Dear Sirs,
We are looking for novel methods in the field of dertmatology allowing for a consultation without physical encounter between doctors and patients, thus enabling to continue medical support even when a visit is not possible. At the same time, we are conducting a scientific research in this field. Below please find in detail, what data we are collecting, the rules, according which we are processing them and what purposes we are using them for.
What data are collected?
For the medical treatment and scientific research, we are collecting the following data:
- The photo series of the skin surface with your symptoms
- Your personal data: Name, email, phone, social security number
- Photos of your documents: social security card (first page), address card (first page)
- Data in connection with your symptoms
- Data in connection with your medical history, drug allergy and family medical history
- Data on previous treatment of your symptoms
A major part of this information is classified as “special personal data” according to the General Data Protection Regulation. Given the sensitive nature of these data, we are processing it with special care.
Who are we sharing your personal data with?
The application is developed and supported by Medinnoscan Kft. (1112 Budapest, Oltvány utca 42.). All employees of Medinnoscan Kft. with access to the application and the data processing within signed a confidentiality agreement and bear criminal liability for adhering to the data processing policy.
Your personal data is shared only with the doctor responsible for the treatment at the Department of Dermatology, Venereology and Dermatooncology at Semmelweis University (1085 Budapest, Mária u. 41.). Researchers will only be provided anonymized data, your personal information will not be shared with persons only conducting scientific research. Your personal data will not be disclosed to any third party, including (but not limited to) companies, other research institutes or universities. We only contact you if an administrative detail needs to be corrected.
Protection of your personal data
We have made the necessary and legally prescribed technical steps in order to protect your personal data and to avoid the loss of or illegal access to your data. These technical features provide an adequate security level for the processed data:
- Pictures created by photo shoots are stored encrypted on the mobile device, thus are not accessible to third parties even in the case of lost or stolen devices
- Photos, medical and personal data are uploaded to the central database on an encrypted channel, which is not accessible to any third party
- After upload, photos and data are erasd from the device, further reducing the risk in the event of an occasional device loss
- In the central database, detailed data access rules are applied, each and every user has only access to data that is necessary for its work
Data retention period
Your data are only stored for as long as it is necessary for the medical treatment or the scientific research.
If you withdraw your consent to treatment, all your data are erased from the computer system and our records within 72 hours following the receipt and processing of your consent withdrawal.
Your rights
According to the General Data Protection Regulation (GDPR) of the European Parliament and of the Council, you have the right to obtain access to the personal data held about you and to ask for incorrect, inaccurate or incomplete personal data to be corrected. If you would like to know which data of yours are processed, you may fill a Data Subject Access Request [DSAR] in writing. If you find your data incorrect, inaccurate or incomplete, you may ask us in writing to modify or complete your data.
You also have the right to have your data erased. If you consented to process your data, you are always entitled to withdraw this consent. In this case, your data will be erased without trace and audit trail from our computer system and our records (Withdrawal of consent does not affect the lawful nature of data collection and processing preceding the withdrawal).
You are also entitled to restrict and object to the processing of your data.
You are also entitled to receive your data in a machine-readable format and send it, or have it sent to another controller (“data portability”). You may fill a written request in this regard.
All written requests listed above shall be directed to Medinnoscan Kft. by mail. Your request will be processed in four weeks.
Supervising authority
You are entitled to submit a claim if you think your data is not lawfully processed. All claims shall be directed to the Data Protection Authority (DPA) of the relevant country, in Hungary to the Hungarian National Authority for Data Protection and Freedom of Information.
Amendments
We reserve the right to amend this Data Processing Policy, Amendments are entering into effect on the day of their announcement.