top of page

Friday, 30 January 2026

PRIVACY NOTICE

Provider: Imperial College London ("we," "us," or "our")

​

This Privacy Notice explains how we collect, protect, and use your information when you use our mobile application, EczemaAid App, and our related services.

1. SUMMARY OF KEY POINTS

  • What we collect: Account details (username/password) and health-related data (skin photos, symptom logs).

  • Sensitive Data: Because this is an eczema monitoring app, we process health data with your explicit consent.

  • Data Sharing: We do not sell your data. We only share information to provide the service or if required by law.

  • Your Rights: Under the UK GDPR, you have the right to access, rectify, or delete your data at any time.

2. WHAT INFORMATION DO WE COLLECT?

  1. Information You Provide to Us

    1. Account Credentials: Username and password for account creation.

    2. Health and Symptom Data: To evaluate eczema severity, you may voluntarily provide photos of skin, descriptions of symptoms, and frequency logs. This is considered Special Category Data under data protection laws.

  2. Application Permissions

    1. To function correctly, the App may request:

    2. Camera & Photo Library Access: To allow you to upload and monitor photos of your skin condition.

    3. Push Notifications: To send reminders for monitoring or updates regarding your account.

3. HOW AND WHY WE PROCESS YOUR DATA

We process your information based on your explicit consent and for the following purposes:

  • To provide the Service: Allowing you to track and visualise eczema trends over time.

  • Account Management: Creating and maintaining your secure user profile.

  • Vital Interests: In rare cases, we may process data to protect an individual’s safety or health.

4. DATA STORAGE AND SECURITY

We prioritise the security of your sensitive health data and skin images.

  • Cloud Storage: All images and symptom logs are securely stored on Amazon Web Services (AWS) servers. AWS is a leading cloud provider that complies with international security standards (such as ISO 27001 and SOC 2).

  • Encryption: Your data is encrypted both in transit (as it travels from your phone to the cloud) and at rest (while stored on the AWS servers). This ensures that even in the unlikely event of unauthorised access, the data remains unreadable.

  • Data Residency: For users in the United Kingdom and EEA, we aim to store your data on servers located within the UK (London Region) to ensure compliance with local data protection regulations.

5. SHARING YOUR INFORMATION

We do not sell your personal data. We may share information only in these limited cases:

  • Business Transfers: During a merger, sale, or acquisition.

  • Legal Obligations: To comply with law enforcement or regulatory requirements.

6. MINOR’S PRIVACY

We do not knowingly collect data from individuals under the age of 13 without their parents' or guardians' consent. If you are a parent using this app for a minor, you consent to the processing of their health data on their behalf.

7. YOUR PRIVACY RIGHTS (UK/EEA)

Depending on your location, you have the following rights:

  • Access & Portability: Request a copy of your data.

  • Correction/Erasure: Ask us to fix wrong info or delete your data entirely.

  • Withdraw Consent: You can stop our processing of your health data at any time by deleting your account or contacting us.

​

To exercise these rights, please email us at: eczemanet@imperial.ac.uk

8. CONTACT US

If you have questions about this notice or our data practices, please contact our UK representative:

Filip Paszkiewicz, Biomedical Engineering Department, Imperial College London

Exhibition Road, South Kensington

London, SW7 2BX, England

​

Email: eczemanet@imperial.ac.uk

bottom of page