Terms and conditions
1.1. Welcome to curecancer.gr, which is an online Platform that provides a data management system to Patients suffering from any form of cancer, used as a journal, aiming at facilitating them to monitor their treatment and their medical record during the course of treatment for restoration of their health. It also enables patients, should they so wish, to provide the doctors attending them with access to their medical record, under the strict conditions set forth herein. Moreover, the Platform allows Patients to exchange views with other Patients that use the Platform under the conditions laid down below.
1.3. Who owns the Platform: The Platform is owned and managed by the company under the trade name “CANCER PATIENT SUPPORT PRIVATE COMPANY”, and the distinctive title “CURE CANCER”, having its registered office in Neo Psychiko, Attica, at 41 Bouboulinas str., with General Commercial Registry No 134703803000, hereinafter referred to for brevity as “Company”. Contact details: Telephone: 2106748715, email address: email@example.com.
1.4. Contractual relationship between the Platform and Users: These terms constitute an indefinite-term contract. During the contractual term hereof, the parties have the right to terminate this contract at any time. Patients and Doctors may terminate this relationship and delete their Account by activating the “Account Deletion” button. Details on the options provided for in relation to a user’s deactivation and deletion are set forth in Article 7 below. The Company may terminate this contract by merely sending an email to the email address registered by the Users in their Account details. The termination becomes effective as of notification thereof to the other contracting party, and entails deletion of the data from the User’s Account.
2. Registration of Users in the Platform and Use of the Platform by Users
Opening an Account in the Platform: To be able to use the Platform and its services, visitors must register at their own initiative in the Platform as Users and open their own Account, depending on the registered User category (Doctor or Patient) to which they belong.
2.1. Patient's Registration: To open a Patient Account, visitors must enter their full name, username, email address, password, and time zone, and optionally their telephone number in the relevant fields upon registration. Those data are absolutely necessary data, which are pertinent, expedient, and required for requesting and receiving the services offered by the Platform. Patients may freely enter any data they desire, and they are responsible for the truthfulness, accuracy, and updating of those data, so that requesting and receiving services from the Platform will be feasible.
Patients are advised not to use their actual data in creating the username, or to use a pseudonym, because this detail will be appearing during their participation in the forum (otherwise, they can select the privacy setting that allows them to make an anonymous post on the forum).
2.2. Use of the Platform by Patients and entry of Patients’ data in their Account
By registering in the Platform as Patients, Users are authorised to use the Platform services, which are divided into two categories:
a) Free Services: In particular, Patients acquire the following rights relating to entering data in their Account, at their absolute discretion and responsibility:
i) to create the personal Patient's Medical Record, by posting information and details about their medical record in relation to their illness;
ii) to create in their User’s Account, by using the special programme provided by the Platform, their personal Treatment Plan, where they can post their treatments, symptoms, appointments with doctors, etc.;
iii) to post their Personal Notes in a special section, including any photographs of their symptoms (e.g. skin symptoms) and/or uploading their tests (images and/or comments) for storing;
iv) to post content on the Platform's Forum relating to the themes of the Platform, and to have access to the content publicly posted by other Patients registered in the Platform.
b) Premium Services (available upon payment of an annual subscription fee):
The Platform also allows Patients to choose the following additional premium services
1. Adding medications to the Treatment Plan
2. Settings relating to the frequency of medicine intake and treatment sessions
3. Reminders for medication doses and appointments for treatment sessions
Premium services are provided under the following terms and conditions:
i) Trial Period: Each Patient upon registering in the Platform and provided that they so select, will have the right to try the Premium Services free of charge, for 30 days from the date of registration in the Premium Services (the Trial Period). The Trial Period shall apply once for each Patient, while if a user registers again under the same details, they will not be entitled to the Trial Period.
ii) Payment of the Subscription Fee: From expiration of the Trial Period and on Patients will be able to use the Premium Services only upon advance payment of the whole amount of the annual subscription fee by PayPal. To that end, each Patient must open and maintain their own PayPal account, subject to the terms and conditions of PayPal, which exclusively manages the electronic payment affairs, and the Platform does not participate in them, and bears no liability in relation to them. Upon receiving the payment, the Platform will issue a relevant legal voucher - receipt, and will send it electronically to the Patient's email address.
iii) Subscription Term: The subscription term will be 12 months from the date of full payment. The subscription fee Users are required to pay is the total expense for the charge period, and is VAT-inclusive. If it is not renewed thereafter, the use of the Premium Services will be suspended for as long as the Patient has not paid a new subscription fee. The Patients’ data will remain in the Account, but it will not be possible for them to be enriched with new data pertaining to the Premium Services. This feature will be activated again upon payment of the relevant subscription renewal fee. Each renewal will be effected automatically upon payment, and will be also valid for 12 months.
iv) Standing orders and cancellation thereof: Each Patient, should they so wish, may place a standing order with PayPal, for payment of their subscription fee each year. Moreover, Patients can cancel any standing orders arranged with PayPal for automatic renewal of their subscription for receiving Premium Services at any time, either through our Platform or through their PayPal account management panel. Upon such cancellation, all the future standing orders will cease, but the Patient will continue having access to the Premium Services for 12 months from the date of full payment of the latest subscription fee. In the light of the fact that during the Trial Period the Patient will have seen and used all the Premium Services features, the prepaid subscription package fee for Premium Services will not be refunded after expiration of the Trial Period.
v) Non-refund of the subscription fee: Without prejudice to the provisions on the statutory right of withdrawal, set forth in Article 8 below, if the Patient suspends provision of the Premium Services, then the prepaid subscription package fee for the remaining term of the Premium Services will not be refunded, but will be forfeited as an agreed and fair penalty clause. The services will no longer be provided as of the date on which the suspension is notified to the Platform in writing, by a relevant email sent to the email address firstname.lastname@example.org within the same deadline.
vi) Suspension of services due to Force Majeure: The Platform may suspend the use of the Premium Services due to Force Majeure, or for reasons relating to technical or other issues of the Platform, or due to interruption of its services, at any time, by sending an email to the email address specified by the Patient, and such suspension will be effective as of the date indicated in the email. In that case, any non-used Services will be refunded to the Patient in due time. It also has the right to request termination hereof on serious grounds, in the event of breach of any term hereof (all of which are stipulated as material) or unlawful action or omission on the part of the Patient. In that case, suspension of the services will be automatic, the prepaid subscription fee for any remaining Services will not be refunded, but will be forfeited as an agreed and fair penalty clause.
vii) The Platform reserves the right to modify (add or remove) the Premium Services offered. It also reserves the right to amend its pricing policy in the future and/or add more services for an additional fee.
viii) It should be noted that the right of withdrawal does not apply to the cases of provision of premium services when the user has made use of the right to a trial period with regard to them.
2.3. Use of the Platform by Doctors and Permission to Access the Patient's Account
a) Doctor's Registration Registration as a user in the Platform enables the Doctor to create an Account, by entering the following simple personal data:
The Doctor is responsible for the truthfulness, accuracy, and updating of those data. A Doctor’s registration as a registered member is free of charge, personal, and non-transferable.
The Platform allows Doctors to gain access to the Account of a specific Patient. In that case, Doctors must enter the Patient's email previously notified to them outside the Platform, at their own responsibility as regards compliance with the current laws and particularly as regards compliance with the laws on personal data protection. Then, the Patient must approve the Doctor's request for access, as set forth in paragraph b) below. The same applies to any new Patient the Doctor wishes to attend. If they do not receive a Patient’s approval, Doctors cannot use the Platform in any manner other than for accessing their own Account.
It is explicitly noted that Doctors do not have access to the Forum of the Platform and cannot make any post on it.
b) Procedure for giving consent to access to the Patient's Account: The Platform informs the Patient about the Doctor’s request for access, by displaying a special pop-up, and by sending an automated email to the email address stated by the Patient, for approval of the request for access of the specific Doctor-User, and for authorisation for access to the Patient's Account, under the terms provided for in the Platform. The Doctor’s request for access to the Patient's Medical Record remains pending, without any right of access thereto, until the request has been approved by the Patient. The Patient can refuse to respond to or reject any request freely and without any justification.
c) Access to the Patient's Account: Provided that the Doctor’s access request has been approved by the Patient, then the Doctor shall acquire the right of simple access and observation of the Patient's Medical Record and Treatment Plan, under the terms and the laws applicable to the Doctor-Patient relationship. The Platform does not grant the Doctor the right to comment upon or amend the content of the Account.
For the avoidance of confusion, it is explicitly noted that Doctors acquiring access to the Platform cannot use the Platform to provide personal consulting services to Patients who are members of the Platform.
d) It should also be noted that the Doctor gains access to the Patient’s Personal Notes, only if the Patient has selected that these notes be visible to the Doctor, through the special privacy setting, which can be revoked at any time.
e) Revocation of Consent: The authorisation granted by a Patient to a specific Doctor for access to the Patient's Account can in general be revoked at any time, freely and without any justification on the part of the Patient, by clicking the relevant access revocation button.
3. Rights and Obligations relating to the use of the Platform
3.1. Who has the right to become a Member: The provision of the service is exclusively and solely addressed to adults (above 18 years of age) and to persons with full legal capacity. The Platform may at any time, without incurring any liability and without any justification, reject a visitor's request to open an account, or exclude and/or permanently or temporarily delete an already registered User at any time, particularly if it receives a relevant complaint by another User or a third party, or by any competent Authority for any illegal behaviour or for breach of these terms.
3.2. User’s Initiative for Registration in the Platform: All the services of the curecancer.gr Platform are provided to the User exclusively and solely at the User's own initiative for using the Platform’s information society services described above.
It should explicitly be noted that the Platform does not carry out any (formal or material) review upon registration of the Patient's Doctor, and does not have any contact, communication with or knowledge of the Doctor, or the data, the professional expertise, or any other information relating or pertaining to the Doctor. It is the Patients’ own responsibility to acknowledge that it is their own Doctor to whom they wish to provide access, while if they have any suspicion of any wrongdoing or infringement, they are instructed to click the access revocation button.
3.3. Requirements for using the Community/Forum: Each Patient is also responsible for the content they post on the Forum (including but not limited to comments, articles, links to third-party websites, etc.), and such content should not be illegal or breach these terms.
Patients are also required to adjust the special privacy setting, so that, should they so wish, their username will not be visible when they post content on the Forum. Otherwise, their username will be visible to the other Patients in the Platform.
The Doctors will have neither the right to access the Forum nor the right to post comments on the Forum.
Patients use the Forum of the Platform, at their own initiative and responsibility. Patients are exclusively responsible for good-faith and reasonable, as perceived by the average person, use of the details and/or the information they receive from other Patients who have made posts on the Forum, and for cross-checking them with the Doctor that regularly attends to them
The Patients state that they are beneficiaries of or are authorised to use the intellectual property rights over the content and comments they may post, and that they do not breach any third-party intellectual property rights or in general third-party rights (including but not limited to the right to personality, personal data protection, privacy, honour or reputation of third parties) in relation to the aforementioned material. Patients are prohibited from posting comments whose content is vulgar, offensive, illegal, or indecent, or breaches third-party rights in any manner. Moreover, Patients state that they bear full and exclusive liability with regard to the legality and overall legal compliance of the comments they post on the Webpage. The Patients state that they acknowledge that the comments to which they gain access have been created by third parties, who bear full responsibility for their overall legality and compliance with the current laws. In the event that any damage is caused to the Patients or to any third party due to or on the occasion of a user's comments through the Platform, the Company shall bear no liability whatsoever, and the person who has sustained the damage must directly address the persons who have posted the said content. The Patients also accept that the comments to which they acquire access through this service represent the views of each author thereof, and by no means represent the opinion or the views of the Company. The Company shall bear no liability whatsoever for any damage or failure that may be caused to any user or third party due to or on the occasion of comments posted on its Platform.
3.4. Secret passwords for access to the Account: All Users set their personal secret passwords, and can change them at any time and as often as they desire. Users are exclusively responsible for keeping such passwords secret and for concealing them, and for making sure that they are not used by third parties. For safety reasons, all registered Users are recommended to change the above passwords regularly, and to avoid using the same or easily guessable passwords, by using not only letters and numbers, but also symbols when creating their passwords.
Such password identifies each User and grants them the rights corresponding to the Member category (Doctor or Patient) to which they belong based on their initial registration. Thus, Users bear the exclusive responsibility for any action performed on their Account or on the Account of a third party which they have the right to access, based on their secret password, as well as for any damage or failure sustained by them or third parties through their account.
In the event of loss or leak thereof, the User must promptly notify the Company by sending an email at email@example.com, otherwise the Company will not be liable for the use of the password by an unauthorised person. If such notification is not effected, then Users themselves will be liable for any action or omission performed with the User’s password until the time of evidenced notification to the Company.
3.6. Deletion of Content from the Platform (Notice & Take Down Process): The Company, as a community of information intermediary service provider and as Content hosting service provider, does not have, pursuant to the law on the services it provides, a general obligation to review the comments posted on the community at the users’ initiative, and does not have a general obligation of active search for facts or circumstances evidencing that they constitute illegal activities. Each user is exclusively responsible for the legality and accuracy of the content of the comments they post. The Company has the right to suspend (take down) the display of a comment temporarily or permanently or exclude a user at any time, promptly upon being notified or becoming aware of any breach of these Terms. If any person wishes to send any notification to the Company against a user, requesting that the user's comment be taken down (Notice and Take Down Process) as provided for by the law, they must ensure that their justification is adequate each time, and involves a specific Content post. In any case, however, at least the data that can demonstrate notification must be provided to the Company, and unreasoned, unsubstantiated, untrue and abusive notifications must be avoided. In the event that any damage is caused to the Company due to the actions it took as a result of a third-party notification, such party shall undertake liability for compensating such damage and any other relevant expenditure of the Company. It goes without saying that the Company must take down the comment display in the event of a relevant order, or request, or decision by a competent Authority or a Court.
3.7. Hyperlinks to third-party webpages: The Platform is connected through hyperlinks to other Webpages, which are not associated with the Company, and whose content is not reviewed by the Company (the “Connected Webpages”). Therefore, the Company does not guarantee that their content is correct, legal, complete, updated, true, accurate, or of good quality, and does not bear any liability for them, or for any loss or damage that may be caused as result or on the occasion of the use thereof. Similarly, the Company cannot control the processing of the users’ personal data by the Connected Webpages, and, therefore, it bears no liability in relation to it. When the user uses the Connected Webpages, the Terms and Conditions of each webpage apply respectively. For any issue that may arise in relation to the content or the use of a Connected Webpage, users are recommended to directly address the owner or operator of each webpage. The Company by no means embraces, accepts, or approves the content or the services of the Connected Webpages, to which the user is referred through hyperlinks.
4. Terms and conditions on the Patient-Doctor relationships
4.1. Registered Patients have the following obligations towards Doctors:
a) they bear exclusive responsibility for ensuring that the data and the information they state and enter in the Platform in any manner and notify to Doctors at any point in time are accurate, true, updated, and have been obtained in a lawful manner.
b) they are required to conform to the nature of the Platform, and particularly to the fact that no service thereof is and can be used as a medical device, and to the fact that using the services of the Platform does not constitute and cannot in any manner be interpreted as a medical action on the part of the Company.
c) each Patient, having taken into consideration the nature and the purpose of the Platform states that they will refrain from any action that violates the nature of the Platform and these terms and is contrary to the purpose for which the Platform is intended.
In the event of breach of any of their obligations above, the Patients will be liable for full compensation for any (actual or consequential) damage sustained by the Company and/or any third party.
4.2. Doctors have the following obligations:
b) they are required to conform to the nature of the Platform, and to refrain from using its services as a medical device under any circumstances and for any reason whatsoever. Therefore, registered doctors must abstain from actions that breach the nature of the Platform and these terms, and are contrary to the purpose for which the Platform is intended.
c) they are required to inform Patients and to receive the Patients’ consent to the processing of their personal data in the case where they keep personal data of the Patients with whom they communicate in person (e.g. copying part or all of the Patient's Medical Record to the personal file of the Doctor). As regards processing of the Patient's data carried out by Doctors as Data Processors, Doctors bear responsibility for fully complying with their legal obligations.
In the event of breach of any of their obligations above, the Doctors-Users will be liable for full compensation for any (actual or consequential) damage sustained by the Company and/or any third party.
5. Legal nature of the Company - Disclaimer
5.1. The Platform is an independent online tool, under the legal form described in Articles 1.1 and 3 above. The Platform is not, neither can it be interpreted as an act of advertising the Doctors registered and participating in it, or as mediation for finding clients, and does not promise them that their clientèle will increase or will be retained, or any other relevant benefit.
5.2. The Company does not contract with Doctors under a dependent employment relationship or an employment relationship of any other type, an agency, a principal-agent relationship, etc.
5.3. Using the Platform by no means constitutes a medical act, especially in the light of the fact that all the services provided to Patients and Doctors have no relationship whatsoever with the performance of medical or related acts. The Platform does not constitute, is not destined and cannot be interpreted as a means that substitutes the doctor and all kinds of diagnoses, treatments, monitoring, advice, and examinations that are or may be provided by doctors. Therefore, the User must address doctors in all cases where this would be considered by the average person to be expedient, necessary, or necessitated in the light of the circumstances, and must not postpone or avoid visiting a doctor, simply because the User relies on the fact that the doctor can access their medical record. Users acknowledge and accept that they may not use the Platform to handle medical emergency situations and cases of urgent medical needs for which they should directly and promptly contact a competent doctor and/or the National Emergency Aid Centre (EKAV). The Platform does not fall under the National Health System and the insurance bodies.
5.4. All the Members of the Platform accept the Platform and state that they use the platform on an “as is” basis. The Company does not in any case guarantee that the platform and the information displayed through it, or the information received by the User due to or on the occasion of using the platform (including the content posted on the community) are free of any actual and legal defects, claims, errors, viruses, or that they are reliable, fit for use, correct, accurate, and updated. The Company does not guarantee fitness of the platform for the purpose for which it is intended.
5.5. Although the Company has taken all the necessary measures, it cannot guarantee the unimpeded and proper operation of the Platform. The Company is not liable for any damage or failure that may be sustained by the User of the platform or any third party due to or on the occasion of the use of the Platform as a result Force Majeure or a random incident, or in general an incident that lies beyond its control. In any case where liability of the Company can be established, when this is permitted by law, it will be limited to up to the amount of EUR 500.
6. Modifications - suspension of the platform’s operation
6.2. The Company reserves the right to suspend or cease the operation of the Platform permanently or provisionally, without incurring any liability, and without complying with any deadline and any formality, by merely notifying the users by means of a post on the Platform.
7. Issues of Account deletion/deactivation by the Users
a) The data are kept in the Platform only for as long as is necessary for the provision of the Platform services requested by the Patient or the Doctor, at their own initiative and with their Registration therein.
b) The data are deleted as follows:
iii). Paragraph ii) above also applies to the Doctors, i.e. when the Doctors delete their account through the special setting of the Platform, the personal data they have entered upon their registration are also deleted.
iv). It goes without saying that Patients may freely and at any time delete, erase, modify, remove, or process in any manner the data they have entered in their Account.
7.2. Effects of deletion from the Platform: Deletion of any user from the Platform shall entail termination hereof and concurrent loss of the user's capacity as a registered Member of the Platform, and loss of the right to further access their account or the account of other Members to which they have acquired access. The Platform also reserves the right to delete any user at any time with or without cause.
8. Rescission from the Premium Services
8.1. The rescission right may be exercised only by the Patient. In particular, Patients have the right to rescind this contract within 14 calendar days without providing any explanation, only in the cases where there has been no trial period for premium services, as set forth in Article 2.4b(viii) above. The deadline for rescission expires 14 calendar days after the day following the date on which the contract was signed.
8.2. To exercise the rescission right, the Patients must notify us (namely the company under the trade name “CANCER PATIENT SUPPORT PRIVATE COMPANY”, and the distinctive title “CURE CANCER”, having its registered office in Neo Psychiko, Attica, at 41 Bouboulinas str., telephone: 2106748715, email address: firstname.lastname@example.org) of their decision to rescind this contract by a clear statement (e.g. a letter sent by post, fax, or email). They can use the rescission form template attached hereto, although this is not mandatory (https://curecancer.gr/entipo-ypanaxorisis).
An explicit request to the Company for an annual subscription is required to have been submitted in order for the provision of services to commence during the deadline for rescission. Patients must pay the Company an amount corresponding to the services provided to them by the Company until they state that they rescind this contract, compared with the full coverage of the contract. The Company shall return to them an amount corresponding to the balance of the amount paid after deducting an amount corresponding to the services provided until the time of the rescission.
8.3. The rescission right is not associated with any procedures provided for by PayPal. PayPal is operated by an independent third-party company, and, thus, as regards any procedure relating to PayPal, Patients are subject to the terms of operation of said webpage, and for any issue that may arise, users must address it directly and exclusively.
9. General Terms - Applicable Law
9.1. These terms govern the use of the Platform by any User, and are the sole agreement between the Company and the Members of the Category: Patient and Doctor in relation to the use of the Platform.
9.2. All the headings of the articles are indicative, and have been placed for facilitation purposes.
9.3. Any dispute between the Company and a (current or former) User with regard to any issue that may arise due to or on the occasion of the use of the platform shall be governed by the Greek laws. The parties expressly agree hereby that the Courts of Athens shall have jurisdiction.
9.4. If any individual terms of the General Terms become invalid or non-enforceable in whole or in part, the force and/or validity of the remaining terms will not be affected.
9.5. Any delay in exercising any right or any failure to exercise any right shall not be deemed as a waiver thereof.
9.6. Alternative dispute resolution: Pursuant to Directive 2013/11/EU, which was ratified in Greece by Joint Ministerial Decision No 70330/2015, there is now provision for online dispute resolution for consumer disputes under the procedure of Alternative Dispute Resolution throughout the European Union. If the Customer also has the capacity of a consumer (i.e. a natural person acting outside his/her professional capacity) and has any problem with a transaction carried out with the Company, they may initiate the Alternative Dispute Resolution procedure through the single EU-wide Online Dispute Resolution platform (ODR platform), available at: https://webgate.ec.europa.eu/odr/main/index.cfm?event=main.home.chooseLanguage, which enables consumers and suppliers to submit any disputes arising from online purchases to an online resolution procedure.
The certified Alternative Dispute Resolution (ADR) Body is: The European Consumer Centre Greece (ECC GREECE) - Consumers’ Ombudsman, 144 Alexandras Avenue, 144, 11471, Athens, +302106460284, +302106460784, email@example.com and url http://www.synigoroskatanaloti.gr/.
It should be noted that a necessary requirement for consumers to address the Alternative Dispute Resolution procedure is that they have previously notified their issue by email to the email address firstname.lastname@example.org, in search of a solution. The ADR procedure is, pursuant to the law, non-binding for the parties, which may abandon it at any time. Consumers may contact the above ADR body in order to receive instructions throughout the procedure of filing and processing of their complaint.
For more information regarding alternative dispute resolution, you can visit the webpage http://www.efpolis.gr/el/epanorthosi-askisi-dikaiomaton/79-exodikastiki-epilisi.html.
1. General Framework of Personal Data Protection
Our Company gives priority to respecting the personal data of Users, both Patients (simple and sensitive data) and Doctors (simple data), and takes reasonable measures for complying with the applicable laws in relation to Users’ personal data protection. Full information regarding collection and processing of Users’ personal data by curecancer.gr is provided below.
1.2. Data Controller's Details
The Data Controller is the company under the trade name “CANCER PATIENT SUPPORT PRIVATE COMPANY”, and the distinctive title “CURE CANCER”, having its registered office in Neo Psychiko, Attica, at 41 Bouboulinas str., telephone: +30 2106748715, email address: email@example.com. The data subjects can address the contact details above for any matter relating to their personal data, and in order to exercise their legal rights as indicated above.
1.3. Role of the Platform: The Platform is the Data Controller for simple personal data of Patients and sensitive personal data entered by the Patients themselves in their Platform Account, at their own initiative. It is also the Data Controller for simple data entered by Doctors for the purpose of creating an Account in the Platform. In any case, the Company, at the initiative of Patients and Doctors wishing to use its services, keeps those data in the Platform as a hosting service provider, without having any access to, control over, or the capacity to intervene in them whatsoever. The Platform has no interference in, influence on, or control over the Patients’ posts and the content of their Medical Record or their Treatment Plan, as well as their Account settings. The services offered by the Platform are exclusively automated and technically neutral, while the data kept are encrypted, as detailed in Article 6 below.
2. Data collected
2.1. For the creation of a Patient's Account:
Patients register in the Platform, at their own initiative. They, therefore, enter the following details:
Name and Surname
time zone (automatic application)
The above data are absolutely necessary data, which are pertinent, expedient, and required for requesting and receiving the services offered by the Platform. Patients may freely enter any data they desire, and they are responsible for the truthfulness, accuracy, and updating of such data, so that requesting and receiving services from the Platform will be feasible.
Patients are advised not to use their actual personal data in creating the username, or to use a pseudonym, because this detail will appear during their participation in the forum (unless they select the privacy setting that allows them to make an anonymous post on the forum).
2.2. For the use of the Services by the Patients
By registering in the Platform and creating an Account, patients have the right to enter data at their own discretion and at their own free will in the following sections:
I) Free Services
(a) Patient's Medical Record, where they post information and details about their medical record;
(b) Treatment Plan, where they post their treatments, symptoms, and appointments with doctors;
(c) In the special section for posting Personal Notes, including any photographs of their symptoms (e.g. skin symptoms) and/or uploading their tests (images and/or comments) for storing
(d) Posting content on the Platform's Forum relating to the relevant subjects posted on the Platform, for the purpose of exchanging views and experiences with the other registered Patients who wish to post public content on the Platform.
II) Premium Services (available upon payment of a subscription fee)
(a) Adding medications to the Treatment Plan
(b) Settings relating to the frequency of medicine intake and treatment sessions
(c) Reminders for medication doses and appointments for treatment sessions
Patients can use a special privacy setting which provides the following options:
a) An adjustment that allows their posts on the Forum to be entirely anonymous, i.e. not even displaying their username
b) An adjustment that allows for their Personal Notes to be visible to the Doctors that will gain access to their Account, or hidden
Patients control and may freely select their privacy settings, and modify them at any time.
2.3. For the creation of a Doctor's Account:
Doctors register in the Platform at their own initiative, having first contacted their patient in person (outside of the Platform’s environment). They, then, have to enter the following data in order to register in the Platform:
Name and Surname
time zone (automatic application)
Those data are absolutely necessary data, which are pertinent, expedient, and required for requesting and receiving the services offered by the Platform. Doctors may freely enter any data they wish, and are responsible for the truthfulness, accuracy, and updating of those data, so that they can request and receive the services from the Platform, and so that they can receive the Patient's consent to their access to the Patient's account through the verification of the Doctors’ data by the Patient. It should be clarified that Doctors can access Patients’ Accounts, only with the Patients’ explicit consent, as provided for in Article 2.5 below, while they cannot use any other service of the Platform (including accessing and posting content on the Forum).
Moreover, after double opt-in, Doctors may optionally add: Doctor's Speciality, Education, Country and City.
2.4. Explicit Consent for Registering and Receiving Services
It should be noted that the double opt-in process must be followed in order for the Patient’s and Doctor's registration to be concluded. This means that an email is also sent to the Patient and the Doctor, in order for them to activate their registration through the link contained in that email. If they do not proceed to the activation, then the data are deleted within 48 hours, and the interested Users must repeat their registration afresh.
2.5. Procedure followed in order for the Patient to expressly consent to the Doctor having access to the Patient's Account
Doctors may obtain access to a Patient's Account in the Platform, only by means of the following procedure:
- After consulting the Doctor, the Patient gives his/her email to the Doctor in an off-Platform personal communication between them, in order for the Doctor to be able to follow this procedure and gain access to the Patient's Account.
- Subsequently, after having registered in the Platform, the Doctor sends an email to the Patient through the Platform, requesting access to the Patient's profile.
- The Patient is then informed by the Platform about the Doctor’s request for access, through a pop-up displayed after the Patient has logged in his/her Account, and through an automated email.
- The Patient must grant his/her express consent in order for the Doctor to obtain access (right of simple access and observation) to the Patient's Medical Record and Treatment Plan.
- If the Patient has activated the relevant privacy setting that allows it, the Doctor will be also able to see the Patient's Personal Notes. Otherwise, they will remain hidden, not accessible to the Doctor.
- The Platform only allows the Doctor to observe the content of the Patient's Account. The Doctor may not comment upon, correct, or change any of the content within the Patient’s Account in the Platform.
- Patients may revoke their consent at any time. In that case, the Doctor will no longer have access to the Patient's Account.
- The Doctor is bound by Medical Confidentiality and by the Patient-Doctor relationship with regard to the processing of the Patient's personal data, as regulated in more detail in the Code of Medical Ethics and in the relevant laws to which the Doctor is subject.
2.6. Data Retention Duration and Data Deletion
a) The data are kept in the Platform only for as long as it is necessary for the provision of the Platform services requested by the Patient or the Doctor, at their own initiative and with their Registration therein.
b) The data can be deleted as follows:
i). The Patient may deactivate the account, through the account settings, with the right to reactivate it in the platform in the future. After the account is deactivated, as described above, the content of any post made by the Patient on the Platform's Forum will remain visible, but it will appear as an anonymous post, i.e. the username will no longer be visible (provided that the Patient had not already selected the special privacy setting enabling non-publication of the username in all cases). Also, the Patient may request deletion of his/her data by virtue of the deletion right provided for in the Rights of Data Subjects (Article 5 below).
ii). The Patient may also completely delete the account through the account settings. In that case, the Patient will not be able to reactivate his/her account in the Platform in the future. All of the Patient's data are also deleted in the same manner. The content of any post made by the Patient on the Platform's Forum will remain visible, but it will appear as an anonymous post, i.e. the username will no longer be visible (provided that the Patient had not already selected the special privacy setting enabling non-publication of the username in all cases). Also, the Patient may request deletion of his/her data by virtue of the deletion right provided for in the Rights of Data Subjects (Article 5 below).
iii). Paragraph ii) above also applies to Doctors, i.e. when the Doctors delete their account through the special setting of the Platform, the personal data they have entered upon their registration are also deleted.
iv) Of course, patients may freely and at any time delete, erase, modify, remove, or process, in any manner, the data they have entered in their Account.
3. Legality of processing (simple and sensitive) personal data
3.1. Data sources:
The data subjects themselves - the Patients (simple data for their registration, registration verification, and execution of the contract with the Platform, and sensitive data entered by them in their Account) and the Doctors (simple data for their registration in the platform and verification of the Patient's consent to access to his/her Account)
3.2. Legal basis of collection and processing:
From the Patient: required both upon registration in the Platform, and separately for granting the Doctor access to the profile.
From the Doctor: Upon registration in the Platform.
Double opt-in: After the user (Patient or Doctor) states his/her consent in his/her registration in the Platform, the Platform sends an initial confirmation email to the email address stated by the user. This email invites the user to activate his/her statement of consent within 48 hours, otherwise his/her registration data will be deleted.
(b) Alternatively - for simple data, processing is necessary for the execution of a contract
Moreover, especially as regards premium services, processing of the Patient's simple data is also necessary for payment of the Patient's subscription fee, and issuance of the relevant payment documents.
4. Data Processors - Recipients
4.1. Aiming at carrying out its services in a better and more efficient manner, the Company uses subcontractors to execute part of such services, such as a company responsible for the construction and maintenance of the Platform, a company responsible for storing the platform content, a company that carries out actions necessary for the operation of the platform. e.g. sending emails, a cloud hosting company, a company that executes and settles electronic payments, to which personal data of the Platform users may be transmitted.
4.2. The Platform is hosted by the servers of the company “Amazon Web Services Inc”, which is established in the United Kingdom. In particular, according to the data kept by the company “Amazon Web Services Inc”, the server hosting the Platform is in London, United Kingdom; it, therefore, is in the “eu-west-2” zone, as it is recorded in the “A Record” of the server of the website addresses “curecancer.gr” or “curecancer.eu”, which corresponds to the IP address of the webpage server of the Platform in AWS, i.e. “18.104.22.168” see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html. In any case, the company “Amazon Web Services Inc” is also registered in the shield see https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4
4.3. Moreover, if the Company receives a request by a competent Administrative Authority, Public Prosecutor's Office, Court, or other Authority, it may need to forward such data to those Authorities (with or without prior notification to the User) based on the relevant provisions of the law.
5. Exercise of the Users’ Rights
5.1. Users may request the Platform to allow them to exercise their legal rights on the above data kept by the Platform. In particular, each User can exercise their rights in the following ways:
a) By sending a letter to the Company under the trade name “CANCER PATIENT SUPPORT PRIVATE COMPANY” and the distinctive title “CURE CANCER”, Neo Psychiko, Attica, at 41 Bouboulinas str.;
b) By sending an email to the email address: firstname.lastname@example.org.
5.2. In particular, each User has the following rights:
The User may ask the Company to:
• allow them to confirm whether the Company processes their personal data;
• grant them access to any data not available to them;
• provide them with other information about their personal data, e.g. which data the Company has, why it uses them, with whom it shares them, whether it transfers them abroad and how it protects them, how long it keeps them, what rights Users have, how they can file a complaint, from which source the Company collected their data, to the extent that such information is not already contained in this Policy.
The User may ask the Company to correct inaccurate personal data. The Company has the right to seek to verify the accuracy of the data before correcting them.
The User can delete their personal data at any time through their Account, or request the Company to delete their personal data, as follows:
• when Users delete their Account from the Platform (their data will be instantly deleted) or
• when Users suspect that there is any problem in the processing thereof, at the Users’ special request
The User may request the Company to mitigate the processing of their data, to the extent possible in relation to the processing purposes.
Through the page “Account Settings” the User can request that all the data relating to their Account be extracted. Data are codified in accordance with the widespread data interchange standard “JSON”, and are sent to the Users by email at the email address they have stated, for any use.
The User may oppose against any processing of their personal data whose legal basis is our “legitimate interests”, if they believe that their fundamental rights and their liberties outweigh the Company’s legitimate interests, unless the Company proves that it has imperative legitimate interests that outweigh the User’s rights and liberties, as stipulated by the law.
The User has the right to file a complaint with the local supervising authority with regard to the processing of their personal data. In Greece, the supervising authority for data protection is the Hellenic Data Protection Authority - HDPA (www.dpa.gr).
The Company seriously takes into account the confidentiality of all the records containing personal data, and reserves the right to ask Users for proof of their identity if they submit a request with regard to those records.
No remuneration for fulfilling your rights
The Company will not ask for any remuneration in order for the User to exercise their rights with regard to their personal data, unless their request for access to information is ungrounded or excessive, in which case the Company will charge a reasonable fee under the specific circumstances. The Company will notify the User of any charges before it fulfils their request.
Unless otherwise specified above, the Company’s intention is to promptly respond to the Users’ requests (within 2-3 business days). If the User’s request is complex, the Company will promptly notify them of its ability to respond, and in any case, within one (1) month at the latest. Should the Company need more time, it will notify the User of this, providing adequate reasoning. The Company may contact the User to request clarifications, or ask them what their exact concern is. This will help the Company process the User’s request faster.
6. Personal Data Security
6.1. All the data and information of each User are governed by the principles of confidentiality of (electronic and non-electronic) communications and commercial transactions, and the Platform takes suitable and reasonable security measures to protect and secure confidentiality thereof. All the data entered by Users in the Platform (whether they are simple or sensitive, as the case may be) are exclusively governed by specially authorised persons acting under the control and only at the command of the Platform. In conducting the processing, the Platform selects persons with relevant professional qualifications providing adequate guarantees in terms of technical knowledge and personal integrity for keeping the confidentiality. In any case, given that in creating an Account, Users select the password they will use in order to have access to it, for security reasons they must not disclose it to other persons and must frequently change it, and must notify the Company in the event of any breach or loss at email@example.com. The Company reserves its rights for any damage it may sustain as a result of a wrongful breach of the foregoing.
6.2. All the data kept are encrypted, while part of them is decrypted instantly, if this is absolutely technically necessary for executing a command of the Users. For example, the username is instantly decrypted for access to the Platform, and the Patient's email is instantly decrypted for acceptance of the Doctor's request for access, and for verification of the accuracy of the data entered by the Doctor. Moreover, authorised users (administrators and IT technicians) can access the Platform by using a two-step authentication mechanism (entering a secret code and a one-time password), while their actions are recorded in special logs.