References to the GDPR

For users from the European Union or the European Economic Area, the regulations of the GDPR apply.

For users from Switzerland the Swiss laws apply.

Please note that this privacy policy may change from time to time. We therefore recommend that you read this privacy statement regularly to ensure that you are always familiar with the current applicable version.

Data security

The protection of your personal data is a top priority at derma2go AG. The data you enter is transmitted in encrypted form and stored on protected servers. We will keep your data secure and take measures to protect your personal data from loss, access, misuse or alteration. Access to your password-protected profile is additionally secured by so-called two-factor authentication. Our employees and contractual partners who have access to your data are contractually bound to secrecy and compliance with data protection regulations.

The patient acknowledges that the personal data collected by him is in particular also health data and thus a special category of personal data.

Visiting our website

When you call up our website, the following data is determined by your terminal device or the browser used and stored in a log file:

– IP address of the end device

– Date and time (incl. time zone difference to CET) of access

– Name and URL of the retrieved file

– transferred data volume

– The website from which you accessed our site (referrer URL) and the search engines you used to find our site.

– browser used, operating system of the end device

– Name of the Internet provider

We initially use this data for technical purposes in order to deliver the contents of our website to you and to ensure the secure operation of our services.

Furthermore, we use this data for statistical purposes so that we can trace which terminal devices with which characteristics and settings are used for visiting our website in order to optimize them for them if necessary. These statistics do not contain any personal data. If you are within the scope of the GDPR, the legal basis for the use of data for the compilation of statistics is Art. 6 Para. 1 f) GDPR.

The IP address of your terminal device is anonymized if complete storage is no longer required for the technical purposes you have initiated. The complete IP address will therefore not be stored for non-technical purposes unless this is necessary to detect and prevent attacks (e.g. preventing access, spying on data, spreading malware (e.g. viruses) or other unlawful purposes) against the systems used for our website. Such attacks would impair the proper functioning of the technology, the use of our website or its functionality and the security of visitors to our website. We hereby pursue the legitimate interest of ensuring the operability of our website and to ward off illegal attacks against us and the visitors to our website. If you are within the scope of the GDPR, the legal basis for processing is Art. 6 para. 1 f) GDPR. Also, in this case, the stored IP data will be deleted (by anonymization) if they are no longer needed for the recognition or defense of an attack.

Create a customer account

When you create a customer account, we process the information you provide to us in order to create and administer the account and to enable you to use the services we provide through the use of the account. If you are in the area of application of the GDPR, the legal basis for the processing is Art. 6 Para. 1 b GDPR.

These data are stored until the deletion of the customer account. If we are required by law to store data for a longer period of time (e.g. to fulfil accounting obligations) or if we are legally entitled to store data for a longer period of time (e.g. due to a current legal dispute against the owner of a user account), the data will be deleted after the storage obligation or the legal entitlement has expired.

Storage of customer data

We store your customer data exclusively on servers in Switzerland and the European Union.

Commissioning of a doctor

We do not become a contractual partner if you instruct one of the doctors co-operating with us to treat you. We only offer you and the participating physicians a platform for initiating, concluding and carrying out the corresponding orders. The person responsible under data protection law in connection with the execution of a treatment contract concluded with you is therefore your respective contractual partner. In this respect, we refer to its data protection information, to which we refer in the context of the granting of a treatment contract, if these were communicated to us.

The data stored by you in your derma2go user account will be used to transfer the corresponding data to the commissioned doctor to enable you to access the communication with the doctor and the treatment findings. If you are within the scope of the GDPR, the legal basis for this is Art. 6 Para. 1 b) GDPR.

Your doctor processes the information you enter on derma2go (name data, address and contact data, age, image data, health data, billing data, if applicable information on health insurance, diagnoses, therapy suggestions and findings) for the purposes of carrying out the treatment contract concluded with you. If you are within the scope of the GDPR, the legal basis for this is Art. 6 para. 1 b) GDPR in conjunction with Art. 9 para. 2 h) GDPR. For details, please refer to the information provided by your doctor.

Your data can be accessed for a period of three months. We therefore recommend that you store the treatment data with you if necessary.

Payment processes

Treatment fees are billed via the payment service provider Stripe. Stripe’s privacy policy can be found at https://stripe.com/de/privacy

If you are within the scope of the GDPR, the legal basis for the corresponding processing by the respective doctor with the implementation of the treatment contract is Art. 6 Para. 1 b) GDPR. No health information will be transmitted to Stripe, but only the data required for the payment process.

Furthermore, there is the possibility to handle the payment process with the online payment service PayPal. PayPal enables online payments to be made to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal. This regularly involves the following data: Name, address, company, e-mail address, telephone and mobile number IP address.

The information submitted to PayPal may be transmitted by PayPal to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness. PayPal may also pass on your data to third parties if this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of a third party. You can read PayPal’s privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.

If you are in the area of application of the DSGVO, the legal basis for this is Art. 6 para. 1 b) DSGVO, as the processing of data is necessary for payment with PayPal and thus for the execution of the contract.

Contact inquiries

If you send us a message via one of the contact options offered, we will use the data you provide to us to process your request. The legal basis for this is our legitimate interest in responding to your request. If you are in the area of application of the GDPR, the legal basis for the corresponding processing is Art. 6 Para. 1 f) GDPR. If you are within the scope of the GDPR and if your request serves to conclude a contract with us, the further legal basis for the processing is Art. 6 para. 1 b) GDPR. The data will be deleted after your request has been dealt with. If we are obliged by law to store the data for a longer period of time, it will be deleted after expiry of the corresponding period.

Newsletter

By registering for our email newsletter, we process the data provided by you for the creation and dispatch of the newsletter as well as for the proof of registration for our newsletter. If you are in the area of application of the DSGVO, the legal basis for this is Art. 6 para. 1 a) DSGVO. To send the newsletter, you must click on the confirmation link in the verification email that we send you after your registration. When you click on the link in the verification e-mail, we process the public IP address of the terminal device from which the link is called up, together with the date and time of the click and your e-mail address. We process this data to be able to prove that you have confirmed your consent. If you are in the area of application of the DSGVO, the legal basis for this is Art. 6 para. 1 f) DSGVO. Our legitimate interest in this is the fulfilment of our obligation to document and prove your consent. Your registration to our newsletter is revocable at any time with effect for the future.

Use of cookies

Cookies are used for the operation of our website to ensure the technical functionality of our website and to understand how visitors use our website.

A cookie is a small text file that is stored on your terminal device by your browser when you visit our website. If you call up our website again later, we or the service provider setting the cookie can read out the respective cookie again.

Cookies are stored for different periods of time. A distinction must be made between so-called session cookies and temporary cookies. Session cookies are deleted from your browser when you leave our website or when you exit the browser. Permanent cookies are stored for the duration specified when they are stored.

You can set your browser to accept cookies at any time, but this may result in our website no longer functioning properly. You can also delete cookies yourself at any time.

We use cookies for the following purposes:

– Technically necessary cookies, which are absolutely necessary for the use of the functions of our website. Without these cookies, certain functionalities cannot be provided. These are session cookies.
– Statistics cookies that are used to analyse your user behaviour. For details, please read the information on “Matomo”.

Most browsers used by our users allow you to choose which cookies to store and to delete (certain) cookies. If you limit the storage of cookies to certain websites or do not allow cookies from third party websites, this may result in our website not being able to be used to its full extent. Here you will find information on how to adjust cookie settings for the most common browsers:

– Google Chrome (support.google.com/chrome/answer/95647?hl=en)

– Internet Explorer (https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies)

– Firefox (https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen)

– Safari (https://support.apple.com/kb/PH21411?locale=deDE)

Using Matomo to analyze the use of our website

For the compilation of statistics and evaluations, how and with which end devices our offer is used, for the optimization of the offer and for the recognition of errors we use the tool Matomo; https://matomo.org. This tool runs directly on our server and is operated by us.

With this processing we pursue the justified interest to improve our offer and to be able to operate stable. If you are in the area of application of the GDPR is legal basis of the processing art. 6 Abs. 1 f) GDPR.

In order to collect data, the tool uses a so-called “cookie”. This is a small text file that is stored by your browser on your terminal device. By means of this cookie, the tool receives, for example, information about which website you have visited, technical data of the browser you are using and of the respective terminal device. The IP address of your terminal device is only processed anonymously. At no time does the tool create profiles to which we can assign certain users, but always uses pseudonyms.

If you do not want us to use Matomo for your visit to our website, please click here. (https://matomo.org/docs/gdpr/#6-right-to-object)

A cookie will be stored in your browser to record your objection. If you delete this later, you will have to declare your objection again.

Meta Pixels
Our website uses the visitor action pixel from to measure conversion Facebook/Instagram, Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (“Meta”). In this way, the behavior of the site visitors can be tracked after this by clicking on a Facebook/Instagram advertisement on the provider’s website were forwarded. This can improve the effectiveness of the Facebook/Instagram Advertisements are evaluated for statistical and market research purposes and future advertising measures can be optimized. The data collected is for us as Operators of this website anonymously, we cannot draw any conclusions about the identity of the drag users. However, the data is stored and processed by Facebook/Instagram, so that a connection to the respective user profile is possible and Facebook/Instagram the Data for own advertising purposes, according to the Facebook/Instagram Data Use Policy can use. This allows Facebook/Instagram to do this Placing advertisements on Facebook/Instagram pages and outside of
Enable Facebook/Instagram. This use of the data by us as Site operators are not influenced. The legal basis for data processing is your consent in accordance with Art. 6 (1) (a) GDPR. You will find further information on the data protection notices of Facebook/Instagram
Protection of your privacy:
https://www.facebook.com/about/privacy/
https://privacycenter.instagram.com/policy/
You can also use the Custom Audiences remarketing feature in the Disable “Advertisements Settings”. To do this, you must be on Facebook/Instagram to be registered. If you do not have a Facebook/Instagram account, you can use usage-based advertising from Facebook/Instagram on the European Interactive Digital Advertising website
Disable Alliance:
http://www.youronlinechoices.com/de/praferenzmanagement/.

Google Ads conversion tracking
We use Google Ads to advertise to you on Google and other third party websites to display. With conversion tracking, we can determine how successful the individual are advertising measures. We are pursuing the purpose of showing you advertisements that are for is of interest to you and to make our website more interesting for you. The legal basis for processing your data is your consent Art. 6 (1) lit. a GDPR. The advertising is delivered by Google via so-called “ad servers”. For this we use Cookies, through which certain parameters to measure success, such as the display of the Ads or clicks by users, can be measured. If you have one Google Ads reach our website, Google Ads places a cookie on your PC saved. These cookies usually lose their validity after 30 days are not intended to identify you personally. About this cookie are in the Usually the unique cookie ID, number of ad impressions per placement as analysis values (frequency), last impression (relevant for post-view conversions) and opt-out information (Marking that the user no longer wants to be addressed) saved. These cookies enable Google to recognize your internet browser. Unless a User visits certain pages of an Ads client’s website and does so on their Computer stored cookie has not expired, Google and the customer recognize that the user clicked on the ad and was redirected to this page became. Each Ads customer is assigned a different cookie. Cookies can therefore not tracked across Ads clients’ websites. We ourselves raise and do not process any personal data in the advertising measures mentioned. We only receive statistical evaluations from Google. Based From these evaluations we can see which of the advertising measures used are particularly effective. We receive further data from the use of the advertising material not, in particular we cannot identify the users based on this information. Due to the marketing tools used, your browser automatically creates a direct Connection to Google servers. We have no control over the scope and the further use of the data by Google and inform you accordingly As far as we know: By integrating ads conversion tracking, Google receives the information that you have accessed the relevant part of our website or clicked on one of our ads. If you are registered with a Google service are, Google can assign the visit to your account. Even if you’re not on Google are registered or have not logged in, there is a possibility that the provider Finds out and saves your IP address. You can prevent the storage of cookies by setting your preferences accordingly prevent browser software; however, we would like to point out that in this case you you may not be able to use all the functions of this website to their full extent can. You can also record the data generated by the cookie and on Your use of the website related data (including your IP address) to Google and the Prevent Google from processing this data by doing the following Download and install the available browser plugin:
http://www.google.com/settings/ads/plugin 

The provider Google is headquartered in the USA (Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA). A processing of the personal
Saint Elmo’s Boost GmbH
Karolingerstrasse 1 • 5020 Salzburg • Austria
Saint Elmo’s Boost GmbH
Karolingerstrasse 1, 5020 Salzburg, Austria
HG Salzburg • FN 521119b • ATU 75007467
A Serviceplan Group company www.saint-elmos-boost.com

Data can thus also be stored in a third country (a country outside the European Union or the contracting states to the Agreement on the European Economic Area) take place. Google undertakes to comply with so-called EU standard data protection clauses within the meaning of Art. 46 GDPR to complete. Due to this contractual set of rules, recipients are also obliged in third countries to comply with a data protection standard which essentially corresponds to European ones. Further information on data protection at Google can be found here:
www.google.com/intl/de/policies/privacy
https://services.google.com/sitestats/de.html

Google Ads Remarketing
We use Google Ads Remarketing. Through this application you can visit after Our website will display advertisements from us on other websites. this happens by means of cookies stored in your browser, via which your usage behavior when visiting of various websites is recorded and evaluated by Google. So can Google your previous visit to our website. A merger of the Data collected as part of remarketing with your personal data, which may are stored by Google, does not take place according to Google’s own statements. According to Google, pseudonymization is used in particular for remarketing.

Your rights

In connection with your personal data, you are entitled in particular to the rights listed below. Please refer to the legal regulations for details. If you are within the scope of the GDPR, the GDPR is the legal basis.

Right to information  

You have the right to request confirmation from us as to whether personal data relating to you will be processed by us. If this is the case, you have the right to be informed about this personal data and to receive further information. If you are within the scope of the GDPR, the legal basis is Art. 15 GDPR.

Right to rectification

You have the right to demand from us immediately the correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data – also by means of a supplementary declaration – taking into account the purposes of the processing. If you are within the scope of the GDPR, the legal basis is Art. 16 GDPR.

Right to deletion  

You have the right to demand that we delete any personal data concerning you immediately. We are obliged to delete personal data immediately if the corresponding requirements are met. If you are within the scope of the GDPR, the legal basis is Art. 17 GDPR.

Right to limitation of processing

Under certain circumstances you have the right to demand that we restrict the processing of your personal data. If you are within the scope of the GDPR, the legal basis is Art. 18 GDPR.

Right to data transferability

If you are within the scope of the GDPR you have the right under Art 20 GDPR to receive the personal data relating to you which you have provided to us in a structured, common and machine-readable format and you have the right to transfer this data to another responsible person without hindrance by us, provided that the processing is based on consent in accordance with Article 6 Para. 1 a) GDPR or Article 9 para. 2 a) GDPR or on a contract pursuant to Article 6 para. 1 b) GDPR and the processing is carried out using automated procedures.

Existence of a right of appeal to the supervisory authority

If you are within the scope of the GDPR, Art. 77 GDPR gives you the right to complain to the supervisory authority without prejudice to any other administrative or judicial remedy. This right exists in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement if you are of the opinion that the processing of your personal data violates the GDPR.

Right of objection

You have the right to object to the processing of personal data concerning you, including profiling based on these provisions. If you are within the scope of the GDPR, the legal basis is Art. 21 GDPR. The statement of objection then applies to personal data that is based on Article 6 paragraph 1 letters e or f of the GDPR Regulation.

If we process your personal data in order to carry out direct advertising, you have the right at any time to object to the processing of your personal data relating to the section of such advertising by sending an e-mail to info@derma2go.com; this also applies to profiling insofar as it is connected with such direct advertising.