(Established in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG))
Thank you for using the AI Facial Recognition and Skin Imaging Analysis System (hereinafter referred to as "the System") deployed by Schott IT Technology GmbH. Pursuant to Articles 13 and 14 of the EU General Data Protection Regulation (GDPR) and relevant provisions of the German Federal Data Protection Act (BDSG), we hereby provide the following key information regarding data processing and privacy protection:
The System may collect the following information:
• Facial images (mandatory)
• Optional: Name, gender, age, affiliated clinic/institution, etc.
All identity-related fields are optional. Collected data will undergo pseudonymization to anonymize identities.
• All image data is captured and preliminarily processed locally on the device.
• Image files contain no direct personal identifiers.
• Original image data is automatically deleted from the local system after analysis and is not retained long-term.
• Processed data is stored in pseudonymized form in cloud centers located in Germany.
• Data transmission is encrypted to prevent unauthorized access.
• All processing occurs within the EU, with no cross-border transfers.
• The System is maintained by an ISO/IEC 27701-certified service provider.
• The provider has platform-level read-only access for maintenance purposes only, with no permissions to download or transfer data.
• All operations are monitored via access controls and audit logs.
In accordance with Articles 15–22 of the GDPR, you are entitled to the following rights:
1. Right of Access and Transparency :To request access to all your personal data stored in the System.
2. Right to Rectification and Erasure :To correct inaccurate data or request deletion of unnecessary data.
3. Right to Restrict Processing :To temporarily suspend data processing under legally permissible circumstances.
4. Right to Data Portability :To receive your data in a structured, commonly used format (e.g., DICOM).
5. Right to Withdraw Consent :To withdraw your consent at any time, without affecting the lawfulness of prior processing.
Data usage may expand under the following circumstances, provided legal authorization or ethical approval is obtained:
• Research : Only fully de-identified (k-anonymized) data is used, subject to ethics committee review.
• Algorithm Optimization: System performance improvements via differential privacy methods in controlled environments.
• Legal Compliance: Data sharing with authorities under digital healthcare regulatory frameworks.
Before proceeding, please read this Privacy Policy and confirm your consent by selecting the options below. Proceeding without consent is not permitted:
• I confirm that I have read and understood this Privacy Policy.
• I consent to the collection and pseudonymized processing of my facial images and related information.
• I acknowledge my right to withdraw consent and exercise data access/deletion rights at any time.
Prior to facial scanning, the System will collect your explicit consent via a one-time email verification code. A code will be sent to your provided email address. Entering this code constitutes your agreement to the data processing terms outlined herein.
This method complies with GDPR Article 7 requirements for "explicit and verifiable consent." The System will encrypt and store records of consent events and associated email addresses for auditing and compliance purposes.
If you do not sign this agreement manually but provide oral consent in the presence of a physician who explains the terms, the physician may confirm consent on your behalf via the System. Such actions will be recorded as valid authorization under GDPR Article 7 ("explicit consent").
• Policy Version: v2.3-2025
• This Policy complies with the GDPR and BDSG and has undergone institutional compliance review.
• To request updated versions, please contact our institution.
Schott IT Technology GmbH