The protection of your personal data is a top priority at derma.run. The data you enter is transmitted in encrypted form and stored on protected servers. We will keep your data secure and take measures to protect your personal data from loss, access, misuse or alteration. Our employees and contractual partners who have access to your data are contractually bound to secrecy and compliance with data protection regulations.
When you call up our website, the following data is determined by your terminal device or the browser used and stored in a log file:
- IP address of the end device
- Date and time (incl. time zone difference to CET) of access
- Name and URL of the retrieved page/file
- The website from which you accessed our site (referrer URL) and the search engines you used to find our site
- Browser used, operating system of the end device
- Name of the Internet provider
- User click tracking on the website
We initially use this data for technical purposes in order to deliver the contents of our website to you and to ensure the secure operation of our services. Furthermore, we do use this data for statistical purposes so that we can trace which terminal devices with which characteristics and settings are used for visiting our website in order to optimise them if necessary. These statistics do not contain any personal data. If you are within the scope of the GDPR, the legal basis for the use of data for the compilation of statistics is Art. 6 Para. 1 f) GDPR.
The complete IP address will be stored for the purposes of detecting and preventing attacks (e.g. preventing access, spying on data, spreading malware (e.g. viruses) or other unlawful purposes) against the systems used for our website. Such attacks would impair the proper functioning of the technology, the use of our website or its functionality and the security of visitors to our website. We hereby pursue the legitimate interest of ensuring the operability of our website and to ward off illegal attacks against us and the visitors to our website.
If you are within the scope of the GDPR, you can execute your right to deletion, in this case the IP address of your terminal device will be deleted (by anonymization) if it is not needed for the recognition or defence of an attack.
Storage of user data
We store your user data exclusively on servers in the European Union.
Cookies are used for the operation of our website to ensure the technical functionality of our website and to understand how visitors use our website.
A cookie is a small text file that is stored on your terminal device by your browser when you visit our website. If you call up our website again later, we or the service provider can read out the respective cookie again.
Cookies are stored for different periods of time. A distinction must be made between so-called session cookies and temporary cookies. Session cookies are deleted from your browser when you leave our website or when you exit the browser. Permanent cookies are stored for the duration specified when they are stored.
You can set your browser to accept cookies at any time, but this may result in our website no longer functioning properly. You can also delete cookies yourself at any time.
- Technically necessary cookies, which are absolutely necessary for the use of the functions of our website. Without these cookies, certain functions could not be provided. These are session cookies.
- Analysis cookies that are used to analyse your user behaviour. For details please read the information on "Matomo".
- Permanent cookies that remain in operation even after the web browser has closed. We comply with the law that states that permanent cookies must be deleted after 12 months.
Most browsers used by our users allow you to choose which cookies to store and to delete (certain) cookies. If you limit the storage of cookies to certain websites or do not allow cookies from third party websites, this may result in our website not being able to be used to its full extent.
Here you will find information on how to adjust cookie settings for the most common browsers:
- Google Chrome (support.google.com/chrome/answer/95647?hl=en)
- Internet Explorer (https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d)
- Firefox (https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox)
- Safari (https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac)
Using Matomo and Google analytics to analyze the use of our website
For the compilation of statistics and evaluations, for the optimization and for the recognition of errors we use the tool Matomo; https://matomo.org. (this tool runs directly on our server and is operated by us) and Google Analytics technology.
With this processing we pursue the justified interest to improve our offer and to be able to operate stable. If you are in the area of application of the GDPR is legal basis of the processing art. 6 Abs. 1 f) GDPR.
In order to collect data, the tool uses a so-called "cookie". This is a small text file that is stored by your browser on your terminal device. By means of this cookie, the tool receives, for example, information about which pages you have visited, the duration of your stay on the pages, which country and city you are browsing from, technical data of the browser you are using and of the respective terminal device. The IP address of your terminal device is only processed anonymously. At no time does the tool create profiles to which we can assign certain users, but always uses pseudonyms.
To opt out from Matomo tracking, please click here.
Google Analytics uses “cookies” which are text files placed on your computer, to help the website analyse how you use the site. The information that is generated by the cookie about your use of our website (including your IP address) is transmitted to a Google server in the USA where it is stored. Google will use this information to evaluate your use of the website, to compile reports on website activity for its operators and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties as required by law or if said third parties process this data on behalf of Google. Google will never associate your IP address with any other data held by Google.
Third party websites
There might be third party websites connected with our website through hyperlinks or buttons including social media sites. When using any such websites, certain information may be collected by such third parties. This information may be subject to their privacy statements and terms and conditions. We encourage you to review third party privacy policies before making use of their websites.
If you send us a message via one of the contact options offered, we will use the data you provide to us to process your request. The legal basis for this is our legitimate interest in responding to your request. If you are in the area of application of the GDPR, the legal basis for the corresponding processing is Art. 6 Para. 1 f) GDPR. The data will be deleted if you execute your right to deletion. If we are obliged by law to store the data for a longer period of time, it will be deleted after expiry of the corresponding period.
In connection with your personal data, you are entitled in particular to the rights listed below. Please refer to the legal regulations for details. If you are within the scope of the GDPR, the GDPR is the legal basis.
Right to information
You have the right to request confirmation from us as to whether personal data relating to you will be processed by us. If this is the case, you have the right to be informed about this personal data and to receive further information. If you are within the scope of the GDPR, the legal basis is Art. 15 GDPR.
Right to rectification
You have the right to demand from us immediately the correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration - taking into account the purposes of the processing. If you are within the scope of the GDPR, the legal basis is Art. 16 GDPR.
Right to deletion
You have the right to demand that we delete any personal data concerning you immediately. We are obliged to delete personal data immediately if the corresponding requirements are met. If you are within the scope of the GDPR, the legal basis is Art. 17 GDPR.
Right to limitation of processing
Under certain circumstances you have the right to demand that we restrict the processing of your personal data. If you are within the scope of the GDPR, the legal basis is Art. 18 GDPR.
Right to data transferability
If you are within the scope of the GDPR you have the right under Art. 20 GDPR to receive the personal data relating to you which you have provided to us in a structured, common and machine-readable format and you have the right to transfer this data to another responsible person without hindrance by us, provided that the processing is based on consent in accordance with Article 6 Para. 1 a) GDPR or Article 9 para. 2 a) GDPR or on a contract pursuant to Article 6 para. 1 b) GDPR and the processing is carried out using automated procedures.
Existence of a right of appeal to the supervisory authority
If you are within the scope of the GDPR, Art. 77 GDPR gives you the right to complain to the supervisory authority without prejudice to any other administrative or judicial remedy. This right exists in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement if you are of the opinion that the processing of your personal data violates the GDPR.
Right of objection
You have the right to object to the processing of personal data concerning you, including processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
If you are within the scope of the GDPR, the legal basis is Art. 21 GDPR. The statement of objection then applies to personal data that is based on Article 6 paragraph 1 letters e or f of the GDPR Regulation.
How to submit a request
If you wish to exercise any of the above rights please send an email to firstname.lastname@example.org describing the details of your request.