Data Protection Notice

We are happy that you are visiting the DERMALOG Identification Systems GmbH website (hereinafter also referred to as “we” or “us”). Protecting your data is a very important matter for us. In the following, we wish to inform you to what extent and for what purposes we will collect and process your personal data by way of the dermalog.com website.

I. Responsibility / contact

The controller for the collection, processing and use of personal data within the meaning of the General Data Protection Regulation (GDPR) [Datenschutz-Grundverordnung (DSGVO)] and at the same time the service provider within the meaning of the German Telemedia Act [Telemediengesetzes (TMG)] is DERMALOG Identification Systems GmbH, Mittelweg 120, 20148 Hamburg, Germany. Accordingly, with this Data Protection Notice we are complying with our duty to provide information with respect to the type, extent and purposes of processing personal data as set out under Art. 12 – 14 DSGVO and/or § 13 par. 1 TMG.

If you wish to access and/or update your personal data, or if you have questions with regard to data protection on our website, please contact us at any time via the email address we provide at datenschutz(at)dermalog.com or by mail at the address provided above. You can contact our data protection officer by e-mail at datenschutz(at)dermalog.com or by phone on 0049-(0)40-413227-320.

II. Subject matter of the duty to provide information

Personal data is all information related to an identified or identifiable natural person; a natural person is considered to be identifiable if the person can be directly or indirectly identified by means of attribution to an identifier such as a name, identification number, location data, an online identifier, or to one or more particular characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person. This includes, for example, information such as the name, mailing address, an email address or telephone number, but also according to current case law, usage data such as your IP address.

Processing is any operation carried out with or without the assistance of automated processes or any such series of operations in connection with personal data such as collection, gathering, organisation, arranging, adaptation or modification, reading out, queries, use, disclosure by transmitting, dissemination or another form of making the data available, or by way of comparison or linkage, restriction, deletion or destruction.

III. Data processing on dermalog.com

The scope and type of the collection, processing, and use of your personal data differs according to whether you contact us via our website and use the tools and features offered on our website or use our website purely for information purposes.

1. Collection with your cooperation

We collect and store your personal data in connection with the use of our website when you provide this information to us on your own initiative. Without special consent, we only use such personal data to enable the processing of your respective request. It always remains your voluntary decision as to whether you communicate your data for the relevant purposes. Insofar as the nature of your request allows, you may also appear to us anonymously or by using a pseudonym. As a general rule, we will only store your data as long as is necessary for processing your request, provided that we are not authorised or obligated to continue such storage by law.

As a consequence, we wish to inform you about data processing within the framework of the contact interfaces offered to you on our website. In this regard, you may assert your rights as a data subject (see on this, item IV) at any time.

1.1 Queries by way of the contact form or by email

When you contact us by means of the contact form or by email, by clicking the “Send” button you agree that we will process your data to handle your request (Art. 6 par. 1 a) DSGVO). At the same time, we have a legitimate interest in examining and answering your request in order to offer you good service and to safeguard your interests (Art. 6 par. 1 f) DSGVO). Included in this, depending on the individual case is in particular the following personal data:

  • First and last name
  • Email address
  • Country
  • Company (optional)
  • Message in the text field (depending on the entry)

You may revoke your consent at any time and/or object to use of the data. For this purpose, send us for example, an appropriate email to datenschutz(at)dermalog.com. We will then promptly discontinue processing your data for the purpose of answering your enquiry, provided that we are not authorised or obligated to continue storing your data.

2. Collection without your cooperation

2.1 Functional purposes

In the case of use of our website for purely informational purposes, we collect and use the access data automatically transmitted to us by your Internet browser and store this in our so-called log file on the server. This involves the client's file request, the date and time of the requested page view, the success of the page retrieval, the transferred quantity of data, the type of browser you used and the version, the operating system you use and also the IP address assigned to you by the provider, and the webpage from which you visit us. This data is technically necessary to operate our website on the Web server. In addition, the short-term storage of log files is expedient in order to subsequently investigate attempted attacks on the Web server or any misuse. Accordingly, our legitimate interest in this data processing consists of enabling us to provide you with our offers on the basis of these conditions (legal basis: Art. 6 par. 1 f) DSGVO). Your personal data shall be deleted if it is no longer required for this purpose.

2.2 Cookies

We use so-called cookies on our website. Cookies are text files that are stored in your browser when you visit our website and that collect information about your use of our website. This information assists us in better understanding user requirements and the technical behaviour of our website in order to improve, based on this information, the content, operability and functionality of the website. Cookies do not damage your computer and do not contain any viruses. The cookies used on our website are primarily so-called session cookies that are automatically deleted when you close the browser. They create a so-called session ID for your browser with which various browser requests of your browser can be matched to a session so that you are recognized once again when you return with a browser to our website. The session cookies are deleted when you close the browser.

You have the option to set your browser so that these cookies are not stored in the first place, or so that the cookies are deleted at the end of your Internet session. However, in this case please note that where applicable, you cannot use all of the functions of our web pages.

2.3 Web analysis services

Google Universal Analytics

At dermalog.com, Google Universal Analytics is used, which is a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Universal Analytics uses cookies. Through this, it is possible to assign data, sessions, and interactions across the terminal devices used to a generated user ID on the basis of a pseudonym, and to thus analyse your usage behaviour across devices. The information generated by the cookies about your use of our website will be routinely transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymising (“IP-Masking”) on our website, your IP address will be abbreviated by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be abbreviated only after being transferred to the USA. For these cases, Google has agreed to be subject to the EU-US-Privacy-Shield. The IP address transmitted by your browser within the scope of Google Analytics shall not be combined with other data of Google. Google uses the information obtained through the application of cookies on our behalf to analyse your use of our website, in order to compile reports concerning website activities, and to render additional services to us associated with use of the website and the Internet. Therein lies our legitimate interest in the data processing by engagement of Google as the processor (legal basis: Art. 6 par. 1 f) DSGVO). We have concluded a corresponding agreement for order processing with Google according to Art. 28 DSGVO that ensures that Google will only process your personal data on our behalf, strictly subject to our instructions, and in accordance with applicable data protection law. You may prevent the storage of cookies by means of an appropriate setting in your browser. Nevertheless, we are permitted to note that in this case you may be unable, where applicable, to use all functions of the website to the full extent. Furthermore, you can prevent gathering and processing of the previously described data by Google in that you download and install a browser plug-in available here. Apart from that, you can obtain an opt out cookie here through the installation of which you prevent data gathering by Google, which is helpful in particular in those cases in which the deactivation add-on does not function, for example, on mobile terminal devices. If you use our website with various browsers/terminal devices, the steps described are required for all browsers/terminal devices. You may find additional information on data protection with the use of Google Universal Analytics at https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=6010376. You can also find additional information for protecting your data with the use of Google services under the following links:

www.google.com/analytics/terms/de.html
https://policies.google.com

DoubleClick by Google

In addition, we use Google's online marketing tool DoubleClick on our website. DoubleClick uses cookies in order to place ads relevant for the user, to improve reports on the performance of ad campaigns, or to avoid a user seeing the same ad repeatedly. By way of a cookie ID, Google gathers which ads are placed in which browser and can thus prevent these ads from being displayed repeatedly. In addition, with the aid of cookie IDs, DoubleClick can capture so-called conversions which have a connection to ad requests. This is the case, for example, if the user sees a DoubleClick ad and later retrieves the website of the advertiser with the same browser and purchases something there. According to Google, DoubleClick cookies do not contain any personal information.

On account of the marketing tools being used, your browser automatically establishes a direct connection with the Google server. We do not have any influence on the scope and the further use of the data that is collected through the use of these tools by Google, and therefore, we provide you with the information according to our current state of knowledge: By integrating DoubleClick, Google obtains the information that you have retrieved the relevant part of our website or clicked on one of our ads. If you are registered with a service of Google, Google can match the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the supplier learns of and stores your IP address. You can prevent participation in this tracking process in various ways:

a) through an appropriate setting of your browser software; in particular, suppressing third-party cookies results in your not receiving ads from third-party providers;

b) by deactivating the cookies for conversion tracking in that you set your browser so that cookies are blocked by the domain www.googleadservices.com, www.google.com/settings/ads, in which case this setting will be deleted when you delete your cookies;

c) by deactivating the interest-based ads of the provider that are part of the self-regulation campaign “About Ads” via the link www.aboutads.info/choices, in which case this setting will be deleted when you delete your cookies;

d) by means of an ongoing deactivation in your Firefox, Internet Explorer, or Google Chrome browsers under the link www.google.com/settings/ads/plugin. We note that in this case you may be unable, where applicable, to use all functions of this offer to the full extent.

The legal basis for processing your data is Art. 6 par. 1 letter f) DSGVO. You may obtain additional information with regard to DoubleClick by Google at www.google.com/doubleclick and with regard to data protection at Google in general: www.google.com/intl/en/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at www.networkadvertising.org. Google has agreed to be subject to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

2.4 Integrating YouTube videos

We use content from YouTube that is stored at www.youtube.com and that can be played directly from our website. Your personal data shall only be transferred to YouTube when the videos are played.

By visiting our website and playing the video, YouTube receives information that you have retrieved the relevant sub-page of our website. In addition, personal data is transmitted. This occurs independently of whether YouTube provides a user account by which you are logged in or whether no user account exists. If you are logged in at Google, your data will be directly assigned to your account. In the event that you do not wish that such an assignment is made, you must log out prior to activating the button.

YouTube stores your data as a user profile and uses it for their own purposes, such as, for example, advertising, market research and/or demand-oriented configuration of its website. Such an analysis takes place in particular (even for users who are not logged in) for providing demand-oriented advertising and in order to inform other users of the social network about your activities on our website. You have a right to object against the creation of this user profile. This right to object must be stated vis-à-vis YouTube. In this connection, we do not have any influence on the collection and processing of your personal data.

You may find additional information on the purpose and scope of data collection and its processing, and with regard to protecting your data when using YouTube at www.google.com/intl/en/policies/privacy.

Your personal data can be transmitted by Google for processing to the USA. For these cases, Google has agreed to be subject to the EU-US-Privacy-Shield. You may find additional information at www.privacyshield.gov/EU-US-Framework.

2.5 Integrating Google Maps

We use the offer of Google Maps on our website. This enables us to display interactive maps to you directly on our website. Furthermore, you can use the convenient map function.

Based on the integration of Google Maps on our website, Google receives the information that you visit our website and have retrieved the relevant sub-page. In addition, personal data is transmitted. This occurs independently of whether Google provides a user account by which you are logged in or whether no user account exists. If you are logged in at Google, your data will be directly assigned to your account. In the event that you do not wish that such an assignment is made, you must log out prior to activating the button. Google stores your data as a user profile and uses it for the purposes of advertising, market research and/or demand-oriented configuration of its website. Such an analysis takes place in particular (even for users who are not logged in) for providing demand-oriented advertising and in order to inform other users of the social network about your activities on our website. You have a right to object to the creation of this user profile, in which case you must exercise this right towards Google. We do not have any influence on the collection and processing of this data.

You may find additional information on the purpose and scope of the data collection and its processing by Google, as well as your rights and setting options to protect your privacy at www.google.com/intl/en/policies/privacy.

Under some circumstances, Google will also process your personal data in the USA. In this case, Google has agreed to be subject to the EU-US-Privacy-Shield. You may find additional information at www.privacyshield.gov/EU-US-Framework.

3. Transmitting data

Furthermore, we must transmit some data to third parties for the purpose of conducting our business in addition to the data associated with the tools and features used on our website, while strictly complying with the applicable data protection law:

Thus, it can be necessary, for example, for the technical content management and design of our website, as well as for integrating online surveys on our website, that outside providers obtain access to personal data (in particular IT service providers). In this case, the handling of your personal data shall be conducted exclusively according to our express instruction and on the basis of an agreement for order processing according to Art. 28 DSGVO. With this agreement, the provider guarantees us that the services are rendered in conformity with applicable data protection law. The employment of professional providers of relevant services is expressly provided by law and serves our legitimate interest of enabling us to professionalize our offering and make it economically available to you (legal basis: Art. 6 par. 1 f) DSGVO). We also remain responsible in this case for the protection of your data.

Furthermore, we reserve the right to disclose your personal data if we are demonstrably obligated to do so under the law, or if its surrender is demanded from us by governmental authorities or prosecuting authorities in a manner compliant with the law.

4. Location of data processing and data security

The processing of your data shall take place primarily in Germany. Your data shall only then be transmitted to a country outside of the European Union or the European currency area if an appropriate level of protection has been established within the meaning of Art. 45 par. 2 DSGVO. Where applicable, data gathered on our website shall be transmitted on this basis to the United States (e.g. Google Inc.). In order to protect your data from unauthorised access and misuse, we have taken extensive technical and organisational security precautions in conformity with the state of the art and in accordance with European data protection law (Art. 32 DSGVO).

IV. Rights of data subjects (information concerning data stored, data correction, revocation, blocking, deletion, restriction, transferability) and point of contact

You may at all times and free of charge request information concerning the scope, the origin, and the recipient of stored data, as well as concerning the purpose of its storage (Art. 15 DSGVO). You may request at any time that incorrect data be corrected (Art. 16 DSGVO). In addition, you have the option of obtaining personal data related to you in a structured, customary and machine-readable format (Art. 20 DSGVO).

You may object to the use of your personal data in the future (Art. 21 DSGVO). In addition, you may request the partial or complete deletion of (Art. 17 DSGVO), a restriction on processing or blocking (Art. 18 DSGVO) of your personal data. We shall evaluate this claim and comply with the request insofar as there is no other statutory basis for further processing. We will inform you about the result.

It is generally not required that you adhere to a special form for asserting your data subject rights; for example, you may write to us by way of email at datenschutz(at)dermalog.com.

Irrespective of any other legal remedy according to administrative or judicial procedures, you have the right to file a complaint with the supervisory authority, in particular in the member state for your residence, your place of employment, or the location of the alleged violation if you are of the opinion that the processing of your personal data violates the DSGVO.

V. Updates and modifications

Portions of this data protection declaration can be modified or updated by us without your being notified by us in advance. Please review the respective data protection declaration before you use our offering in order to remain up-to-date in the case of possible modifications or updates.

Status of the data protection declaration: 05/2018