Privacy Policy regarding the protection of personal data For doctors and healthcare providers

Introductory Information

«NOSPI powered by Vida24©» is a comprehensive platform for telemetry, recording, and management of biological signals and health parameters, enabling connectivity between citizens and their physician or other health professionals, as well as among healthcare professionals. «NOSPI powered by Vida24©» allows the users/healthcare professionals to maintain an Electronic Medical Record for their patients and connect with them or with other professionals in order to deliver integrated services, including remotely.
Any personal data you subsequently enter into the application concerning yourself or your patients (name, weight, age, test results, sessions, connections with the IDIKA system, access to the location of medical devices, location history, etc.) are processed solely for the purpose of providing medical services exclusively by you, in your capacity as doctor, and therefore you are the sole “data controller” for such data.

Data Controller – Data Processed

In view of the above, ODIPY is the “data controller” only for the following data:

• a) Identification and contact details, such as your full name, address, and telephone number.
• b) The user account created to provide you with access to the «NOSPI powered by Vida24©» platform. For this purpose, you register your email address and create your own password, which only you know, via a dedicated authentication and access-control process. Naturally, you can change your password at any time directly through the platform.
• c) Date, time, subject, and recipient of email, specifically when you choose the email notification functionality within «NOSPI powered by Vida24©».
• d) Technical information collected by all applications globally and always recorded in “data logs,” specifically:
  • IP address
  • Date and time of the request
  • Time zone difference relative to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred
  • Website from which the request originated
  • Browser
  • Operating system
  • Language and version of browser software

  Please note that while using «NOSPI powered by Vida24©», the system records anonymous usage statistics exclusively to improve user experience through the development of new features and functionalities. These data are anonymous and therefore not considered “personal data,” since they cannot identify you in any way.

• e) Cookies
  Since you access «NOSPI powered by Vida24©» through the website app.nospi-odipy.eu, cookies (small text files stored on your device) are also used. Detailed information can be found in the Cookies Policy.

Purposes and Legal Basis of Processing

Processing of the data under (a), (b), and (c) is based on our agreement that ODIPY provides you with access to the «NOSPI powered by Vida24©» platform, and you use it according to the Terms of Use, pursuant to Article 6(1)(b) GDPR (“processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the data subject’s request prior to entering into a contract”).
The purpose of processing the technical data under (d) is the proper functioning of the platform, in particular addressing potential technical issues and protecting against malicious or unlawful use (e.g., via IP address records). The legal basis for this is our legitimate interest in ensuring the security and integrity of our systems (Article 6(1)(f) GDPR).

Data Retention

Your data is stored on our servers as follows:

• a) Identification and contact details, as well as your user account, are stored for as long as you use «NOSPI powered by Vida24©».
• b) Technical data (IP address, device type, etc.) are stored in data logs for three months from the last account activity.

After these periods, the above data will be fully anonymised—i.e., converted into anonymous statistical data—and will no longer constitute personal data.
Exceptionally, your data may be retained in identifiable form for longer if required by the Ministry of Health or its supervised entities in the exercise of their statutory powers, or in the event of claims, until final resolution or expiration.

Recipients

ODIPY discloses your personal data only to:

• Competent services of the Ministry of Health and its supervised entities, in the exercise of their statutory powers.
• The German company Hetzner Online GmbH, acting as a “processor” on behalf of manufacturer Vidavo, exclusively for cloud hosting within the European Union (Germany and Finland).

How We Safeguard Your Data

Only you and any person you may authorize (e.g., your patient or their relatives) can view the data you enter. Authentication is performed using your username and password, which grant secure access to authorized information. You may change your password as often as you wish, upon successful login. The only person who has access to your data is you, via the above credentials, and you are solely responsible for keeping them confidential from third parties. If you do not remember your password, you can initiate the ‘Forgot Password’ process either through the app or through the cloud (web portal), which is the same as the account activation process.

ODIPY does not use your entered data in any way but merely stores and protects them so that they remain available whenever you access «NOSPI powered by Vida24©». Storage is performed within the EU, with encryption to prevent direct association with you.

The Platform provides the necessary functionalities for the remote monitoring and support of patients, ensuring the security, protection, integrity, and confidentiality of data, as well as all other aspects related to its smooth operation, and is fully compliant with European security protocols and standards.

It is noted that the doctor is solely responsible for initiating and terminating teleconferences, as well as for appropriate communication and provision of medical services to the patient, in accordance with medical science principles, to ensure adequate assessment of the patient, and in compliance with the diagnostic and therapeutic protocols and guidelines of the Ministry of Health.

For further information on the security measures implemented by ODIPY, or for any questions or clarifications, please contact us at dpo@vidavo.eu.

Your Rights and How to Exercise Them

The General Data Protection Regulation (GDPR) and Greek legislation grant you the following rights:

1. To be informed whether your email is being used in «NOSPI powered by Vida24©» (“right of information and access”).
2. To request the correction and/or completion of inaccurate or incomplete data (“right to rectification”).
3. To request the deletion of your data (“right to be forgotten”).
4. To request the restriction of processing:
   (a) for as long as the above request for rectification or deletion of your data is pending, and
   (b) in cases where we are obliged to delete your data but you prefer that we retain it solely on your behalf, e.g. for you to exercise a legal right such as defending yourself or raising legal claims (“right to restriction of processing”).
5. To receive your data in a readable electronic format and/or to have it transmitted directly to third parties designated by you (“right to data portability”).
6. To object to specific processing activities ("right to object").

If you believe your data are infringed, you may lodge a complaint with the Hellenic Data Protection Authority (1-3 Kifisias Ave., 11523 Athens, tel. +30 210 6475600, contact@dpa.gr).

Revisions

ODIPY makes every effort to continually evolve «NOSPI powered by Vida24©» so that it remains at the cutting edge of technology and in full compliance with data protection legislation, as well as the specific legal framework governing telemedicine applications.

If technological or legal changes affect personal data processing, this notice will be revised accordingly. Please review it regularly.