DN2ME PRIVACY POLICY

1. INTRODUCTION

1. General

The respect for your privacy and the management, protection and security of your personal data is a priority for DN2ME (the “ Company”, “DN2ME”, “we”, “ us, ” “ our ,”).The Company has adopted this Data Protection Policy (hereinafter the “ Data Policy ” or “ Policy ”) in order to inform on the types of data it collects or produces for you that make use of the Application and the Service (hereinafter “Application”, “Platform”, or “Service ”) or become our Member or sign up for our newsletters recipients list (hereinafter “you”, “your”, “yours”, the “Traveler”, the “Doctor”, the “Member” the “User” ) for the purpose of collecting and processing of your data and how these data is processed and its recipients, for the rights and your choices on your personal data, as well as how to contact us about every matter that may trouble you with respect to your personal data.

2. Amendments

The present is the first edition of the Policy and comes into effect from 18 ^th of March 2020. This Data Protection Policy is governed by the relevant provisions of both Greek and European law relating to the protection of individuals from the processing of personal data. Any possible future change to the above regulatory framework will be the subject to the present. Therefore, we retain the right to amend this statement and apply any change on your data and our practices regarding its collection and processing, according to the provisions of the law, or /and to amend or replace all or part of this Policy at our own discretion.

If there are substantial changes to this Policy or if our practices regarding your data shall change in the future, we shall notify you by publishing the changes on the Platform and by sending you a relevant update. However, if you wish to have any clarification or information regarding the changes, or have any disagreement, reservation or question about them (changes), you may contact us at the details listed in the Section below. Please note that any information / clarification given to you in accordance with the above regarding any changes to this Policy does not constitute a replacement, substitution or any amendment of this Policy.

  Continued use of the Application and Service implies the automatic and unconditional acceptance of the amended terms of this policy on your behalf. In the event that you do not agree with the amendments, you should not take any action or make use of the Application and the Service, let alone provide any personal data, you are entitled to terminate the contracts between us and request the deletion of your Account and Data to the extent permitted by applicable law. For any information or clarification, you may contact us and in any case you are entitled to exercise your rights as detailed in Section V below.

3. Content:

This Data Protection Policy includes:

•       information about the Data Controller and the Data Protection Officer (DPO), and our contact details for any issue regarding your personal data.

• the type of personal data that we collect for you and methods of collection
• the purpose of collecting and processing of your personal data and the legal basis for the processing
• security measures that we undertake for the protection of your data and how long we retain it
• your rights and how to access them, as well any options you may have regarding the collection and processing of your data
• information about the protection and storage of your data by DN2ME

2. DATA CONTROLLER AND DATA PROTECTION OFFICER

1. Who is the Data Controller?

Data Controller of your personal data is the company under the name “DOCTOR NEXT TO ME PRIVATE COMPANY ” and the distinctive title “DN2ME IKE”, with company registration number 143485601000, having its headquarters in Athens (45 Galinis str., Zografou), VAT no 800869936, Tax Office of IB Athinon, tel;. +302121042659 and email: [email protected] (hereinafter, the “Company”).

2. Who is the Data Protection Officer?

Data Protection Officer (DPO) of our Company for your personal data is Mr. Vassileios Tsetsos. His contact details are: email: [email protected], telephone +302121042659 and post address: 45 Galinis str, Zografou, Athens, Greece

3. Questions and Comments

You may communicate with us using the contact details above and submit any comment, queries, observations or any complaints regarding this Policy and generally the collection and processing of your personal data. You have the right to submit any claim regarding issues of protection of your personal data that may arise from its processing by the Company, before the Hellenic Data Protection Authority, which is the supervisory authority in our country. Please find details in link www.dpa.gr . However, it is our obligation and duty to handle any troubles regarding your personal data, hence we are glad to hear from you.

3. COLLECTING AND PROCESSING OF DATA

1. WHAT data do we collect and HOW do we collect it

Upon your registration in the Application, the creation of account, and the use of Service or otherwise, we collect different types of personal data for you, either directly from you or from third parties through automatic means such us indicatively:

• Identity data (name surname) that you provide us upon your registration and creation of an account.
• Communication data (mobile phone number) that Doctors provide us with.
• Location data: Municipality and Province) for the connection with the doctor next to you.
• Videocall data: the number of videocalls and for each video call doctors you saw, the specializations of the doctors who attended you, the type of examinations you make, the cost you have paid for the medical services provided to you through the Service, the time of the incident, the time of its settlement, the insurance services you receive, your reviews on doctors, the place of provision of medical services, etc.
• Login Information data to your Account, which is your username and password.
• Demographic data : place of residence, age.
• Device Data : Device’s camera and microphone.

We do not knowingly collect any information from any person under the age of 15 without the consent of parents, guardians. Our services are aimed exclusively at people who are at least 18 years of age or older. If you are under 18, do not use or provide any information to us, do not register as a Member or in our newsletters list of recipients, do not use the Application and Service, even the upload, and do not give any information about your face to us, including your name, address, or contact information (phone, email, etc.). If we find that we have collected or received personal data from a child under the age of 15 without the consent of the guardian, we will delete it immediately unless consent has been given to a parent or guardian. If you think we may have information from or for a child under 18, please contact us.

Learn more…..

We collect directly from you the following personal data:

If you are the User/ Patient

• When opening your Account, you must provide us with your email as a username and password and your full name (name surname), place of residence and province and optionally your mobile phone and age.

If you are a Doctor:

• When opening your Account, you must provide us with an email as username and password, your full name (name surname), mobile phone number, spoken languages, your specialty, your title, your professional registration number in the competent Medical Association and the name of the Association, your place or residence (Municipality Province).

2. HOW and WHY do we use your personal data.

All the above personal data that you provide us as mandatory data or optional, or are produced by automated means, we use it for the legal purposes referred below and they are subject to data limitation principles as we collect the less necessary personal data for the given scope. Please note that, where the European or national laws restrict or prohibit certain actions of the Company for which we use your data, we will stop using information about you for these purposes.

In particular, we may use your personal data for the following purposes :

The legal basis for our use of information about you is one of the following (which we explain in more detail in the “find out more” section):

• compliance with a legal obligation to which we are subject;
• the performance of a contract to which you are a party;
• a legitimate business interest that is not overridden by interests you have to protect the information;
• where none of the above applies, your consent (which we will ask for before we process the information).

More precisely:

• We process the email you provide us with as your username in the Platform on the basis of our legitimate interest to have you identified every time you request access to the Platform and Your Account. In addition, we may process your email to send you notifications necessary for the function of the Platform and the Service based on Our contractual relationship which provides our right to communicate with your issues related to Platform’s functionality.
• We process the password for security reasons every time you request access to Your Account on the basis of Our legitimate interest for secure Service and the avoidance of fraudulent use of your account.
• We process User’s name and surname for the scope of having only registered users identified as well as for the scope of directing your name/surname to the Doctor who receives your video call, both based on our contractual terms with you.
• We process the name/surname of the Doctors for the scope of identifying they are registered doctors to the Medical Association they declare, on the basis pf our legitimate interest to have on the Platform certified doctors to avoid fraud cases. For the same reason and on the same legal basis we process the Registration Number of the doctor as well as the name of the Association doctor is registered.
• Municipality and Province is being processed for the scope of identifying initially the doctor who is next to you in terms of location, based on our contract. In addition the location data is used for the scope of statistical analysis to check if the Service shall be promoted in other municipalities as well.
• We process the mobile phone number of the Doctors in cases where urgently need to reach him/her fir matters related to the use of the Platform and the Service. We do not provide the Users with the Doctors’ phone number, it is up to them to provide it to Users they have the conference call with, upon their discretion.
• Age who is an optional personal data provided by the Users, shall be used as demographic data for statistical analysis, based on your consent.
• We process video call data for quality assurance purposes as well as for statistical analysis and improvement of Our Service, based on our legitimate interests. WE DO NOT RECORD THE VIDEO CALL AND DO NOT KEEP RECORDS WITH THE CONTENT OF THE VIDEO.

3. WHOM do we share your personal data with and WHY?

In the context of the operation of the Application and the Service, the fulfillment of our contractual obligations and your best service, our Company reserves the right to cooperate with third-party service providers that provide us with support and access only to your data are absolutely necessary for the service they offer us (e.g. registering you in the Application and management of your account, the execution of the Intermediation contract between us for doctors to provide you with medical consultation services, the functional and computerized organization of the Platform and the Service, the optimization of our products and services, etc.). These third party service providers are bound by contract not to use your information in any way other than to help us provide you with the products and services we agree upon.

More specifically, our Company cooperates with:

(a) With a third company which, acting as processor by order and on behalf of our Company, hosts and manages the data you provide to the Platform.

(b) With Third-Party Email Marketing Companies acting in the name and on behalf of us to send you email notifications.

(c) Providers of technology services,

We may disclose anonymous aggregate personal data to the Public Authorities who support the aim of this Service such as the County, Medial Associations etc. for statistic purposes in order to evaluate the effectiveness of the Service.

We reserve the right to disclose your personal data to a third party that we choose to transfer all or part of our business. In addition, in the event of a merge or acquisition or other change in our business, the new owners, etc. have the right to use your personal data in the same way according to this Privacy Policy.

Your data may be communicated to competent judicial, police and other administrative authorities upon their request and in accordance with the applicable laws. Moreover, in case of a statutory provision, a service order or a formal preliminary examination, our Company has the right to place the relevant information at the disposal of the respective authority.

4. PROTECTION AND MANAGEMENT OF YOUR PERSONAL DATA

1. SECURITY of your personal data

We take appropriate technical and organizational measures to protect your personal data we keep from unauthorized disclosure, use, conversion or destruction. Where appropriate, we use encryption and other technologies that can help to secure any information you provide us. We also ask our service providers to comply with severe privacy and data protection requirements.

find out more…

More specifically, the data you submit to the Company is managed exclusively by specially authorized personnel of the Company under our control respectively and only on our mandate. In order to conduct the processing, the Company selects individuals or third party – collaborators with corresponding professional qualifications that provide sufficient guarantees in terms of technical knowledge and personal integrity to safeguard confidentiality. The Company, through its respective contractual commitments and these of its partners, takes all necessary security measures to protect and secure the privacy, confidentiality and integrity of personal data. In any case, its security in the Platform’s environment is subject to reasons beyond Company’s influence, as well as to reasons resulting from technical or other problems of the network that are not controlled by the Company or reasons of force majeure or events of chance.

You must not disclose the data / passwords you have entered to open your Account, which is personal and non-transferable. For personalized communication, our Company also uses appropriate mathematical and / or statistical processes for profiling and performs regular quality and security checks on the systems and algorithms it uses to correct the factors that lead to inaccuracies in the data.

2. Personal data RETENTION

We will retain your personal data for as long as the Service is available, unless you delete your data or revoke any consent you have provided to us. After the Service termination we shall keep your data for data analysis for a year. To determine data retention time of your personal data, we take into account the nature of your data, the quantity, purpose, security, etc.. You have the right to request from us to delete your data. To exercise your right, please visit the relevant Section in this Policy.

We reserve the right in certain circumstances to anonymise your data for research or statistical purposes, so that it cannot be associated with an identifiable person, therefore we reserve the right to use this information for an indefinite period of time. In any case, your data is stored with safety.

3. TRANSFER of your personal data to THIRD COUNTRIES

In principle, the Company keeps your personal data within the European Economic Area. When your data is to be transferred to third countries outside the European Economic Area or International Organizations for which no European Commission decision is available, all the appropriate safeguards provided for in the applicable data protection legislation on the transfers to third countries and the relevant information will be posted on the company's website …………………….

4. YOUR RIGHTS AND YOUR OPTIONS

You have the following rights with respect to your personal data that we have and process:

• request us to give you access to it, to confirm that we process it in accordance with law and / or your own orders and preferences,
• request us to rectify it, incomplete, non-updated or inaccurate data that we hold for you. Of course, we also have the right to ask you to update your information at regular intervals.
• request us to delete it, since of course the law does not oblige us to the contrary.
• request us to restrict our use of it, in certain circumstances;
• to object to our using it, in certain circumstances;
• to withdraw your consent to our using it;
• data portability, in certain circumstances;
• opt out from our using it for direct marketing; and
• lodge a complaint with the country’s supervisory authority.

We offer you easy ways to exercise these rights, such as “unsubscribe” links, or by calling from Monday to Sunday 9:00 to 17:00, or by sending email at: [email protected],

Some mobile applications we offer might also send you push messages, for instance about new products or services. You can disable these messages through the settings in your phone or the application.

It may be necessary, for the security of your information, to ask for some information about you for the purposes of your identification. Your right is exercised free of charge, however, when your right is exercised abusively, we shall request a fee in accordance with the conditions set by law. In any case, we respond to your requests within one month, except in exceptional cases where our response time to a request may be longer.

find out more…

access (article 15)	You may request us to: confirm whether or not we process your personal data; give you access to data that you don’t have provide you with other information about your personal data, such as, what data we have, why we use it, with whom we share it, whether we transfer it abroad and how we protect it, for how long we keep it, what rights you have, how to file a complaint, where did we take your personal data from to the extent that such information is not already given with this Policy.
rectification (article 16)	You may request us to rectify inaccurate personal data. We may seek to confirm the accuracy of the data before we rectify it.
erasure (article 17)	You may request us to erase your personal data At any time, when the information we hold is no longer necessary in relation to the purposes for which it was collected; When you delete your account (which data is erased either way) or If it has been unlawfully processed. It is not required to comply with your request to erase your personal data if processing is necessary to comply with a legal obligation. To fulfill another lawful purpose or other legal basis To establish, exercise or defend any legal claims
restriction (article 18)	You may ask us to restrict (i.e. keep but not use) your personal data when: • its accuracy is being questioned (see rectification) so that we can verify its accuracy or • processing is illegal, but you do not want to delete it or • it is no longer necessary for the purposes for which it was collected, but we still need it for the establishment, exercise or defense of legal claims, or there is another legitimate processing purpose or other legal basis
portability (article 20)	When processing is based on consent and is done by automated means, you may ask us to provide your personal data in a structured format that is commonly used in mechanical reading form, or you may request it to be transferred directly to another controller. However, this right, according to the law, concerns only data that has been provided by the data subject and not data concluded by the controller on the basis of the data provided by the subject
to object (article 21)	(i)  You may at any time object to any processing of his or her personal data, which has as its legitimacy the legitimate interest of the Company or the fulfillment of a duty performed in the public interest.
to withdraw your consent (opt- out)	You are entitled to withdraw your consent, where consent is provided for as a basis for processing. The withdrawal is done for the future.
supervisory authority	You have the right to file a complaint with the local supervisory authority regarding the processing of your personal data. In Greece, the supervisory authority for data protection is the Hellenic Data Protection Authority - HDPA (www.dpa.gr).
Identity	We take seriously into account the confidentiality of all files that contain personal data and we reserve the right to ask you for proof of your identity if you make a claim about those files.
Costs	We will not charge you for the exercise of your rights in relation to your personal data unless, as required by law, your request for access to information is unreasonable or excessive, so we may charge a reasonable fee under these conditions. We will notify you of any charges before fulfilling your request.
Timelines	We aim to respond to any valid requests within one (1) month of receipt, unless it is very complex or you have made a number of requests, so we aim to respond within three months. We'll let you know if we'll need more than one (1) month for the reasons outlined above. We may ask you if you can tell us exactly what you want to receive or what exactly is your concern. This will help us to act faster for your request. In any case, you should provide us with specific and truthful details and / or facts in order to be able to answer and / or satisfy your request, otherwise we reserve the right to make any errors that are out of our control. In addition, our Company may refuse requests that are unjustified or excessive or abusive or made in bad faith or generally illegal according the provisions of the law.