Information on Personal Data Protection in accordance with Regulation (EU) 2016/679

Since 25.5.2018 the General Data Protection Regulation (EU) 2016/679, also known as GDPR, is being implemented, which strengthens the framework for the protection of the data of research participants with regard to the processing of personal data in the European Union. INAB|CERTH with respect to personal data, complies with the GDPR in the context of its activity and scope and takes the respective technical and organizational measures for the effective protection of personal data, in accordance with the GDPR.

Processor – Contact Details

INAB CERTH is the MyPal project coordinator and is considered as processor with the following contact details:

Address:       6th km, Char-Thermis, Thessaloniki 570 01, Greece
E – mail:        dpo_inab@certh.gr

Purpose and Lawfulness of processing

The aim of our research program is to support adult and child cancer patients and their carers by offering them a digital health platform (mobile app and web app for adults, gamified app and carer app for children) that allows them to periodically & spontaneously report their physical and psycho-emotional symptoms.

Personal information collected through the MyPal platform is processed in accordance with the GDPR and the applicable legislation in order to:

  • provide you with novel palliative care services and therefore improve your Quality of Life (QoL)
  • formally assess the aforementioned palliative care services

Who are the recipients of my personal data?

The staff of the local clinical sites (USR, PAGNI, PAPANIKOLAOU, KI, FN BRNO, MHH and USAAR,) have access to your personal data, in the course of conducting the research program assigned to them by INAB|CERTH as a controller.

Staff of INAB|CERTH and collaborating experts have access to anonymized aggregated data from each clinical site for the assessment of the research program’s impact.

INAB|CERTH and all clinical sites do not share information with other third parties.

How long is my data retained?

INAB|CERTH and all clinical sites retain your personal data for a period defined by the applicable legal and regulatory framework. Specifically:

Personal Data collected in the backend server of each clinical site

The data will be stored locally at each clinical site until the end of the study. This includes demographic data (name, age, gender), clinical data (diagnosis, disease history etc.), medications, questionnaire answers, spontaneous symptom reports, calculated severity of symptoms, and all ePRO related data. Pseudonymization and encryption of sensitive data is applied to ensure data protection.

You can request the  permanent deletion of all your data by contacting your assigned clinical site.

Personal Data collected from the mobile applications

Data are encrypted and saved locally on the mobile device and pseudonymization is applied regarding storage and transmission to/from the smartphone apps.

All local data are deleted once the app is uninstalled from the device.

Cookies

In order to ensure that our platform is working properly, we may sometimes put a small piece of data known as a cookie on your computer or mobile device. A cookie is a text file that is stored by a web server on a computer or a mobile device. The content of a cookie can only be retrieved or read by the cookie server. Text in a cookie often consists of identifiers, site names and some numbers and characters. Cookies are unique to browsers or mobile apps you use, and allow sites to store data, such as your preferences.

You can view our Cookies policy here

How is my data protected?

At INAB|CERTH we work daily to ensure that the personal data we receive:

  • Are processed and treated lawfully and fairly in a transparent manner with respect to the data subject
  • Are collected solely for specific and legitimate purposes
  • Are adequate, related to the purpose for which we collect them and limited to what is necessary
  • Are maintained exclusively within the specified timeframe and no longer
  • Are processed in a way as to ensure the necessary security of personal data

Questions about Data Protection

If you have questions about this form, you can email us at dpo_inab@certh.gr and we will respond to them as soon as possible and not later than one month.

Personal Data Protection Authority

You have the right to file a complaint to the Personal Data Protection Authority (www.dpa.gr) which is the competent supervisory authority for the protection of the fundamental rights and freedoms of natural persons with regard to the processing of their personal data if you believe that your rights are being infringed in any way.

We encourage you to read our Personal Data Protection Policy

Imprint

Foundation for Research and Technology – Hellas
Central Administration
100 Nikolaou Plastira str.,
Vassilika Vouton, Heraklion, Crete GR – 70013, Greece
Postal address: P.O. Box 1385,
Heraklion, Crete GR – 71110, Greece

Tel.: +30 2810 391500-2
Fax: +30 2810 391555
E-mail: central@admin.forth.gr

VAT: 090101655