Contact details of the EU Data Protection Commissioner pursuant to Art. 34 GDPR
Calle Hermanos Soto Chápuli, 4
Alicante 03010 (Spain)
Tel.: +34 965 94 68 83
References to the GDPR
For users from the European Union or the European Economic Area, the regulations of the GDPR apply.
For users from Switzerland the Swiss laws apply.
The protection of your personal data is a top priority at derma2go AG. The data you enter is transmitted in encrypted form and stored on protected servers. We will keep your data secure and take measures to protect your personal data from loss, access, misuse or alteration. Access to your password-protected profile is additionally secured by so-called two-factor authentication. Our employees and contractual partners who have access to your data are contractually bound to secrecy and compliance with data protection regulations.
The patient acknowledges that the personal data collected by him is in particular also health data and thus a special category of personal data.
Visiting our website
When you call up our website, the following data is determined by your terminal device or the browser used and stored in a log file:
– IP address of the end device
– Date and time (incl. time zone difference to CET) of access
– Name and URL of the retrieved file
– transferred data volume
– The website from which you accessed our site (referrer URL) and the search engines you used to find our site.
– browser used, operating system of the end device
– Name of the Internet provider
We initially use this data for technical purposes in order to deliver the contents of our website to you and to ensure the secure operation of our services.
Furthermore, we use this data for statistical purposes so that we can trace which terminal devices with which characteristics and settings are used for visiting our website in order to optimize them for them if necessary. These statistics do not contain any personal data. If you are within the scope of the GDPR, the legal basis for the use of data for the compilation of statistics is Art. 6 Para. 1 f) GDPR.
The IP address of your terminal device is anonymized if complete storage is no longer required for the technical purposes you have initiated. The complete IP address will therefore not be stored for non-technical purposes unless this is necessary to detect and prevent attacks (e.g. preventing access, spying on data, spreading malware (e.g. viruses) or other unlawful purposes) against the systems used for our website. Such attacks would impair the proper functioning of the technology, the use of our website or its functionality and the security of visitors to our website. We hereby pursue the legitimate interest of ensuring the operability of our website and to ward off illegal attacks against us and the visitors to our website. If you are within the scope of the GDPR, the legal basis for processing is Art. 6 para. 1 f) GDPR. Also, in this case, the stored IP data will be deleted (by anonymization) if they are no longer needed for the recognition or defense of an attack.
Create a customer account
When you create a customer account, we process the information you provide to us in order to create and administer the account and to enable you to use the services we provide through the use of the account. If you are in the area of application of the GDPR, the legal basis for the processing is Art. 6 Para. 1 b GDPR.
These data are stored until the deletion of the customer account. If we are required by law to store data for a longer period of time (e.g. to fulfil accounting obligations) or if we are legally entitled to store data for a longer period of time (e.g. due to a current legal dispute against the owner of a user account), the data will be deleted after the storage obligation or the legal entitlement has expired.
Storage of customer data
We store your customer data exclusively on servers in Switzerland and the European Union.
Commissioning of a doctor
We do not become a contractual partner if you instruct one of the doctors co-operating with us to treat you. We only offer you and the participating physicians a platform for initiating, concluding and carrying out the corresponding orders. The person responsible under data protection law in connection with the execution of a treatment contract concluded with you is therefore your respective contractual partner. In this respect, we refer to its data protection information, to which we refer in the context of the granting of a treatment contract, if these were communicated to us.
The data stored by you in your derma2go user account will be used to transfer the corresponding data to the commissioned doctor to enable you to access the communication with the doctor and the treatment findings. If you are within the scope of the GDPR, the legal basis for this is Art. 6 Para. 1 b) GDPR.
Your doctor processes the information you enter on derma2go (name data, address and contact data, age, image data, health data, billing data, if applicable information on health insurance, diagnoses, therapy suggestions and findings) for the purposes of carrying out the treatment contract concluded with you. If you are within the scope of the GDPR, the legal basis for this is Art. 6 para. 1 b) GDPR in conjunction with Art. 9 para. 2 h) GDPR. For details, please refer to the information provided by your doctor.
Your data can be accessed for a period of three months. We therefore recommend that you store the treatment data with you if necessary.
If you are within the scope of the GDPR, the legal basis for the corresponding processing by the respective doctor with the implementation of the treatment contract is Art. 6 Para. 1 b) GDPR. No health information will be transmitted to Stripe, but only the data required for the payment process.
Furthermore, there is the possibility to handle the payment process with the online payment service PayPal. PayPal enables online payments to be made to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal. This regularly involves the following data: Name, address, company, e-mail address, telephone and mobile number IP address.
If you are in the area of application of the DSGVO, the legal basis for this is Art. 6 para. 1 b) DSGVO, as the processing of data is necessary for payment with PayPal and thus for the execution of the contract.
If you send us a message via one of the contact options offered, we will use the data you provide to us to process your request. The legal basis for this is our legitimate interest in responding to your request. If you are in the area of application of the GDPR, the legal basis for the corresponding processing is Art. 6 Para. 1 f) GDPR. If you are within the scope of the GDPR and if your request serves to conclude a contract with us, the further legal basis for the processing is Art. 6 para. 1 b) GDPR. The data will be deleted after your request has been dealt with. If we are obliged by law to store the data for a longer period of time, it will be deleted after expiry of the corresponding period.
By registering for our email newsletter, we process the data provided by you for the creation and dispatch of the newsletter as well as for the proof of registration for our newsletter. If you are in the area of application of the DSGVO, the legal basis for this is Art. 6 para. 1 a) DSGVO. To send the newsletter, you must click on the confirmation link in the verification email that we send you after your registration. When you click on the link in the verification e-mail, we process the public IP address of the terminal device from which the link is called up, together with the date and time of the click and your e-mail address. We process this data to be able to prove that you have confirmed your consent. If you are in the area of application of the DSGVO, the legal basis for this is Art. 6 para. 1 f) DSGVO. Our legitimate interest in this is the fulfilment of our obligation to document and prove your consent. Your registration to our newsletter is revocable at any time with effect for the future.
Cookies are used for the operation of our website to ensure the technical functionality of our website and to understand how visitors use our website.
A cookie is a small text file that is stored on your terminal device by your browser when you visit our website. If you call up our website again later, we or the service provider setting the cookie can read out the respective cookie again.
Cookies are stored for different periods of time. A distinction must be made between so-called session cookies and temporary cookies. Session cookies are deleted from your browser when you leave our website or when you exit the browser. Permanent cookies are stored for the duration specified when they are stored.
You can set your browser to accept cookies at any time, but this may result in our website no longer functioning properly. You can also delete cookies yourself at any time.
– Technically necessary cookies, which are absolutely necessary for the use of the functions of our website. Without these cookies, certain functionalities cannot be provided. These are session cookies.
– Statistics cookies that are used to analyse your user behaviour. For details, please read the information on “Matomo”.
– Marketing cookies that are used to show you personalised content that matches your interests. For details, please read the information on “Facebook Pixel”, “Google Remarketing”, “Outbrain”, “Taboola” and “Sendy”.
Most browsers used by our users allow you to choose which cookies to store and to delete (certain) cookies. If you limit the storage of cookies to certain websites or do not allow cookies from third party websites, this may result in our website not being able to be used to its full extent. Here you will find information on how to adjust cookie settings for the most common browsers:
– Google Chrome (support.google.com/chrome/answer/95647?hl=en)
– Internet Explorer (https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies)
– Firefox (https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen)
– Safari (https://support.apple.com/kb/PH21411?locale=deDE)
Using Matomo to analyze the use of our website
For the compilation of statistics and evaluations, how and with which end devices our offer is used, for the optimization of the offer and for the recognition of errors we use the tool Matomo; https://matomo.org. This tool runs directly on our server and is operated by us.
With this processing we pursue the justified interest to improve our offer and to be able to operate stable. If you are in the area of application of the GDPR is legal basis of the processing art. 6 Abs. 1 f) GDPR.
In order to collect data, the tool uses a so-called “cookie”. This is a small text file that is stored by your browser on your terminal device. By means of this cookie, the tool receives, for example, information about which website you have visited, technical data of the browser you are using and of the respective terminal device. The IP address of your terminal device is only processed anonymously. At no time does the tool create profiles to which we can assign certain users, but always uses pseudonyms.
If you do not want us to use Matomo for your visit to our website, please click here. (https://matomo.org/docs/gdpr/#6-right-to-object)
To note your objection, a Cookie is stored in your browser. If you delete this later, you will have to explain the opposition to him.
(1) We use “Facebook Pixel”, a service of Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as: “Facebook”) on our website. Facebook Pixel enables Facebook to display our ads on Facebook, so-called “Facebook Ads”, only to those Facebook users who have been visitors to our internet presence, in particular who have shown interest in our online offer. Facebook Pixel also makes it possible to check whether a user was redirected to our website after clicking on our Facebook Ads. Facebook Pixel uses, among other things, cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device. If you are logged into your Facebook user account, your visit to our website will be recorded in your user account. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, this data can be linked by Facebook to your user account there. If you have a user account with Facebook and are registered, Facebook can assign the visit to your user account.
(2) We use Facebook Pixel for marketing and optimisation purposes, in particular to place relevant and interesting ads for you on Facebook and thus improve our offer, make it more interesting for you as a user and avoid annoying ads.
(3) Insofar as you have given your consent for the storage of Facebook Pixel, this is done on the basis of Art. 6 Para. 1 lit. a DSGVO.
(4) You can object to the aforementioned collection by Facebook Pixel and the use of your data for the display of Facebook Ads. You can make the relevant settings as to which types of advertisements are displayed to you within Facebook on the following Facebook website: https://www.facebook.com/settings?tab=ads.
Please note that this setting will be deleted when you delete your cookies. In addition, you can deactivate cookies that are used for range measurement and advertising purposes via the following websites:
Please note that this setting will also be deleted when you delete your cookies.
(5) In addition, Facebook has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and has certified itself. This means that Facebook undertakes to comply with the standards and regulations of European data protection law. You can find more information in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
(6) Information from the third-party provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Further information from the third-party provider on data protection can be found on the following Facebook website: https://www.facebook.com/about/privacy.
Information on Facebook Pixel can be found on the following Facebook website: https://www.facebook.com/business/help/651294705016616
Our website uses the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-related, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every device on which you log in with your Google account.
To support this feature, Google Analytics collects user authenticated IDs that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting.
You can permanently opt out of cross-device remarketing/targeting by disabling personalised advertising in your Google Account; follow this link: https://adssettings.google.com/
The aggregation of the collected data in your Google account is based solely on your consent, which you can give or withdraw at Google (Art. 6 para. 1 lit. a DSGVO).
The information collected about users may be transmitted to Google and stored on Google’s servers in the USA. Google is certified for the US-European data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.
Further information and the data protection provisions can be found in Google’s data protection declaration at: https://www.google.com/policies/technologies/ads/.
We use the service of Outbrain (Outbrain, Inc, 39 West 13th Street, 10011 New York, USA) on our website. This enables us to provide you with content from our own website that may be of interest to you on third-party websites and to link to it. The advertisement appears on recommendation or evaluation of the content you have read so far, based on cookies, with the help of which the corresponding user behaviour can be evaluated. In doing so, the advertising relevant to you will only appear on advertising spaces of Outbrain Extended Network [and, where applicable, Outbrain Engage, please add what applies to you].
The legal basis for the data processing is your consent pursuant to Art. 6 I lit. a DSGVO. Outbrain offers you as a data subject the possibility to deactivate the function of so-called interest-based advertising. You can find this function and further information under the following link: https://my.outbrain.com/recommendations-settings/home There you go to “View my Profile” and can change your settings to non-personalised ads. The storage period depends on the specifications of the operators of Outbrain, cf. http://www.outbrain.com/de/legal/privacy .
Since data transfer to the USA also takes place here, further protection mechanisms are required to ensure the level of data protection of the GDPR. In order to ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
We use the service of Taboola (Taboola, Inc, 16 Madison Square West, 10010 New York, USA) on our website. This enables us to display ads to you through individual recommendations based on your surfing behaviour and interests. The usage profiles are created pseudonymously and do not allow any inference to your person. The following information is collected via Taboola cookies:
Web pages accessed as well as content on our website.
Your operating system
A referrer or link through which you came to our website
The time and number of web page calls
the calls of error pages
Location information (city and state)
shortened IP addresses
The legal basis for data processing is consent in accordance with Art. 6 I lit. a DSGVO. You can object to tracking at any time by contacting the provider directly via the following link: https://www.taboola.com/policies/privacy-policy#user-choices-and-opting-out . After an OPT-out has been carried out, you will no longer receive personalised content. You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website without restrictions.
The storage period depends on the specifications of the provider of Taboola, more information on this can be found under the following link: https://www.taboola.com/policies/privacy-policy.
Since data is transferred to the USA, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
For sending newsletters to newsletter subscribers, we use the self-hosted programme Sendy. The provider is Ben Ho Sendy, Business registration 53104117D, 330A Anchorvale Street, #02-523 Singapore 541330 (https://sendy.co).
When we send newsletters using Sendy, we can determine whether a newsletter message has been opened and which links, if any, have been clicked.
Sendy also allows us to subdivide newsletter recipients based on different categories (so-called tagging). If you do not want Sendy to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Amazon Web Service after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses within the scope of purchase processing) remain unaffected by this.
In connection with your personal data, you are entitled in particular to the rights listed below. Please refer to the legal regulations for details. If you are within the scope of the GDPR, the GDPR is the legal basis.
Right to information
You have the right to request confirmation from us as to whether personal data relating to you will be processed by us. If this is the case, you have the right to be informed about this personal data and to receive further information. If you are within the scope of the GDPR, the legal basis is Art. 15 GDPR.
Right to rectification
You have the right to demand from us immediately the correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data – also by means of a supplementary declaration – taking into account the purposes of the processing. If you are within the scope of the GDPR, the legal basis is Art. 16 GDPR.
Right to deletion
You have the right to demand that we delete any personal data concerning you immediately. We are obliged to delete personal data immediately if the corresponding requirements are met. If you are within the scope of the GDPR, the legal basis is Art. 17 GDPR.
Right to limitation of processing
Under certain circumstances you have the right to demand that we restrict the processing of your personal data. If you are within the scope of the GDPR, the legal basis is Art. 18 GDPR.
Right to data transferability
If you are within the scope of the GDPR you have the right under Art 20 GDPR to receive the personal data relating to you which you have provided to us in a structured, common and machine-readable format and you have the right to transfer this data to another responsible person without hindrance by us, provided that the processing is based on consent in accordance with Article 6 Para. 1 a) GDPR or Article 9 para. 2 a) GDPR or on a contract pursuant to Article 6 para. 1 b) GDPR and the processing is carried out using automated procedures.
Existence of a right of appeal to the supervisory authority
If you are within the scope of the GDPR, Art. 77 GDPR gives you the right to complain to the supervisory authority without prejudice to any other administrative or judicial remedy. This right exists in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement if you are of the opinion that the processing of your personal data violates the GDPR.
Right of objection
You have the right to object to the processing of personal data concerning you, including profiling based on these provisions. If you are within the scope of the GDPR, the legal basis is Art. 21 GDPR. The statement of objection then applies to personal data that is based on Article 6 paragraph 1 letters e or f of the GDPR Regulation.
If we process your personal data in order to carry out direct advertising, you have the right at any time to object to the processing of your personal data relating to the section of such advertising by sending an e-mail to firstname.lastname@example.org; this also applies to profiling insofar as it is connected with such direct advertising.