Responsible Party: Proliance GmbH Dominik Fünkner
Address: Leopoldstr. 21 80802 Munich
Phone: +49 89250039227
Email: datenschutzbeauftragter@datenschutzexperte.de
When contacting the EU representative, please specify the company to which your inquiry relates. Please refrain from including sensitive information such as a copy of your ID with your inquiry.
References to the GDPR
For users from the European Union or the European Economic Area, the provisions of the GDPR apply. For users from Switzerland, Swiss laws apply. Please note that this privacy policy may change from time to time. We therefore recommend that you read this privacy policy regularly to ensure that you are always familiar with the currently applicable version.
Data Security
The protection of your personal data is a top priority at derma2go AG. We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse. Your personal data is transmitted in encrypted form and stored on protected servers. Access to your password-protected profile is additionally secured using so-called two-factor authentication. Your personal data will not be transmitted to third parties when using our website or when contacting us via email for purposes other than those listed below. Our employees and contractual partners who have access to your data are contractually obligated to maintain confidentiality and comply with data protection regulations.
Duration of Storage of Personal Data
We process and store your personal data for as long as is necessary to fulfill our contractual and legal obligations or for the purposes pursued by the processing, as well as in accordance with legal retention and documentation obligations. It is possible that personal data will be retained for the period during which claims can be made against our company and to the extent that we are otherwise legally obligated to do so or legitimate business interests require it.
As soon as your personal data is no longer required for the stated purposes or you exercise your right to deletion or revocation, it will be deleted or anonymized.
Your personal data is stored exclusively on servers in Switzerland and the European Union.
Visiting Our Website
When you visit our website www.derma2go.com (“derma2go.com”) for informational purposes only, the following data is collected from your device or the browser used and stored in a log file:
We use this data initially for technical purposes to deliver the content of our website that you have requested and to ensure the secure operation of our service.
Furthermore, we use this data in anonymized form for statistical purposes so that we can understand which devices with which characteristics and settings are used to visit our website in order to optimize it if necessary.
The IP address of your device is anonymized when complete storage is no longer necessary for the technical purposes you have initiated. Complete IP addresses are therefore not stored for non-technical purposes unless this is necessary to detect and defend against attacks (e.g., preventing access, spying on data, spreading malware (e.g., viruses) or other unlawful purposes) against the systems used for our website. Such attacks would impair the intended functionality of the technology, the use of our website or its functionality, as well as the security of visitors to our website. We pursue the legitimate interest of ensuring the functionality of our website and defending against unlawful attacks against us and visitors to our website.
If you are in the scope of the GDPR, the legal basis is Art. 6 para. 1 f) GDPR.
Contact Inquiries
When you send us a message via one of the contact options offered, we use the data you have provided (e.g., name, first name, address and contact details, email address) to process your inquiry. The purpose of using this data is our legitimate interest in responding to your request.
If you are in the scope of the GDPR, the legal basis is Art. 6 para. 1 f) GDPR. If your inquiry leads to the conclusion of a usage contract with us, the legal basis is Art. 6 para. 1 b) GDPR.
Newsletter
By subscribing to our email newsletter, we process the data you provide to create and send the newsletter and to provide proof of your subscription to our newsletter via HubSpot Inc. (25 First Street, Cambridge, MA 02141, USA). This initially only concerns your email address.
To send the newsletter, you must click on the confirmation link in the verification email that we send you after your registration. By clicking on the link provided in the verification email, we process the public IP address of the device from which the link is accessed, together with the date and time of the click and your email address. We process this data to be able to provide proof that you have confirmed your consent. This confirmation is necessary so that no one can register with someone else’s email address.
If you are in the scope of the GDPR, the legal basis is Art. 6 para. 1 a) and f) GDPR.
You can revoke your subscription to our newsletter at any time with effect for the future. For this purpose, there is a corresponding link in each newsletter.
Creating a User Account
When you create a user account, we process the data you provide to create and manage the account and to enable you to use the services we offer through the use of the account. The following data is collected:
Health data is particularly sensitive personal data and is only processed with your express consent.
If you are in the scope of the GDPR, the legal basis is Art. 6 para. 1 b) in conjunction with Art. 9 para. 2 a) GDPR.
Treatment Contract Between Specialist and Patient
In addition to use for purely informative purposes, treatment contracts can also be concluded between a patient and a specialist via our website.
The data protection officer responsible in connection with a concluded treatment contract is the respective specialist. In this regard, we refer to their data protection notices, which we point out during the inquiry process if they have been communicated to us. Within the framework of the treatment contract arising between the specialist and the patient, we are data processors in accordance with Art. 9 DSG or Art. 28 GDPR.
Within the framework of the treatment contract, the following personal data of the patient is processed by us and forwarded to the specialist or transmitted to the patient after online assessment:
If you are in the scope of the GDPR, the legal basis is Art. 6 para. 1 b) GDPR in conjunction with Art. 9 para. 2 h) GDPR.
Data processing of the personal data mentioned here can also be carried out in anonymized and pseudonymized form for evaluations for scientific, statistical and analytical purposes, including for the purpose of developing new data-based diagnostic procedures and diagnostic support systems, provided and to the extent that this is legally permissible. Such evaluations can be carried out by us or by third parties.
Data processing by us can also be carried out for advertising and marketing measures, but only if you have expressly given your consent. Advertising and marketing measures also include information about the patient’s skin and general recommendations for therapies for skin complaints. Such consent can be revoked at any time by sending an email to support@infallible-hofstadter.217-154-19-53.plesk.page.
Personal data in connection with a treatment contract is only accessible on derma2go.com for a period of three months. After the three months have expired, this data will be deleted or anonymized. We therefore recommend that you print out the data or save it on your own system.
Payment Transactions
The remuneration for the treatment is processed via the payment service provider Stripe integrated on our website, operated by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Stripe enables us to securely process online payments via various payment methods (e.g., credit cards, googlePay, applePay, Paypal, Twint). Stripe’s privacy policy can be found at https://stripe.com/de/privacy. If you choose Stripe as a payment method, the data required for the payment process will be automatically transmitted to Stripe. This includes the following data: credit card number, bank details, invoice amount, transaction data, name, address, company, email address, address, telephone and mobile number, IP address. No health data is transmitted to Stripe, only the data required for the payment process.
In Switzerland, Ärztekasse is integrated as a payment service provider in some cases. We use the services of Ärztekasse Genossenschaft (In der Luberzen 1, 8902 Urdorf, Switzerland) to process billing for our medical services. The following personal data is transmitted to Ärztekasse:
The transmission of this data is for the purpose of invoicing and collection. Ärztekasse processes this data on our behalf and is subject to applicable data protection regulations. Further information can be found in Ärztekasse’s privacy policy: Ärztekasse Privacy Policy
If you are in the scope of the GDPR, the legal basis is Art. 6 para. 1 b) GDPR, as processing the data for payment with Stripe or PayPal is necessary for the performance of the treatment contract.
Use of Cookies
Cookies are used for the operation of our website to ensure the technical functionality of our website and to understand how visitors use our website.
A cookie is a small text file that is stored on your device by your browser when you visit our website. When you visit our website again later, we or the service provider setting the respective cookie can read the respective cookie again.
Cookies are stored for different lengths of time. A distinction must be made between so-called session cookies and time-limited cookies. Session cookies are deleted by your browser when you leave our website or close the browser. Persistent cookies are stored for the duration specified when they are stored.
You always have the option of setting in your browser which cookies it should accept, but this may result in our website no longer functioning properly. You can also delete cookies yourself at any time.
We use cookies for the following purposes:
Most browsers used by our users allow you to set which cookies should be stored and allow you to delete (certain) cookies again. If you restrict the storage of cookies to certain websites or do not allow cookies from third-party websites, it may result in our website no longer being able to be used to its full extent. Here you can find information on how to adjust the cookie settings for the most common browsers:
Use of Matomo to Analyze the Use of Our Website
For creating statistics and evaluations of how and with which devices our service is used, for optimizing the service and for detecting errors, we use the tool Matomo; https://matomo.org. This tool runs directly on our server and is operated by us.
We pursue the legitimate interest of being able to improve our service and operate it in a stable manner with this processing.
To collect data, the tool uses a so-called “cookie”. This is a small text file that is stored on your device by your browser. By means of this cookie, the tool receives, for example, information about which website you have accessed, technical data of the browser you are using and the respective device. The IP address of your device is only processed in anonymized form. The tool never creates profiles that we can assign to specific users, but always uses pseudonyms.
If you are in the scope of the GDPR, the legal basis is Art. 6 para. 1 f) GDPR.
If you do not want us to use Matomo for your visit to our website, please click here. (https://matomo.org/docs/gdpr/#6-right-to-object)
To record your objection, a cookie is stored in your browser. If you delete this later, you must declare the objection again.
Meta Pixel
Our website uses the visitor action pixel from Facebook/Instagram, Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (“Meta”) for conversion measurement. This allows the behavior of page visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook/Instagram advertisement. This allows the effectiveness of Facebook/Instagram advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimized. The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Facebook/Instagram, so that a connection to the respective user profile is possible and Facebook/Instagram can use the data for its own advertising purposes in accordance with the Facebook/Instagram data use policy. This allows Facebook/Instagram to enable the placement of advertisements on Facebook/Instagram pages as well as outside of Facebook/Instagram. This use of the data cannot be influenced by us as the site operator.
The legal basis for data processing is your consent according to Art. 6 para. 1 a) GDPR. In Facebook/Instagram’s privacy policy, you will find further information on protecting your privacy:
You can deactivate the remarketing function “Custom Audiences” in the “Ad Settings” section. To do this, you must be logged in to Facebook/Instagram. If you do not have a Facebook/Instagram account, you can deactivate usage-based advertising from Facebook/Instagram on the website of the European Interactive Digital Advertising Alliance:
Google Ads Conversion Tracking
We use Google Ads conversion tracking to show you advertising on Google websites and other third parties. With conversion tracking, we can determine how successful the individual advertising measures are. We pursue the purpose of showing you advertising that is of interest to you and to make our website more interesting for you.
The legal basis for processing your data is your consent according to Art. 6 para. 1 a) GDPR.
The advertising is delivered by Google via so-called “ad servers”. For this purpose, we use cookies through which certain parameters for measuring success, such as display of the advertisements or clicks by users, can be measured. If you come to our website via a Google advertisement, a cookie is stored on your PC by Google Ads. These cookies usually lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wants to be addressed) are usually stored as analysis values for this cookie. These cookies enable Google to recognize your internet browser.
If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. Each Ads customer is assigned a different cookie. Cookies can therefore not be tracked across the websites of Ads customers.
We ourselves do not collect or process any personal data in the advertising measures mentioned. We only receive statistical evaluations from Google. Based on these evaluations, we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising materials, in particular we cannot identify users based on this information.
Due to the marketing tools used, your browser automatically establishes a direct connection to Google servers. We have no influence on the scope and further use of the data by Google and inform you according to our knowledge: By integrating Ads conversion tracking, Google receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will obtain and store your IP address. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plugin available at the following link: http://www.google.com/settings/ads/plugin
The provider Google is headquartered in the USA (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Data processing can therefore also take place in a third country (a country outside the European Union or the contracting states to the Agreement on the European Economic Area). Google undertakes to conclude so-called EU standard data protection clauses within the meaning of Art. 46 GDPR. Based on this contractual framework, recipients in third countries are also obliged to comply with a data protection standard that essentially corresponds to the European standard. Further information on data protection at Google can be found here:
Google Ads Remarketing
We use Google Ads Remarketing. This application allows advertising from us to be displayed to you on other websites after you have visited our website. This is done using cookies stored in your browser, through which your usage behavior when visiting various websites is recorded and evaluated by Google. This allows Google to determine your previous visit to our website. According to Google’s own statements, Google does not merge the data collected in the context of remarketing with your personal data that may be stored by Google. In particular, according to Google, pseudonymization is used in remarketing.
Google Tag Manager
We use Google Tag Manager on our website for analysis and advertising purposes. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA. The legal basis for processing is Art. 6 para. 1 S. 1 lit. a GDPR. Processing is based on consent. Data subjects can revoke their consent at any time by contacting us, for example at the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until revocation. The legal basis for transmission to a country outside the EEA is an adequacy decision. The security of the data transmitted to the third country (i.e., a country outside the EEA) is ensured because the EU Commission has decided within the framework of an adequacy decision according to Art. 45 para. 3 GDPR that the third country offers an adequate level of protection. We delete the data when the purpose of its collection has ceased to apply. Further information is available in the provider’s privacy policy at https://policies.google.com/privacy?hl=de.
Your Rights
You have the following rights in connection with the processing of your personal data:
Right to Information
You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have a right to information about your personal data processed by us.
If you are in the scope of the GDPR, the legal basis is Art. 15 GDPR.
Right to Rectification
You have the right to request that we immediately correct your incorrect personal data. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – including by means of a supplementary declaration.
If you are in the scope of the GDPR, the legal basis is Art. 16 GDPR.
Right to Deletion
You have the right to request that we delete personal data concerning you immediately. We are also obliged to delete personal data immediately if the relevant requirements are met.
If you are in the scope of the GDPR, the legal basis is Art. 17 GDPR.
Right to Restriction of Processing
Under certain conditions, you have the right to request that we restrict the processing or disclosure to third parties or prohibit the processing of your personal data.
If you are in the scope of the GDPR, the legal basis is Art. 18 GDPR.
Right to Data Portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 para. 1 a) GDPR or Art. 9 para. 2 a) GDPR or on a contract pursuant to Art. 6 para. 1 b) GDPR and the processing is carried out using automated procedures.
If you are in the scope of the GDPR, the legal basis is Art. 20 GDPR.
Right to Object to Processing
You have the right to object to the processing of personal data concerning you with effect for the future; this also applies to profiling based on these provisions. If you are in the scope of the GDPR, the legal basis is Art. 21 GDPR. The objection then applies to personal data processed on the basis of Art. 6 para. 1 e) and f) GDPR.
If we process your personal data for direct marketing purposes, you have the right at any time to object to the processing of personal data concerning you for the purpose of such advertising by writing an email to support@infallible-hofstadter.217-154-19-53.plesk.page; this also applies to profiling insofar as it is related to such direct marketing.
Existence of a Right to Lodge a Complaint with a Supervisory Authority
You have the right to enforce your claims in court or to file a complaint with the competent data protection authority, particularly in the member state of your residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.
The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).
If you are in the scope of the GDPR, the legal basis is Art. 77 GDPR.