Privacy Policy

This Privacy Policy covers the use of your personal information by Skin Analytics Limited (“Skin Analytics”).

Any references in this Privacy Policy to “we” or “us” are to Skin Analytics. “Personal information”, means any information relating to an identifiable individual.

This Privacy Policy sets out:

  • What personal information we might collect about you;
  • How we might use that personal information;
  • What personal information we might share with others; and
  • Your rights about the personal information we process.

 

What information do we collect about you?

We will collect, process and store personal information about you where it is lawful to do so which may include:

Information you have provided us with

This might be your e-mail address, name, billing address, home address, medical history etc. In other words, personal information that is necessary for delivering you a product/service or to enhance your customer experience with us. We only collect this information when you expressly provide it to us.

Information automatically collected about you

This includes information that is automatically stored by cookies and other session tools (provided you agree to the use of such cookies and similar technologies in the case that they are used for non-essential purposes). For example, the information collected may include the pages you visited on our website, your IP address, etc. This information is used to improve your customer experience. When you use our services or look at the contents of our website, your activities may be logged. More information about cookies and how we use them is set out in our Cookie Policy.

If you use a phone controlled by us as part of your service, we track the location of that device when it is connected to the internet in order to ensure that it is returned to us appropriately.

Information from Healthcare Providers

We gather information from Healthcare Providers with confirmation that they have legal grounds to share that information with us. This is either information you have provided to them directly or information they have gathered about you on other legal grounds. A list of Healthcare Providers we work with is available upon request.

Information from central NHS databases

In line with NHS guidelines, we gather information from central NHS databases (e.g. your name, date of birth, gender, GP address) in order to improve data quality.

How we use your personal information

How we use your personal information depends on the service that we are offering. Skin Analytics offers the following services:
Services Skin Analytics offers directly to patients who are the data subjects (e.g. at home skin assessment service)
Services to NHS Providers (e.g. NHS trusts, CCGs) who treat patients who are the data subjects.

Services Directly to Patients

We use your personal information through reliance on the following lawful bases:

We will use your personal information where necessary for the performance of a contract we have with you or in order to take steps at your request prior to entering into a contract (GDPR Article 6(1)(b)). The use of your personal information may include:

  • to identify you;
  • to communicate in response to your queries;
  • to provide you healthcare services; and
  • to communicate either for sales or invoicing.

We will use your information for the purpose of legitimate interests (GDPR Article 6(1)(f)) being pursued by us in relation to the services that are provided to you. For example, we may use your information:

  • to contact you to discuss our services (and any changes to them);
  • to communicate in response to your queries and respond to any questions or concerns you have raised;
  • to deal with administrative matters such as contacting you in respect of the services;
  • to track the location of a mobile phone we have provided to you as part of ensuring it is returned appropriately;
  • to enhance your customer experience;
  • to administer and analyse our client base (purchasing behaviour and history) in order to improve the quality, variety, and availability of products/ services offered/provided;
  • to conduct questionnaires concerning client satisfaction;
  • in connection with any legal proceedings, or in order to establish, exercise or defend our legal rights; and
  • to pass it to any third party to whom we may transfer all or part of our business, or in contemplation of such transfer.

Where we have relied on our legitimate interests to process your personal information, you may contact us to obtain more information, including in relation to our assessment of the impact on you.

We will seek and rely on your consent (GDPR Article 6(1)(a) / Article 9 (2)(a)) when we process your personal information for the following purposes:

  • to make automated decisions about your healthcare without any human clinician involvement
  • to use any images and data uploaded to our website and/or app for the purposes of medical, clinical and commercial training and product development. Please note that, where possible, this data will be anonymised or pseudonymised and no personal information will be published without your explicit consent; 
  • to process your personal information using non-essential cookies or other similar technologies (see our Cookie Policy for further information); and
  • for purposes other than for which the personal information was collected if these are not compatible with the original purpose.

We may process your personal information where such processing is necessary for us to comply with a legal obligation (GDPR Article 6(1)(c)).

Services to NHS Providers

We use your personal information through reliance on the following lawful bases:

We will use your information for the purpose of Public task (GDPR Article 6(1)(e)) and Healthcare (GDPR Article 9(2)(h)). For example, we may use your information:

  • to provide the healthcare services that we have contracted with your NHS Provider to provide to their patients; and
  • to perform service evaluations to ensure quality of care.

We will use your information for the purpose of legitimate interests (GDPR Article 6(1)(f)) being pursued by us in relation to the services that are provided to you. For example, we may use your information:

  • in connection with any legal proceedings, or in order to establish, exercise or defend our legal rights; and
  • to pass it to any third party to whom we may transfer all or part of our business, or in contemplation of such transfer.

Where we have relied on our legitimate interests to process your personal information, you may contact us to obtain more information, including in relation to our assessment of the impact on you.

We will seek and rely on your consent (GDPR Article 6(1)(a) / Article 9 (2)(a)) when we process your personal information for the following purposes:

  • to make automated decisions about your healthcare without any human clinician involvement;
  • to use any images and data uploaded to our website and/or app for the purposes of medical, clinical and commercial training and product development. Please note that, where possible, this data will be anonymised or pseudonymised and no personal information will be published without your explicit consent;
  • to conduct questionnaires concerning patient satisfaction;
  • to process your personal information using non-essential cookies or other similar technologies (see our Cookie Policy for further information); and
  • for purposes other than for which the personal information was collected if these are not compatible with the original purpose

Who else can access your personal information?

In certain circumstances we share your personal information with trusted partners. We only work with processing partners who are able to ensure that appropriate technical and organisational measures are used for the processing of your personal information.

We may sometimes need to disclose your personal information to law enforcement authorities, regulators or because we are legally obliged to disclose your personal information to third parties or public officials. We might also disclose your personal information to other third parties if you have consented to it or if there are other lawful bases for it.

We use cookies and/or similar technologies to analyse customer behaviour, administer the website, track users’ movements, and to collect information about users. This is done in order to personalise and enhance your experience with us. To see further details, including on the use of third party cookies, and to learn how you can manage your cookie preferences, please refer to our Cookie Policy.

Who we share your information with depends on the services that we are offering.

Services Directly to Patients

We may share your personal information with our trusted partners where necessary for the reasons specified:

  • with your insurer in order to fulfil the healthcare service that we are providing you (e.g. to enable onward referral)
  • provision of IT related services, including server provision, email and SMS services and software development;
  • expert dermatologist assessment of images of lesions;
  • provision of a GP call-back service; and
  • card payments. Note that as part of this process, data is temporarily transferred to servers based in the USA under appropriate UK adequacy regulations.

 

Services to NHS Providers

We may also share your personal information with our trusted partners where necessary for the reasons specified:

  • With the NHS Provider who we work with (e.g. NHS trust) to fulfil the healthcare service that we are providing to you
    provision of IT related services, including server provision, email and SMS services and software development;
  • expert dermatologist assessment of images of lesions;

 

Anonymisation

We may completely anonymise personal information gathered and continue to use any such anonymised data. We will use information outside the scope of this Privacy Policy only when it is anonymised.

Data retention

We will retain your personal information contained in medical records in line with legal requirements to maintain medical records. Where your personal data relates to a regulated medical device we offer it will be retained in line with medical device regulations. For other personal information, we will balance your data rights against the basis of processing and document the retention period in our records retention policy.

Children

We do not intend to collect or knowingly collect information from children. We do not target children with our services.

Your rights

You have the following rights regarding your information:

  • Right to information: You have the right to be provided with clear, transparent and easily understandable information about what personal information is gathered, who we obtained it from (if a third party), why and by whom it is processed. This is why we are providing you with the information in this Privacy Policy.
  • Right to access: You have the right to obtain access to your personal information (if we are processing it), and certain other information (similar to that provided in this Privacy Policy).
  • Right to rectification: You are entitled to have your information corrected if it is inaccurate or incomplete.
  • Right to erasure: In certain circumstances you can request for your personal information to be erased from our records. This is not a general right to erasure; there are exceptions.
  • Right to restrict processing: You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
  • Right to object to processing: You have the right to object to certain types of processing, in certain circumstances. In particular, you have the right to object to the processing of your personal data based on legitimate interests grounds.
  • Right to object to and not be subject to automated individual decision-making: Subject to some limited exceptions, you also have the right to object to automated processing, including profiling; and not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.
  • Right to data portability: You have the right to obtain and reuse your personal data in a structured, commonly used and machine readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
  • Right to withdraw consent: If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).
  • Automated decision making: Where you have given your consent, we may make automated decisions that impact your access to healthcare (such as referring you directly to a skin cancer specialist without the need for a GP appointment) without any human clinician involvement. If you have consented to this, you have the right to request a human review of your case if you feel the decision made by our medical device DERM is incorrect. This should be lodged with us as soon as possible, and prior to attending any further assessment of your lesion(s), by contacting support@skinanalytics.co.uk. If you do this, a clinician will review DERM’s results within one month, to confirm whether the device recommended the correct action for your case.

 

Contact Information

To exercise your rights or to contact us with any questions or complaints about this Privacy Policy or about how we handle your information, please contact us using the details on the “Contact Us” page: https://skin-analytics.com/contact-us/
You may also contact our Data Protection Officer Dr Helen Marsden by post at the address on the “Contact Us” page or by email at: D P O @ skinanalytics.co.uk

Right to Complain to the Information Commissioner or other relevant supervisory authority

If you are not satisfied with our response or you believe our use of your personal information does not comply with data protection law, you can make a complaint to a relevant data protection supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/.

Changes to this Privacy Policy

From time to time we may make changes to this Privacy Policy to ensure that it is accurate and up to date and to reflect any changes in the law. This policy was last updated on 1 October 2024.

Subscribe to our news updates

We won't spam
you, we promise.