Patient login
Provider login
Privacy Policy for Miiskin
Home / Privacy Policy

Privacy Policy for Miiskin

1. This policy is effective from October 9th  2024.

2. This Privacy Policy describes how and when Miiskin Group ApS collects, uses and shares your personal data when you use the Miiskin app and other services offered for sale on www.miiskin.com. If you have any questions or comments about this Privacy Policy, please contact our privacy team  at [email protected].

2.1. Miiskin Group ApS is a Danish but internationally operating company (hereinafter “Miiskin”, “we”, “our”, “us”), providing an app named MIISKIN, (hereinafter “App”) that enables the self-examination of the users’ skin and moles at home and sharing of medical information with your chosen medical provider in order to seek medical services from them and a website miiskin.com with additional services and login to our compare function that also enables the self-examination of the users’ skin and moles at home and sharing of medical information with your chosen medical provider in order to seek medical services from them. (Together called “the “Platform”).

2.2. All of the Platform can only be used by registered users (hereinafter “User”) who upload images of their skin to monitor and perform self-examination of the visual development of their skin.

2.3. Our address headquarter is located in Denmark as detailed on our website. The company is duly incorporated under the laws of the Kingdom of Denmark.

2.4. The privacy policy may be amended from time to time by us with a fair notice to you before the new privacy policy comes into force.

2.5. Please note, that you may use certain parts of our Platform without signing up, in which case we will only collect data based on your consent to our cookie policy that you may find here.  

3. Data controller 

3.1. Miiskin is the controller for the personal data collected from Users.

3.2. We will process your personal data in compliance with European General Data Protection Regulation (“GDPR”) and The Health Insurance Portability and Accountability Act (HIPAA).

4. Purpose and legal basis

4.1. We process your personal data in order for us to manage our user relationship with you, including managing your account and provide you with access to use the Platform, The processing of your personal data is performed on the legal basis of:

  • fulfilment of our contractual obligations when delivering the Platform to you enabling you to self-monitor your skin and moles with images taken with your smartphone or another device and enabling you to seek the provision of medical services from your chosen suitably registered and licensed medical practitioner by sharing your data with them on the Platform. 

4.2. We process your large images (images of your full body, faceor large parts of your skin) and any metadata connected to these images to facilitate your use of our core functionality on our Platform on the legal basis of: 

  • Your explicit consent/your settings in our App. You may withdraw your consent at any time in your App Settings or by sending us an e-mail at [email protected].  

4.3. We may anonymize your images and use them to improve our services and for research services alone or together with external research partners, unless you have declined this use though the settings in our App. 

4.4. We also process your personal data including images of your skin and face if you have opted in, using the settings in our App) to deliver and improve the Platform, to let you know about our policies and Terms of Service and Use, to manage our business, to improve our offerings, develop new features and updates, develop personalization services and other types of service, including but not limited to develop and implement algorithms and machine learning. This processing is on the basis of:

  • Our legitimate interest to improve our platform and services.  

4.5. We do not sell or transfer your personal data to be used for marketing purposes. 

4.6. We may personalize marketing messages that we consider suitable for you, you may unsubscribe at any time.

4.7. We use your contact data to display marketing messages to you on our Platform including from our partners, and to inform you of new product or payment models. 

4.7.1. The processing of personal data is performed based on  

  • Our legitimate interest to create revenue and to promote our partners within our Platform. 

4.7.2. We only send you push notifications about new products or marketing messages including from our partners if you have accepted to receive push notifications in your device settings. If you do not want to receive push notifications from us, just change your device settings. 

4.8. We use your e-mail to inform you about new features and products and updates on the Platform. We may also send you marketing information from Miiskin and/or our partners. You can always find a list of our partners here https://miiskin.com/partners/. The processing of your e-mail for marketing purposes  is performed based on:

  • your freely given consent to receive marketing by e-mail when signing up to the Platform or at a later stage, You may withdraw your consent at any time by sending us an e-mail at [email protected].  
  • or by clicking the “Unsubscribe” button in any marketing e-mail. 

5. Categories of personal data

5.1. We mainly collect the personal data that you submit to us, including your skin and face images and responses to clinical questionnaires, contact information and purchase history. But we also collect information from different parts of the Platform, as further detailed below, including but not limited to the way you use the Platform and technical information about your devices and location. 

5.2. Please visit Clause 8 to read more about your right to access and deletion of your personal data.

5.3. When signing up

5.3.1 When registering via the Platform, you provide us with certain information as requested by us, currently an email, your birth year, and your gender.

5.4. When using the Platform

5.4.1. When you use our platform we only collect the information including the images you provide us with, or information connected to your use of the Platform including who you share your images with etc. 

6. Sharing and Transfer of data 

6.1. We only share your personal data with a third-party vendor (including providers of medical services, card processing and payment service providers) when initiated by you or as described below:  

6.2. We may share personal data regarding you if we are obligated to do so by law, to enforce our terms of Service and Use, to protect us against loss or damage. This may include exchanging information with the police, courts, or law enforcement organisations.  

6.3. We do not transfer your personal data out of the EU if it is stored there, or out of the USA if it is stored there, but you may share or transfer your personal data outside of the EU by using the sharing or transfer functionality that we offer you for your convenience. 

6.4. Please accept that if you transfer images to doctors, other health care professionals or any other third parties,  they become the controller and their privacy policy will apply to the processing of your personal data. So please read the recipient´s privacy policies carefully before you share or transfer your personal data. 

6.5. We only transfer anonymized data to our partners and only for research purposes. We may also transfer anonymized data outside of the EU. 

6.6. If we sell our business or our company assets are acquired by a third-party, personal data held by us about our users may be one of the transferred assets. 

6.7. We and our suppliers (processors) have, as required by the General Data Protection Regulation, implemented appropriate technical and organizational measures to keep your personal data safe. Please contact us at [email protected] if you would like to learn more about how we keep your personal data safe. 

6.8. Your personal data including Images and Images of your Face if you choose to share them, will only be shared with your chosen provider of medical services when you provide explicit consent for the purpose of them medically assessing the images you provide.  They will access your images including images of your face on the Platform for this purpose and the images of your face will be stored by Miiskin for this purpose.  If you agree to their Privacy Policy, your chosen medical service provider may store your personal data including images you share with them (and face images) in their own systems for the purposes of medical record keeping as required by the applicable law.

7. Your rights as a User

7.1. As provided by the GDPR and HIPAA, you have the right to: 

  • Access personal data regarding you.

You can always access your account to review the personal data we have collected about you. You may delete and amend the data collected. 

You also have the right to obtain a copy of the personal data free of charge. However, we may charge a fee corresponding to administrative costs if further copies of the information are requested, or if the request is unfounded or excessive. 

  • Ask for rectification of incorrect or inaccurate data concerning you, or to have incomplete personal data completed. You can use your access to your account to update your personal data. 
  • Ask for erasure of personal data regarding you (under certain circumstances).
  • Ask for the restriction of the processing of your data (under certain circumstances including when we use your personal data for marketing purposes.).
  • Object to the processing of your data for marketing purposes by withdrawing your personal consent. 
  • You can at any time withdraw your consent by use of the setting in the App or by deleting your account or by sending us an e-mail at [email protected] 
  • You have the right of portability of the personal data you have submitted to us. We will deliver your personal data in a structured, commonly used and machine-readable format as supported by our service. You may use the functionality that we provide you with. When we receive a request to access, rectify, erase or port data, we may ask you for additional information in order to confirm your identity and ensure data security. You can send a request at [email protected].

7.2. You have the right to complain regarding the processing of personal data concerning you to the supervisory authority, which in Denmark is the Danish Data Protection Agency:

Datatilsynet
Borgergade 28
1300 København K
Phone no.: +45 33 19 32 00
E-mail: [email protected]

8. Data retention and account deletion 

8.1. We store your personal data including images (and face images) for as long as your account is active. 

8.2. We may also store some of your personal data to comply with our legal obligations. 

8.3. You may add or update certain information to your account. When you update information, however, we often maintain a copy of the unrevised information in systems back-ups for a period of time until our backup is updated with the latest version. 

8.4. If your account has been inactive for 36 months, we will delete the account and all of its content. You will receive a notice prior to us deleting your content to allow you to activate your account again or retrieve any data that you would like to retrieve.  

8.5. You can at any time request deletion of your account by writing to [email protected] or by using the support function in the app. When we delete your account, we delete the data attached to your account that is stored on our servers. You need to uninstall the app on your phone in order to remove the data that is stored locally on your phone.

8.6. Please note that some information may remain in our records after your account has been deleted, and that we may only be able to delete this information later when updating our backups. 

8.7. Please note that we may hold anonymized data, that at one point originated from you, but as the data is truly anonymized it no longer constitutes personal data and we can keep it for as long as it is relevant to our business purposes.  

9. Security

9.1. Your user account on our website is protected with a two-factor authentication. Access to our App on your phone is only restricted if you apply access protection to your phone.  If you use our premium product you can make use of a passcode provided with the premium version of the App, in particular to protect your large images. 

9.2. All images are stored encrypted on your phone to prevent other mobile applications can get access to your images as only our  App can decrypt the images for you to access and view. All images and other personal information that have been synched with our cloud are also encrypted when stored. 

9.3. All images and other personal information are encrypted when transmitted between your phone and our cloud solution (storage). 

9.4. If you export your images from our App to your phone or from your account on our website your images will no longer be encrypted/protected. Any export from the App is your sole responsibility. 

9.5. This Privacy Policy only governs information collected on the Platform and through our cookies.

10. Children’s privacy

10.1. The Platform is intended for use by people above the age of eighteen or the legal age for granting consent to an information service provider on the Internet in the jurisdiction in which you reside. If we receive notice or reasonably believe that someone under the appropriate age has provided us with personal information, we will promptly delete the account and all personal information that has been provided to us. 

10.2. We may use a registration of age as a tool to try and prevent users under the legal age in the jurisdiction where the user resides to read content not rated for minors. 

11. Face data privacy

11.1. If you choose to take photographs of your face for the purpose of monitoring your skin, Miiskin will store your face data to facilitate that purpose, so that you can refer to those photographs over time and look for changes.

11.2 If you choose to take photographs of your face to undertake a telehealth consultation with your chosen medical provider, Miiskin will store your photographs so that your chosen medical provider can access them on the Platform and make a clinical assessment.

11.3 Photographs of your face taken for the purpose of monitoring your skin will be stored by Miiskin as long as you have an active account with Miiskin.  Miiskin will store your face data for a further 36 months after your account becomes inactive and then it will be deleted.

11.4 Photographs of your face taken to undertake a telehealth consultation with your chosen medical provider will be stored for 10 years, to allow for compliance with legal requirements for medical record keeping that allow tracing and medical audits.

11.5 Photographs of your face will be shared with our data storage partner (currently IBM) for them to store the photographs and back them up on your behalf.  IBM comply with HIPAA and GDPR laws controlling the use and storage of facial data and Miiskin have an agreement with IBM to verify this.

11.6 Photographs of your face will also be shared with your chosen provider of medical services if you provide explicit consent for the purpose of them medically assessing the images you provide.  If you agree to their Privacy Policy, your chosen medical service provider may store your personal data including images you share with them (and face images) in their own systems for the purposes of medical record keeping as required by applicable laws.  All medical providers who use the Platform comply with HIPAA laws controlling the use and storage of facial data.  They all enter into an agreement with Miiskin to verify this.

12. Changes to Privacy Policy

12.1. This Privacy Policy may be amended from time to time. You will be notified before we make changes to this policy with a fair notice and you will be given the opportunity to review this revised policy before you choose to continue using the Platform. 

12.2. We will use only use personal data in accordance with the privacy policy under which the personal data was collected unless we specifically ask for your consent to process (reuse) your personal data for a new purpose.

Updated: October 9th 2024.