacy Policy, are processed only for the following purposes.
The objectives
5.4. Under no circumstances shall any Personal Data be included in such processing other than those necessary for the purposes set out in this Article 4, nor shall such Personal Data be processed further in a manner incompatible with those purposes.
6.1. The processing of Patients’ Personal Data is based on:
6.2. The Processing of the Dermatologists’ Personal Data is based on:
6.3. The Processing of website visitors' Personal Data is based on their explicit consent regarding objectives 5.1 and 5.2 as described in Article 5.3 of the Privacy Policy.
7.1. The Personal Data of Patients are stored for the following periods:
7.2. The Personal Data of Dermatologists are stored for the following periods:
7.3. The Personal Data of the website visitors are stored for the following periods:
7.4. If the retention period has expired, the Personal Data will be destroyed and erased from the files on the initiative of Skindr BV, within a period of one year.
However, the erasure may be ignored when the preservation is required by a legal requirement, or the preservation is considered reasonably important from a medical or ethical point of view or regarding the Patient's life expectancy, or regarding the defence of their legitimate interests or those of their dependants.
7.5. If the Personal Data has been processed in such a way that makes it reasonably impossible to trace it back to individuals, the data may be stored in an anonymised form.
Article 8. Security and confidentiality
8.1. Skindr BV and the Dermatologists have developed security measures adapted on technical, administrative and organisational levels to avoid the destruction, loss, falsification, modification, unauthorised access or inadvertent disclosure to Third Parties of the Personal Data and any unauthorised Processing of the data.
In the event that the aforementioned breach would occur and would involve Personal Data, Skindr BV will inform the Data Subject, in cooperation with the Dermatologists, of the breach, including a description of the potential impact and a recommendation to limit the potentially negative consequences of the breach.
8.2. Skindr BV and the Dermatologists provide a safe, controlled environment for the use of the Skindr Platform.
8.3. Under no circumstances may Skindr BV or a Dermatologist be held liable by a Patient or a website visitor for any direct or indirect damage resulting from an incorrect or unlawful use of the Personal Data by a Third Party.
8.4. Each Data Subject is liable for preserving the privacy and security of their individual account on the Skindr Platform. For example, by not allowing a Third Party to use their personal login and by avoiding all unauthorised access to their account.
Each Patient and Dermatologist is personally liable for the use of the Skindr web application and/or the Skindr mobile application on their devices, IP address and identification data as well as its confidentiality.
8.5. Each Patient and Dermatologist should immediately notify Skindr BV of unauthorised use of their account by sending an e-mail to care@skindr.com.
9.1. If necessary, the following categories of recipients are entitled to receive Personal Data of Patients from Skindr BV and/or the Dermatologists:
9.2. Apart from the cases set out in Article 9.1 of the Privacy Policy, only Anonymous Data can be exchanged with other persons, bodies and organisations.
10.1. Right to be informed.
No later than the time of collection of Personal Data relating to the Data Subject shall the Data Subject be informed, in accordance with the provisions of the General Data Protection Regulation, through this Privacy Policy about the Processing of their data and the legal basis for such Processing.
In addition, the Data Subject has the right to obtain the following from Skindr BV, if they request it:
10.2. Right of access.
The Data Subject has the right to have access to their collected Personal Data and the usage of the data in the context of the Processing by Skindr BV and the Dermatologists at any time.
10.3. Right to rectification, erasure and restriction.
10.4. Right to object
The Data Subject shall have the right to object to the Processing of their Personal Data if they have serious and legitimate reasons to do so.
10.5. Right to data portability
Within certain limits, the Data Subject shall have the right to receive the Personal Data concerning them that is processed on the Skindr Platform in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller.
10.6. Right to withdraw consent
The Data Subject shall have the right to withdraw their prior consent to the Processing of their Personal Data. If the Data Subject withdraws their consent to Processing Personal Data, it is possible that the Skindr Platform no longer functions optimally.
10.7. Rights related to automated decision making including profiling
The Data Subject shall have the right not to be subject to a decision based solely on automated Processing, including profiling, that produces legal effects concerning the Data Subject or similarly significantly affects the Data Subject.
10.8. Exercise your rights
The Data Subject may exercise their rights by contacting Skindr BV by e-mail: care@skindr.com.
10.9. Right to lodge a complaint
The Data Subject shall have the right to lodge a complaint with the Belgian Data Protection Authority:
Data Protection Authority Drukpersstraat 35, 1000 Brussels,
Tel: +32 (0)2 274 48 00, Fax: +32 (0)2 274 48 35,
Email: contact@apd-gba.be
This shall be without prejudice to cases covered in civil court. If the Data Subject would suffer as a result of the Processing of their Personal Data, the Data Subject can claim compensation.
11.1. The Data Subject can always contact Skindr BV if they have questions and concerns about the protection of their data. Requests to exercise rights may also be submitted to Skindr BV. Upon submission of the Data Subject's request, they will receive an acknowledgement of receipt and Skindr BV will inform them about the actions that will be taken regarding the request as soon as possible and within one month. In case of complex or multiple requests, this period may be extended to three months from the date of submission of the request. In that case, Skindr BV will notify the Data Subject within one month.
11.2. Skindr BV reserves the right to verify the identity of the requester for each submitted request and to ask for additional information in case of doubt about the identity of the requester. If the requester refuses to provide the necessary information, Skindr BV may refuse the request.
Skindr BV reserves the right to change its Privacy Policy at any time.
This Privacy Policy is governed by Belgian law. Disputes shall be submitted to the courts/tribunals in the judicial district Oost-Vlaanderen, section Gent, which have exclusive territorial jurisdiction.