PRIVACY POLICY
Last Updated: June 29, 2020
Your privacy is important to DermaSensor, Inc., a Delaware corporation (together with its affiliates and subsidiaries, “DermaSensor”). We developed this Privacy Policy (this “Privacy Policy”) to provide you with information on how we collect, process, use and disclose information from job applicants, website visitors, and current or prospective clients (“you”) when you create a DermaSensor account, interact with our customer support specialists, use a DermaSensor device (“Device”), visit www.DermaSensor.com or other DermaSensor websites, or use DermaSensor apps, or use DermaSensor integrations within other 3rd party applications and services (collectively, the “Services”) that link to this Privacy Policy or when you otherwise interact with us.
We may change this Privacy Policy from time to time. If we do, we will update the date at the top of the Privacy Policy and, in some cases, we may provide you with additional notice (such as by posting a conspicuous notice on our website or sending you an email notification) prior to or subsequent to the update taking effect, and where required under applicable law and feasible, seek your consent to these changes. Notwithstanding, by continuing to access or use the Services after those changes become effective, you acknowledge the revised Privacy Policy. We encourage you, therefore, to periodically review this Privacy Policy whenever you access the Services or otherwise interact with us to stay informed about our information collection, processing and sharing practices and the choices available to you.
Collection of Information
Information You Provide to Us
We collect information you provide directly to us. For example, we collect information when you create an account, participate in any interactive features of the Services, fill out a form, make a purchase, participate in a contest or promotion, communicate with us via third party social media sites, interact with a message board, apply for a job, request customer support, use our platform or otherwise communicate with us. The types of information we may collect include: (1) identifiers, such as your full name, phone number, email address, postal mail address, occupation, unique personal identifier, online identifier, internet protocol address, (2) commercial information, such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, (3) professional or employment-related information such as company name, company payment information, and business contact information (e.g., business phone number, address, or email); and (4) any other information you choose to provide.
Information About Your Use of the Services
Usage Information
We collect information about your use of the Services, such as the ways in which you use our platform, the way you respond to us when we send you emails or communications or your preferences when you interact with our Services.
Information We Collect Automatically When You Use the Services
When you access or use our Services, we automatically collect information about you, including:
- Log Information: We log information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address, your email address and the page you visited before navigating to our Services.
- Transactional Information: When you make a purchase, we collect information about the transaction, such as purchase details, purchase price, and date and location of the transaction. We or a designated third party may collect payment and credit card information when you subscribe to our paid Services or purchase additional services.
- Device Information: We collect information about your use of Devices from several sensors built into the Devices, including activities you perform, Device model and serial number, software version, and technical information such as sensor status, Wi-Fi connectivity, error logs, power status and battery charge level, and whether product features are working properly.
- Information Collected by Cookies and Other Tracking Technologies: We and our service providers use various technologies to collect information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits and understand usage and campaign effectiveness. For more information about cookies, and how to disable them, please see “Your Choices” below or visit our Cookie Policy.
- Contact Information: When you contact us, we collect information about your interaction with us such as the phone number used to contact us, transcripts of live chats, and audio files of recorded phone calls.
Information We Derive
We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your location based on your IP address. We may also infer information about your email and contact preferences based on how you respond to our communications with you, what information you find helpful, and what type of communication language most resonates with you.
Information We Collect From Other Sources
We may also obtain information from other sources and combine that with information we collect through our Services. For example, we may collect information about you from third parties, including but not limited to social media sites, credit bureaus, data enrichment providers and publicly available sources. Additionally, if you create or log into your account through a third-party site, we may have access to certain information from that site, which could include information such as your name, account information, and other information you make available, in accordance with the authorization procedures determined by such third-party site.
Integrations with Other Services
You may have the option of integrating our Services with other services, technologies or platforms on your desktop, permitted websites and/or your mobile phone. For example, we may offer you widgets that have records of device usage as well as the opportunity to connect the Services with other third-party services that you use in your business. These integrations may require you to input information about you or result in the disclosure of information about you from the Services to a third party, or cause the Services to receive information about you from a third party with whom you instruct us to integrate. These integrations may (i) check for updates automatically and transmit your information to their server and/or engine; (ii) send information entered into or accessed by the technology to its server and/or engine; (iii) be visible to the public if embedded on publicly available webpages (such as social networking webpages); or (iv) transmit information about you to or from the Services, depending on the policies of that website. Please note that when you enable an integration between the Services and a third party, any information about you that is transmitted to a third party will be subject to the policies and procedures of that third party and not this Privacy Policy.
Use of Information
We use the information we collect to provide, maintain and improve our Services, such as to administer your account and to provide you with insights to help you optimize your use of our platform.
We may also use the information we collect to:
- Provide and deliver the products and services you request, verify credit-worthiness, process transactions and send you transaction-related information, including confirmations and invoices;
- Send you technical notices, updates, security alerts and support and administrative messages;
- Respond to your comments, questions and requests and provide customer service;
- Communicate with you about products, services, offers, promotions, rewards and events offered by DermaSensor and others, and provide news and information we think will be of interest to you;
- Monitor and analyze trends, usage and activities in connection with our Services;
- Conducting an audit related to a current interaction with the consumer and concurrent transactions, including but not limited to, counting ad impressions of unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity;
- Debug or identify and repair errors impairing existing intended functionality;
- Undertake internal research for technical development and demonstration;
- Undertake activities to verify or maintain the quality or safety of a service owned, manufactured, manufactured for, or controlled by DermaSensor, and to improve, upgrade, or enhance the service owned, manufactured, manufactured for, or controlled by DermaSensor;
- Detect, investigate and prevent fraudulent transactions and other illegal activities and protect the rights and property of DermaSensor and others;
- Personalize and improve the Services and provide advertisements, content or features that match user profiles or interests;
- Facilitate contests, sweepstakes and promotions and process and deliver entries and rewards; or
- Comply with legal obligations.
Sharing of Information
We often need to engage third party companies and individuals (such as payment processors, research companies and analytics and security providers) to help us operate and provide the Services. These third parties have only limited access to information about you, may use such information only to perform these tasks on our behalf, and are obligated to us not to disclose or use information about you for other purposes.
We will not share information about you except in the following circumstances or as otherwise described in this Privacy Policy:
- With vendors, consultants and other service providers who need access to such information to carry out work on our behalf;
- In response to a request for information if we believe disclosure is in accordance with any applicable law, regulation or legal process, or as otherwise required by any applicable law, rule or regulation;
- If we believe your actions are inconsistent with the spirit or language of our user agreements or policies, or to protect the rights, property and safety of DermaSensor or others;
- In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company;
- Between and among DermaSensor and our current and future parents, affiliates, subsidiaries and other companies under common control and ownership; and
- With your consent or at your direction.
We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
Advertising and Analytics Services Provided by Others
We may allow others to serve advertisements on our behalf across the Internet and to provide analytics services. These entities may use cookies, web beacons and other technologies to collect information about your use of the Services and other websites, including your IP address, web browser, mobile network information, pages viewed, time spent on pages, links clicked and conversion information. This information may be used by DermaSensor and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites and better understand your online activity. For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices, or www.youronlinechoices.eu/ if you are in the European Economic Area (“EEA”) or Switzerland.
We also use Google Analytics within our Services. For more information on how Google may use personal information about you, see www.google.com/policies/privacy/partners/ for more information.
Please note: If you choose to opt-out of interest-based advertising, you may continue to see or receive online advertising, but such ads may not be as relevant to you.
Retaining Your Information
DermaSensor will retain information about you only for as long as is necessary for the purposes set out in this Privacy Policy or as described to you, including for as long as your account is active (i.e., for the lifetime of your DermaSensor account), or as needed to provide the Services to you. If you no longer want DermaSensor to use information about you to provide the Services to you, you may cancel your account. DermaSensor will retain and use such information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws or to demonstrate our compliance with applicable laws governing our interaction with you), resolve disputes and enforce our agreements. We also retain log files for internal analysis purposes. These log files are generally retained for 12 months, except in cases where they are used for the safety and security of the Services, to improve functionality of the Services or we are legally obligated to retain them for longer time periods.
If you are interested in cancelling your subscription, we may provide you with the option of pausing your subscription for a certain period of time. During the pause period, your account will remain active in our system, and we will retain the data, including Contact Data, associated with your account. The collection, use and disclosure of such data will continue to be subject to this Privacy Policy.
Transfer of Information to the U.S. and Other Countries
DermaSensor is a global business. In order to provide you with the Services you subscribe to or that you request from us, information about you may be transferred to DermaSensor locations in the United States as well as countries where our service providers may be based. In some cases, information about you may be transferred to or accessed from other countries, including when you consent and allow us to do so, where it is required in order for us to provide Services to you and when we need to do so to provide functions like product support, troubleshooting and gaining insights into the usage patterns of our Services. When information about you is transferred to countries other than your home country, you may not have the same rights and protections as you do under local law. Any international transfers of such information will be done in accordance with applicable law, including pursuant to the European Commission approved Model Contractual Clauses as applicable.
Minors
We do not knowingly collect or store any information relating to an identified or identifiable natural person (“Personal Data”) from anyone under the age of 13. If we learn that we have collected the Personal Data from a child under 13, we will take steps to delete such information as soon as possible. If you believe that We might have any Personal Data from a child under 13, please contact us at support@dermadensor.com.
Residents of the European Economic Area and Switzerland
Your Rights
If you are a resident of the EEA or Switzerland, you have certain rights and protections under the General Data Protection Regulation (“GDPR”) regarding the processing of your Personal Data. Your rights under GDPR include:
- To be informed about our processing of your Personal Data;
- To have your Personal Data corrected if it is inaccurate and to have incomplete Personal Data completed;
- To object to processing of your Personal Data;
- To restrict of processing of your Personal Data;
- To have your Personal Data erased;
- To request access to your Personal Data and information about how we process it;
- To move, copy or transfer your Personal Data; and
- Not to be subject to a decision based solely on automated processing, including profiling.
Lawful Basis for Processing
If you are a resident of the EEA or Switzerland, we primarily rely on the following to process your Personal Data lawfully:
- First, it is necessary for us to process your Personal Data in certain ways in order to provide the Services to you, in accordance with a contract between you and us, including, our Terms of Service.
- Second, where you have given us valid consent to use your Personal Data in certain ways, we will rely on your consent. This includes situations where we will obtain your consent prior to sending you information about our products and Services.
- Third, in certain cases we may process your Personal Data where necessary to further DermaSensor’s legitimate interests, where those legitimate interests are not overridden by your rights or interests. This includes usage statistics, analytics and internal analysis we run to better understand how to use our platform so that we can improve our Services and also provide you with better recommendations on how to get the most out of our platform and to accomplish your goals.
- Fourth, in some cases we may process your Personal Data where necessary to satisfy our legal obligations. This includes records containing your Personal Data that we may be required to retain for a period of time or may be legally required to disclose to a government authority or third party.
Data Subject Rights Requests
If you are a resident of the EEA or Switzerland, you have the right to request access to Personal Data we hold and to ask that your Personal Data be corrected, erased, or transferred. You may also have the right to object to, or request that we restrict, certain processing activities.
If you submitted Personal Data directly to us or in accordance with the provision of our Services and you would like to view, change, limit or delete your Personal Data, you can do so via your account settings or by contacting us. Upon request, we will notify you about whether we hold any of your Personal Data. In certain cases where we process your Personal Data, you may also have a right to restrict or limit the ways in which we use your Personal Data. In certain circumstances, you also have the right to object to the processing of your Personal Data, to request the deletion of your Personal Data and to obtain a copy of your Personal Data in machine-readable format. If you need assistance accessing or modifying your Personal Data or wish to delete your Personal Data, please email us at support@dermadensor.com.
Withdrawing Consent
You have the right to withdraw your consent to our processing of your Personal Data where we process it based on your consent. You can do this at any time by opting out of commercial emails we send you by clicking on the unsubscribe links in those emails, or emailing us with your request at support@dermadensor.com, or by simply cancelling your account through your account settings and then emailing support@dermadensor.com to request that your Personal Data be deleted.
If you withdraw your consent to the processing of your Personal Data for the purposes set out in this Privacy Policy, you may not have access to some (or any) of the Services, and we might not be able to provide you some (or any) of the Services. Please note that, in certain cases, we may continue to process your Personal Data after you have withdrawn consent and requested that we delete your Personal Data, if we have a legal basis to do so. For example, we may retain certain information if we need to do so to comply with an independent legal obligation, or if it is necessary to do so to pursue our legitimate interest in keeping the Services safe and secure.
Data Controller; Data Protection Officer; Questions or Complaints
We are DermaSensor, the data controllers. You can contact us at support@dermadensor.com, if you have any questions. If you are a resident of the EEA or Switzerland and have a concern about our processing of your Personal Data that we are not able to resolve, you have the right to lodge a complaint with the data protection authority where you reside. For contact details of your local Data Protection Authority, please see: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
Residents of California
If you are a resident of California, you have certain rights and protections under the California Consumer Privacy Act (“CCPA”).
CCPA Consumer Rights
The CCPA requires us to communicate information about rights California consumers have with respect to their personal information (as defined within the CCPA). These rights include the right to request: access to their personal information; deletion of their personal information; additional details about our information practices; the categories of personal information sold in the preceding 12 months, if any, and the categories of third parties to whom the personal information was sold; the categories of personal information shared within in the preceding 12 months; to opt out of the “sale” of their personal information, and to not be discriminated against.
For details about how to exercise these rights, please see “Your Choices” below. California consumers may also designate an authorized agent to exercise these options on their behalf. If you would like to use an authorized agent registered with the California Secretary of State to exercise these rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests on your behalf. We will not discriminate against you if you choose to exercise your rights related to your personal information.
Categories of Personal Information Collected
In the preceding 12 months, we have collected the following CCPA-defined categories of personal information:
- Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, and account name;
- Characteristics of protected classifications under state or federal law, such as age or gender;
- Commercial Information, including records of Services purchased and credit card or other payment information;
- Internet or electronic network activity information, information, including, but not limited to, browsing history, search history, and information regarding your interaction with the Services including an internet website, application, or advertisement;
- Audio, electronic, visual, thermal, or similar information such as profile pictures;
- Professional or employment related information; and
- Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
For more specific examples of the personal information we collect, please see “Collection of Information” above.
Business or Commercial Purpose for Collecting Personal Information
We collect personal information for the business and commercial purposes described in the “Use of Information”.
Categories of Sources of Personal Information
We collect personal information directly from you, automatically from your use of our Services, by using or combining personal information to derive additional personal information about you, and from others as described in “Collection of Information”.
Categories of Third Parties with Whom We Share Personal Information
We may share your personal information with third parties as described in the “Sharing of Information” section above.
Categories of Personal Information Disclosed
In the preceding 12 months, we have disclosed the following CCPA-defined categories of personal information for business or commercial purposes:
- Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, and account name;
- Characteristics of protected classifications under state or federal law, such as age or gender;
- Commercial Information, including records of Services purchased and credit card or other payment information;
- Internet or electronic network activity information, information, including, but not limited to, browsing history, search history, and information regarding your interaction with an internet website, application, or advertisement;
- Audio, electronic, visual, thermal, or similar information such as profile pictures;
- Professional or employment related information; and
- Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Security
We have implemented measures in an effort to maintain the confidentiality of all Personal Data in our custody and control, including only providing access to Personal Data to employees and authorized service providers who require such information for the purposes described in this document. We maintain administrative, technical and physical safeguards in an effort to protect against unauthorized access, use, modification and disclosure of personal information in our custody and control. To provide you with an increased level of security online, access to your personal information on certain of our websites may be protected with a password you select. We strongly recommend that you do not disclose your password to anyone. We will never ask you for your password in any unsolicited communication.
Your Choices
Account Information
If you are a current DermaSensor client, you may update, correct or delete certain account information about you at any time by logging into your online account or emailing us at support@dermadensor.com. If you wish to cancel or temporarily pause your account, please email us at support@dermadensor.com and let us know what you are requesting, but note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time.
Cookies
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services. You can visit our Cookie Policy for more information on your choices with respect to cookies.
Promotional Communications
You may opt out of receiving promotional emails from DermaSensor by following the instructions in those emails or by clicking the “unsubscribe” link at the bottom of any of our emails. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
Mobile Push Notifications/Alerts
With your consent, we may send promotional and non-promotional push notifications or alerts to your mobile device.
You can deactivate these messages at any time by changing the notification settings on your mobile device.
Contact Us
If you have any questions about this Privacy Policy, please contact us at support@dermadensor.com or you can otherwise reach us at P.O. Box 310703, Miami, FL 33231.