Contact Us

Swedish Care DoctorTora Greece AE

Privacy Policy

EU Privacy Policy v0.1

20 May 2024

1. Introduction

About our privacy policy

When you use DoctorTora’s services, we understand the importance of your privacy and are committed to safeguarding your personal data. As a telehealth provider, we recognize the sensitive nature of the information we handle and are dedicated to protecting the privacy of our users. Our Privacy Policy applies to the services provided by us to our users/patients, encompassing our mobile and web applications.

As a company operating in the European Union, we operate under the European Parliament General Data Protection Regulation (GDPR)’ (EU) 2016/679 as detailed in Hellenic Law 4624/2019 (Data Protection Law), a comprehensive data protection framework that sets guidelines for the collection and processing of personal information in general and health data in particular. We also comply with Hellenic Law 3471/2006 regarding the protection of personal data and privacy in the field of electronic communications.

Our policy is designed to comply with GDPR, the Data Protection Law, and other relevant regulations, and to explain how we handle your data.

 

2. Definitions

  • Personal Data: Any information related to an identified or identifiable individual, including but not limited to name, contact details, and medical information.
  • Data Processing: Any operation performed on personal data, whether automated or not, including collection, use, storage, and dissemination.
  • Data Controller: Swedish Care DoctorTora Greece AE (DoctorTora) as we are the legal entity determining the purposes and means of processing your personal data.
  • Data Processor: An entity that processes data on behalf of us, the data controller.
  • Data Subject: Any individual whose personal data is being processed by DoctorTora.

3. Our Principles of Data Processing

We adhere to the following principles in our operations:

  • Lawfulness, Fairness, and Transparency: We process personal data legally, fairly, and in a transparent manner.
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  • Data Minimization: We only collect data that is necessary and relevant to our provided services.
  • Storage Limitation: Data is retained only for as long as necessary for the purposes for which it is processed.
  • Integrity and Confidentiality: We ensure appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss.

4. What data do we collect?

  • Personal Details: This includes your name, phone number, email address, and identification documents such as passport and AMKA, along with photos and other information from IDs or passports. We collect these details when you register and use with our services.
  • Technical Information: We gather information like your IP address, device type, and settings. This is automatically collected when you use our app or visit our website.
  • Usage Information: This covers how you use our app, such as the pages you visit, the features you use, and the time you spend in the application. This is automatically collected when you use our app or visit our website.
  • Medical Information: We collect information about your symptoms, diagnoses, and other medical information that you or your doctor provide through the app.

5. Why do we collect data?

  • Performing Medical Services: We use your personal and medical information to provide you with medical services.
  • Providing Support: To offer customer service and address any issues you might face while using our services.
  • Improving Our Services: We analyze technical and usage information to enhance the functionality and user experience of our app.
  • Marketing Communication: With your explicit consent, we may use your personal details for sending promotional messages and updates.
  • Fulfilling Legal Obligations: We process certain data to comply with Greek healthcare laws and regulations.
  • Preventing Misuse and Crime: To detect and prevent fraudulent activities or misuse of our services.

6. Your rights

As a user of our services, GDPR and the Data Protection Law grants you certain rights regarding your personal data. Here’s an overview of these rights and how you can exercise them:

  1. The Right to be Informed: You have the right to be informed about how your personal data is being used. This Privacy Policy serves that purpose, but you can always ask us for more details.
  2. The Right of Access: You can request access to your personal data to see what information we hold about you.
  3. The Right to Rectification: If you believe that any personal data we hold about you is incorrect or incomplete, you have the right to request its correction.
  4. The Right to Object to Processing: You have the right to object to the processing of your personal data, especially if it’s for direct marketing purposes. Consents (if requested and given), can be withdrawn on the same platform(s) as it was given, like our app, or website.
  5. The Right to Restrict Processing: In certain circumstances, you can request that we restrict the processing of your personal data.
  6. The Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request the transfer of this data to another controller.
  7. The Right to be Forgotten: Also known as the right to erasure, you can request the deletion of your personal data when it’s no longer necessary for the purposes for which it was collected.
  8. Rights in Relation to Automated Decision Making and Profiling: You have the right to not be subject to decisions based solely on automated processing, including profiling, which has legal or similarly significant effects on you.

Exercising Your Rights

To exercise any of these rights, please contact our Data Protection Officer at dpo@doctortora.gr. We will respond to your request in accordance with GDPR guidelines.

 


7. Legal Basis for Processing Your Personal Data

We ensure that the processing of your personal data is always backed by a solid legal basis. Here are the key grounds on which we rely:

  1. Consent: For certain types of data processing, particularly those not directly related to the provision of our medical services (like marketing communications), we seek your explicit consent. Remember, you have the freedom to withdraw this consent at any time.
  2. Legitimate Interest of the Company: In some instances, we process your data based on our legitimate interests. This includes activities like analyzing how you use our app to improve our services. We balance our interests with your rights to ensure there’s no undue impact on your privacy.
  3. Performance of a Contract: Much of the data we process is necessary for us to fulfill our contractual obligations to you. This includes using your personal and medical details to provide you with the healthcare services you’ve signed up for.
  4. Legal Obligation: There are times when we need to process your data to comply with legal requirements, particularly in relation to healthcare laws and regulations.
  5. Vital Interests: On rare occasions, we might process personal data when it’s necessary to protect someone’s life, such as in medical emergencies.
  6. Public Interest: If necessary, we may process data for tasks that are in the public interest, especially those relating to public health.

 

For Children

Consent and Authorization: Article 21 of The Data Protection Law (4624/2019) sets the age of consent at 15 years. For users under the age of 15 (or a different age as stipulated by relevant laws), we collect and process personal data only with parental or guardian consent, except where permitted by law.

 

8. Sharing Your Data

We understand the importance of keeping your personal data confidential. There are certain scenarios where we need to share your information:

  1. With Data Processors: To provide our services effectively, we share data with trusted third-party service providers. These partners help us with various aspects of our service, including data storage, app functionality, and customer support. They are contractually bound to protect your data and use it only for the purposes we specify through Data Protection Agreements (DPAs). They are not allowed to use the data for any purpose other than as a processor for us, within the scope of processing outlined in this document.
  2. Employers, Insurance Companies & Other Sales Partners: In our collaborations with employers, insurance companies and other sales partners, we may share usage data for patients who has received free or discounted services in connection to our contracts with them. This does not include your medical information. It’s mainly for administrative, contractual and invoicing purposes. As a patient, it will be evident to you, and optional, to utilize our services in connection with one of these partners. However, if you specifically request from us (and consent to it), we can share your medical data with one of these partners, for example in connection with an insurance claim you are making.
  3. Aggregated and Anonymized Health Data: We may share health data in an aggregated and anonymized form for research, statistical analysis, or public health purposes. This is done only if we are confident that it does not compromise the interests or privacy of our patients. We ensure that such data cannot be used to identify any individual patient.

 

9. Transfers to Third Countries

In certain situations, we may transfer personal data to countries outside of the European Union (EU) and the European Economic Area (EEA). These transfers occur only when necessary for the provision of our services or for other legitimate business purposes.

  • Safeguards: We ensure that appropriate safeguards, as required by GDPR and other relevant laws, are in place. This includes using standard contractual clauses approved by the European Commission or relying on a country’s adequacy decision.

 

10. Duration of Data Storage

We retain your personal data only as long as necessary for the purposes it was collected or as required by law.

  • Criteria for Determination: The duration of data storage is based on legal requirements, the nature of our relationship with you, and the necessity of the data for providing our services.
  • Deletion: Upon the expiration of the retention period, personal data is securely deleted or anonymized.
  • Right to be forgotten: If you exercise your right to be forgotten, your data will be deleted or anonymized the latest within 3 months of your request.

Certain personal data might be kept for longer, if we are legally obligated, but will no longer be processed for any other reason.

 

11. Security

We implement a range of technical and organizational measures designed to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services. These measures are crafted to safeguard your data against unauthorized access, alteration, disclosure, or destruction.

  • Encryption: We employ strong encryption technologies to protect data during transmission and while it is stored.
  • Access Control: Access to personal data is strictly controlled and limited to only those employees and partners who require access to perform their duties.
  • Regular Auditing: Our security measures are regularly reviewed and audited to ensure they are up to date and effective.
  • Incident Response Plan: We have a robust incident response plan in place to quickly address any potential data breaches or security incidents.
  • Staff Training: All staff are trained in data protection and security, ensuring they understand the importance of safeguarding personal data and are aware of our security policies and procedures.
  • Data Minimization: We ensure that only the necessary amount of personal data is processed, accessed, and stored.

12. Contact Information

Your Questions, Our Answers: For any questions, concerns, or requests regarding your personal data, please contact our Data Protection Officer at dpo@doctortora.gr.

Feedback is Welcome: We value your input and feedback on our data protection practices and encourage you to reach out to us.