INFORMATION EX ART. 13 REG.EU. N°679/2016 (GDPR)
The Data Controller of the data collected from this website is Dermatech S.A.S., Via 9 av Victor Hugo, Tassin la demi-lune, VAT number FR 19898887427.
Methods of Processing Personal Data
The Personal Data provided or acquired will be processed in accordance with the principles of correctness, lawfulness, transparency and protection of confidentiality in accordance with current regulations. The Data Controller processes Users’ Personal Data by adopting appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.
Purpose of the processing of personal data and legal basis
Personal Data may be collected independently by the Data Controller. In this case, the computer systems and software procedures used to operate this Website acquire some Personal Data of the Users, of a technical-IT nature (eg the IP address, the type of browser used, the operating system, the name and the addresses of websites from which access or exit was made, etc.), the transmission of which is inherent to the normal functioning of the internet. These data may be processed for the sole purpose of obtaining anonymous statistical information on the use of the site and / or to check its correct functioning and will be deleted immediately after processing.
The Data that the User chooses to provide spontaneously are collected to allow the Website to provide its services, as well as for the following purposes:
- to fulfill any type of obligation contemplated and envisaged by current laws, regulations, related regulations and commercial uses, in particular, in tax / fiscal matters. This treatment is mandatory to fulfill a legal obligation to which the Data Controller is subject;
- for other ancillary purposes or related to those indicated above and in any case falling within the scope of the Website’s activities;
- to follow up on the specific requests addressed to the Controller by the User for communications of an informative nature relating to the Services of the same Controller, via e-mail messages or by filling in the contact form and other communication tools such as telephone. This processing is optional and based on the User’s consent, however failure to communicate one or more Data will make it impossible to respond to the request for information and to use the services offered by the Controller;
- to perform statistical analysis on aggregate and anonymous data to analyze the User’s behavior to improve the products and services provided by the Controller as well as meet the User’s expectations;
- to fulfill the obligations arising from the contract stipulated between the User and the Controller for the sale of the Services on the Website and to provide the information requested by the User. This treatment is mandatory for the execution of the contract of which the User is a party, for the execution of pre-contractual measures or to fulfill a legal obligation to which the Data Controller is subject;
Category of Personal Data processed
The personal data processed and the legal grounds for processing refer both to general users (those who, for example, request information for the company where they work) and to volunteers, as the way in which special data (relating, for example, to state of health or racial/ethnic origin) will be processed will be known by us at the time of the meeting at headquarters; there will therefore be a dedicated privacy notice.
In addition to the Data Controller, in some cases, they may have access to the Data:
- categories of specially trained persons involved in the organization of the website (administrative, commercial, marketing, legal, system administrators);
- external subjects (such as third party technical service providers, hosting providers, IT companies, communication agencies) also appointed as Data Processors by the Data Controller pursuant to art. 28 GDPR. The updated list of Managers, if appointed, can always be requested from the Data Controller;
- subjects who perform ancillary and instrumental tasks with respect to the activity of the Controller;
As expressly provided for by art. 5, co. 1, lett. e) of the GDPR, the Data are kept for the time necessary to process them in relation to the performance of the service requested by the User, or required by the Purposes described in this document and in particular:
- When you contact DERMATECH using the contact form or when you communicate with us by telephone, your data may be stored;
– up to one (1) year after the last contact if you do not have a customer account.
– In all other cases, the retention period for such exchanged data will not exceed three (3) years.
– The Data collected on the basis of the User’s Consent (if at a later stage we would like to send out newsletters for example) may be kept until such Consent is revoked;
At the end of the retention period, the Personal Data will be deleted (or anonymised and retained for statistical purposes) and therefore, the rights of access, cancellation, rectification and portability of the Data will no longer be exercised.
Place of processing and transfer of data abroad
The Data are processed at the Data Controller’s operational headquarters. For more information, you can contact the Data Controller. The Data may be processed by natural persons and / or legal entities operating on behalf of the Data Controller and by virtue of specific contractual obligations and based in EU or non-EU member countries. In the event that the Data is transferred outside the SEE, the Data Controller will take all appropriate contractual measures to ensure adequate data protection.
Security measures adopted
This website has an SSL certificate and uses the HTTPS protocol to make sure the moment in which Personal Data are entered. With the use of this protocol, transactions and data that are transmitted on websites take place with maximum security and the content of the communication is not read or manipulated in any way by third parties.
The statistical services only allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior. This website uses the following services:
- Matomo Analytics
Open-source analytics platform that provides relevant and reliable insights into user behaviour. Matomo ensures GDPR compliance:
- Data anonymization
- GDPR Manager
- Users can opt-out of all tracking
- First-party cookies by default
- People can view the data collected
- Capabilities to delete visitor data when requested
- The data is not used for any other purposes (compared to Google Analytics)
- IP anonymization
- Visitor log and profiles can be disabled
- Data is stored in the EU (Matomo Cloud) or in any country of your choice (Matomo On-Premise)
Exercise of the rights of the interested party
|Rights guaranteed by the GDPR
||… What do they consist of and how can you exercise them?
|Right to be informed
||You have the right to receive clear, transparent, understandable and easily accessible information about the ways in which we process your data and about your rights. This is the purpose of the information contained in this Privacy information.
|Right of access (Art. 15 GDPR)
||You have the right to access the personal data we hold about you (subject to certain restrictions).
We may charge a reasonable fee taking into account the administrative costs of providing information.
It is not possible to respond to requests that are manifestly unfounded, excessive or repetitive.
|Right of rectification (Art. 16 GDPR)
||You have the right to correct your personal data if it is incorrect or outdated and / or complete it if it is incomplete.
|right to be forgotten (Art. 17 GDPR)
||In some cases, you have the right to have your personal data deleted or to request its deletion. Note that this is not an absolute right, as we may have legal or legitimate reasons to keep your personal data.
|Right to withdraw consent at any time for consent-based data processing
||You can withdraw your consent to the processing of your data when such processing is based on consent. The withdrawal of consent does not affect the lawfulness of the processing based on consent before the withdrawal.
|Right to object to processing based on legitimate interest (Art. 21, c. 1 GDPR)
||You can object to the processing of your data at any time when this processing is based on legitimate interest.
|Right to lodge a complaint with a supervisory authority (Art. 13, lett. d) GDPR)
||You have the right to contact the personal data protection authority of your country (www.cnil.fr) to file a complaint against the processing of your personal data by Dermatech S.A.S.
Do not hesitate to contact us as indicated below before submitting a complaint to the competent data protection authority at the address email@example.com
|Right to portability (Art. 20 GDPR)
||You have the right to move, copy or transfer data from our database to another. This applies only to the data you have provided, when the processing is based on the execution of a contract or on consent and the processing is performed by automated means.
|Right to limit the processing (Art. 18 GDPR)
||You have the right to request the restriction of our processing of your data. This right means that the processing of your data will be limited, so we can store it, but not use it or further process it.
It applies in limited circumstances listed by the General Data Protection Regulation:
the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
the processing is unlawful and the interested party opposes the cancellation of personal data and requests instead that its use be limited;
the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court; the interested party opposed the processing based on legitimate interest, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party (i.e. the user).
Last edit: 08.09.2021