“iDerma PRIVACY NOTICE

PLEASE READ ME
Our commitment
We are committed to using your personal data to make your life easier and to help you improve your overall health and well-being. We will always keep your personal data secure and will never pass it on to third parties. We will tell you clearly and openly why we collect your personal data and how we use it. In cases where you have choices or rights, we will explain them to you and respect your wishes. We have written this privacy statement in plain language to explain to you how and why we use your personal data. We hope you find it clear and simple, but if you have any doubts or questions, please do not hesitate to contact us.

ABOUT US
Company
We are iDerma MB, the controller of the personal data we collect about you. We are registered in the Lithuanian Companies Register under number 305727266 and our registered address is the same as our postal address.
We provide online clinic, consultation, treatment and prescription services for a limited number of medical problems, mainly for patients in Europe.

CONTACT US
Each of our clinics has designated Data Protection Officers, so if you have any questions about this privacy notice or data protection in general, or if you wish to exercise your rights, please contact our Data Protection Officer (DPO) in the individual countries or our general data protection partner contacts:
Email : info@iderma.lt
Phone: +370 67070822

Personal data we collect about you
We may collect and use different types of personal data about you based on our relationship with you. The personal data we collect or may collect in the course of providing services to you may include special categories of data that are of a sensitive nature.

Table of personal data we collect
Personal data
Where the data comes from
Identity and contact details, for example:
your contact details, such as your email. postal address and telephone number;
your identity data, such as your name and referrer;
the country where you live;
Gender;
consultation information;
family medical history;
health data;
registration details;
Date of birth;
information about any contact you have had with us, such as complaints or incidents;
information about how you use our products and services.
When you contact us, book a consultation, reply to our messages, ask for our help, communicate with us via email, or contact us, we ask you to contact us. email or share additional information about yourself when you use our services, subscribe to our services or register to receive them. We may collect certain data that can be used to identify you, to contact you, to ensure that we book you in for a consultation of the right type and duration, or that we need for administrative purposes and for the performance of our contract with you.
User data, including for example:
Information about you, such as your login information and email address, which is encrypted, as well as information about your purchases and preferences, which (information) we collect during your session on our platform
the resources you use, including the pages on our website that you view, information about your visit, including the links you click on our website, or the location from which you log in to your account.
We may collect information from you when you use our website and when you connect to our services and applications.
Device data, for example:
IP address;
login information;
browser type and version;
time zone provisions;
Types and versions of browser plug-ins;
operating system and platform;
traffic;
location data;
data, logs, text, sound, images;
unique device identifier (e.g. UDID, IMEI address).
We may collect information from you when you use our website and when you connect to our services and applications.
Registration details, for example:
name, surname;
el. postal address;
postal address;
phone number;
user code;
IP address.
We may collect certain data from you when you subscribe to our service or register to receive it, which may be used to identify you, contact you, or which we need for administrative purposes or to perform a contract with you.
Consultation data such as:
name and other identifying information
family medical history;
health data;
Gender;
Age;
contact with the person booking the visit.
Information provided by other persons on your behalf
If someone books a consultation on your behalf, we will ask that person for basic information about you, which may include certain health details such as whether you have a family history of diabetes or glaucoma. This is needed to schedule you for the right type and duration of consultation. When you come in for a consultation, we will check that the information you have given us is correct.
Financial or economic data, for example:
bank account;
the results of any credit history checks we carry out on you.
Information we collect when you make payments
Details of payments you make to us when you purchase our services.
Forum data such as:
Feedback;
Comments;
uploaded information and other content;
username.
The data you provide through our forum
The personal data you upload to the Forum will be visible to other users of the Forum. We recommend that you protect your anonymity and information so that you do not allow others to identify you.
Application details
Identity and contact information;
CV;
information on past and present jobs;
recommenders;
nationality and immigration status, passport and other identification and immigration information, including copies of right-to-work documents.
Personal data you have provided to us
The data you provide when you apply for a job with us, register your interest in a job with us or apply for potential jobs.
Analytical data such as:
information such as which website you visited before visiting our website and other statistics related to our products and services.
Our servers automatically collect certain information about the use of our website and our products and services.

Data from third parties:
identity information;
contact details;
health data;
your areas of interest and preferences.
Information we collect about you
We may collect or receive data about you from service providers and other third parties, such as our customers, professional advisors, content providers, government authorities and public sources and archives.
We may collect or receive data about you from a family member or other person representing you.
We may collect or receive data about you from doctors, other clinic staff and healthcare professionals, hospitals, clinics and other healthcare providers.
We may collect or receive data about you from any service providers who work with us to provide products or services to you.
We may collect or receive data about you from organisations that carry out customer satisfaction surveys or market research on our behalf, or that provide us with statistics and other information (for example, about your interests, purchases and household type) to help us improve our products and services.
We may collect or receive data about you from fraud detection and credit bureaus and publicly available sources, such as the edited electoral register or social networks.
We can get information from advertising agencies.
Data that we receive through technology from entities such as Google.
Social networks
Your username and any other content you disclose in your comments; questions or feedback about us.
Information we collect about you
We may collect your social media username if you interact with us on those channels so that we can better respond to your comments, questions and feedback.
Your behaviour, choices and interests
Information we collect about you
We also collect data about your interactions with us over the phone, online and when you use our websites and apps.
Health data, for example:
information about your illnesses, medical problems, medical purchases and prescribed medicines;
information about your physical and mental health, including genetic information and biometric information (we may obtain this information from your completed application forms, notes and reports about your health and any treatment or care you have received or need, and it may also be retained as details of any contact we have with you, such as information about complaints or incidents, and reports of medical services you have received);
information about your race, ethnicity and religion (we may get this information from your medical preferences so we can provide more tailored care).
This information may come from you, your career, your GP or medical records that you have provided to us through our services.
Details noted during your consultation
This could be:
data from any visits to your GP;
details of any scans, X-rays and pathology tests;
details of any diagnoses and treatments given;
details of any long-term health problems and complaints;
data about your health, treatment and care, and other relevant information from health professionals, care providers or relatives who care for you;
information on any allergies;
correspondence with other health and social care professionals who provide services to you.
You provide this data to your doctor during your visit, when a detailed analysis of your condition is carried out to help your doctor determine whether and which medicines to prescribe that you can safely take.

HEALTH DATA
Before prescribing medicines, we will ask you some questions about your health to check that the medicines we prescribe are suitable for you. We understand that your health data is sensitive and we will only use it to provide you with our services and, if you choose to use them, those of our partners.

SERVICE-RELATED CONTACTS
We can contact you by email. by post or telephone in relation to our services, so please ensure that you are happy with the information you have provided to us in your email. the security and privacy of your email account.
You can manage your communication preferences in your user account.

WHAT HAPPENS IF YOU DO NOT PROVIDE US WITH YOUR PERSONAL DATA
Where we need your personal data to provide our services to you and you are unable or unwilling to provide it to us, we are unlikely to be able to provide those services to you.

HOW AND WHY WE USE YOUR PERSONAL DATA
We need to use your personal data to provide our services to you.
If we need to use your personal data for an unrelated purpose, we will notify you of this and explain the legal basis that allows us to do so.
We must have a reason (lawful basis) for processing your personal data.
A summary of the legal grounds on which we rely is set out in our ‘Legitimate Grounds’ table.

Table of lawful basis for processing
Legal basis
Description
Example
Contract
Treaty enforcement. We use your personal data on the basis that it is necessary for us to provide our services and products to you.
When you register with us, our service contract comes into force.
As part of our service to you, we administer your account and accept payment.
To process your consultation requests.
When we process any transaction, we respond to your queries, refund requests and complaints. The processing of the information you provide to us allows us to respond to you efficiently. We may also keep an archive of these requests to inform any future communications between us and to show how we have been communicating with you over time.
To fulfil card payment requests.
Delivering the products and services you buy from us in physical or electronic form.
Legitimate interests
We protect personal data for our legitimate business interests. It’s about managing our business so that we can provide you with the best services or products and the safest experience.
Where we rely on this point as a legal reason for using your data, we will assess the legitimate interests to ensure that any potential impact on you (both positive and negative) and your rights under data protection law are considered and balanced.
Our legitimate business interests do not automatically override your interests – we will not use your personal data if it affects you unless we have your consent or are legally able to do so.
We process your data to protect you from fraud when you make transactions on our website and to ensure that our websites and systems are secure.
To manage our relationship with you, our business and third parties who provide products or services to us.
When we respond to your queries and complaints.
In order to provide you with the best possible online experience, we collect technical information about your computer or device, your internet access and browser, as well as the country where your computer or device is located, your IP address, the web pages you viewed before visiting our website, the advertisements you clicked on, any search keywords you entered on our website, and other information about your visit and your use of our website.
When we store your product feedback – for example, when you buy goods or services from us and we ask you about your experience to help us measure customer satisfaction.
To ensure that our marketing is tailored to your interests, to keep your data up-to-date and to provide you with a marketing experience as permitted by law,
When we measure the effectiveness of our ads, conversions and other social media campaigns to optimise them on platforms such as Facebook, Instagram, Messenger and WhatsApp.
For statistical research and analysis to monitor and improve our products, services, websites and applications or to develop new ones.
Contacting you about our market research.
In enforcing or adapting our website terms of use, our policies and terms and conditions or other agreements.
Exercising our rights, defending ourselves against lawsuits and complying with the laws and regulations that apply to us and the third parties we work with.
When you place an order on our website, we carry out identity and anti-money laundering checks by validating the personal data you have provided to us against relevant third party databases. This includes sharing your personal data with organisations that, for example, check such information and transactions and investigate cases that may indicate illegal activity. This may in some cases include disclosing data to a credit bureau, which will store such data and may pass it on to the police.
Legal obligations
We may use your personal data to comply with the law (for example, if we have to cooperate with a police investigation because we are ordered to do so by a court order).
To prevent or detect fraud or criminal activity, we may share data with authorities such as the police. This is done in a safe way. You may not be notified.
For accounting and tax purposes. We provide clinical and healthcare services, so we need to share a certain amount of personal data in order to comply with requirements and legal obligations.
Enforcing applicable laws, for example, by responding to a request from a court or a regulatory authority, where such requests are made in accordance with the law.
Consent
We may ask for your consent for the use of personal data, for example for the collection and use of sensitive data, or if we want to provide you with direct marketing content from us or other entities via email. by post, letter or phone/SMS message.
Where we process your personal data on this basis, you have the right to withdraw your consent at any time by contacting us.
General marketing of our products and services.
Collection of sensitive data.
When we get your consent to share information about your treatment with your GP and/or healthcare team.

Additional lawful basis required for health data
YOUR HEALTH DATA
Your health data is personal data that needs more protection because it is sensitive data, so in addition to the legal grounds set out in the table of lawful grounds for processing above, we must also have an additional lawful reason for processing your health data, which we set out below.
Processing is necessary for the provision of health care or treatment
We help people with disabilities or medical problems.
When you book a consultation with our doctors so they can examine and treat you.
When we prescribe medicines and/or other medical products for you.
It is essential that the public is protected from dishonesty, medical malpractice or other grossly inappropriate behaviour.
For example, investigations based on safety concerns raised or on instructions from the regulator (for example, if the Care Quality Commission reports a problem to us).
Public interest
This is done in the public interest, in accordance with any applicable laws.
Express consent
As a matter of good practice, we will only ask for your permission to process your personal data if we have no other legal reason to process it.
If we have to ask for your permission, we will make it clear that we are asking for it and ask you to confirm your choice to give us this permission.
If we cannot provide a product or service without your permission (for example, we cannot carry out iDerma MB’s activities without your health data), we will make this clear when we ask for your permission. If you subsequently withdraw your authorisation, we will no longer be able to provide you with the products or services that require your authorisation.

CHILD DATA
We do not want to collect personal data from persons under the age of 18 and allow them to provide us with their personal data without the consent of a parent or guardian. If we become aware that we have collected personal data from a person under the age of 18 and we do not have the consent of a parent or guardian, we will delete that data as soon as possible.

SHARING PERSONAL DATA
Do you share my personal data?
Sometimes we share your personal data to get help to run our business, deliver medicines, administer programmes or services, or when we are legally obliged to share information.
We require all organisations with whom we share your personal data to respect the security of your personal data and to process it in accordance with the law.
We will not sell, rent or lease your personal data to any third party.
Who we share personal data with:
with our group companies, business partners, our employees, consultants, agents and professional advisors;
with the courts, government and regulators;
with third parties from whom we purchase certain services, such as couriers, IT system or software providers, IT support service providers and document and data storage providers;
with third-party service providers that help us perform customer insight analytics, such as Google Analytics and Facebook;
other service providers who help us optimise our social media campaigns on Facebook, Instagram, Messenger and WhatsApp;
with third-party service providers who help us to collect customer feedback about our platform, such as. Opineo, evertink
with other organisations for protection against fraud or criminal activity and investigations;
with anyone else, if we have your permission.

Do you share my personal data abroad?
Your data may be transferred to and stored in locations outside the European Economic Area (EEA), including countries that may not have the same level of personal data protection requirements.
In doing so, we will ensure that an appropriate level of protection is maintained and that the transfer is carried out in compliance with data protection laws. Often, this protection is specified in the contract with the organisation that receives the data. For more information on this protection, please contact us.

HOW YOU STORE MY PERSONAL DATA
We use different ways to keep your data safe, for example:
encryption of data transmissions using SSL protocols;
encrypting databases and not showing users’ passwords;
internal data access procedures, restricted to authorised personnel only;
anti-virus software.

Staff
We require our employees and anyone else who carries out any work on our behalf to adhere to appropriate compliance standards, including obligations to protect any data, and to have appropriate measures in place for the use and transfer of data.

Procedures
We have established procedures in case of any suspected data breach. We will notify a suspected data breach if we are legally required to do so.

The frontier of our information infrastructure
However, we have no control over what happens between your device and the boundary of our information infrastructure. You need to be aware of the many information security risks that exist and take appropriate steps to protect your data.

MARKETING
We may use your personal data for marketing
We may use your data to provide you with information about our products and services and those of our partners and other relevant third parties. We may send you marketing messages, such as emails. by post. You can manage your preferences for marketing-related communications in your user account.

If you do not wish to receive marketing information
You can change your mind about how you want to receive marketing messages at any time, or choose to stop receiving them. To make such a change, please email us. by email describing your preferences, or use the “unsubscribe” function in the emails we send you. in letters.

We may use personal data for market research
We may use your personal data to conduct market research and identify trends. The market research agencies that represent us can contact you by post, phone, email, phone, email. by mail or other means of communication and invite you to take part in the study. If you are contacted for a market study, you are not obliged to participate. If you tell us that you do not want to be contacted about market research, we will respect this choice.

DATA SUBJECT RIGHTS
Under data protection laws, you have a number of rights which depend on our reason for processing your data. More information about your rights under the GDPR

Table of your rights as a data subject
YOUR RIGHTS AS A DATA SUBJECT
Right to be informed. We are legally obliged to provide you with concise, transparent, understandable and easily accessible information about your personal data and how we use it. We have written this notice for that purpose, but if you have any questions or would like more specific information, you can contact us.
Right of access. You have the right to ask us for copies of your personal data. This right applies at all times. There are some exceptions, which means that in some cases you may not get all the information. In most cases, this service will be free of charge, but we may apply an administrative fee in certain exceptional circumstances, such as repeated requests for additional copies. Please contact us if you wish to exercise your right to access.
Right to rectification. You have the right to ask us to correct your data if you think it is inaccurate – please contact us. You also have the right to ask us to complete your data if you think it is incomplete. This right always applies. Contact us.
Right to erasure. In certain cases, you have the right to ask us to delete your personal data – please contact us. We have the right to refuse your request for erasure if we process personal data for one of the following purposes:
exercising their right to freedom of expression and information;
to fulfil a legal obligation;
in the performance of a task carried out in the public interest or on the instructions of an official authority;
for archiving purposes in the public interest, scientific research, historical research or statistical purposes;
to enforce legal judgments or defend themselves against legal claims.
Right to restrict processing. You can ask us to stop processing your personal data by contacting us. We will keep the data, but will no longer process it. This right is an alternative to the right to erasure. You may exercise your right to restrict processing if one of the following conditions applies:
challenging the accuracy of personal data;
the processing of personal data is unlawful;
we no longer need the personal data to process them, but the personal data is necessary for part of the legal process;
the right to object has been exercised and processing is restricted pending a decision on the status of processing.
Right to object to processing/right to withdraw consent. In certain cases, you have the right to object to the processing of your data by contacting us. You can also object if the processing is carried out for a task carried out in the public interest, you have been given the right to do so by an official authority, or it is in your (or a third party’s) legitimate interests.
Right to data portability. This right only applies if we process the data on the basis of your consent or for the performance of a contract and the processing is carried out by automated means. Contact us.
The right of the data subject not to be the subject of a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her. Contact us.

Exercising your rights
In most cases, you don’t have to pay to exercise your rights.
If you want to exercise your rights, or for more information on how to exercise them, please contact us and we will get back to you within one month. It would be helpful if you could provide us with sufficient information to establish your identity and the date to which your request relates, including any relevant details or dates.

HOW LONG WE KEEP PERSONAL DATA
We will keep your personal data for no longer than is necessary to fulfil the purposes for which we collect it, including to satisfy any legal, accounting or reporting requirements and within the time limits set by our criteria.

Our criteria
How long you have been our customer, which of our products or services you use and when you will stop being our customer.
How long is it reasonable to keep the archives to prove that we have fulfilled our obligations to you and legal requirements?
Any time limits for filing a complaint.
Any retention periods established by law or recommended by regulatory authorities, professional bodies or associations.
Any related legal proceedings that apply.

WE USE COOKIES
We collect certain data automatically and store it in log files. We sometimes collect data about the behaviour of our visitors during their visits to our website in order to provide better customer service, improve the quality of the experience on our website, or tailor advertising. For more information on what cookies we use and how we use them, please see our Cookie Notice.

HOW YOU CAN MAKE A COMPLAINT
We hope to be able to resolve any queries or concerns you may have about how we use your data. Therefore, please contact us first. All complaints will be handled confidentially and we will make every effort to resolve your problem.
You have the right to lodge a complaint with a supervisory authority in the UK or EEA Member State where you work or habitually reside, or where any alleged data protection breach occurred.

LINKS TO OTHER WEBSITES
Where we provide links to other organisations’ websites, this Privacy Notice does not determine how that organisation processes personal data. We do not control such third party websites and are not responsible for their content or privacy policies. We encourage you to read the privacy policy of each website you visit.

SOCIAL NETWORKS
Our app and websites contain social networking features and links, such as icons, that lead to your iDerma MB account on that particular network (for example, our Twitter profile). These features may collect your IP address and information about which page of our website you are visiting, and may also use a cookie to make the feature work properly. Social networking features and controls are published either by another company or directly on our website. Your interaction with these features is set out in the privacy notice of the company that provides them.

AMENDMENTS TO THIS DOCUMENT
We review this document regularly to make sure it is up-to-date and accurate. We encourage you to review this website regularly to be aware of any updates or changes to our privacy notice.

IF YOU NEED EXTRA HELP
If you would like to receive the privacy notice of this website in another format (e.g. audio, large print, Braille), please contact us.