Privacy Policy
Article 1: Purpose and Scope.
1.1 The Importance of Privacy Protection
At 247dermatologist, we value your privacy and the protection of personal data. This privacy statement is intended to provide you with clear and transparent information on how we, together with our dermatologists, handle your personal data within our platform. We also explain how you can exercise control over your data. We recommend that you read this privacy statement carefully before using our platform.
1.2 Scope
This privacy statement applies to all processing of personal data that takes place within 247dermatologist's platform. This includes the use of our application, website and all services we offer.
1.3 Laws and Regulations
Our processing of personal data is in full compliance with:
- The General Data Protection Regulation (AVG);
- Relevant European regulations on data protection and privacy;
- Applicable national legislation and executive orders, including guidelines issued by the Personal Data Authority.
1.4 Your Rights
You have the right to access, rectification, deletion, restriction of processing, data portability, and to object to the processing of your personal data. You can contact us at info@247dermatologist.com to exercise these rights.
1.5 Security of Data
We have taken appropriate technical and organizational measures to secure your personal data against unauthorized access, loss or alteration. For example, we use end-to-end encryption for all data transfers within our platform.
Article 2: Definitions.
For the purposes of this privacy statement, we use the following definitions:
- General Data Protection Regulation (AVG)
The Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, including subsequent amendments and relevant European implementing legislation. - Anonymous Data
Data that cannot (no longer) be linked to an identified or identifiable person and is therefore no longer considered personal data. - Data subject(s)
Natural persons, such as patients or dermatologists, whose personal data are processed within the 247dermatologist platform. - Cookies
Small text files stored on your device to enable website features, collect analytical data, or improve user experiences. - Third Party
Any party that is not a Data Subject, Controller or Processor under this Privacy Statement. - Dermatologist
A physician specialist in dermatology who is registered as a professional user on the 247dermatologist platform and provides dermatological care remotely. - Terms of Use
The terms and conditions applicable to the use of the 247dermatologist platform, as stated in the Terms and Conditions. - Pseudonymized Data
Personal data that has been processed in such a way that it cannot be linked to a specific person without additional information. This additional information is kept separately and secured to prevent re-identification. - Justified Interest
A legal basis for data processing that serves a legitimate interest, such as security or improvement of services, provided the impact on privacy remains minimal. - Personal Data Breach
A security incident that results in the destruction, loss, alteration or unauthorized access to or disclosure of personal data. - Patient
A natural person who registers as a user of the 247dermatologist platform to receive remote dermatological care. - Personal Data
Any information relating to an identified or identifiable natural person ("Data Subject"). - Privacy Statement
This privacy statement, which explains how personal data is processed within the 247dermatologist platform. - 247dermatologist-Platform
247dermatologist's digital platform, consisting of the mobile application, web application and publicly accessible website. - Processor
A party that processes personal data on behalf of and under the instruction of the Processor. - Processing
Any operation or set of operations involving personal data, performed with or without automated means, such as the collection, storage, consultation, disclosure or destruction of data. - Controller
The party who determines why and how personal data are processed. - Data Protection Legislation
All relevant European and national data protection and privacy regulations, including the AVG, sectoral codes of conduct and implementing acts.
Article 3: Categories of Persons Whose Personal Data Are Processed
At 247dermatologist, we process personal data of the following groups in accordance with our privacy statement and applicable laws:
- Patients
Natural persons who register on the 247dermatologist platform to receive remote dermatological care. Data processed include, for example:- Identifying information (such as name, date of birth);
- Contact information (such as e-mail address, phone number);
- Health-related data, including medical information, photos of skin problems and completed questionnaires;
- Payment information, if relevant to the provision of services.
- Dermatologists
Medical specialists in dermatology registered as professional users on the 247dermatologist platform to provide care to patients. Data processed include, for example:- Professional data (such as BIG registration number, AGB code);
- Identification and contact information (such as name, address, e-mail address, phone number);
- Login and user credentials to access the dermatologists dashboard.
- Website Visitors
Individuals who visit our website and, where applicable, use functions such as registration, contact forms or information requests. Data processed include, for example:- Technical data (such as IP address, browser information and cookies);
- Information provided through contact forms or other interactions with the website.
Limitation of Processing.
We only process personal data strictly necessary for:
- Delivering our services;
- Compliance with legal obligations;
- Improving our platform functionality and user experience.
Principles of Processing
The processing of personal data within these categories takes place on the following legal bases:
- Consent of the Data Subject;
- Execution of an agreement;
- Compliance with a legal obligation;
- Justified interest, such as improving our services and platform security.
Article 4: Use of Cookies
4.1 Application and Consent.
247dermatologist uses cookies to improve the functionality of our services, optimize the user experience and gain insight into the use of our website and application.
- Essential cookies, which are necessary for the operation of our website, are placed automatically and do not require consent.
- Optional cookies, such as advertising and analytics cookies (e.g. Google Ads or DoubleClick), are only set with your explicit consent via the cookie banner.
4.2 Transparency about Cookies
Upon acceptance of optional cookies, the following data may be processed:
- Ads and Remarketing:
- Data is used to tailor ads to your interests and show relevant content through platforms such as Google Ads.
- Remarketing can be used to reach you through other websites and social media.
- Web Analysis:
- Data is collected to analyze statistics about website usage. This helps us to continuously improve our website and services.
- Analysis tools such as Google Analytics are used, processing data anonymously whenever possible.
4.3 Your Options
You have the ability to manage or change your cookie preferences at any time. You can do this via:
- The Cookie Settings on our Website:
- Access to the cookie settings is possible through the link in the cookie banner or the privacy policy.
- Browser settings:
- You can block or delete cookies through your browser settings. Please refer to your browser manual for more information.
- Google Ads settings:
- If you have a Google account, you can manage your ad preferences through the Google Ads settings.
4.4 More Information
For more details on how we use cookies and how to manage your preferences, please see our Cookie Policy.
Article 5: Nature of Personal Data Collected.
5.1 Personal Data of Patients.
During the use of the 247dermatologist platform (mobile application and/or web), we collect and process the following categories of patient personal data exclusively for medical and administrative purposes, in accordance with Article 9(2)(h) of the AVG:
- Identification, administrative, contact and payment information:
- Details: First and last name, e-mail address, telephone number, address information (NAW), date of birth and, if required by law, citizen service number (BSN).
- Purpose: To identify patients, maintain contact, process payments and provide healthcare services.
- Health, genetic and biometric data:
- Details: gender, any allergies, pregnancy or birth control, diagnoses, symptoms, dermatological complaints, medical reports, medication use, treatments, medical background information and photos of dermatological complaints.
- Purpose: For medical diagnosis, treatment, and follow-up care. This data is processed only by authorized health care providers and is essential for providing quality remote care.
5.2 Personal Data of Dermatologists.
While using the 247dermatologist platform, we collect and process the following categories of personal data from dermatologists, in line with their professional role:
- Identification, administrative, contact and payment information:
- Details: First and last name, professional address, professional e-mail address, phone number, AGB code, BIG registration number, VAT number, and billing address.
- Purpose: Verification of authority, administrative processing, and professional communication within the platform.
- Biometric data:
- Details: Profile photo.
- Purpose: For identification and professional presentation within 247dermatologist's network.
5.3 Security and Sensitivity of Data.
- Security measures:
- All personal data is stored in an end-to-end encrypted environment.
- Access to this data is limited to authorized personnel and dermatologists, based on the need-to-know principle.
- Sensitive data:
- Processing of health and biometric data is necessary for medical purposes, as stipulated in Article 9(2)(h) of the AVG.
- Personal data of patients is never shared with third parties without explicit consent or legal basis.
5.4 International Data Transfer
If the platform operates internationally, personal data may be processed outside the European Economic Area (EEA). In such cases, appropriate safeguards are applied, such as:
- The use of Standard Contractual Clauses (SCCs) approved by the European Commission;
- Encryption of sensitive data during transmission and storage.
5.5 Transparency and Consent
- Consent to processing:
- Explicit consent is requested for the processing of sensitive data, such as medical photographs, unless the processing is necessary to carry out medical treatment or a legal obligation.
- Users are informed through clear and understandable statements in the application and during the registration process.
- Photographs and medical images:
- Photos are used for diagnostic purposes only and are stored encrypted.
- Permission for use is explicitly requested when uploading photos into the application.
5.3 Personal Data of Website Visitors
While visiting 247dermatologist's website, we collect and process the following categories of personal data:
- Category 5: Contact information
- Details: First and last name and e-mail address.
Article 6: Legal Basis and Purposes of Processing Personal Data
6.1 Legal basis
247dermatologist's processing of personal data is based on the following legal grounds, as stipulated in the General Data Protection Regulation (AVG):
- Consent:
- For optional cookies, marketing activities and certain specific data processing operations that require explicit consent.
- Users may withdraw their consent at any time through the cookie settings or by contacting us at info@247dermatologist.com.
- Execution of an Agreement:
- For services such as medical consultations, sharing diagnoses, and delivering personalized treatment plans.
- Without this data, 247dermatologist cannot provide the agreed services.
- Justified Interest:
- For purposes necessary to improve our services, secure our platform and perform anonymous statistical analysis.
- Here, the impact on your privacy is minimal and carefully considered.
- Legal Obligation:
- For compliance with legal obligations, such as the storage of medical data in accordance with the Medical Treatment Agreement Act (WGBO) and tax laws.
6.2 Explanation of Justifiable Interest
We process personal data based on legitimate interest in the following situations:
- Improving Service Delivery:
- Analyzing anonymized user data to make our services more efficient and user-friendly.
- Collect and implement feedback to match the needs of our users.
- Security of our Platform:
- Monitoring and preventing unauthorized access to our platform, including fraud prevention and improving our IT infrastructure.
- Anonymized Statistical Analyses:
- Performing analysis on anonymized data sets to gain insight into trends and patterns without identifying the individual user.
6.3 Purposes of Processing Personal Data.
The processing of personal data serves the following purposes:
- Medical Purposes:
- Diagnosis, preparation of treatment plans and follow-up medical consultations.
- Functional Purposes:
- Ensuring a smoothly functioning platform, such as registering accounts and providing access to medical consultations.
- Communication purposes:
- Contact users about their consultation, such as to request additional information or to share diagnosis.
- Legal Purposes:
- Complying with legal obligations, such as storing medical records for a legal period of time.
- Marketing purposes (with Consent):
- Offering personalized offers and running remarketing campaigns.
6.4 Your Rights Regarding the Legal Basis.
You have the right to:
- Request access to the data we process under the above legal grounds.
- Object to the processing of your personal data on the basis of legitimate interest.
- Withdraw consent for data processing based on consent, without affecting previous processing.
Please contact us at info@247dermatologist.com for more information about your rights.
Article 7: How we share your data
7.1 No Sale or Rental of Data
Your personal data will never be sold or rented to third parties. This is a fundamental tenet of our service and privacy policy.
7.2 Third Parties with whom we Share Data.
Your information may be shared with carefully selected third parties only to the extent necessary to provide our services or in accordance with applicable law. This includes:
- Service providers:
We share data with service providers who support us in the performance of our services, such as:- Hosting companies: For secure storage and management of data.
- Email service providers: For sending communications such as consultations and diagnostic results.
- Payment platforms: For processing payments and refunds.
- Advertising platforms (by permission only):
- We share data with advertising partners, such as Google Ads, only if you have accepted relevant cookies and marketing options.
- The data shared is anonymized and used for personalized ads and remarketing campaigns.
- Research institutions (anonymous data only):
- For scientific research, anonymized datasets can be shared without being traceable to individual users.
- Government agencies:
- In exceptional cases, we may be required to share data with government agencies, such as regulators or enforcement authorities, if required by law.
7.3 Transparency and Protection in Data Sharing.
- Contractual Protection:
We enter into processor agreements with all third parties with whom we share data. These agreements require third parties to:- To use the data only for the agreed purpose.
- Protect data according to AVG guidelines and our security standards.
- Not to share the data further without our prior consent.
- Security:
- All shared data is encrypted during transmission and storage to ensure that your data remains protected from unauthorized access.
- Information to Users:
- We provide clear information about the third parties with whom we share data in our privacy statement and cookie policy.
- Users can withdraw their consent to data processing through advertising platforms and optional services at any time through the cookie settings or by contacting us.
7.4 International Data Transfer
If data is shared with third parties outside the European Economic Area (EEA), we will ensure that:
- The data transfer takes place under approved safeguards, such as European Commission Standard Contractual Clauses (SCCs).
- Third parties meet equivalent data protection standards.
Article 8: International Data Transfer and Retention Periods.
8.1 Location of Data Storage
- Primary storage:
- Your personal data is primarily stored on secure servers in the Netherlands, which meet the highest standards of data protection.
- International processing:
- If your data is processed outside the European Economic Area (EEA), we take additional measures to safeguard your privacy. This includes the use of Standard Contractual Clauses (SCCs) approved by the European Commission and, where possible, additional technical and organizational safeguards such as encryption.
8.2 Retention period of Personal Data.
8.2.1 Personal Data of Patients.
Personal data of patients is kept according to the following guidelines:
- Account information:
- Are kept as long as the account is active and for five years after the account is closed.
- Medical records:
- Are kept as long as the account is active and for up to fifteen years thereafter, in accordance with legal obligations such as the Medical Treatment Agreement Act (WGBO).
- Cookies and marketing data:
- Are kept for up to 26 months unless you withdraw your consent earlier through the cookie settings.
- Extended deadlines:
- In specific cases, such as ongoing legal disputes or at the request of supervisory authorities, personal data may be kept longer.
8.2.2 Personal Data of Dermatologists.
- Professional data:
- Are retained as long as the account is active and for five years after termination of cooperation.
- Data such as BIG registration and AGB code are deleted as soon as they are no longer relevant.
- Profile photo and visibility:
- Are kept as long as the dermatologist is listed on the platform.
- Extended deadlines:
- Data may be kept longer in cases where required for legal or administrative purposes.
8.2.3 Personal Data of Website Visitors.
- Contact details:
- Are kept as long as the visitor is enrolled or for three months after an unanswered reminder for opt-in reaffirmation.
- Cookies:
- Data is automatically deleted after the retention period specified in the cookie policy, unless the visitor objects earlier.
- Extended deadlines:
- As necessary for legal purposes or at the visitor's request.
8.3 Removal and Destruction of Personal Data.
- General rules:
- Personal data will be deleted or destroyed within one year after the retention period has expired.
- Exceptions:
- Data may be kept longer if:
- This is required by legal regulations;
- It is necessary from a medical or ethical standpoint;
- It is of importance for the defense of legitimate interests of the patient or his relatives.
- Data may be kept longer if:
- Procedure:
- Deletion and destruction occur according to established internal protocols to ensure data security.
8.4 Retention of Anonymized Data.
- Use of anonymized data:
- Personal data that has been irreversibly anonymized is retained without time limit.
- This data is used for research, analysis and improvement of our services.
- No redirection possible:
- Anonymized data cannot be traced to an individual and is not subject to the limitations of the AVG.
Article 9: Security and Confidentiality
9.1 Technical, Administrative and Organizational Measures
247dermatologist and its affiliated dermatologists employ comprehensive security measures to protect personal data from loss, destruction, falsification, alteration, unauthorized access or disclosure, and any other form of unauthorized processing. These measures include:
- Technical Measures:
- End-to-end encryption of data transfer and storage.
- Use of firewalls, secure servers and access controls.
- Regular security updates and penetration testing to identify and mitigate vulnerabilities.
- Administrative Measures:
- Training of staff and dermatologists on data protection and safe handling of personal data.
- Strict access restrictions, with only authorized individuals having access to personal data.
- Organizational Measures:
- Compliance with internal protocols for data processing and incident management.
- Periodic audits to ensure that security measures remain effective.
Security Incidents:
In the unlikely event of a security breach involving personal data, 247dermatologist:
- Inform the Data Subject(s) and, if necessary, the Personal Data Authority in a timely manner.
- Provide a description of:
- The nature of the breach;
- The potential impact on the privacy of the Data Subject(s);
- Recommendations to mitigate potential negative impacts.
9.2 Secure Environment
The 247dermatologist platform provides a secure and controlled environment for both web use and via the mobile application. Security includes:
- Data transmission encryption with TLS (Transport Layer Security).
- Authentication via one-time passwords (OTP) on every login attempt.
- Automatic timeouts and session management to minimize unauthorized access.
9.3 Exclusion of Liability for Use by Third Parties.
Although 247dermatologist is committed to maximum security of personal data, we cannot be held liable for direct or indirect damages caused by:
- Improper or unlawful use of personal data by third parties.
- Unauthorized use resulting from negligence or improper use by the Data Subject.
9.4 Responsibility of the Data Subject
Each Data Subject, whether patient or dermatologist, has a responsibility to ensure the security of his or her personal account. This includes:
- Protecting login credentials: Carefully managing passwords and preventing unauthorized access.
- Device security: Using secure devices and avoiding accessing the platform over unsecured networks.
- Vigilance: Regular monitoring of account activity and reporting of suspicious activity.
9.5 Notification of Unauthorized Use.
If a Data Subject suspects or observes any unauthorized use of their account, this should be reported immediately via email to info@247dermatologist.com.
- Action upon notification: Upon receipt of notification, 247dermatologist will take immediate action to restrict access to the account, investigate the situation and take appropriate action to prevent further damage.
Article 10: Transfer of Personal Data.
10.1 Recipients of Personal Data
To the extent necessary to provide our services, the following categories of recipients may receive personal data from patients. All transfers are strictly regulated and comply with applicable laws, including the AVG:
- Support Staff:
- Employees, staff and/or appointees of the dermatologists, including other health care providers involved in the medical and organizational follow-up of patient care.
- Note: 247dermatologist is not liable for violations of professional confidentiality by dermatologists or their support staff.
- External Care Providers and Healthcare Institutions:
- Treating healthcare providers and healthcare facilities when necessary to ensure quality patient care.
- Data is shared only after patient approval, unless otherwise required by law.
- External (Sub)Processors:
- Parties such as IT service providers, cloud storage providers and data controllers engaged by 247dermatologist to process personal data.
- Guarantee: Sub-processors are contracted under strict processor agreements that comply with the AVG.
- Service providers:
- External service providers such as payment platforms, logistics companies and other operational partners involved in facilitating payments, communications or other services.
- Web hosting, Analysis companies and Research institutions:
- Service providers that assist in the operation and optimization of the platform, such as hosting providers, analytics companies (e.g. Google Analytics) and research institutions.
- Data will be shared in anonymized form whenever possible.
- Health Insurers and Government Agencies:
- Health insurance companies and other agencies, if required by law or with explicit patient consent.
- Examples include claims, verification of claims, and provision of data in fraud investigations.
- Insurers:
- Professional liability insurers of dermatologists or healthcare facilities, only if necessary for the defense or exercise of a right, and without the patient's consent.
- Government Agencies and Other Organizations:
- Government agencies, regulators or other legal bodies, if required by regulations, for example, in the context of surveillance, legal disputes or criminal investigations.
- Patients and their Representatives:
- Patients themselves or their legal representatives, within the confines of the law, for example, when accessing medical records or requests for information.
10.2 Exchange of Anonymous Data.
- In all cases outside the situations described above, only anonymous data will be shared with third parties.
- Use of anonymous data: These may be used for statistical analysis, scientific research or improvement of our services.
- Guarantee: This data cannot be traced to a specific person and therefore falls outside the scope of the AVG.
10.3 International Data Transfer
- If personal data is shared outside the European Economic Area (EEA), we will ensure that:
- This takes place under approved safeguards, such as Standard Contractual Clauses (SCCs);
- Third parties meet equivalent data protection standards as within the EEA.
Article 11: Rights of Data Subjects.
11.1 Right to Information
247dermatologist informs Data Subjects of the processing of Personal Data at the time of collection, as described in this Privacy Statement.
- Upon request, the Data Subject is entitled to inspect:
- The existence or non-existence of the processing of personal data relating to him/her.
- The specific personal data being processed and its origin, unless this right is restricted by law.
- The purposes, categories of personal data, retention periods and recipients of such data.
- Automated decision-making based on the data, including its underlying logic, importance and potential consequences.
11.2 Right of Access and Inspection.
The Data Subject has the right to access his/her personal data and its use by 247dermatologist and its affiliated dermatologists at any time.
- Access can be obtained by submitting a request at info@247dermatologist.com.
11.3 Right of Correction, Removal and Restriction.
- Correction and Addition:
- The Data Subject may have incorrect or incomplete personal data corrected or completed.
- Medical records may require approval from the attending dermatologist.
- Limitation of Processing:
- The processing of personal data may be restricted if the Data Subject suspects that it is inaccurate or unlawful, or if an objection to the processing has been raised.
- Removal:
- The Data Subject may request deletion of personal data unless:
- The data are needed to provide the services.
- There is a legal obligation to keep the data.
- The Data Subject may request deletion of personal data unless:
11.4 Right of Resistance
The Data Subject may object to the processing of personal data for serious and legitimate reasons, unless the processing is necessary for:
- Fulfilling a legal obligation.
- Performing a task in the public interest.
During the review of the objection, the Data Subject may request that the processing be suspended.
11.5 Right to Data Transfer
The Data Subject has the right to:
- Receive his/her personal data in a structured, common and machine-readable format.
- Transfer the data to another data controller, if technically feasible.
11.6 Right to Withdrawal of Consent.
The Data Subject may withdraw previously granted consent to the processing of personal data without adversely affecting previous processing operations.
- However, withdrawal of consent may affect the functionality of the platform.
11.7 Rights regarding Automated Decision Making and Profiling.
The Data Subject is entitled to:
- Explaining decisions based solely on automated processing, including profiling.
- Requesting not to be subject to such decisions if they have significant impacts.
11.8 Exercise of Rights.
The Data Subject may exercise his/her rights by contacting info@247dermatologist.com.
- Requests will be processed within one month, in accordance with the AVG.
11.9 Right to complain
- Complaint Procedure:
- Should you be dissatisfied with the processing of personal data, you may file your complaint at info@247dermatologist.com.
- If mediation does not provide a solution, the complaints officer will support you in taking the next step.
- Disputes Committee:
- 247dermatologist is affiliated with the Health Care General Disputes Committee.
- For more information on filing a dispute, see this link
Article 12: Questions, Concerns and Complaints
12.1 Contact with 247dermatologist
Data subjects may contact 247dermatologist for questions, comments or complaints regarding the protection of personal data or its processing. Requests to exercise rights, as described in Article 11, can also be submitted via:
- E-mail: info@247dermatologist.com
Treatment procedure:
- Upon receipt of a request, the Data Subject will receive an acknowledgement of receipt.
- 247dermatologist strives to provide a response within one month.
- If a request is complex or multiple requests are made, the response time may be extended to a maximum of three months.
- In that case, the Data Subject will be informed within the first month of the reason for the delay and the expected time of response.
- If a request cannot be granted (in full), the Data Subject will be notified in writing, explaining the reason and any follow-up steps.
12.2 Verification of Identity
To ensure that personal data is not unlawfully shared or altered, 247dermatologist:
- Id:
- In case of doubt about the identity of the applicant, additional information may be requested, such as:
- A copy of a valid ID (where sensitive information, such as the BSN number, can be masked out);
- Other data confirming identity, such as account information.
- In case of doubt about the identity of the applicant, additional information may be requested, such as:
- Refusal of requests:
- If the requester refuses to provide additional information or if the identity of the requester cannot be determined with certainty, 247dermatologist reserves the right to reject the request.
- The applicant will be notified in writing, including an explanation of the reasons and possible next steps.
12.3 Complaints and Mediation.
- Complaints at 247dermatologist:
- If a Data Subject is dissatisfied with the processing of his/her data or the handling of a request, a complaint may be filed at info@247dermatologist.com.
- The complaint will be handled by a complaint officer or other authorized employee.
- Mediation and Disputes:
- If a complaint is not handled satisfactorily, the Complainant may apply to the Health Care General Disputes Committee, as described in Article 11.9.
Article 13: Changes
247dermatologist reserves the right to change this privacy statement at any time. Any changes will be clearly communicated, for example through the platform or other usual communication channels.
Article 14: Applicable Law and Competent Court.
- Governing Law:
- This privacy statement and any disputes arising out of or related to the processing of personal data through 247dermatologist are governed by Dutch law.
- Any questions of interpretation, compliance with obligations, and disputes will be handled in accordance with applicable Dutch law, including but not limited to the General Data Protection Regulation (AVG) and relevant implementing legislation.
- Competent Court:
- Disputes arising from this privacy statement or the processing of personal data shall be brought exclusively before the competent courts in the Netherlands.
- If applicable, mediation or alternative dispute resolution prior to court proceedings may be considered, in line with Article 11.9 (Right of Complaint).