Mole Detective Logo

Privacy Policy

Last updated: 20 May 2025

1. Introduction

Mole Detective ("we", "our", "us") is a brand of Automaly LTD and is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website and services.

We act as a data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This means we determine the purposes and means of processing your personal data.

2. Information We Collect

We may collect and process the following information about you:

  • Personal Information: Including your name, email address, telephone number, and other contact details you provide when registering or using our services.
  • Health Information: Images of moles or skin lesions that you upload for assessment, along with any related health information you provide in questionnaires.
  • Technical Information: Including IP address, browser type and version, time zone setting, operating system and platform, and information about your visit to our website.
  • Usage Information: How you use our website and services, including page views, navigation paths, and service usage.

3. How We Use Your Information

We use your information for the following purposes:

  • To provide our skin assessment services and deliver the results to you
  • To manage your account and provide customer support
  • To improve our website and services
  • To send you service notifications and updates
  • To comply with legal and regulatory obligations

We process your personal data on the following legal bases:

  • Consent: Where you have given explicit consent for us to process your health data for the purpose of providing skin assessments.
  • Contract: Processing necessary for the performance of our contract with you to provide our services.
  • Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services and preventing fraud.
  • Legal Obligation: Processing necessary to comply with our legal obligations.

4. Special Category Data

Health information, including images of moles or skin lesions, constitutes special category data under the UK GDPR. We process this data only with your explicit consent and for the purpose of providing our health assessment services.

5. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Health data and assessment results are retained for 7 years in accordance with medical record-keeping standards, unless you request deletion earlier (subject to legal requirements).

Account information is retained while your account is active. If you close your account, we will delete or anonymise your account information unless we need to retain it for legal reasons.

6. Data Security

We have implemented appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way. These include:

  • Encryption of sensitive data
  • Secure servers and networks
  • Access controls and authentication procedures
  • Regular security assessments and testing

7. Data Sharing

We may share your personal information with:

  • Healthcare Professionals: Qualified dermatologists and medical professionals who review your skin assessments.
  • Service Providers: Third parties who provide services on our behalf, such as hosting, analytics, and customer support.
  • Authorised Third Parties: We may share your data with authorised third parties for specific purposes such as research, quality improvement, or to provide additional services you have requested. This may include medical research institutions, healthcare providers, or technology partners who help us improve our diagnostic capabilities.
  • Legal Authorities: When required by law, court order, or regulatory requirement.

All third parties are required to respect the security of your personal data and to treat it in accordance with the law. We have appropriate contracts in place that require all authorised third parties to use your personal data only for specified purposes and in accordance with our instructions.

8. International Transfers

We primarily store and process your data within the UK and European Economic Area (EEA). However, some of our service providers may be based outside the UK/EEA. Whenever we transfer your personal data outside the UK/EEA, we ensure a similar degree of protection by implementing at least one of the following safeguards:

  • Transferring to countries that have been deemed to provide an adequate level of protection by the UK government
  • Using specific contracts approved by the UK government that give personal data the same protection it has in the UK
  • Where we use providers based in the US, we may transfer data to them if they are part of a framework that ensures they provide similar protection to personal data shared between the UK and the US

9. Your Rights

Under the UK GDPR, you have the following rights:

  • Right to Access: You can request a copy of the personal information we hold about you.
  • Right to Rectification: You can ask us to correct any inaccurate or incomplete personal information.
  • Right to Erasure: You can ask us to delete your personal information in certain circumstances.
  • Right to Restrict Processing: You can ask us to restrict the processing of your personal information in certain circumstances.
  • Right to Data Portability: You can ask us to transfer your personal information to you or to a third party.
  • Right to Object: You can object to our processing of your personal information in certain circumstances.
  • Rights Related to Automated Decision Making: You have rights related to automated decision making and profiling.

To exercise any of these rights, please contact us using the details provided below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data.

10. Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy.

11. Changes to Our Privacy Policy

We may update this Privacy Policy from time to time. Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact our Data Protection Officer:

Email: privacy@automaly.co.uk
Post: Data Protection Officer, Automaly LTD, 123 Health Street, London, W1 1AA

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.