Privacy Policy

Contact Forms and Support Requests (via E-Mail Service Provider)

If the user contacts SQIN or IQONIC services, the Provider’s e-mail service provider – Google, represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – processes the contact details as well as the content of the request.

Requests via e-mail and contact form may involve communications and contract data as well as user history. In addition, inquiries regarding the Provider’s apps that are submitted via the app store’s contact form are received by the Provider by e-mail. The data provided will be treated confidentially. The data provided and the message history with the Provider’s customer service are stored for follow-up questions and future contact.
Insofar as the user contacts the Provider by e-mail or via a form, the Provider uses the personal data transmitted by the user on the basis of legitimate interests, exclusively to answer the user’s inquiry.
SQIN and IQONIC have concluded a data processing agreement with Google Ireland for processing data on their behalf. Google Ireland stores and processes personal data strictly in accordance with the Provider’s instructions. This may also take place outside the territory of the EU or the EEA, in particular in the USA. Where processing takes place in the USA, it is carried out on the basis of the EU Standard Contractual Clauses. Requests for deletion of the user profile and newsletter unsubscribe requests submitted via our contact channels are stored by the Provider in its in-house systems to be able to trace and demonstrate that the user’s request was successfully processed (accountability obligation). The users’ data (e-mail address, name, and username) are deleted from the Provider’s system no later than one year and one month thereafter. In the case of newsletter deletion requests, a connection to the user’s account can be established via the in-house system if the request concerns the user’s registration address. In the case of requests to delete a user account, no link to the user’s account can be established. The data are stored in the system protected against unauthorized access and are not passed on to third parties.
Withdrawal / Opt-Out option: Customer inquiries from the user are deleted after 5 years or upon direct withdrawal to .
If and to the extent that data associated with users’ e-mail inquiries can still be used and must still be used for purposes that have not yet expired at the time of the intended deletion, the data records will be blocked or restricted to certain processing purposes instead of being deleted. This is particularly the case for legally mandatory retention obligations, such as under applicable commercial and tax regulations. These can be up to 10 years (see Section 147 (3) of the German Fiscal Code).

Data Processing in AI-Supported Processes
Purposes
If, when registering your user account or in your account settings, you have consented to processing in connection with the research of AI-supported teledermatological assessment, we use the photos you upload and the medical history questionnaires you complete to research an artificial intelligence that can support teledermatological assessment. This can help skin diseases be recognized faster and more effectively, enabling future patients to receive quicker and better assistance. We thank you for your support and trust if you consent to this processing. Your data will not be disclosed to third parties, but will be processed under strict confidentiality and the highest security requirements by an experienced IT laboratory commissioned by us for research purposes. Your data are processed exclusively in Germany.
Data Types
For the research of an AI-supported teledermatological assessment, we process the photographs you upload and the medical history questionnaires you complete.
Legal Basis
The legal basis for this processing is your consent pursuant to Art. 9 (2) (a) GDPR.
Storage Period
We use the above data relating to you for the research of an AI-supported teledermatological assessment until you withdraw your consent.
Recipients
We use a server located in Germany to provide the database of our app and to store your doubly encrypted patient record.
The research of an AI-supported teledermatological assessment takes place exclusively in Germany under strict confidentiality and the highest security requirements in an IT laboratory specialized in AI research.
Your Right to Withdraw Consent
You have the right to withdraw your consent to the processing of the above data for the purpose of researching an AI-supported teledermatological assessment. You can do this by logging into our system and deactivating “Product Development” in the account settings under “Product Development.” The lawfulness of processing carried out on the basis of your consent before withdrawal remains unaffected.

Data Processing for Newsletters
Purposes
Our newsletters are intended to provide you, in addition to news from SQIN and IQONIC, with recommendations and information in the field of skin analysis as well as on everyday life topics.
Data Types
Providing an e-mail address is sufficient to receive the newsletter. We process the time of your newsletter sign-up and the IP address entered by your Internet Service Provider (ISP), which we convert into an anonymized user identifier. This serves to determine if someone has misused your e-mail address to sign up for the newsletter.
Legal Basis
The legal basis for this processing is your consent pursuant to Art. 6 (1) (a) GDPR.
Storage Period
We use your e-mail address to send our newsletter until you withdraw your consent.
To fulfill our accountability obligation under data protection law pursuant to Art. 5 (2) GDPR, we retain a deletion log of the removal of your e-mail address for up to three years. The legal basis for this is compliance with our legal obligation pursuant to Art. 6 (1) (c) GDPR.
Recipients
We use a German processor with servers located in Germany to provide our e-mail server.
We use a server located in Germany to provide our system database.
As part of our newsletter delivery, we analyze your user behavior. This evaluation serves the needs-based design and continuous optimization of our newsletter.
Data Types
The following data types are processed:
– E-mail reading and click behavior (open rate and click-through rate within the newsletter),
– The type of device used (desktop, tablet, mobile phone),
– Whether you are a user or patient of our system,
– The time and date of your access to specific newsletter e-mails,
– Number of cases submitted in the system,
– The redirect URL (i.e., which websites linked in the newsletter you open via the newsletter).
Legal Basis
The legal basis is our legitimate interest pursuant to Art. 6 (1) (f) GDPR in providing you with an effective and user-friendly newsletter (i.e., personalized direct marketing).
Storage Period
We store the above data until you withdraw your consent, i.e., unsubscribe from our newsletter.
To fulfill our accountability obligation under data protection law pursuant to Art. 5 (2) GDPR, we retain a deletion log of the removal of your e-mail address for up to three years. The legal basis for this is compliance with our legal obligation pursuant to Art. 6 (1) (c) GDPR.
Recipients
We use a German processor with servers located in Germany to provide our e-mail server.
We use a server located in Germany to provide our app’s database.
Your Right to Object
Pursuant to Art. 21 GDPR, you have the right to object to the above processing of your personal data if reasons arise from your particular situation or if your objection is directed against direct marketing.

Data Processing for Review Requests
Purposes
To ask our existing customers for reviews, you will receive a one-time review request from us after each treatment. This serves to improve our services based on your evaluation.
Data Types
For sending the review request, we process your e-mail address that you provided when registering in our “SQIN” system and the IQONIC services.
Legal Basis
The legal basis is our legitimate interest pursuant to Art. 6 (1) (f) GDPR in improving our service based on your review, i.e., carrying out personalized direct marketing.
Storage Period

We use your e-mail address to send our review requests until you object to our use of your e-mail address for the purpose of sending direct marketing.
In the event of deletion of your user account, we delete your e-mail address and no further direct marketing will be sent to you.

Recipients
We use a server located in Germany to provide the database of our app and to store your doubly encrypted patient record.

Data Processing for Direct Mailings

Purposes
To keep our existing customers informed about our offers and services, to provide them with valuable content, and to request reviews, you will regularly receive an information letter from us. In this context, we analyze your user behavior. This analysis serves to tailor the information letters to your needs and to continuously optimize both our mailings and our services.

Data Types
The following data types are processed:
– E-mail reading and click behavior (open and click rates within the customer information letters),
– The type of device used (desktop, tablet, mobile phone),
– Whether you are a user or patient of our system,
– The time and date of access to newsletter e-mails,
– The redirect URL (i.e., which websites linked in the information letters you open).

Legal Basis
The legal basis is our legitimate interest pursuant to Art. 6 (1) (f) GDPR in carrying out personalized direct marketing.

Storage Period
We remove your e-mail address from our direct marketing distribution list once you object to our use of your e-mail address for this purpose.
To comply with our accountability obligation under data protection law pursuant to Art. 5 (2) GDPR, we retain a deletion log of the removal of your e-mail address for up to three years. The legal basis for this is compliance with our legal obligation under Art. 6 (1) (c) GDPR.

Recipients
We use a German processor with servers located in Germany to provide our e-mail server.
We use a server located in Germany to provide the database of our system.

Your Right to Object
Pursuant to Art. 21 GDPR, you have the right to object to the above-described processing of your personal data if reasons arise from your particular situation or if your objection is directed against direct marketing.

Data Processing via Contact Form

Purposes
Through our contact form within the system, you can contact us at any time if you have questions about the use of our system, while logged into your user account.

Data Types
As part of your inquiry, we process your user ID, your case ID, and the content of your request. Further details may be provided voluntarily.

Necessity
Processing your user ID and, where applicable, case ID is necessary for handling your inquiry and assigning it to your patient record. If you submit your inquiry via the system’s contact form, this information is automatically transmitted to us.

Recipients
We use a server located in Germany to provide our app.

Contact by Phone or E-Mail

Purposes
Via the e-mail addresses and telephone numbers listed on our website, you may contact us. Do not use this communication channel to transmit health data to us.

Data Types
To handle your inquiry, we use the e-mail address or telephone number you provide. Further information is only collected directly from you if it is necessary and relevant for answering your inquiry and you provide it voluntarily.
Do not use this communication channel to transmit health data to us.

Legal Basis
Processing for the purpose of contacting us is carried out to perform a contract with you or to take pre-contractual measures at your request pursuant to Art. 6 (1) (b) GDPR.

Necessity
Processing your e-mail address or telephone number is necessary for handling your inquiry and to enable us to contact you in this context. If you do not provide this data, we cannot process your inquiry.

Storage Period
If contact takes place in the context of a treatment contract, we retain your information as part of your patient record for ten years in accordance with §§ 630a ff. German Civil Code (BGB). Otherwise, the data you provide are deleted once your inquiry has been resolved.

Recipients
We use a German processor with servers located in Germany to provide our e-mail server.

Data Processing in Connection with Meta

Purposes
We use Facebook Pixel for advertising purposes and to optimize our campaigns. We use this tool to display ads on Facebook and Instagram to people who have visited our website or shown interest in certain topics. By analyzing your user behavior, we evaluate the effectiveness of our Facebook and Instagram campaigns and adapt them to user interests.
Through our use of Facebook Pixel, Facebook is informed when you click on one of our ads on Facebook or access the corresponding page of our website.
Facebook provides us with the collected data in anonymized form so that we cannot personally identify you or draw conclusions about your identity.

Data Types
If you consent to marketing analysis within our system, the following data about you will be collected:
– Your access time and location to our system,
– Whether you are actively using our system,
– Whether you are a returning user of our apps,
– Your demographic data (gender, age group, interests),
– The language, device model, and device type you use (e.g., iOS or Android).

If you have a Facebook or Instagram account, these data will be linked to your respective account.
If you do not have a Facebook account, Facebook stores your IP address and other identifying characteristics.

Legal Basis
The legal basis for this processing is your explicit consent pursuant to Art. 6 (1) (a) GDPR. You provide this consent via our cookie banner by selecting and agreeing to the category “Marketing Analysis.”

Storage Period
The storage period is limited to 24 months.

Recipients
Facebook Pixel is a product of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Facebook acts as our processor, and we have concluded a data processing agreement pursuant to Art. 28 GDPR with Facebook. The legal basis for this transfer is the EU Standard Contractual Clauses under Art. 46 GDPR. Information on the appropriate or suitable safeguards Facebook provides for third-country transfers can be found here [link] and here [link].

Your Right to Withdraw Consent
You can withdraw your consent to processing for user behavior analysis in our web app under Settings > Marketing Analysis by deactivating the “Marketing Analysis” function. The lawfulness of processing carried out prior to withdrawal remains unaffected.

Data Processing in Connection with TikTok

Purposes
We use TikTok Pixel, a service of TikTok Technology Ltd., to show you ads on TikTok when you have shown interest in our services as a TikTok user. TikTok Pixel enables the definition of target groups for displaying ads. By analyzing your user behavior, we evaluate the effectiveness of our TikTok campaigns and adapt them to user interests.

Data Types
The following data types are processed as part of advertising on TikTok:
– Your user behavior, if you have visited TikTok’s platform or are a TikTok user, including:
• The number of our ads you have viewed and your clicks on our ads,
• Events triggered in our system (e.g., registration, creation of cases, payment for diagnoses),
• Information about your operating system and device ID,
• Anonymized, aggregated data for creating custom audiences if you have shown interest in our services.

We process information on triggered events (registration, case creation, purchase) in our system only if you have consented to processing for “marketing analysis” within our app.
If you have a TikTok account and have consented to personalized advertising in your TikTok account, TikTok will transmit your location and gender to us if provided during your TikTok registration.

Legal Basis
If you have consented to processing for “marketing analysis” within the system, the legal basis for this processing is your consent pursuant to Art. 6 (1) (a) GDPR.

Storage Period
The personal data processed in the context of advertising are deleted after 18 months.

Recipients

The above-mentioned personal data relating to you are processed on our behalf by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok”). The above-mentioned personal data relating to you are transferred to the USA. For this purpose, we have concluded a data processing agreement pursuant to Art. 28 (3) GDPR including Standard Contractual Clauses pursuant to Art. 46 GDPR with TikTok Technology Limited as part of the terms of use.
Information on the appropriate or suitable safeguards TikTok provides for third-country transfers can be found here [link] and here [link].

Your Right to Withdraw Consent
You have the right to withdraw your consent at any time. Withdrawal of your consent to processing activities for user behavior analysis is possible within our system under Menu > Edit Account > Marketing Analysis by deactivating the “Marketing Analysis” function. The lawfulness of processing carried out on the basis of your consent before its withdrawal remains unaffected.

Data Processing in Connection with Social Media Plugins

Purposes
Social Media Plugins are extensions for external sites, i.e., modules integrated into our websites that allow you, by clicking, to directly access the corresponding social network profile. We use Social Plugins on our website from Instagram (part of Facebook Ltd.) and TikTok to make the content of our website more informative and interesting for you.

Data Types
If you access a page containing an embedded video or a social plugin and have given consent to processing in “Other Media” within the consent banner, a connection is established to the servers of Facebook and TikTok. The following data types are processed about you:
– The browser you use,
– The IP address of your device,
– The page of this website you visited,
– The content displayed to you,
– The language, device model, and platform (e.g., iOS or Android) of your device.

Legal Basis
The legal basis for this processing is your consent to processing in “Other Media” pursuant to Art. 6 (1) (a) GDPR.

Storage Period
The above-mentioned personal data relating to you are stored for 24 months.

Recipients
We use a web host with servers located in Germany to provide our website.

Facebook Pixel is a product of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Facebook acts as our processor, and we have concluded a data processing agreement pursuant to Art. 28 GDPR with Facebook. The legal basis for this transfer is the EU Standard Contractual Clauses pursuant to Art. 46 GDPR. Information on the appropriate or suitable safeguards Facebook provides for third-country transfers can be found here [link] and here [link].

The above-mentioned personal data relating to you are processed on our behalf by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok”). These personal data are transferred to the USA. For this purpose, we have concluded a data processing agreement pursuant to Art. 28 (3) GDPR including Standard Contractual Clauses pursuant to Art. 46 GDPR with TikTok Technology Limited.
Information on the appropriate or suitable safeguards TikTok provides for third-country transfers can be found here [link] and here [link].

Your Right to Withdraw Consent
You have the right to withdraw your consent at any time. The lawfulness of processing carried out on the basis of your consent before its withdrawal remains unaffected.

Data Processing in Connection with Pinterest

Purposes
We use the Pinterest Tag, a service of Pinterest Europe Ltd., to tailor our Pinterest campaigns, further optimize them, and measure their success. If you arrive at our website via a Pinterest ad, we can track your subsequent actions. By analyzing your user behavior, we evaluate the effectiveness of our Pinterest campaigns and adapt them to the interests of our users.

Data Types
If you consent to the analysis of your user behavior within our system (i.e., “Marketing Analysis”), the following data are also processed:
– Your last ad view (relevant for conversions),
– The number of ads you viewed and your clicks on our ads (frequency),
– Your access time and location when using our system,
– Whether you are actively using our system,
– Whether you are a returning user of our system,
– Events you triggered within the system (e.g., registration, case creation, payment for cases you created),
– The language, device type, and operating system (e.g., iOS or Android) of your device,
– Demographic data (gender, age, interests).

We receive the above-mentioned data on the last ad view and the number of viewed and clicked ads per placement from Pinterest in the form of statistical evaluations. This means we receive information on how many users clicked on our ads and were redirected to the App or Play Store.

Legal Basis
The legal basis for this processing is your consent to processing for marketing analysis pursuant to Art. 6 (1) (a) GDPR, provided you have given this when registering your account or via account management.

Storage Period
The personal data processed in connection with the advertising are deleted after 180 days.

Recipients
The above-mentioned personal data relating to you are processed on our behalf by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). These personal data are transferred to the USA. For this purpose, we have concluded a data processing agreement pursuant to Art. 28 (3) GDPR including Standard Contractual Clauses pursuant to Art. 46 GDPR with Pinterest.
Information on the appropriate or suitable safeguards Pinterest provides for third-country transfers can be found here [link].

Your Right to Withdraw Consent
You have the right to withdraw your consent at any time. Withdrawal of your consent to processing activities for user behavior analysis is possible within our system under Menu > Edit Account > Marketing Analysis by deactivating the “Marketing Analysis” function. The lawfulness of processing carried out prior to withdrawal remains unaffected.

Data Processing in Connection with YouTube

Purpose
To optimize our website, we embed videos from YouTube.

Data Types
If you access a page that contains an embedded video, a connection to YouTube’s servers is established. The following data types are processed about you:
– The browser you use,
– The page of this website you visited,
– Device-specific information including the IP address of your device,
– The content displayed to you from YouTube.

We use the “enhanced privacy mode” option provided by YouTube. According to YouTube, in “enhanced privacy mode,” the above-mentioned data are only transmitted to YouTube’s servers in the USA if you watch the video.

Legal Basis
The legal basis for this processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR in supplementing our offering with dermatological information for you.

Storage Period

On the one hand, the Provider uses Google Analytics for Firebase to optimize system functionalities and designs in so-called A/B tests. In such tests, the original version of the system is tested against a slightly modified version. The Provider then analyzes how well the new function is received compared to the previous version. In this way, the Provider can continuously improve the design and functionalities of the system and increase user-friendliness. To collect these comparative data, Google Analytics for Firebase processes users’ usage data in our system.

The Provider uses Google Analytics for Firebase services under the EU General Data Protection Regulation due to its interest in making the system as user-friendly as possible for users and thereby optimizing the user experience. Furthermore, the Provider can use Google Analytics for Firebase to evaluate user behavior in the system and better understand how users use the services and what improvements can be made. In doing so, Google Analytics for Firebase processes user data such as the IP address, demographic characteristics of users, technical data about the mobile device used and the installed software version, and usage data such as the number of accesses to the system and actions within the system (e.g., program purchase). Such usage data are also used by Google Analytics for Firebase for statistical extrapolations that compare the behavior of users with that of other users of the system and thus, with a certain statistical probability, indicate, for example, whether a user may be interested in purchasing a program. Based on these statistics, the Provider can send the user more targeted offers and discounts for SQIN and IQONIC that may be of interest to them.

The Provider uses Google Analytics for Firebase services under the EU General Data Protection Regulation due to its interest in designing its product to be user-friendly and in addressing users in marketing communication as specifically as possible according to their interests and providing them only with truly relevant offers. To use Google Analytics for Firebase, the Provider has integrated its “Software Development Kit” (SDK) into the SQIN and IQONIC system. This creates an interface through which Google can access the above-mentioned data about the system. The information generated by the SDK about the user’s use of the SQIN and IQONIC services (including the IP address) is transmitted to a Google server in the USA and stored there. According to Google, the IP address of the user will in no case be associated with other Google data. However, Google may store and process the relevant personal data in all facilities operated by Google, its internal sub-processors, or the providers of digital infrastructure it uses. In all cases where these data leave the EEA (European Economic Area) or Switzerland, the transfer takes place using the Standard Contractual Clauses.

Withdrawal / Opt-Out Option: For all requests relating to personal data, the user may contact by e-mail. The Provider will forward these requests to Google, which has agreed to comply with all obligations arising from the EU General Data Protection Regulation. These include access, correction, restriction of access, and deletion of personal customer data. These obligations will be implemented insofar as EU law on retention periods permits.
If and to the extent that data associated with the user’s account can still be used and must still be used for purposes not yet expired at the time of the intended deletion, the data records will be blocked or restricted to certain processing purposes instead of being deleted. This is particularly the case for legally mandatory retention obligations, such as corresponding commercial and tax law provisions. The latter can amount to up to 10 years (see § 147 (3) of the German Fiscal Code).

Evaluation of User Behavior in the SQIN and IQONIC Services (via Smartlook)

For session recording, the Provider uses the Smartlook service, which is operated by Smartsupp.com s.r.o., Milady Horakove 13, 602 00 Brno, Czech Republic. With the Smartlook service, user behavior is recorded on video and can be analyzed by the Provider afterwards. For this purpose, the software sets a cookie on the user’s computer (see relevant sections on cookies in this policy). The Provider does not store personal data when using this service.

The Provider uses Smartlook only if the user has consented to it. The legal basis for the processing of users’ personal data after consent is Art. 6 (1) (a) GDPR.

Processing users’ personal data enables the Provider to analyze user behavior. By evaluating the collected data, the Provider is able to compile information on the use of the individual components of the SQIN and IQONIC services. This helps the Provider to continuously improve the SQIN and IQONIC services and their user-friendliness.

Withdrawal / Opt-Out Option: The Provider does not store personal data of users. Only anonymous analysis data are processed for evaluation purposes. Anonymized usage logs are stored in accordance with legal requirements and automatically deleted after 30 days. Further information can be found in Smartlook’s privacy policy: .

Cookies are stored on the user’s computer and transmitted to the Provider. Therefore, the user has full control over the use of cookies. By changing the settings in their internet browser, the user can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for the Provider’s website, not all functions of the website may be fully usable. By clicking the following link , the user can prevent future tracking by Smartlook.

C. Optimization of Our Communication and Marketing Activities

Marketing Campaigns with Custom Audiences (via Facebook Pixel and Custom App Events via Facebook SDK)

The Provider uses services of the social network Facebook, represented by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, in its services. To measure and optimally control marketing campaigns, the Provider uses so-called “remarketing tags” in the SQIN and IQONIC services. On the SQIN and IQONIC website, this involves the so-called “Facebook Pixel,” which is activated when visiting a page and informs Facebook that the page has been accessed. In the system, so-called “Custom App Events” are activated, which, via an interface (SDK), inform Facebook about which pages a user accesses in the system. When the user uses the SQIN and IQONIC services, a direct connection to the Facebook server is established via the remarketing tags. Based on the user’s IP address, Facebook receives the information that the user has used the SQIN and IQONIC services and records several individual actions within the SQIN and IQONIC services, for which the advertisements are optimized. When using the website, the following actions are distinguished and recorded:
– Accessing a specific landing page (e.g., homepage)

► You Have the Right

– pursuant to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your personal data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if not collected from us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

– pursuant to Art. 16 GDPR, to request without undue delay the rectification of inaccurate personal data stored by us or the completion of your personal data;

– pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing of such data is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;

– pursuant to Art. 18 GDPR, to request the restriction of processing of your personal data where the accuracy of the data is contested by you, the processing is unlawful but you oppose the erasure of the data and we no longer need the data, but you require them for the establishment, exercise, or defense of legal claims, or you have objected to processing pursuant to Art. 21 GDPR;

– pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transmission of those data to another controller;

– pursuant to Art. 7 (3) GDPR, to withdraw your consent at any time. Such withdrawal has the consequence that we may no longer continue processing the data based on this consent in the future. The lawfulness of processing carried out prior to the withdrawal remains unaffected;

– pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your habitual residence or place of work, or at our registered office. The supervisory authority responsible for our registered office is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61
10555 Berlin
Phone: +49 30 13889-0
E-mail:

Links to Other Providers’ Websites:
Our system may contain links to other providers of internet content, in addition to the links already outlined to our presences on social media platforms. This Privacy Policy applies exclusively to the processing carried out within this system. We have no influence over the processing on linked sites. Please refer to the respective providers’ privacy policies for information about their processing activities.

Retention and Deletion of Data

As a rule, we store your personal data only for as long as is necessary to fulfill our contractual obligations. Therefore, all stored personal data and pseudonymized usage data are deleted once they are no longer required for the purposes for which they were collected, or if you expressly request their deletion and we are not legally required to retain them. Applicable retention and documentation obligations may arise from commercial law, tax law, or the German Civil Code (BGB). These laws sometimes stipulate retention periods of 10 years or more. In such cases, data are automatically deleted upon expiry of the statutory retention period.

Disclosure of Personal Data

Apart from the recipients mentioned above, we do not disclose your personal data to third parties. Disclosure will only take place if:

– you have given your explicit consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR,
– disclosure is necessary pursuant to Art. 6 (1) (f) GDPR for the establishment, exercise, or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in preventing the disclosure of your data,
– there is a legal obligation to disclose pursuant to Art. 6 (1) (c) GDPR, or
– disclosure is legally permissible and necessary pursuant to Art. 6 (1) (b) GDPR for the performance of contractual relationships with you.

► Contact for Data Protection and Data Protection Officer
If you have any questions regarding the collection, processing, or use of personal data, or if you require information, rectification, blocking, or deletion of data, as well as the withdrawal of consent previously given, you may – where applicable – contact us at any time by e-mail at or by post at:

SkinTech Corp. GmbH
Zimmerstraße 50
10117 Berlin

The Data Protection Officer of the Provider can be reached at the e-mail address or by post at:

SkinTech Corp. GmbH
Zimmerstraße 50
10117 Berlin​