1. Introduction and Scope
We know that your privacy is important to you, especially when it comes to matters concerning your health. This notice explains how we collect and use your information, who we share it with and your legal rights.
This notice applies our use of your information in connection with all our website, domains, apps, and to our provision of a secure cloud-based platform for teledermatology utilising high-definition photographic hardware that connects GPs and consultant dermatologists with patients enabling the patient to get a rapid and accurate diagnosis from Ireland’s leading consultants (the “Services”).
We trust this information provides you with sufficient information and reassurance that it can avail of the Services in a manner that complies with Data Protection Law.
2. Who we are
DermView Limited, trading as AllView Healthcare ( the ‘Company’”, “we”, “us” or “our”) is the provider of the Services and is the data controller for your information.
DermView Limited is a company incorporated under the laws of Ireland with company number 638221 and registered office at Suite 11/13, The Hyde Building, The Park, Carrickmines, Dublin 18, Co. Dublin, Ireland
3. Who this notice applies to
We collect and process information relating individuals using the Services, including patients and GPs (and other referring healthcare professionals such as nurses, primary care clinicians and hospital medical staff) (collectively “Healthcare Professionals”).
4. Information we collect and how we get it
While providing the Services, we collect or receive information in different ways and relating to various groups of individuals, including:
We collect and use information relating to you. This information may include information relating to your health and clinical history as well as images taken by your Healthcare Professional. This information is provided to us by you or your Healthcare Professional. We will also collect and use information you provide to set up your account. This information may include your name, date of birth, address, mobile phone number and email address. We will also collect payment information as part of our administrative, financial and operational process.
We collect and use information relating to you. This information may include your name, job title, email address, employing organisation and mobile phone number. We will also collect information about patients from you and you should try to limit the personal information you give us to what you think is necessary for us to provide the Services.
If you visit any of our websites or use our apps, we will collect certain information relating to you. Generally, unless you submit information to us, such as via an online form, we only collect technical and device-related information from your use of our website and apps.
5. How we use this Information
We use this information for the purposes described below.
Providing the Services
We process your information (including your health information) as necessary to provide the Services requested. For example, we collect information from you (or from your Healthcare Professional) in order to share this with our consultants to allow them to carry out their diagnosis. We also store this information on our platform so you (and your Healthcare Professional) can access your results and other information.
Account setup and Payment
We process your information in order to set up a profile for you on our platform and as part of our administrative, financial and operational processes, such as taking payment, issuing invoices, etc. where you pay for the Service directly.
We process your information in order to improve our Services and for business planning purposes. For example, we may process information about how you use our Services in order to troubleshoot technical issues, predict service level demands and understand the features of the Services that are most popular.
Safety and Security
We process your information as necessary to ensure we offer safe and secure Services, including to detect and prevent fraudulent and other illegal behaviour.
Legal and Regulatory
We process your information as required for compliance with our legal and regulatory obligations. For example, we may need to share information with regulatory bodies or law enforcement.
We may send you updates, invites and marketing materials relating to the Services. If we do so, we will also collect information on your interaction with such communications.
6. Health Information
If you are a patient, due to the nature of the Services we provide, it is necessary that we process data concerning your health and medical history. To avail of the Services, you will be requested to provide a focussed dermatological clinical history as well as images taken by your Healthcare Professional. Such data shall only be processed based on your explicit consent. Your Healthcare Professional will ask for the consent when necessary and you can withdraw the consent at any time. If you wish to withdraw your consent, please contact us via the contact details at the bottom of this notice.
7. Our Legal Basis
In order to collect, use, share, and otherwise process your information for the purposes described in this notice, we rely on a number of legal bases, some of which are mentioned above, including where necessary for:
- Performing a contract we have with you, and to provide the Services;
- Consenting to process your personal data (in which case you may withdraw your consent at any time);
- Complying with a legal obligation;
- Protecting your vital interests, or those of others;
- Public interest;
- The purposes of AllView’s or a third party’s legitimate interests, for example for marketing, improving or developing the Services and keeping the Services safe and secure, provided that those interests are not overridden by your interests or fundamental rights and freedoms;
In addition to the above, when processing your health information (as described at section 6 above), we rely on your explicit consent as a legal basis for the processing.
8. Sharing your Information
While providing the Services, we share information with various third parties such as regulators (for example the Health Products Regulatory Authority or the Irish Data Protection Commission) or our service providers.
We do this based upon the legal bases and exceptions mentioned in section 7 of this notice.
Providing the Services
If you are a patient, we may share the information provided by you with a member of our consultant panel in order to provide the Services. We will share the results of your consultation with your Healthcare Professional.
Keeping our Services safe and Secure
We use your information in certain instances as necessary to pursue our and your legitimate interests of keeping some of our Services, such as our domains, websites, apps, offices and events, safe and secure. For example, we collect IP addresses and process log files to ensure our website and apps are not subject to fraudulent access.
Providing, Improving and developing the Services
We use your information as necessary to pursue our legitimate interests in tailoring and improving our Services.
Legal and Safety reasons
We may retain, preserve, or share your information if we have a good-faith belief that it is reasonably necessary to (a) respond, based on applicable law, to a legal request (e.g., a subpoena, search warrant, court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce any contracts we have with you; (e) prevent physical injury or other harm to any person or entity, including you and members of the public; (f) for regulatory compliance and investigations.
We may share your personal information to help us provide our services and communicate with you. Categories of service providers include IT software and hosting providers and records-storage companies. Where such third parties are processors, these third parties are contractually required to use it only to provide their service to us and are contractually barred from using it for their own purposes.
In instances where our business is subject to a re-organization, such as a merger or acquisition of some or all its assets, we may, in accordance with our legitimate interests, need to share information during the transaction. In such circumstances, your information may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status of the Company.
9. Data Transfers outside of the EEA
In certain cases, we need to transfer your information to recipients outside the European Economic Area (“EEA”), such as where it is necessary to provide legal services to our client and to perform our Terms of Engagement.
Where we transfer your information, we do so in accordance with EU data protection law. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your information. We may rely on different legal mechanisms to ensure the transfer is lawful. If the recipient is in a country that is not deemed ‘adequate’ by the European Commission, we may enter the ‘standard contractual clauses’ with the recipient. These are contracts that contain standard commitments approved by the EU Commission protecting the privacy and security of the information transferred.
Please note that the privacy protections and the rights of authorities to access your information in some of these countries may not be the same as in your home country. We will only transfer information as permitted by law.
For further information, including obtaining a copy of the documents used to protect your information, please contact us on firstname.lastname@example.org.
We may retain your information for as long as necessary in light of the purposes set out in this notice, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for AllView to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
11. Your Rights
You have a number of rights in relation to your information that we process. To exercise these rights, please contact us at email@example.com.
While some of these rights apply generally, certain rights apply only in specific circumstances. We describe these rights below.
You have the right to request access to your information that we control.
You have the right to request that some of your personal information that you initially provided to us is returned to you or another controller in a commonly used machine-readable format.
Rectify, Restrict and Delete
You have the right to ask us to restrict the processing of your information or to rectify or delete your information. Please note that despite a deletion request, we may continue to process your information if we have a legal basis to do so.
If we process your information based on our legitimate interests explained above, or in the public interest, you can object in certain circumstances. In such cases, where legally required to do so, will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing, you can always object using the unsubscribe link in such communications or by contacting us at firstname.lastname@example.org.
Where you have previously provided your consent, you have the right to withdraw your consent to our processing of your information at any time. For example, you can withdraw your consent to email marketing by using the unsubscribe link in such communications or contacting us at email@example.com In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
You have the right to submit a complaint about our use of your information with your local supervisory authority or the Company’s supervisory authority, the Irish Data Protection Commission.
12. Third Party Services
Our websites, domains and apps may contain links to other websites and services, which are managed and controlled by third parties. Please note that this notice does not apply in those cases, and we are not responsible for the privacy practices of such third parties.
13. Amending the Notice
From time to time, we may amend this notice. This might happen, for example, where we make changes to the Services. If we make material changes to the notice, we will take steps to notify you, such as by posting a notice on our website. The notice was last updated at the date indicated further below.
14. Contact Us
If you want to exercise your rights (described above), or if you have any questions about this notice, please contact us as follows: email: firstname.lastname@example.org, phone: +353 1 224 8100; address: AllView Healthcare, Suite 11-13, The Hyde Buildings, The Park, Carrickmines, Dublin 18, D18 YX22, Ireland.