Privacy Policy SkinScreener API (integrated in the SDK)

1. Introduction

This privacy policy (Policy) relates to your personal information in connection with your use of and access to the Skinscreener website or Online-Shop, your use of third party applications connected to our SkinScreener-API service, and any platform, portal or interface provided by us and any services provided by Skinscreener (the Skinscreener-API and services together forming the Skinscreener Services). medaia GmbH is committed to protect your information the best way according to General data protection regulation (GDPR) and relevant national law.
If you have any questions or concerns about our Policy, or our practices with regards to your personal information, please contact us via datenschutz@skinscreener.at.

When you use the Skinscreener Services, you trust us with your information and we take your privacy very seriously. We seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this Policy that you do not agree with, please discontinue your use of the Skinscreener Services.

This privacy policy informs you about the nature, scope and purposes of the processing of your personal data when you use our SkinScreener services to obtain a risk analysis of your individual skin cancer risk based on transmitted images of your moles and/or skin lesions.

2. Changes to this Policy or your personal information

We review this Policy regularly and it is your responsibility to check regularly and determine whether you still agree to comply with the Policy. If you do not agree to any changes to this Policy then you must immediately stop using the Skinscreener Services. In the event we make any significant changes to this Policy we will use our reasonable endeavours to inform you of such changes in advance in writing.

It is important that the personal information we hold about you is true, complete, accurate and current. Accordingly, you must notify us of any changes to your personal information (for example, if you change your email address).

3. About us

The Skinscreener Services are owned and operated by medaia GmbH (trading as “Skinscreener”), a company registered in Austria with company number 524691f and whose registered office is situated at Am Eisernen Tor 5/1/12, 8010 Graz, Austria (Skinscreener/we/us/our). Skinscreener is the controller (also known as a data controller) of, and is responsible for, your personal information. The term “you” refers to the user wishing to access and/or use the Skinscreener Services.

The Skinscreener Services are designed to support and monitor your skin health, perform risk assessments of skin lesions, to provide information about further steps in skin healthcare based on the risk assessments and to increase awareness of skin health.

4. Information we may collect about you

4.1 Personal information you disclose to us

(a) Where and how we collect personal information

We collect personal information that you voluntarily provide to us when registering to use and actually using the Skinscreener Services, or otherwise contacting us. More particularly, the personal information that we collect depends on the context of your interactions with us, the choices you make and the products and features you use.

For example:

  • We collect personal information via our website, mobile applications, our SkinScreener-API and other technical systems.
  • We collect personal information when you use our website mobile applications or SkinScreener-API to sign up to, participate in or receive a service from us, for example where you contact us, request information online, report an issue, provide feedback or enter a live chat.
  • Our website also uses cookies and collects IP addresses (for more information on this, see our Cookie Policy).
  • We may monitor and record communications with you (such as telephone conversations and emails). We may do this for a number of reasons, such as to check the quality of our customer service, for training purposes, to prevent fraud or to make sure we are complying with legal requirements.

(b) The types of personal information we may collect

When you use the Skinscreener Services and/or when you otherwise deal with us, we may collect the following information about you (the Information):

  • Identity Data, which includes your first name, last name, identification number for statutory health insurances, date of birth or year of birth and sex at birth.
  • Contact Data, which means the data we use to contact you including email address and phone number.
  • Usage Data, which includes Information about how you use the Skinscreener Services. This includes your browsing patterns and Information such as how long you might spend on one of our webpages on the Skinscreener homepage and what you look at and for, the page that referred you to the Skinscreener homepage and the click stream during your visit to our website, page response times, and page interaction Information (for example, clicks you make on a page).
  • Health Data which includes images and risk assessments on your health including your skin health, moles or other skin lesions.
  • Other Information relevant to services, customer surveys, questionnaires and/or offers.

4.2 Sensitive personal information

Due to the nature of the Services, you will be asked to provide sensitive personal information. When we request such information, we will explain why we are requesting it and how we will use it, either in this Policy or separately. Your name, sex assigned at birth and Date of birth are only used for statistical and post-market surveillance reasons (ISO 13485:2021).

4.3 Legal Basis

The processing of your personal non-sensitive data is based on Art 6 (1) lit b GDPR because you agree that you get access to SkinScreener Services through a third party device and you agreed on our terms and conditions to perform our assessment services. To fulfill our services we have to process your images and sensitive data according to Art 6 (1) lit a and Art 9 (2) lit a GDPR.

5. How do we use your Information?

We use your Information collected via the Skinscreener Services for a variety of business purposes described below. We process your Information for these purposes in reliance on our legitimate business interests (Business Purposes), in order to enter into or perform a contract with you (Contractual Reasons), with your consent (Consent), and/or for compliance with our legal obligations (Legal Reasons). We indicate the specific processing grounds we rely on next to each purpose listed below.

We may process your Information for the following purposes:

  • To take steps towards entering into a contract with you, to provide the Skinscreener Services and to claim any right to be paid under our Terms & Conditions (Contractual Reasons). This includes collecting and using your personal information to:
    • Manage any accounts you hold with us;
    • Contact you for reasons related to the Skinscreener Services;
    • Enable us to follow up on enquiries made by you in relation to the Skinscreener Services and/or to provide information you have requested;
    • Deal with payment for the Skinscreener Services;
    • Notify you of any changes to our Skinscreener Services that may affect you; and
    • Resolve disputes.
  • To pass it onto our partners in connection with the fulfilment and management of your orders, payments, returns, and exchanges (Contractual Reasons).
  • To contact you regarding enquiries you have made in relation to the Skinscreener Services.
  • To send administrative Information to you for Business Purposes, Legal Reasons and/or possibly Contractual Reasons. We may use your Information to send you product, service and new feature information and/or information about changes to our Terms & Conditions and policies, as may be in place from time to time.
  • To facilitate account creation and the log-in process with your Consent. If you choose to link your account with us to a third party account (such as your Google or Apple account), we use the Information we are consequently allowed to collect from those third parties to facilitate account creation and the log-in process.
  • To protect the Skinscreener Services for Business Purposes and/or Legal Reasons. We may use your Information as part of our efforts to keep the Skinscreener Services safe and secure (for example, for the purposes of monitoring and/or preventing fraud).
  • To enforce our Terms & Conditions and policies for Business Purposes, Legal Reasons and/or possibly Contractual Reasons.
  • To respond to legal requests and prevent harm for Legal Reasons. For example, if we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
  • We may use your Information for other Business Purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve the Skinscreener Services, our products and services, our marketing and your experience.
  • We may submit your data according to contractual reasons to institutions and companies i.e. healthcare providers, agencies, statutory health insurances etc.

6. Will your Information be shared with anyone?

We only share and disclose your Information in the following situations:

  • Contractual. We may share information with providers and partners, especially third party application providers from which you can use our services, or obligations arising out of any such contracts, to be fulfilled i.e. submission of your results together with personal data.
  • Compliance with Legal Obligations. We may disclose your Information where we are legally required to do so in order to comply with applicable laws, governmental requests, judicial proceedings, court orders, or legal processes, such as in response to a court order or a subpoena (including in response to requests from public authorities in order to meet national security or law enforcement requirements).
  • Vital Interests. We may disclose your Information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, illegal activities or situations involving potential threats to the safety of any person, or where we believe it is necessary for the purpose of providing evidence in connection with litigation proceedings in which we are involved.
  • Third Party Service Providers. We may share your Information with third party vendors, service providers, credit reference agencies, trade associations of which we are a member, credit card associations, contractors or agents who perform services and require access to such Information to carry out that work. Examples include: Google Cloud, Google Firebase. Such third parties will only have access to your Information to the extent that they need to perform those services. They are required to keep your Information confidential and may not use it other than as we ask them to and always in accordance with this Policy.
  • Business Transfers. We may share or transfer your Information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Training: We are going to use your anonymized images for training purposes of our algorithm.
  • With your Consent. We may disclose your Information for any other purpose with your Consent, including with any person who you have named as a person we can contact to discuss your account and any agent or representative of yours .

We may disclose aggregated, anonymous Information (i.e. Information from which you cannot be personally identified), or insights based on such anonymous Information, to selected third parties, including (without limitation) analytics and search engine providers, business partners to assist us in the improvement and optimisation of the Skinscreener Services. In such circumstances we will not disclose any Information which can identify you personally.

7. Is your Information transferred internationally?

Whenever we transfer your Information outside of the European Union, we will take all reasonably practicable measures to protect your Information in accordance with this Policy and applicable laws. To the extent that any transfer requires approved safeguards to be in place we will only transfer your Information to countries or companies that have been deemed to provide an adequate level of protection for personal data. Where we use certain service providers, we may use specific contracts approved for use in the European Union which give personal data the same protection it has in the European Union. Please contact us if you want further information on the specific mechanism(s) used by us when transferring your personal data out of the European Union.

8. Third party websites

The Skinscreener website may feature links to third party websites or social media channels, or contain advertisements from third parties that are not affiliated with us and which may link to other websites, online services or mobile applications. We cannot guarantee the safety and privacy of data you provide to any third parties. Any data collected by third parties is not covered by this Policy.
We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services or applications that may be linked to or from the Skinscreener Platform. You should review the policies of such third parties and contact them directly if you have any related questions.

9. For how long do we keep your Information?

We will only keep your Information for as long as it is necessary for the purposes set out in this Policy, unless a longer retention period is required or permitted by law (such as tax law, accounting requirements or other legal or regulatory requirements).
When we have no ongoing Business Purpose to justify the processing of your Information, we will either delete or anonymise it, or, if this is not possible (for example, because your Information has been stored in backup archives), then we will securely store your Information and isolate it from any further processing until deletion is possible.

10. How do we keep your Information safe?

We have implemented appropriate technical and organisational security measures designed to protect the security of any Information we process. For example, we store your personal data on Google Cloud.

We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable supervisory body of a suspected data breach where we are legally required to do so.

However, please also remember that we cannot guarantee that the Internet itself is 100% secure. Although we will use our reasonable endeavours to protect your Information, we cannot guarantee the security or integrity of personal Information that is transferred from you or to you via the Internet. Transmission of personal Information to and from the Skinscreener Services is therefore at your own risk. You should only access our services within a secure environment.

11. Do we collect Information from minors?

We do not knowingly solicit data from or market to children under 18 years of age. By using the Skinscreener Services, you represent that you are at least 18 years of age. If we learn that information from users less than 18 years of age has been collected, we will deactivate the relevant account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under 18 years of age, please contact us immediately via datenschutz@skinscreener.at.

12. Your Consent to processing

You will be required to give consent to certain processing activities before we can process your Information. Where applicable, we will seek consent from you before you first submit Information to or through the Skinscreener Services.
If you have previously given your consent you may freely withdraw such Consent at any time. You can do this by emailing datenschutz@skinscreener.at.
If you withdraw your Consent, and if we do not have another legal basis for further processing your Information, then we will stop processing it. Please note that if we need to process your Information in order for you to use the Skinscreener Services and you object or do not provide Consent to us processing your Information, you accept that the Skinscreener Services will no longer be available to you in the future. Please note however that this will not affect the lawfulness of the processing that occurred before the withdrawal of such Consent.

13. Account Information

You may at any time review or change the Information in your account by logging into your Skinscreener account.
If you wish to terminate your Skinscreener account, please contact us via datenschutz@skinscreener.at and we can arrange this for you. Some Information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms & Conditions and/or comply with legal requirements.

14. What are your privacy rights?

You have certain rights in relation to the Information that we hold about you. Details of these rights and how to exercise them are set out below. Please note that we will require evidence of your identity before we are able to respond to any requests. This is a security measure to ensure that your Information is not disclosed to a person who does not have the right to receive it. We may also contact you to ask you for further Information in relation to your request to speed up our response. To exercise or discuss any of your rights, please contact us via datenschutz@skinscreener.at .

  • Right of Access. You have the right at any time to ask us for a copy of the Information that we hold about you and to check that we are lawfully processing it. Where we have good reason, and where data protection law permits, we can refuse your request for a copy of your Information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reason(s) for doing so.
  • Right of Correction or Completion. If Information we hold about you is not accurate or is out of date and requires amendment or correction, you have a right to have the data rectified or completed.
  • Right of Erasure. In certain circumstances, you have the right to request that the Information we hold about you is erased (for example, if the Information is no longer necessary for the purposes for which it was collected or processed or our processing of the Information is based only on your Consent and there are no other legal grounds on which we may process the Information).
  • Right to Object to or Restrict Processing. In certain circumstances, you have the right to object to our processing of your Information (for example, if we are processing your Information on the basis of our legitimate interests but there are no longer any compelling legitimate grounds to justify our processing overriding your rights and interests).

You may also have the right to restrict our use of your Information, for example during a period in which we are verifying the accuracy of your Information in circumstances where you have challenged the accuracy of that Information.
Due to the confidential nature of data processing we may ask you to provide proof of identity when exercising the above rights. This can be done by providing a scanned copy of a valid identity document or a signed photocopy of a valid identity document.

15. Contact us

We welcome your feedback and questions on this Policy. If you wish to contact us about this Policy or have any other questions, please email us via datenschutz@skinscreener.at .
You have the right to make a complaint at any time to the CNPD – Comissão Nacional de Proteção de Dados, Av. D. Carlos I, 134, 1 1200-651 Lisboa, the Portuguese supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the CNPD, so please contact us in the first instance.