Privacy

Privacy Policy

This Privacy Policy covers the use of your personal information by Skin Analytics Limited (“Skin Analytics”). 

Any references in this Privacy Policy to “we” or “us” are to Skin Analytics.  “Personal information”, means any information relating to an identifiable individual.  

This Privacy Policy sets out:

  • What personal information we might collect about you;
  • how we might use that personal information;
  • what personal information we might share with others; and
  • your rights about the personal information we process.

What information do we collect about you?

We will collect, process and store personal information about you which may include:

Information you have provided us with: This might be your e-mail address, name, billing address, home address, medical history etc. In other words, personal information that is necessary for delivering you a product/service or to enhance your customer experience with us. We only collect this information when you expressly provide it to us in a contact form or similar. 

Information automatically collected about you: This includes information that is automatically stored by cookies and other session tools (provided you agree to the use of such cookies and similar technologies in the case that they are used for non-essential purposes). For example, the information collected may include the pages you visited on our website, your IP address, etc. This information is used to improve your customer experience. When you use our services or look at the contents of our website, your activities may be logged. More information about cookies and how we use them is set out in Cookie Policy.

Information from Healthcare Providers: We gather information from Healthcare Providers with confirmation that they have legal grounds to share that information with us. This is either information you have provided to them directly or that they have gathered about you on other legal grounds. A list of Healthcare Providers we work with is available upon request.

How we use your personal information

We use your personal information through reliance on the following lawful bases: 

We will use your personal information where necessary for the performance of a contract we have with you or in order to take steps at your request prior to entering into a contract. The use of your personal information may include:

  • to identify you;
  • to communicate in response to your queries;
  • to provide you a service or to send/offer you a product; and
  • to communicate either for sales or invoicing.

We will use your information for the purpose of legitimate interests being pursued by us in relation to the services that are provided to you. For example, we may use your information:

  • to contact you to discuss our services (and any changes to them); 
  • to communicate in response to your queries and respond to any questions or concerns you have raised; 
  • to deal with administrative matters such as contacting you in respect of the services; 
  • to enhance your customer experience;
  • to administer and analyse our client base (purchasing behaviour and history) in order to improve the quality, variety, and availability of products/ services offered/provided;
  • to conduct questionnaires concerning client satisfaction; 
  • in connection with any legal proceedings, or in order to establish, exercise or defend our legal rights; and 
  • to pass it to any third party to whom we may transfer all or part of our business, or in contemplation of such transfer.

Where we have relied on our legitimate interests to process your personal information, you may contact us to obtain more information, including in relation to our assessment of the impact on you.

We will seek and rely on your consent when we process your personal information for the following purposes:

    • to send you newsletters and campaign offers;
    • to process your personal information using non-essential cookies or other similar technologies (see our Cookie Policy for further information);
    • to use any of the images and data that you upload to our website and/or app for the purposes of medical, clinical and commercial training and research. Please note that, where possible, this data will be anonymised or pseudonymised and no personal information will be published without your explicit consent; and
    • for purposes other than for which the personal information was collected if these are not compatible with the original purpose.

We may process your personal information where such processing is necessary for us to comply with a legal obligation.

Who else can access your personal information?

If you accessed our services through a healthcare provider (e.g. Private Insurer, an NHS Organisation) we will share your personal information with these partners as required to fulfil the healthcare service that we are providing to you.

We may also share your personal information with our trusted partners where necessary for the reasons specified:

  • provision of IT related services, including server provision, email and SMS services and software development;
  • expert dermatologist assessment of images of lesions;
  • provision of a GP call-back service; and
  • card payments.

We only work with processing partners who are able to ensure that appropriate technical and organisational measures are used for the processing of your personal information. 

We may sometimes need to disclose your personal information to law enforcement authorities, regulators or because we are legally obliged to disclose your personal information to third parties or public officials. We might also disclose your personal information to other third parties if you have consented to it or if there are other lawful bases for it.

We use cookies and/or similar technologies to analyse customer behaviour, administer the website, track users’ movements, and to collect information about users. This is done in order to personalise and enhance your experience with us. To see further details, including on the use of third party cookies, and to learn how you can manage your cookie preferences, please refer to our Cookie Policy

Anonymisation

We may completely anonymise personal information gathered and continue to use any such anonymised data. We will use information outside the scope of this Privacy Policy only when it is anonymised.

Data retention

We will retain your personal information contained in medical records in line with legal requirements to maintain medical records. Where your personal data relates to a regulated medical device we offer it will be retained in line with medical device regulations. For other personal information, we will balance your data rights against the basis of processing and document the retention period in our records retention policy. 

Children

We do not intend to collect or knowingly collect information from children. We do not target children with our services.

Your rights

You have the following rights regarding your information:

Right to information: You have the right to be provided with clear, transparent and easily understandable information about what personal information is gathered, who we obtained it from (if a third party), why and by whom it is processed. This is why we are providing you with the information in this Privacy Policy.

Right to access: You have the right to obtain access to your personal information (if we are processing it), and certain other information (similar to that provided in this Privacy Policy).  

Right to rectification: You are entitled to have your information corrected if it is inaccurate or incomplete.

Right to erasure: In certain circumstances you can request for your personal information to be erased from our records. This is not a general right to erasure; there are exceptions.

Right to restrict processing: You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

Right to object to processing: You have the right to object to certain types of processing, in certain circumstances. In particular, you have the right to object to the processing of your personal data based on legitimate interests grounds. 

Right to object to and not be subject to automated individual decision-making: Subject to some limited exceptions, you also have the right to object to automated processing, including profiling; and not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.

Right to data portability: You have the right to obtain and reuse your personal data in a structured, commonly used and machine readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.

Right to withdraw consent: If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).

Contact Information

To exercise your rights or to contact us with any questions or complaints about this Privacy Policy or about how we handle your information, please contact us using the details on the “Contact Us” page: https://skin-analytics.com/contact-us/

You may also contact our Data Protection Officer Dr Helen Marsden by post at the address on the “Contact Us” page or by email at: D P O @ skinanalytics.co.uk 

Right to Complain to the Information Commissioner or other relevant supervisory authority

If you are not satisfied with our response or you believe our use of your personal information does not comply with data protection law, you can make a complaint to a relevant data protection supervisory authority.  In the UK, this is the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/.

Changes to this Privacy Policy

From time to time we may make changes to this Privacy Policy to ensure that it is accurate and up to date and to reflect any changes in the law. This policy was last updated on 15 March 2022.