1. Our view on Privacy
I-DANTE’s priority is to provide solutions that empower user flexibility and create user innovative experience. To make this happen, it is critical for us to strike the desired level of trust with the users.
Compliance with applicable standards and legislation is key for establishing a long-term trusting relationship with users and business partners. This is why are embracing the rules and principles provided under Data Protection Law and enhanced by the European General Data Protection Regulation 2016/679 (“GDPR”).
This privacy notice (“Notice”) describes how I-DANTE LTD (“I-DANTE”, “we”, “company”) processes the personal information (“Personal Data”) directly or indirectly identifying you (“User”, “you”). This Notice concerns the processing of Personal Data via the E-HCert mobile application and any of the company’s products or services (collectively, “Mobile Application” or “Services”).
I-DANTE will only process your Personal Data only to the extent necessary and in accordance with GDPR, the Cyprus Data Protection Law 125(I)2018 and any relevant guidance issued by the Office for the Protection of Personal Data (“Commissioner”) and the European Data Protection Board.
We invite you to take the time to read and understand this Notice. Please do not hesitate to contact us for more information.
2. Our role:
Depending on the context of processing your Personal Data, I-DANTE may be acting data processor (“processor”) or data controller (“controller”).
Normally, I-DANTE is processing your Personal Data as processor on behalf of your doctor/hospital. This means that the lawfulness and purpose of processing carried out by I-DANTE is determined by your doctor/hospital who has the overall control over the purposes and means of the processing.
3. Personal Data we process about you
We process the following Personal Data about you (as described below in section 4 below):
Full name, Gender, Date of birth, Nationality, Place of birth, email, Personal ID number and/or Passport ID, General Health System (GESY) number.
4. Collection of Personal Data
Below we describe the process of collecting and processing your Personal Data:
- You are asked by your doctor/hospital to read and sign the consent form by which you authorise the doctor/hospital to proceed with the creation of your Digital Passport. This is done for the purpose of validating and verifying your identity. This is crucial because we need to be absolutely certain that your Personal Data you give through the consent form matches the information that is included in your doctor/hospital’s health information system.
- After the consent form has been signed, your doctor/hospital’s system will issue your login credentials for the Mobile Application by using the Passport Manager (“PaM”) Software provided by I-DANTE. The PaM is controlled by your doctor/hospital. It is important to remark that no software component of I-DANTE can ever access your credentials.
- Our blockchain-based solution will finally encrypt your Personal Data allow you to display your medical examination results on the Mobile Application. Please read the section “Why we operate on a blockchain-based solution” to understand the benefits and security aspects of using blockchain technology when providing our Services.
For more information about the security of this processing activity we encourage you to read the relevant “Data Security” section below.
5. Storing Personal Data
As the data controller, your doctor/hospital is responsible to store your Personal Data used for the creation of your Digital Passport in the PaM according to applicable Law and its internal Policies. We will gain access to the PaM only for maintenance purposes provided that your doctor/hospital has authorised us to do so.
The only information we retain is the encrypted reference to the patient and visit ID. We will retain this for as long as your consent to receive our Services is still. Your actual Personal Data remain stored in the Hospital’s system and hosted in the B2C server of Microsoft.
6. Legal basis and purpose of processing
As we mentioned above, we are currently acting as data processors since our processing is entirely concerned with Personal Data whose controller is your doctor/hospital. Therefore, the legal basis of processing your personal data is decided by your doctor/hospital.
This means that we will provide our Services to you if your consent has been obtained from your doctor/hospital. You may withdraw your consent at any given time by informing your doctor/hospital at which point we will no longer be able to provide you with our Services and your account will be deleted from the Mobile Application. Of course, you will be able to make a request to your doctor/hospital and ask them to use the Mobile Application again.
The sole purpose of processing your Personal Data is the provision of our Services as efficiently and securely as possible, i.e. allow you to access your medical examination results via the Mobile Application.
7. Sharing and transfers of Personal Data
Normally we will not share your Personal Data with any other persons or third parties, unless we have been instructed and lawfully authorized by you or your doctor/hospital or as required under applicable legislation.
When we share Personal Data, we take all reasonable steps in securing any sharing with sub-contractors, partners or local authorities to the extent permitted under applicable law. With this in mind, we guarantee that all necessary data processing agreements with data controllers or other data processors with whom we do business are signed where this is required under GDPR. We also make sure that such agreements provide appropriate safeguards to justify any data transfers made to third countries outside the EEA, taking into account GDPR Chapter V and the relevant provisions under Cyprus Data Protection Law. In any event, we always assess the possibility of transferring data anonymously.
8. The rights of users
You may make a request to exercise certain rights regarding your Personal Data processed by us (“Data Subject Request”, “DSR”). Since we do not act as controllers or you Personal Data, we will forward your DSR to your doctor/hospital. We will then assist the doctor/hospital to facilitate and respond to the DSR through the use of Passport Manager or any other available and secure means.
In particular, given that your Personal Data are processed only on the basis of your consent you have the right to:
- withdraw consent where you have previously given your consent to your doctor/hospital;
- learn what Personal Data are being processed and obtain a copy of them (although you already have visibility with regard to what Personal Data are being processed by the doctor/hospital and us in the context of providing our Services;
- verify the accuracy of your Personal Data and ask for it to be updated or corrected if necessary; (v)
- to restrict the processing of your Personal Data;
erase your Personal Data (this also happens by default when you withdraw your consent in which case I-DANTE will no longer provide you access to the Mobile Application and will stop processing your Personal Data);
- to receive your Personal Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.
9. Processing children data
We will never create a Digital Passport for children under the age of 18.
Instead, parents and legal custodian will have to sign a consent form by which they will be authorised to use the Mobile Application in order to receive the medical examination results of their child. In practice, the parent or legal custodian will provide the details of the children, sign the said consent form and then their doctor/hospital will provide them with the log-in credentials for their child.
10. Safeguarding your data
We secure your Personal Data in a controlled, secure environment, protected from unauthorised access, use, or disclosure. We maintain high standard administrative, technical, and physical safeguards in an effort to protect against unauthorised access, use, modification, and disclosure of Personal Data in our control and custody. While we strive to protect your Personal Data at all times, you acknowledge that there are security and privacy limitations of the Internet which are beyond our control.
For more information about our data security measures please do not hesitate to contact us.
11. Links to other mobile applications
Our Mobile Application contains links to other mobile applications that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other mobile applications or third parties. We encourage you to be aware when you leave our Mobile Application and to read the privacy statements of each and every mobile application that may collect Personal Data.
12. Data breach
In the event we become aware that the security of the Mobile Application has been compromised or users’ Personal Data have been disclosed to unauthorised third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities, in accordance with applicable Data Protection Law. In the event of a data breach, we will make reasonable efforts to notify the data controllers (you doctor/hospital) and/or to the users if we believe that there is a reasonable and high risk of harm to the users as a result of the breach or if notice is otherwise required by GDPR.
13. Changes and amendments
We may update this Privacy Notice from time to time in our discretion and will notify you of any material changes to the way in which we treat Personal Data. When changes are made, we will revise the updated date at the bottom of this page. Any updated version of this Privacy Notice will be effective immediately upon the posting of the revised Privacy Notice unless otherwise specified.
14. Acceptance of this Notice
You acknowledge that you have read this Notice and agree to all its terms and conditions. By using the Mobile Application or its Services you agree to be bound by this Notice. If you do not agree to abide by the terms of this Notice, you are not authorised to use or access the Mobile Application and its Services.
15. Contact us
If you would like to contact us to understand more about this Notice or wish to contact us concerning any matter relating to the processing of your Personal Data, you may send an email to firstname.lastname@example.org