1. This policy is effective from November 16th 2020.
2.1. Miiskin ApS is a Danish but internationally operating company (hereinafter “Miiskin”, “we”, “our”, “us”), providing an app named MIISKIN, (hereinafter “App”) that enables the self-examination of the users’ skin and moles at home and a website miiskin.com with additional services and login to our compare function that also enables the self-examination of the users’ skin and moles at home. (Together called “the “Platform”).
2.2. All of the Platform can only be used by registered users (hereinafter “User”) who upload images of their skin to monitor and perform self-examination of the visual development of their skin.
2.3. Our address headquarter is located in Denmark as detailed on our website. The company is duly incorporated under the laws of the Kingdom of Denmark.
3. Data controller
3.1. Miiskin is the controller for the personal data collected from Users.
3.2. We will process your personal data in compliance with European General Data Protection Regulation (“GDPR”).
4. Purpose and legal basis
4.1. We process your personal data in order for us to manage our user relationship with you, including managing your account and provide you with access to use the Platform, The processing of your personal data is performed on the legal basis of:
- fulfilment of our contractual obligations when delivering the Platform to you enabling you to self-monitor your skin and moles with images taken with your smartphone or another device.
4.2. We process your large images (images of your full body or large parts of your skin) and any metadata connected to these images to facilitate your use of our core functionality on our Platform on the legal basis of:
- Your explicit consent/your settings in our App. You may withdraw your consent at any time in your App Settings or by sending us an e-mail at firstname.lastname@example.org.
4.3. We may anonymize your images and use them to improve our services and for research services alone or together with external research partners, unless you have declined this use though the settings in our App.
4.4. We also process your personal data (but only your large images if you have opted in, using the settings in our App)to deliver and improve the Platform, to let you know about our policies and Terms of Service and Use, to manage our business, to improve our offerings, develop new features and updates, develop personalization services and other types of service, including but not limited to develop and implement algorithms and machine learning. This processing is on the basis of:
- Our legitimate interest to improve our platform and services.
4.5. We do not sell or transfer your personal data to be used for marketing purposes.
4.6. We do not personalize marketing messages based on your personal data.
4.7. We use your contact data to display marketing messages to you on our Platform including from our partners, and to inform you of new product or payment models.
4.7.1. The processing of personal data is performed based on
- Our legitimate interest to create revenue and to promote our partners within our Platform.
4.7.2. We only send you push notifications about new products or marketing messages including from our partners if you have accepted to receive push notifications in your device settings. If you do not want to receive push notifications from us, just change your device settings.
4.8. We use your e-mail to inform you about new features and products and updates on the Platform. We may also send you marketing information from our partners. You can always find a list of our partners here https://miiskin.com/collaborate/. The processing of your e-mail for marketing purposes is performed based on:
- your freely given consent to receive marketing by e-mail when signing up to the Platform or at a later stage, You may withdraw your consent at any time by sending us an e-mail at email@example.com.
- or by clicking the “Unsubscribe” button in any marketing e-mail.
5. Categories of personal data
5.1. We mainly collect the personal data that you submit to us, including your contact information and purchase history. But we also collect information from different parts of the Platform, as further detailed below, including but not limited to the way you use the Platform and technical information about your devices and location.
5.2. Please visit Clause 8 to read more about your right to access and deletion of your personal data.
5.3. When signing up
5.3.1 When registering via the Platform, you provide us with certain information as requested by us, currently an email, your birth year, and your gender.
5.4. When using the Platform
5.4.1. When you use our platform we only collect the information including the images you provide us with, or information connected to your use of the Platform including who you share your images with etc.
6. Sharing and Transfer of data
6.1. We only share your personal data with a third-party vendor (including card processing and payment service providers) when initiated by you or as described below:
6.2. We may share personal data regarding you if we are obligated to do so by law, to enforce our terms of Service and Use, to protect us against loss or damage. This may include exchanging information with the police, courts, or law enforcement organisations.
6.3. We do not transfer your personal data out of the EU, but you may share or transfer your personal data outside of the EU by using the sharing or transfer functionality that we offer you for your convenience.
6.5. We only transfer anonymized data to our partners and only for research purposes. We may also transfer anonymized data outside of the EU.
6.6. If we sell our business or our company assets are acquired by a third-party, personal data held by us about our users may be one of the transferred assets.
6.7. We and our suppliers (processors) have, as required by the General Data Protection Regulation, implemented appropriate technical and organizational measures to keep your personal data safe. Please contact us at firstname.lastname@example.org if you would like to learn more about how we keep your personal data safe.
7. Your rights as a User
7.1. As provided by the GDPR, you have the right to:
- Access personal data regarding you.
You can always access your account to review the personal data we have collected about you. You may delete and amend the data collected.
You also have the right to obtain a copy of the personal data free of charge. However, we may charge a fee corresponding to administrative costs if further copies of the information are requested, or if the request is unfounded or excessive.
- Ask for rectification of incorrect or inaccurate data concerning you, or to have incomplete personal data completed. You can use your access to your account to update your personal data.
- Ask for erasure of personal data regarding you (under certain circumstances).
- Ask for the restriction of the processing of your data (under certain circumstances including when we use your personal data for marketing purposes.).
- Object to the processing of your data for marketing purposes by withdrawing your personal consent.
- You can at any time withdraw your consent by use of the setting in the App or by deleting your account or by sending us an e-mail at email@example.com.
- You have the right of portability of the personal data you have submitted to us. We will deliver your personal data in a structured, commonly used and machine-readable format as supported by our service. You may use the functionality that we provide you with. When we receive a request to access, rectify, erase or port data, we may ask you for additional information in order to confirm your identity and ensure data security. You can send a request at firstname.lastname@example.org.
7.2. You have the right to complain regarding the processing of personal data concerning you to the supervisory authority, which in Denmark is the Danish Data Protection Agency:
1300 København K
Phone no.: +45 33 19 32 00
8. Data retention and account deletion
8.1. We store your personal data for as long as your account is active.
8.2. We may also store some of your personal data to comply with our legal obligations.
8.3. You may add or update certain information to your account. When you update information, however, we often maintain a copy of the unrevised information in systems back-ups for a period of time until our backup is updated with the latest version.
8.4. If your account has been inactive for 36 months, we will delete the account and all of its content. You will receive a notice prior to us deleting your content to allow you to activate your account again or retrieve any data that you would like to retrieve.
8.5. When you delete your account, we delete the data attached to your account.
8.6. Please note that some information may remain in our records after your account has been deleted, and that we may only be able to delete this information later when updating our backups.
8.7. Please note that we may hold anonymized data, that at one point originated from you, but as the data is truly anonymized it no longer constitutes personal data and we can keep it for as long as it is relevant to our business purposes.
9.1. Your user account on our website is protected with a two-factor authentication. Access to our App on your phone is only restricted if you apply access protection to your phone. If you use our premium product you can make use of a passcode provided with the premium version of the App, in particular to protect your large images.
9.2. All images are stored encrypted on your phone to prevent other mobile applications can get access to your images as only our App can decrypt the images for you to access and view. All images and other personal information that have been synched with our cloud are also encrypted when stored.
9.3. All images and other personal information are encrypted when transmitted between your phone and our cloud solution (storage).
9.4. If you export your images from our App to your phone or from your account on our website your images will no longer be encrypted/protected. Any export from the App is your sole responsibility.
10. Children’s privacy
10.1. The Platform is intended for use by people above the age of eighteen or the legal age for granting consent to an information service provider on the Internet in the jurisdiction in which you reside. If we receive notice or reasonably believe that someone under the appropriate age has provided us with personal information, we will promptly delete the account and all personal information that has been provided to us.
10.2. We may use a registration of age as a tool to try and prevent users under the legal age in the jurisdiction where the user resides to read content not rated for minors.
Updated: November 27th 2020.