Privacy Policy

Dermagnostix GmbH

This privacy policy describes how Dermagnostix GmbH (hereinafter referred to as "we") processes your personal data when you use our website or our products and services or when you contact us (e.g., via letter, e-mail, telephone, at trade fairs, etc.).

The privacy policy informs in particular about who is responsible for data processing, which categories of personal data are processed and for what purposes and on what legal basis this is done; furthermore, to which recipients personal data may be transmitted, for how long it is stored and what your rights are as a data subject.

The processing of personal data by us is carried out in accordance with the applicable legal provisions, in particular in compliance with the GDPR¹ and the BDSG².

If you have any questions about the processing and protection of your personal data, or if you wish to exercise any of your rights under the GDPR, you can contact us using the postal address below and by email at info@dermagnostix.com.

In the event of changes to our website, products or services, or applicable data protection law, this privacy policy may change. The current version of the privacy policy can always be found on our website.

Status: January 2024


Content

I.     Name and address of the data controller

II.    Contact details of the data protection officer

III.   General information on data processing

IV.   Rights of data subjects

V.    Provision of our website and creation of log files

VI.   Hosting

VII.  Use of Cookies

VIII. Use of Google Analytics

IX.    Newsletter

X.     Letter, email or telephone contact

XI.    Contact form

XII.   Applications

XIII.  Recipients and transfers to third countries

XIV.  Company presences in social networks

XV.   Use of company presences in professional networks


I. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation ("GDPR") and other provisions of data protection law is:

Dermagnostix GmbH
Georges-Köhler-Allee 302
79110 Freiburg im Breisgau
Germany
info@dermagnostix.com
www.dermagnostix.com

II. Contact details of the data protection officer

The data controller’s data protection officer is:

DataCo GmbH
Attn.: Data Protection Officer
Dachauer Straße 65
80335 München
Germany
+49 89 7400 45840
datenschutz@dataguard.de
www.dataguard.de

III. General information on data processing

1. Scope and purposes of data processing

We process personal data of you (hereinafter referred to as "user", "customer", "interested party" or "data subject") only if and insofar as this is necessary for the provision of a functional website, our products and services and for the purpose of communication with users.

2. Legal basis for data processing

If we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) sentence 1 lit. a GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) p. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

If processing of personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) p. 1 lit. c GDPR serves as the legal basis.

If vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) p. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to protect our legitimate interest or the legitimate interest of a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interests, Art. 6 (1) p. 1 lit. f GDPR serves as the legal basis.

3. Storage time and data deletion

The personal data of a data subject (hereinafter referred to as "data") shall be deleted or made anonymous as soon as the purpose of the processing ends. Further storage may take place if this is required by legal provisions of the European or national legislator to which we are subject.


IV. Rights of data subjects

If your personal data is processed by us, you are a data subject within the meaning of the GDPR and you have the following rights against us as the data controller:

1. Right of access by the data subject (Article 15 GDPR)

(1) The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  • a) the purposes of the processing;
  • b) the categories of personal data concerned;
  • c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • f) the right to lodge a complaint with a supervisory authority;
  • g) where the personal data are not collected from the data subject, any available information as to their source;
  • h) the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4)³ and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

(2) Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.

(3) The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

(4) The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

2. Right to rectification (Article 16 GDPR)

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Right to restriction of processing (Article 18 GDPR)

(1) The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

(2) Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

(3) A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure (‘right to be forgotten’) (Article 17 GDPR)

(1) The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
  • c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
  • d) the personal data have been unlawfully processed;
  • e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

(2) Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

(3) Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:

  • a)for exercising the right of freedom of expression and information;
  • b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
  • d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • e) for the establishment, exercise or defence of legal claims.

5. Right to data portability (Article 20 GDPR)

(1) The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  • a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
  • b) the processing is carried out by automated means.

(2) In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

(3) The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

(4) The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

6. Right to object and automated individual decision-making (Article 21 GDPR)

(1) The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

(2) Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

(3) Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

(4) At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.

(5) In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

(6) Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

7. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.

A list of the competent supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection at the following link:

All citations of articles in this privacy statement refer to the GDPR unless explicitly stated otherwise.

https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

The local supervisory authority for the state of Baden-Württemberg is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Germany
https://www.baden-wuerttemberg.datenschutz.de/kontakt-aufnehmen/

V. Provision of our website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our IT system automatically collects data and information from the user's device.

The following data is collected:

  • Information about the browser type and the version used
  • Internet service provider of the user
  • IP address of the user
  • Date and time of access
  • Websites from which the user's system accesses our website (referrer URL)
  • Web pages that are accessed by the user's system via our website

This data is stored in the log files of our IT system. A storage of this data together with other personal data of the user does not take place.

2. Purpose of data processing

The temporary storage of the IP address by the IT system is necessary to enable delivery of the website to the user's device. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage of all the above data in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our IT system. An evaluation of the data for marketing purposes does not take place in this context.

3. Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f GDPR (legitimate interest).

4. Storage time

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or made anonymous, so that an assignment to a data subject is no longer possible.

5. Right to object

We have an overriding legal interest in the collection of the above data and the storage of the data in log files, as this is absolutely necessary for the operation and provision of the website. The user can object to this. Whether the objection is successful must be determined as part of a balancing of interests.

VI. Hosting

Our website is hosted on servers of a service provider contracted by us.

Our service provider is:

1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany

The service provider's servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The stored information is:

  • Information about the browser type and version used
  • Operating system used
  • Referrer URL
  • Host name of the accessing device
  • Date and time of the server request
  • IP address of the user

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest for processing this data is to display our website without errors and to optimize its functions.

The location of the service provider's servers is geographically within the European Union (EU) or the European Economic Area (EEA).

VII. Use of cookies

1. Description and scope of data processing

When you visit our website, we use so-called cookies that can be stored on your device. Cookies are text files or information in a database that are stored on your device and assigned to the browser you are using, so that certain information can flow to the controller who sets the cookie. When you access our website and at any time later, you have the choice of whether to allow cookies to be set. You can make changes in your browser settings or via our cookie banner. Below we describe what kind of cookies we use:

We use technically necessary cookies, which are required for the technical structure of the website. Without these cookies, our website cannot be displayed (completely and correctly) or certain functions cannot be offered.

The following data is stored and transmitted by the technically necessary cookies:

  • Language settings
  • Frequency of page views
  • Use of website functions

We also use cookies on our website that are not technically necessary. Technically non-necessary cookies are text files that do not solely serve the functionality of the website, but also collect other data.

By setting technically non-necessary cookies, the following data is processed:

  • IP address of the user
  • Location of the Internet user
  • Date and time of access
  • Tracking of the surfing behavior
  • Linking of the website visit with other social media platforms

You can obtain further information on the cookies we use by clicking on "Settings" in the cookie banner on our website.

2. Purpose of data processing

The purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. In this case, the storage of and access to cookies on your device serve to enable you to use our website and to offer you our services as requested by you.

We require the technically necessary cookies for the following applications:

  • Adoption of language settings
  • Functionality of the website

Technically non-necessary cookies are used for the purpose of improving the quality of our website, its content and thus our reach and profitability. By setting these cookies, we learn how the website is used and can thus constantly optimize our offer. In particular, these cookies serve us for the following purposes:

Statistics, marketing

3. Legal basis for data processing

The provisions of the Telecommunications Telemedia Data Protection Act (TTDSG) are applicable to the storage of information on the user's device and/or access to information already stored on the user's device.

If the setting and reading of cookies are technically necessary, the storage of and access to cookies on your terminal equipment will be carried out on the legal basis of Section 25 (2) No. 2 TTDSG.

Insofar as cookies are used that are technically non-necessary, this is only done on the basis of your express consent, which you can grant via the cookie banner. The legal basis for the storage and access to information in this case is § 25 para. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a), Art. 7 GDPR.

4. Storage time

Cookies are generally deleted after the session ends (e.g. logging out or closing the browser). Information about any different storage periods for cookies can be found in the following sections of this privacy policy.

5. Withdrawal of consent

You have the right to withdraw your consent to the use of technically non-necessary cookies at any time with effect for the future by configuring your cookie settings accordingly. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal. Alternatively, you can prevent the storage of cookies by making the appropriate setting in your browser. Please note that the browser settings you make only affect the browser you are using.

VIII. Use of Google Analytics

1. Description and scope of data processing

We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter "Google"). Google Analytics examines, among other things, the origin of visitors, the time they spend on individual pages and the use of search engines and thus allows better monitoring of the success of advertising campaigns. Google sets a cookie on your computer. As a result, the following personal data can be stored and evaluated

  • the activity of the user (in particular which pages have been visited and on which elements have been clicked),
  • device and browser information (in particular the IP address and the operating system),
  • data about the advertisements displayed (in particular which advertisements were displayed and whether the user clicked on them) and
  • data from advertising partners (in particular pseudonymized user IDs).

We use Google Analytics (Universal Analytics) to evaluate your use of our website, to compile reports on your activities and to use other Google services related to the use of our website and the internet.

We have requested that Google anonymize IP addresses, which means that Google shortens your IP address as promptly as technically possible. However, it cannot be ruled out that your data will be transmitted to Google's servers in the USA.

On our behalf, Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage to us. You can obtain further information on the processing of data by Google here: https://policies.google.com/privacy?gl=DE&hl=en


2. Purpose of data processing

The use of Google Analytics (Universal Analytics) serves us to evaluate the use of our website as well as the targeted distribution of advertising to the users who have already expressed an initial interest through their visit to the site.

3. Legal basis for data processing

The legal basis for the processing of the users' personal data is the user's consent pursuant to Art. 6 para. 1 p.1 lit. a GDPR.

4. Storage time

Your personal data will be stored for as long as necessary to fulfill the purposes described in this privacy policy or until you exercise your right of withdrawal.

5. Withdrawal of consent

You have the right to withdraw your consent to the use of Google Analytics at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

You can prevent the collection as well as the processing of your personal data by Google by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, disabling the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=en

You can deactivate the use of your personal data by Google using the following link:

https://myadcenter.google.com/

For more information on how to object to and opt-out of Google, please visit: https://policies.google.com/privacy?gl=DE&hl=en

6. Disclaimer

Your personal data will also be transferred to the USA if you consent to the use of Google Analytics. There is no adequacy decision for the USA according to Art. 45 (3) GDPR. We would like to point out that data transfer without the existence of an adequacy decision entails risks to which we would like to draw your attention below:

Intelligence services in the USA take certain online identifiers (such as the IP address or unique identification numbers) as a starting point for monitoring individuals. In particular, it cannot be ruled out that these intelligence services have already collected information about you, with the help of which the data transmitted here can be traced back to you.

Providers of electronic communications services headquartered in the United States are subject to surveillance by U.S. intelligence agencies pursuant to 50 U.S. Code § 1881a ("FISA 702"). Accordingly, providers of electronic communications services headquartered in the U.S. have an obligation to provide personally identifiable information to U.S. authorities pursuant to 50 U.S. Code § 1881a, with no possible recourse available to you. Even encryption of data at the electronic communications service provider's data centers may not provide adequate protection because, with respect to imported data in its possession or custody or under its control, an electronic communications service provider has a direct obligation to provide access to or surrender such data. This obligation may expressly extend to the cryptographic keys without which the data cannot be read.

The fact that this is not merely a "theoretical risk" is demonstrated by the ECJ ruling of July 16, 2020 (Case C 311/18, ,,Schrems-II").

In order to minimize the risks described above, we have concluded guarantees with Google in the form of standard data protection clauses pursuant to Art. 46 (2) lit. c GDPR. A copy of the standard data protection clauses can be requested from us at any time.

IX. Newsletter

1. Description and scope of data processing

Our website contains a possibility to subscribe to our e-mail newsletter. If you subscribe to the e-mail newsletter, your name and e-mail address (and other information you voluntarily provide) are transmitted to and will be stored by us and our service provider Hubspot (see below).


2. Purpose of data processing

We use the data exclusively for the purpose of providing you, from time to time, with our e-mail newsletter.


3. Legal basis for data processing

The legal basis for the processing of data transmitted to us is your express consent, which you grant by submitting the form to subscribe to our e-mail newsletter. You have the right to withdraw your consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.


4. Storage time

The data is deleted as soon as you unsubscribe from our e-mail newsletter.


5. Withdrawal of consent and consequences of not providing data

The user is not obliged to subscribe to our e-mail newsletter and to provide us with data. The user has the right to withdraw its consent to the use of its data at any time with effect for the future by unsubscribing from our e-mail newsletter by clicking on the corresponding link in the bottom line of each e-mail newsletter. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal. In case of withdrawal of consent, it won’t be possible to (continue to) provide the user with our e-mail newsletter.


6. Use of Hubspot

We use the service provider Hubspot for our e-mail newsletter. If you register for the e-mail newsletter, your name and email address (and other information you provide voluntarily) will be transmitted to Hubspot.

HubSpot is a software company from the USA with a branch in Ireland.

Contact:
HubSpot
2nd Floor 30 North Wall Quay
Dublin 1
Ireland
Phone: +353 1 5187500

HubSpot is subject to TRUSTe ‘s Privacy Seal and the U.S./EU Safe Harbor Framework and the U.S./Swiss Safe Harbor Framework.

You can find information about Hubspot’s privacy policy here: http://www.hubspot.com/legal/privacy-policy


X. Letter, email or telephone contact

1. Description and scope of data processing

In the event of contact via letter, email or telephone, the user's data transmitted in each case will be stored by us.

2. Purpose of data processing

We use the data exclusively for the purpose of communicating with the user.

3. Legal basis for data processing

The legal basis for the processing of data transmitted to us in the course of communication is Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest is to answer your request that you send to us in the best possible way.

If the communication aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR (contract performance or pre-contractual measures).

4. Storage time

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data provided by the user, this is the case when the respective communication with the user has been terminated. The communication is terminated when it is clear from the circumstances that the matter in question has been conclusively clarified and further storage of the data - including for the purpose of pursuing or defending possible legal claims - is no longer necessary.

5. Right to object and consequences of not providing data

The user is not obliged to provide us with data. If the user contacts us, he or she may object to the storage of his or her data at any time, provided that the processing of the data transmitted in the course of the communication was carried out on the legal basis of Art. 6 (1) lit. f GDPR (legitimate interest). In these cases (non-provision of data or objection to processing), it may not be possible to (continue to) communicate.

XI. Contact form

1. Description and scope of data processing

Our website contains a contact form that can be used for electronic contact. If a user makes use of this function, the data entered in the input mask will be transmitted to us and stored.

At the time the message is sent, the following data is stored by us:

  • Email address
  • Surname
  • First name
  • Telephone / mobile phone number
  • IP address of the calling device
  • Date and time of contact
  • Country


2. Purpose of data processing

The processing of the data provided by the user via the input mask of the contact form serves us solely to process the contact and to prevent misuse of the contact form and to ensure the security of our IT system.

3. Legal basis for data processing

The legal basis for the processing of data transmitted via the contact form is Art. 6 para. 1 p. 1 lit. f GDPR (legitimate interest). Our legitimate interest is to answer your request that you send to us via the contact form in the best possible way. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR (contract performance or pre-contractual measures).

4. Storage time

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the data from the input mask of the contact form, this is the case when the respective conversation with the user has been terminated. The conversation is terminated when it is clear from the circumstances that the matter in question has been conclusively clarified and further storage of the data - including for the purpose of pursuing or defending possible legal claims - is no longer necessary.

5. Right to object and consequences of not providing data

The user is not obliged to provide us with data. If the user contacts us, he or she may object to the storage of his or her data at any time, provided that the processing of the data transmitted in the course of the communication was carried out on the legal basis of Art. 6 (1) lit. f GDPR (legitimate interest). In these cases (non-provision of data or objection to processing), it may not be possible to (continue to) communicate.


6. Use of Hubspot

We use the service provider Hubspot for our contact form. If you send a request by using the contact form, your name and email address (and other information you provide voluntarily) will be transmitted to Hubspot.

HubSpot is a software company from the USA with a branch in Ireland.

Contact:
HubSpot
2nd Floor 30 North Wall Quay
Dublin 1
Ireland
Phone: +353 1 5187500

HubSpot is subject to TRUSTe ‘s Privacy Seal and the U.S./EU Safe Harbor Framework and the U.S./Swiss Safe Harbor Framework.

You can find information about Hubspot’s privacy policy here: http://www.hubspot.com/legal/privacy-policy


XII. Applications

1. Description and scope of data processing

You can send us your application via letter or email. In doing so, we record the data you provide. In addition, we offer an applicant/talent pool. In particular, we store the following data:

  • Salutation
  • Surname
  • First name
  • Address
  • Telephone / mobile phone number
  • Email address
  • Salary expectation
  • Information about education and training
  • Language skills
  • CV
  • References ans Certificates

2. Purpose of data processing

The processing of the data from your application serves us solely for the processing of the application.

3. Legal basis for data processing

The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. b Alt. 1 GDPR and § 26 para. 1 p. 1 BDSG (contract performance or pre-contractual measures).

4. Storage time

After completion of the application process, the data will be stored for up to six months. Your data will be deleted after six months at the latest.

5. Consequences of not providing data

The user is not obliged to provide us with data. In this case (failure to provide data), an application process cannot take place/continue.

XIII. Recipients and transfers to third countries

If you provide us with data in the context of contacting us via letter, email or telephone or contact form or by way of an application, we transmit this data - depending on the subject or purpose of the contact - to the following categories of recipients:

  • (IT-) service providers
  • Suppliers
  • Public offices and authorities (including tax offices, courts, etc.)
  • Banks
  • Insurances
  • Logistics, postal and parcel service providers
  • (Legal and tax) consultants

Certain recipients have their (principal) place of business in (or connections to) third countries. Third countries are countries outside the European Union or the European Economic Area. In third countries, the level of data protection may be lower than in the European Union. In the case of a data transfer to third countries, the requirements of Chapter V (Art. 44-50) of the GDPR apply.

A transfer of personal data by us to a third country will only take place if the Commission has determined that the third country in question offers an adequate level of protection or on the basis of standard data protection clauses in conjunction with appropriate safeguards to ensure an adequate level of protection.

Upon request, we will provide you with further information on the identity of the recipients to whom we transfer personal data and on the standard data protection clauses concluded with them, if any.

XIV. Company presences in social networks

We maintain corporate presences in the following social networks:

Instagram:

Instagram, a company of Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland

1. Description and scope of data processing

On our company page, we provide information and offer Instagram users the opportunity to communicate. If you perform an action on our Instagram company page (e.g., comments, posts, likes, etc.), you may make personal data (e.g., clear name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by Instagram, the company jointly responsible for our corporate presence, we cannot provide any binding information on the purpose and scope of the processing of your data. You can find more information on this in the privacy policy of Instagram:

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

2. Purpose of data processing

We use our corporate presence in social networks for communication and information exchange with users. In particular, we use the corporate presence for branding. Every user is free to publish personal data through activities.

3. Legal basis for data processing:

If we process your personal data in order to evaluate your online behavior, offer you lotteries or conduct lead campaigns, this is done on the legal basis of your express consent (Art. 6 para. 1 p. 1 lit. a, Art. 7 GDPR). The legal basis for processing personal data for the purpose of communicating with users is Art. 6 para. 1 p. 1 lit. f GDPR (legitimate interest). In this context, our legitimate interest is to answer your request in the best possible way or to be able to provide the requested information. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR (contract performance or pre-contractual measures).

For the transfer of your personal data to third countries (USA) associated with the use of Instagram, we have provided suitable guarantees in the form of standard data protection clauses pursuant to Art. 46 (2) lit. c GDPR. A copy of the standard data protection clauses can be requested from us.

4. Storage time

We store your activities and personal data published via our Instagram company presence as long as this is necessary to achieve the purpose or until the legal basis ceases to exist at the longest.

5. Withdrawal of consent and right to object

You can at any time object to the processing of your personal data that we collect in the course of your use of our Instagram corporate presence or withdraw the consent you have given and exercise your rights as a data subject mentioned under IV. of this privacy policy. To do so, send us an informal email to info@dermagnostix.com. You can find more information about the processing of your personal data by Instagram and the corresponding objection options here: https://help.instagram.com/519522125107875


Twitter:

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

1. Description and scope of data processing

On our company page, we provide information and offer Twitter users the opportunity to communicate. If you perform an action on our Twitter company page (e.g., comments, posts, likes, etc.), you may make personal data (e.g., clear name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by Twitter, the company jointly responsible for our corporate presence, we cannot provide any binding information on the purpose and scope of the processing of your data. You can find more information on this in the privacy policy of Twitter:

https://twitter.com/de/privacy

2. Purpose of data processing

We use our corporate presence in social networks for communication and information exchange with users. In particular, we use the corporate presence for branding. Every user is free to publish personal data through activities.

3. Legal basis for data processing:

If we process your personal data in order to evaluate your online behavior, offer you lotteries or conduct lead campaigns, this is done on the legal basis of your express consent (Art. 6 para. 1 p. 1 lit. a, Art. 7 GDPR). The legal basis for processing personal data for the purpose of communicating with users is Art. 6 para. 1 p. 1 lit. f GDPR (legitimate interest). In this context, our legitimate interest is to answer your request in the best possible way or to be able to provide the requested information. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR (contract performance or pre-contractual measures).

For the transfer of your personal data to third countries (USA) associated with the use of Twitter, we have provided suitable guarantees in the form of standard data protection clauses pursuant to Art. 46 (2) lit. c GDPR. A copy of the standard data protection clauses can be requested from us.

4. Storage time

We store your activities and personal data published via our Twitter company presence as long as this is necessary to achieve the purpose or until the legal basis ceases to exist at the longest.

5. Withdrawal of consent and right to object

You can at any time object to the processing of your personal data that we collect in the course of your use of our Twitter corporate presence or withdraw the consent you have given and exercise your rights as a data subject mentioned under IV. of this privacy policy. To do so, send us an informal email to info@dermagnostix.com. You can find more information about the processing of your personal data by Twitter and the corresponding objection options here: https://twitter.com/de/privacy


YouTube:

YouTube, a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

1. Description and scope of data processing

On our company page, we provide information and offer YouTube users the opportunity to communicate. If you perform an action on our YouTube company page (e.g., comments, posts, likes, etc.), you may make personal data (e.g., clear name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by YouTube, the company jointly responsible for our corporate presence, we cannot provide any binding information on the purpose and scope of the processing of your data. You can find more information on this in the privacy policy of YouTube:

https://policies.google.com/privacy

2. Purpose of data processing

We use our corporate presence in social networks for communication and information exchange with users. In particular, we use the corporate presence for branding. Every user is free to publish personal data through activities.

3. Legal basis for data processing:

If we process your personal data in order to evaluate your online behavior, offer you lotteries or conduct lead campaigns, this is done on the legal basis of your express consent (Art. 6 para. 1 p. 1 lit. a, Art. 7 GDPR). The legal basis for processing personal data for the purpose of communicating with users is Art. 6 para. 1 p. 1 lit. f GDPR (legitimate interest). In this context, our legitimate interest is to answer your request in the best possible way or to be able to provide the requested information. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR (contract performance or pre-contractual measures).

For the transfer of your personal data to third countries (USA) associated with the use of YouTube, we have provided suitable guarantees in the form of standard data protection clauses pursuant to Art. 46 (2) lit. c GDPR. A copy of the standard data protection clauses can be requested from us.

4. Storage time

We store your activities and personal data published via our YouTube company presence as long as this is necessary to achieve the purpose or until the legal basis ceases to exist at the longest.

5. Withdrawal of consent and right to object

You can at any time object to the processing of your personal data that we collect in the course of your use of our YouTube corporate presence or withdraw the consent you have given and exercise your rights as a data subject mentioned under IV. of this privacy policy. To do so, send us an informal email to info@dermagnostix.com. You can find more information about the processing of your personal data by YouTube and the corresponding objection options here: https://policies.google.com/privacy

XV. Use of company presences in professional networks

Wir nutzen die Möglichkeit von Unternehmensauftritten in berufsorientierten Netzwerken. In folgenden berufsorientierten Netzwerken unterhalten wir einen Unternehmensauftritt:

LinkedIn:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

1. Description and scope of data processing

On our company page, we provide information and offer LinkedIn users the opportunity to communicate. If you perform an action on our LinkedIn company page (e.g., comments, posts, likes, etc.), you may make personal data (e.g., clear name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by LinkedIn, the company jointly responsible for our corporate presence, we cannot provide any binding information on the purpose and scope of the processing of your data. You can find more information on this in the privacy policy of LinkedIn:

https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

2. Purpose of data processing

Unser Unternehmensauftritt auf LinkedIn dient uns dazu, die Nutzer über unser Unternehmen und unsere Aktivitäten zu informieren. Auf unserer LinkedIn-Seite stellen wir Informationen bereit und bieten den Nutzern die Möglichkeit der Kommunikation. Unser Unternehmsauftritt auf LinkedIn wird zudem für Bewerbungen, Informationen/PR und Active Sourcing genutzt. Dabei steht es jedem Nutzer frei, personenbezogene Daten durch seine Aktivitäten zu veröffentlichen.

3. Legal basis for data processing

If we process your personal data in order to evaluate your online behavior, offer you lotteries or conduct lead campaigns, this is done on the legal basis of your express consent (Art. 6 para. 1 p. 1 lit. a, Art. 7 GDPR). The legal basis for processing personal data for the purpose of communicating with users is Art. 6 para. 1 p. 1 lit. f GDPR (legitimate interest). In this context, our legitimate interest is to answer your request in the best possible way or to be able to provide the requested information. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR (contract performance or pre-contractual measures).

For the transfer of your personal data to third countries (USA) associated with the use of LinkedIn, we have provided suitable guarantees in the form of standard data protection clauses pursuant to Art. 46 (2) lit. c GDPR. A copy of the standard data protection clauses can be requested from us.

4. Storage time

We store your activities and personal data published via our LinkedIn company presence as long as this is necessary to achieve the purpose or until the legal basis ceases to exist at the longest.

5. Withdrawal of consent and right to object

You can at any time object to the processing of your personal data that we collect in the course of your use of our LinkedIn corporate presence or withdraw the consent you have given and exercise your rights as a data subject mentioned under IV. of this privacy policy. To do so, send us an informal email to info@dermagnostix.com. You can find more information about the processing of your personal data by LinkedIn and the corresponding objection options here: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

This privacy policy was created with the support of DataGuard.

Footnotes
¹ Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, OJ L 119, 4.5.2016, p. 1–88, as amended (General Data Protection Regulation – GDPR).

² Federal Data Protection Act of 30 June 2017, Federal Law Gazette I p. 2097, as last amended by Article 10 of the Act of 23 June 2021, Federal Law Gazette I, p. 1858; 2022 I p. 1045 (Bundesdatenschutzgesetz – BDSG).

³ All citations of articles in this privacy statement refer to the GDPR unless explicitly stated otherwise.