This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Cookie Policy.

Privacy Policy

CURECANCER.GR PLATFORM PRIVACY POLICY

 

1. General Framework of Personal Data Protection

Our Company gives priority to respecting the personal data of Users, both Patients (simple and sensitive data) and Doctors (simple data), and takes reasonable measures for complying with the applicable laws in relation to Users’ personal data protection. Full information regarding collection and processing of Users’ personal data by curecancer.gr is provided below.

1.2. Data Controller's Details

The Data Controller is the company under the trade name “CANCER PATIENT SUPPORT PRIVATE COMPANY”, and the distinctive title “CURE CANCER”, having its registered office in Neo Psychiko, Attica, at 41 Bouboulinas str., telephone: +30 2106748715, email address:  info@curecancer.gr. The data subjects can address the contact details above for any matter relating to their personal data, and in order to exercise their legal rights as indicated above.

1.3. Role of the Platform: The Platform is the Data Controller for simple personal data of Patients and sensitive personal data entered by the Patients themselves in their Platform Account, at their own initiative. It is also the Data Controller for simple data entered by Doctors for the purpose of creating an Account in the Platform. In any case, the Company, at the initiative of Patients and Doctors wishing to use its services, keeps those data in the Platform as a hosting service provider, without having any access to, control over, or the capacity to intervene in them whatsoever. The Platform has no interference in, influence on, or control over the Patients’ posts and the content of their Medical Record or their Treatment Plan, as well as their Account settings. The services offered by the Platform are exclusively automated and technically neutral, while the data kept are encrypted, as detailed in Article 6 below.

2. Data collected

2.1. For the creation of a Patient's Account:

Patients register in the Platform, at their own initiative. They, therefore, enter the following details:

Name and Surname

username           

email

password

telephone (optional)

time zone (automatic application)

The above data are absolutely necessary data, which are pertinent, expedient, and required for requesting and receiving the services offered by the Platform. Patients may freely enter any data they desire, and they are responsible for the truthfulness, accuracy, and updating of such data, so that requesting and receiving services from the Platform will be feasible.

Patients are advised not to use their actual personal data in creating the username, or to use a pseudonym, because this detail will appear during their participation in the forum (unless they select the privacy setting that allows them to make an anonymous post on the forum).

2.2. For the use of the Services by the Patients

By registering in the Platform and creating an Account, patients have the right to enter data at their own discretion and at their own free will in the following sections:

I) Free Services

(a) Patient's Medical Record, where they post information and details about their medical record;

(b) Treatment Plan, where they post their treatments, symptoms, and appointments with doctors;

(c) In the special section for posting Personal Notes, including any photographs of their symptoms (e.g. skin symptoms) and/or uploading their tests (images and/or comments) for storing

(d) Posting content on the Platform's Forum relating to the relevant subjects posted on the Platform, for the purpose of exchanging views and experiences with the other registered Patients who wish to post public content on the Platform.

II) Premium Services (available upon payment of a subscription fee)

(a) Adding medications to the Treatment Plan

(b) Settings relating to the frequency of medicine intake and treatment sessions

(c) Reminders for medication doses and appointments for treatment sessions

Patients can use a special privacy setting which provides the following options:

a) An adjustment that allows their posts on the Forum to be entirely anonymous, i.e. not even displaying their username
b) An adjustment that allows for their Personal Notes to be visible to the Doctors that will gain access to their Account, or hidden

Patients control and may freely select their privacy settings, and modify them at any time.

2.3. For the creation of a Doctor's Account:

Doctors register in the Platform at their own initiative, having first contacted their patient in person (outside of the Platform’s environment). They, then, have to enter the following data in order to register in the Platform:

Name and Surname

username

email

password

telephone (optional)

time zone (automatic application)

Those data are absolutely necessary data, which are pertinent, expedient, and required for requesting and receiving the services offered by the Platform. Doctors may freely enter any data they wish, and are responsible for the truthfulness, accuracy, and updating of those data, so that they can request and receive the services from the Platform, and so that they can receive the Patient's consent to their access to the Patient's account through the verification of the Doctors’ data by the Patient.  It should be clarified that Doctors can access Patients’ Accounts, only with the Patients’ explicit consent, as provided for in Article 2.5 below, while they cannot use any other service of the Platform (including accessing and posting content on the Forum).

Moreover, after double opt-in, Doctors may optionally add: Doctor's Speciality, Education, Country and City.

2.4. Explicit Consent for Registering and Receiving Services

Thus, the foregoing simple and sensitive data can be processed upon express and free consent of the data subject, by accepting this privacy policy which must be read by the Patient and the Doctor (by opening a special window where they can read the terms by scrolling down) before free explicit acceptance thereof (by clicking the relevant button).

It should be noted that the double opt-in process must be followed in order for the Patient’s and Doctor's registration to be concluded. This means that an email is also sent to the Patient and the Doctor, in order for them to activate their registration through the link contained in that email. If they do not proceed to the activation, then the data are deleted within 48 hours, and the interested Users must repeat their registration afresh.

2.5. Procedure followed in order for the Patient to expressly consent to the Doctor having access to the Patient's Account

Doctors may obtain access to a Patient's Account in the Platform, only by means of the following procedure:

  • After consulting the Doctor, the Patient gives his/her email to the Doctor in an off-Platform personal communication between them, in order for the Doctor to be able to follow this procedure and gain access to the Patient's Account.
  • Subsequently, after having registered in the Platform, the Doctor sends an email to the Patient through the Platform, requesting access to the Patient's profile.
  • The Patient is then informed by the Platform about the Doctor’s request for access, through a pop-up displayed after the Patient has logged in his/her Account, and through an automated email.
  • The Patient must grant his/her express consent in order for the Doctor to obtain access (right of simple access and observation) to the Patient's Medical Record and Treatment Plan.
  • If the Patient has activated the relevant privacy setting that allows it, the Doctor will be also able to see the Patient's Personal Notes. Otherwise, they will remain hidden, not accessible to the Doctor.
  • The Platform only allows the Doctor to observe the content of the Patient's Account. The Doctor may not comment upon, correct, or change any of the content within the Patient’s Account in the Platform.
  • Patients may revoke their consent at any time. In that case, the Doctor will no longer have access to the Patient's Account.
  • The Doctor is bound by Medical Confidentiality and by the Patient-Doctor relationship with regard to the processing of the Patient's personal data, as regulated in more detail in the Code of Medical Ethics and in the relevant laws to which the Doctor is subject.

2.6. Data Retention Duration and Data Deletion

a) The data are kept in the Platform only for as long as it is necessary for the provision of the Platform services requested by the Patient or the Doctor, at their own initiative and with their Registration therein.

b) The data can be deleted as follows:

i). The Patient may deactivate the account, through the account settings, with the right to reactivate it in the platform in the future. After the account is deactivated, as described above, the content of any post made by the Patient on the Platform's Forum will remain visible, but it will appear as an anonymous post, i.e. the username will no longer be visible (provided that the Patient had not already selected the special privacy setting enabling non-publication of the username in all cases). Also, the Patient may request deletion of his/her data by virtue of the deletion right provided for in the Rights of Data Subjects (Article 5 below).

ii). The Patient may also completely delete the account through the account settings. In that case, the Patient will not be able to reactivate his/her account in the Platform in the future. All of the Patient's data are also deleted in the same manner. The content of any post made by the Patient on the Platform's Forum will remain visible, but it will appear as an anonymous post, i.e. the username will no longer be visible (provided that the Patient had not already selected the special privacy setting enabling non-publication of the username in all cases). Also, the Patient may request deletion of his/her data by virtue of the deletion right provided for in the Rights of Data Subjects (Article 5 below).

iii). Paragraph ii) above also applies to Doctors, i.e. when the Doctors delete their account through the special setting of the Platform, the personal data they have entered upon their registration are also deleted.

iv) Of course, patients may freely and at any time delete, erase, modify, remove, or process, in any manner, the data they have entered in their Account.

3. Legality of processing (simple and sensitive) personal data

3.1. Data sources:

The data subjects themselves - the Patients (simple data for their registration, registration verification, and execution of the contract with the Platform, and sensitive data entered by them in their Account) and the Doctors (simple data for their registration in the platform and verification of the Patient's consent to access to his/her Account)

3.2. Legal basis of collection and processing:

(a) Consent

From the Patient: required both upon registration in the Platform, and separately for granting the Doctor access to the profile.

From the Doctor: Upon registration in the Platform.

Double opt-in: After the user (Patient or Doctor) states his/her consent in his/her registration in the Platform, the Platform sends an initial confirmation email to the email address stated by the user. This email invites the user to activate his/her statement of consent within 48 hours, otherwise his/her registration data will be deleted.

(b) Alternatively - for simple data, processing is necessary for the execution of a contract

Processing data on the part of the Company is necessary for the execution of a contract for the Platform services voluntarily requested by the Patient. It is also necessary for the execution of a contract concerning granting the Doctor access to the Patient's Account, based on the Terms of Use, which include the terms governing provision of the Platform services, detailed in the terms of use of the Platform, which the Patient is invited to read before accepting them (by clicking on the acceptance button)

Moreover, especially as regards premium services, processing of the Patient's simple data is also necessary for payment of the Patient's subscription fee, and issuance of the relevant payment documents. 

4. Data Processors - Recipients

4.1. Aiming at carrying out its services in a better and more efficient manner, the Company uses subcontractors to execute part of such services, such as a company responsible for the construction and maintenance of the Platform, a company responsible for storing the platform content, a company that carries out actions necessary for the operation of the platform. e.g. sending emails, a cloud hosting company, a company that executes and settles electronic payments, to which personal data of the Platform users may be transmitted.

4.2. The Platform is hosted by the servers of the company “Amazon Web Services Inc”, which is established in the United Kingdom. In particular, according to the data kept by the company “Amazon Web Services Inc”, the server hosting the Platform is in London, United Kingdom; it, therefore, is in the “eu-west-2” zone, as it is recorded in the “A Record” of the server of the website addresses “curecancer.gr” or “curecancer.eu”, which corresponds to the IP address of the webpage server of the Platform in AWS, i.e. “35.176.6.64” see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html. In any case, the company “Amazon Web Services Inc” is also registered in the shield see https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4

4.3. Moreover, if the Company receives a request by a competent Administrative Authority, Public Prosecutor's Office, Court, or other Authority, it may need to forward such data to those Authorities (with or without prior notification to the User) based on the relevant provisions of the law.

5. Exercise of the Users’ Rights

5.1. Users may request the Platform to allow them to exercise their legal rights on the above data kept by the Platform. In particular, each User can exercise their rights in the following ways:

a) By sending a letter to the Company under the trade name “CANCER PATIENT SUPPORT PRIVATE COMPANY” and the distinctive title “CURE CANCER”, Neo Psychiko, Attica, at 41 Bouboulinas str.;

b) By sending an email to the email address: info@curecancer.gr.

5.2. In particular, each User has the following rights:

Right

Explanation

 

Access

The User may ask the Company to:

• allow them to confirm whether the Company processes their personal data;

• grant them access to any data not available to them;

• provide them with other information about their personal data, e.g. which data the Company has, why it uses them, with whom it shares them, whether it transfers them abroad and how it protects them, how long it keeps them, what rights Users have, how they can file a complaint, from which source the Company collected their data, to the extent that such information is not already contained in this Policy.

 

 

Correction

The User may ask the Company to correct inaccurate personal data. The Company has the right to seek to verify the accuracy of the data before correcting them.

 

Deletion

The User can delete their personal data at any time through their Account, or request the Company to delete their personal data, as follows:

• when Users delete their Account from the Platform (their data will be instantly deleted) or

• when Users suspect that there is any problem in the processing thereof, at the Users’ special request

Mitigation

The User may request the Company to mitigate the processing of their data, to the extent possible in relation to the processing purposes.

Portability

Through the page “Account Settings” the User can request that all the data relating to their Account be extracted. Data are codified in accordance with the widespread data interchange standard “JSON”, and are sent to the Users by email at the email address they have stated, for any use.

 

Opposition

The User may oppose against any processing of their personal data whose legal basis is our “legitimate interests”, if they believe that their fundamental rights and their liberties outweigh the Company’s legitimate interests, unless the Company proves that it has imperative legitimate interests that outweigh the User’s rights and liberties, as stipulated by the law.

 

Supervising Authority

 

The User has the right to file a complaint with the local supervising authority with regard to the processing of their personal data. In Greece, the supervising authority for data protection is the Hellenic Data Protection Authority - HDPA (www.dpa.gr).  

Identity

The Company seriously takes into account the confidentiality of all the records containing personal data, and reserves the right to ask Users for proof of their identity if they submit a request with regard to those records.

 

No remuneration for fulfilling your rights

The Company will not ask for any remuneration in order for the User to exercise their rights with regard to their personal data, unless their request for access to information is ungrounded or excessive, in which case the Company will charge a reasonable fee under the specific circumstances. The Company will notify the User of any charges before it fulfils their request.

 

Time schedules

Unless otherwise specified above, the Company’s intention is to promptly respond to the Users’ requests (within 2-3 business days). If the User’s request is complex, the Company will promptly notify them of its ability to respond, and in any case, within one (1) month at the latest. Should the Company need more time, it will notify the User of this, providing adequate reasoning. The Company may contact the User to request clarifications, or ask them what their exact concern is. This will help the Company process the User’s request faster.

 

6. Personal Data Security

6.1. All the data and information of each User are governed by the principles of confidentiality of (electronic and non-electronic) communications and commercial transactions, and the Platform takes suitable and reasonable security measures to protect and secure confidentiality thereof. All the data entered by Users in the Platform (whether they are simple or sensitive, as the case may be) are exclusively governed by specially authorised persons acting under the control and only at the command of the Platform. In conducting the processing, the Platform selects persons with relevant professional qualifications providing adequate guarantees in terms of technical knowledge and personal integrity for keeping the confidentiality. In any case, given that in creating an Account, Users select the password they will use in order to have access to it, for security reasons they must not disclose it to other persons and must frequently change it, and must notify the Company in the event of any breach or loss at info@curecancer.gr. The Company reserves its rights for any damage it may sustain as a result of a wrongful breach of the foregoing.

6.2. All the data kept are encrypted, while part of them is decrypted instantly, if this is absolutely technically necessary for executing a command of the Users. For example, the username is instantly decrypted for access to the Platform, and the Patient's email is instantly decrypted for acceptance of the Doctor's request for access, and for verification of the accuracy of the data entered by the Doctor. Moreover, authorised users (administrators and IT technicians) can access the Platform by using a two-step authentication mechanism (entering a secret code and a one-time password), while their actions are recorded in special logs.

7. Use of Cookies

The Company only uses cookies that are technically necessary for the technological operation of the platform, and are necessary for providing the information society service expressly requested by the User, and uses no other cookies.

This Privacy Policy is a unified and integral part of the Terms of Use of the Platform.

Sponsors - Supporters

feedback