- What personal information we might collect about you;
- how we might use that personal information;
- what personal information we might share with others; and
- your rights about the personal information we process.
What information do we collect about you?
We will collect, process and store personal information about you which may include:
Information you have provided us with: This might be your e-mail address, name, billing address, home address, medical history etc. In other words, personal information that is necessary for delivering you a product/service or to enhance your customer experience with us. We only collect this information when you expressly provide it to us in a contact form or similar.
Information from Healthcare Providers: We gather information from Healthcare Providers with confirmation that they have legal grounds to share that information with us. This is either information you have provided to them directly or that they have gathered about you on other legal grounds. A list of Healthcare Providers we work with is available upon request.
How we use your personal information
We use your personal information through reliance on the following lawful bases:
We will use your personal information where necessary for the performance of a contract we have with you or in order to take steps at your request prior to entering into a contract. The use of your personal information may include:
- to identify you;
- to communicate in response to your queries;
- to provide you a service or to send/offer you a product; and
- to communicate either for sales or invoicing.
We will use your information for the purpose of legitimate interests being pursued by us in relation to the services that are provided to you. For example, we may use your information:
- to contact you to discuss our services (and any changes to them);
- to communicate in response to your queries and respond to any questions or concerns you have raised;
- to deal with administrative matters such as contacting you in respect of the services;
- to enhance your customer experience;
- to administer and analyse our client base (purchasing behaviour and history) in order to improve the quality, variety, and availability of products/ services offered/provided;
- to conduct questionnaires concerning client satisfaction;
- in connection with any legal proceedings, or in order to establish, exercise or defend our legal rights; and
- to pass it to any third party to whom we may transfer all or part of our business, or in contemplation of such transfer.
Where we have relied on our legitimate interests to process your personal information, you may contact us to obtain more information, including in relation to our assessment of the impact on you.
We will seek and rely on your consent when we process your personal information for the following purposes:
- to send you newsletters and campaign offers;
- to use any of the images and data that you upload to our website and/or app for the purposes of medical, clinical and commercial training and research. Please note that, where possible, this data will be anonymised or pseudonymised and no personal information will be published without your explicit consent; and
- for purposes other than for which the personal information was collected if these are not compatible with the original purpose.
We may process your personal information where such processing is necessary for us to comply with a legal obligation.
Who else can access your personal information?
If you accessed our services through a healthcare provider (e.g. Private Insurer, an NHS Organisation) we will share your personal information with these partners as required to fulfil the healthcare service that we are providing to you.
We may also share your personal information with our trusted partners where necessary for the reasons specified:
- provision of IT related services, including server provision, email and SMS services and software development;
- expert dermatologist assessment of images of lesions;
- provision of a GP call-back service; and
- card payments.
We only work with processing partners who are able to ensure that appropriate technical and organisational measures are used for the processing of your personal information.
We may sometimes need to disclose your personal information to law enforcement authorities, regulators or because we are legally obliged to disclose your personal information to third parties or public officials. We might also disclose your personal information to other third parties if you have consented to it or if there are other lawful bases for it.
We will retain your personal information contained in medical records in line with legal requirements to maintain medical records. Where your personal data relates to a regulated medical device we offer it will be retained in line with medical device regulations. For other personal information, we will balance your data rights against the basis of processing and document the retention period in our records retention policy.
We do not intend to collect or knowingly collect information from children. We do not target children with our services.
You have the following rights regarding your information:
Right to rectification: You are entitled to have your information corrected if it is inaccurate or incomplete.
Right to erasure: In certain circumstances you can request for your personal information to be erased from our records. This is not a general right to erasure; there are exceptions.
Right to restrict processing: You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
Right to object to processing: You have the right to object to certain types of processing, in certain circumstances. In particular, you have the right to object to the processing of your personal data based on legitimate interests grounds.
Right to object to and not be subject to automated individual decision-making: Subject to some limited exceptions, you also have the right to object to automated processing, including profiling; and not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.
Right to data portability: You have the right to obtain and reuse your personal data in a structured, commonly used and machine readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
Right to withdraw consent: If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).
You may also contact our Data Protection Officer Dr Helen Marsden by post at the address on the “Contact Us” page or by email at: D P O @ skinanalytics.co.uk
Right to Complain to the Information Commissioner or other relevant supervisory authority
If you are not satisfied with our response or you believe our use of your personal information does not comply with data protection law, you can make a complaint to a relevant data protection supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/.