This Privacy Policy covers the use of your personal information by Skin Analytics Limited of Pem, Salisbury House, 2-3 Salisbury Villas, Cambridge, England, CB1 2LA, United Kingdom
(“Skin Analytics”).
Any references in this Privacy Policy to “we” or “us” are to Skin Analytics. “Personal information”, means any information relating to an identifiable individual. “Special category” or “sensitive” information refers to certain types of personal information which is afforded greater protection at law and may include, for example, your health information.
This Privacy Policy sets out:
If you get in touch with us about a complaint, right or query.
We will collect, process and store personal information about you where it is lawful to do so which may include:
This might be your name, medical history etc. when you expressly provide it to us.
This includes information that is automatically stored by cookies and other session tools (provided you agree to the use of such cookies and similar technologies in the case that they are used for non-essential purposes). For example, the information collected may include the pages you visited on our website, your IP address, etc. This information is used to improve your customer experience. When you use our services or look at the contents of our website, your activities may be logged. More information about cookies and how we use them is set out in Cookie Policy.
We gather information from Healthcare Providers through our service with confirmation that they are legally permitted to share it with us. This is either information you have provided to them directly or information they have gathered about you during your health consultation using or service or otherwise.
We will use your information for the purpose of Legal Obligation (GDPR Article 6(1)(c)) and Healthcare (GDPR Article 9(2)(h)). For example, we may use your information:
We will use your information for the purpose of legitimate interests (GDPR Article 6(1)(f)) being pursued by us in relation to the services that are provided to you. For example, we may use your information:
Where we have relied on our legitimate interests to process your personal information, you may contact us to obtain more information, including in relation to our assessment of the impact on you.
We will seek and rely on your consent (GDPR Article 6(1)(a) / Article 9 (2)(a)) when we process your personal information for the following purposes:
In certain circumstances we share your personal information with trusted partners. We only work with processing partners who are able to ensure that appropriate technical and organisational measures are used for the processing of your personal information.
We may sometimes need to disclose your personal information to law enforcement authorities, regulators or because we are legally obliged to disclose your personal information to third parties or public officials. We might also disclose your personal information to other third parties if you have consented to it or if there are other lawful bases for it.
We use cookies and/or similar technologies to analyse customer behaviour, administer the website, track users’ movements, and to collect information about users. This is done in order to personalise and enhance your experience with us. To see further details, including on the use of third party cookies, and to learn how you can manage your cookie preferences, please refer to our Cookie Policy.
We may also share your personal information with our trusted partners where necessary for the reasons specified:
We may completely anonymise personal information gathered and continue to use any such anonymised data. We will use information outside the scope of this Privacy Policy only when it is anonymised.
We will retain your personal information contained in medical records in line with legal requirements to maintain medical records. Where your personal data relates to a regulated medical device we offer it will be retained in line with medical device regulations. For other personal information, we will balance your data rights against the basis of processing and document the retention period in our records retention policy.
We do not intend to collect or knowingly collect information from children. We do not target children with our services.
Depending on the laws of your country, you may have the following rights regarding your personal information:
You have the right to be provided with clear, transparent and easily understandable information about what personal information is gathered, who we obtained it from (if a third party), why and by whom it is processed. This is why we are providing you with the information in this Privacy Policy.
You have the right to obtain access to your personal information (if we are processing it), and certain other information (similar to that provided in this Privacy Policy).
You are entitled to have your information corrected if it is inaccurate or incomplete.
In certain circumstances you can request for your personal information to be erased from our records. This is not a general right to erasure; there are exceptions.
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
You have the right to object to certain types of processing, in certain circumstances. In particular, you have the right to object to the processing of your personal data based on legitimate interests grounds.
Subject to some limited exceptions, you also have the right to object to automated processing, including profiling; and not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.
You have the right to obtain and reuse your personal data in a structured, commonly used and machine readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).
Where you have given your consent, we may make automated decisions that impact your access to healthcare (such as referring you directly to a skin cancer specialist without the need for a GP appointment) without any human clinician involvement. If you have consented to this, you have the right to request a human review of your case if you feel the decision made by our medical device DERM is incorrect. This should be lodged with us as soon as possible, and prior to attending any further assessment of your lesion(s), by contacting support@skinanalytics.co.uk. If you do this, a clinician will review DERM’s results, to confirm whether the device recommended the correct action for your case.
To exercise your rights or to contact us with any questions or complaints about this Privacy Policy or about how we handle your information, please contact us using the details on the “Contact Us” page: https://skin-analytics.com/contact-us/
You may also contact our Data Protection Officer Dr Helen Marsden by post at the address above or by email at: D P O @ skinanalytics.co.uk
We will endeavour to respond to your relevant communication without undue delay. Generally, we will acknowledge receipt, determine what (if any) action we should take to resolve your request and we will endeavour to respond to you within one month of receipt or as otherwise required by law.
We may refuse a request on certain grounds, for example, if they are manifestly unfounded or excessive. If we refuse your request, we will explain our lawful reason for doing so. We may charge a fee taking into account our administrative cost of complying with your request as prescribed or permitted by the law to handle your requests. However, in most circumstances, we will handle your request free of charge.
If you are not satisfied with our response or you believe our use of your personal information does not comply with data protection law, you can make a complaint to a relevant data protection supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/. In Australia, you may contact the Office of the Australian Information Commissioner: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us
From time to time we may make changes to this Privacy Policy to ensure that it is accurate and up to date and to reflect any changes in the law. This policy was last updated on 29 May 2026.
