Telematic Medical Applications LTD (“TMA”) has developed the “ePokratis MedAiConnect” application (the “Application”). Through the Application, users can choose to receive and automatically record vital signs using compatible Bluetooth medical devices, perform AI-based measurements via the mobile camera, manually log data from non-compatible medical devices, upload digital files or test results, communicate with doctors affiliated with TMA, and receive medical advice, as detailed in the General Terms of Use.
If you have questions regarding the storage or protection of your personal data, wish to exercise your rights, or file a complaint, you may contact TMA’s Data Protection Officer (DPO) by sending a letter to 151 Al. Papanastasiou Avenue, P.C. 18533, or via email at info@tma.gr. Detailed information on TMA’s data protection practices can be found at https://tma.gr/epokratis-privacy-policy-android-en/.
TMA has appointed a DPO to ensure compliance with data protection regulations. You can reach the DPO at dpo@tma.gr.
By submitting your personal data through the Application, you acknowledge that you have read, understood, and explicitly accepted this Privacy Policy. You provide your informed consent for the collection and storage of your personal and medical data as detailed in this Privacy Policy and the Application’s Terms of Use. Consent is gathered through an opt-in checkbox or similar user action during the sign-up process where the users are explicitly prompted to actively agree to this policy before proceeding to use the Application, ensuring transparency and user control.
You may withdraw your consent at any time through the settings menu by deleting your account or uninstalling the Application.
Users are responsible for ensuring the accuracy and currency of the information they provide through the Application. Users must maintain updated data that reflects their true situation. TMA holds users accountable for any false or inaccurate information provided and any resulting damages to TMA or third parties.
The legal basis for storing your personal data is your registration in the Application for the use of its services. By registering, you provide your explicit, clear, and fully informed consent for the storage of your data. The storage of your personal data is based on the legal basis of contract execution, as users must accept the Application's Terms of Use before accessing the Application. Alternatively, if you do not consent to these terms, you may choose not to install the Application.
For special categories of data, such as health information, the legal basis is your explicit consent, which is required for their storage and processing.
The provision and granting of access to special category personal data during doctor support via video call is based on the necessity of processing such data to provide teleconsultation services effectively.
TMA protects the data you provide with your consent through the Application, whether in text, video, image, or audio format, for the purpose of facilitating assessment of your health condition by healthcare professionals contracted with TMA. Data is only collected when explicitly provided by the user or during interactions involving service use; no data is collected during general visits or navigation within the Application.
This may include gender, date of birth, allergies, family medical history, surgical history, and current medications. Providing this information is optional but helps the healthcare professionals contracted with TMA to better assess symptoms and provide more accurate evaluations, ultimately enhancing service quality.
When using the video call service, you consent to sharing text, audio, video, or photos with the selected health specialist.
This includes user-reported symptoms and vital sign measurements obtained via compatible Bluetooth medical devices (e.g., blood pressure monitor, oximeter, thermometer, scale, electrocardiograph, multi-parameter device) or entered manually when using non-compatible devices. Additionally, heart rate, respiration, oximetry, blood pressure, and stress levels can be assessed through the mobile phone’s camera using AI technology. All AI-based measurements within the Application are intended solely for informational purposes and are not designed for medical diagnosis or treatment. They should not be used as a substitute for professional healthcare advice, diagnosis, or treatment. Any health-related data generated through AI-based measurements, including heart rate, respiration, oximetry, blood pressure, and stress levels, is exclusively for user information and is not stored within the Application. Images or video files used for these AI measurements are processed locally on the device and are not saved on any servers, including those of Hetzner Online GmbH, our trusted third-party hosting provider. This ensures full privacy and confidentiality throughout the process.
Users may also upload medical test results or other relevant files in digital form. All recorded measurements, excluding AI-based assessments, are presented in graph format within the Application for user access.
This encompasses appointment details (date, time, specialty, and doctor's name) scheduled by the user, along with details related to teleconsultation services offered through the Application.
TMA collects and stores real-time location data from the user's mobile device only with the user's explicit consent, which is requested when the user activates the Emergency Assistance feature in the Application. At that time, a clear usage description is provided to explain how the location data will be utilized (e.g., “Your location helps coordinate emergency assistance to your current position”).
By default, location sharing is disabled and requires user activation through a specific mobile device setting. This data is collected exclusively for the purpose of delivering immediate emergency assistance. Location data is stored only when the user selects the Send Location button within the Application, maintaining full transparency and ensuring user control over when and how their location is shared.
Information related to the diagnosis, including prescribed treatments and dosage, is provided exclusively by healthcare professionals contracted with TMA. The mobile application serves solely as a system for recording this information and does not itself perform diagnoses, prescribe treatments, or provide medical advice.
Users can purchase compatible medical devices and doctor sessions through TMA’s online store, as well as acquire redemption units for AI measurement sessions, as previously described. Additionally, subscription purchases are available via in-app purchases.
This includes the IP address used by the user (along with the date and time of connection) to access the Internet through their mobile device.
TMA may collect information or personal data from third parties only if the user has authorized these third parties to share such information. For example, if the user registers on the Application using their Facebook or Google account, these platforms may share relevant personal data included in the user’s profile with TMA, contingent on user consent.
Your data is used exclusively for the following purposes:
TMA will only use personal data for the purposes described above. Under no circumstances will personal data be used for any other purpose unless the user has been informed in advance and has consented or failed to object within a reasonable time.
Your personal data is stored securely on servers managed by Hetzner Online GmbH, TMA’s trusted third-party hosting provider and will be retained for as long as you remain registered and have not requested deletion. If you withdraw consent, all personal data will be deleted from these servers unless legal obligations require longer retention.
TMA will not share your data except in the following circumstances:
TMA may transfer users' personal data, including sensitive information, to healthcare professionals contracted with TMA, solely to provide services related to the Application’s functionalities, such as telemedicine consultations. This data originates from the ePokratis MedAiConnect mobile application and is securely transferred through a TMA-owned teleconsultation platform that complies with GDPR and other applicable privacy laws. Healthcare professionals can use this platform to securely access and view the data, prescribe treatments, and make the prescribed treatments available within the ePokratis MedAiConnect mobile application.
All contracted healthcare professionals engaged by TMA are based in Greece, and all user data will be transferred exclusively within Greece, where the Application will be launched and operated. TMA does not transfer user data to any other countries outside Greece.
No user data will be transferred outside of Greece unless explicitly authorized by the user, in compliance with applicable laws: if any future international data transfer is necessary, TMA will ensure full compliance with relevant data protection regulations and will notify users accordingly to obtain their explicit consent.
For example, if you choose to use the video call service for medical consultation, we may share your personal data with the healthcare professional who is providing the consultation. This transfer is essential for ensuring that the service is provided in a complete and accurate manner.
We ensure that healthcare providers who receive your data are bound to TMA through relevant contracts or legally binding acts to use your personal information exclusively for the provision of the requested services and in compliance with applicable data protection laws. These healthcare professionals are required to follow the same level of privacy and security practices as outlined in this Privacy Policy.
By using the Application, you provide explicit, informed, and clear consent for the storage, processing, and sharing of your personal data with healthcare practitioners contracted with TMA. When you choose to initiate a consultation with a healthcare practitioner, you automatically consent to sharing the relevant data required for that consultation. This consent is obtained during registration and is necessary to access the Application's services.
You have the right to withdraw your consent at any time by uninstalling the Application or deleting your account.
Please note that any information you provide directly to third-party providers outside the control of TMA is not covered by this Privacy Policy, and we recommend reviewing their privacy policies for additional details on how your data is handled.
At ePokratis MedAiConnect, we are committed to protecting the security and confidentiality of your personal data. We employ advanced encryption protocols to ensure your data remains secure in compliance with industry standards. Below are the key security measures implemented in our solution:
We apply AES-256 encryption, a trusted and widely recognized standard, to secure all stored data. This encryption ensures that user data remains protected and inaccessible, even in the event of a physical storage breach. While our third-party hosting provider, Hetzner Online GmbH, does not enforce default encryption for data at rest, our proactive application of AES-256 encryption safeguards all sensitive information stored on their servers.
All data transmitted between the Application and external servers is encrypted using HTTPS/TLS protocols. These protocols establish secure communication channels, protecting your data from interception and ensuring its integrity and confidentiality during transfer.
For added security, we implement client-side encryption for highly sensitive data. This means your data is encrypted directly on your device before being transmitted to external servers, ensuring that only authorized users with the decryption key can access it.
We use a trusted Key Management Service (KMS) to securely manage and control encryption keys. Our key management practices include:
Our hosting and storage solutions adhere to rigorous international standards for data protection, including:
Our solution incorporates a comprehensive set of encryption protocols, including:
We enforce role-based access control (RBAC) through our security rules to ensure that only authorized users can access specific data. This approach helps maintain the integrity and confidentiality of your personal information.
While we implement robust encryption and security measures, we encourage users to also take the following precautions to protect their data:
TMA is committed to implementing appropriate organizational and technical measures to protect the security of users' personal data, in accordance with applicable data protection laws. These measures are designed to prevent unauthorized access, alteration, loss, or misuse of personal data, considering the state of technology, the nature of the data, and potential risks.
To further ensure the security of your account, users are responsible for safeguarding their login credentials, including passwords, and should take steps to prevent unauthorized access. TMA is not responsible for any misuse of accounts due to compromised passwords.
Users have the right to access, correct, or delete their personal data at any time through the settings within the Application. Please note that withdrawing consent and/or deleting personal data will prevent TMA from being able to continue providing the services of the Application.
Users may also withdraw their consent for specific purposes at any time, without affecting the lawfulness of data processing prior to the withdrawal.
Users retain the right to contact the Hellenic Data Protection Authority (HDPA) regarding any concerns or complaints about their data privacy. Complaints can be submitted by phone at +30-210 6475600, in writing to Kifisias 1-3 Ave., P.C. 115 23, Athens, or via email to contact@dpa.gr.
TMA may update this Privacy Policy to comply with legal, regulatory, or other applicable requirements. Any changes will be reflected in the updated Privacy Policy, which will always be made available within the Application. Users will be notified of any significant updates, and continued use of the Application after such updates constitutes acceptance of the revised Privacy Policy.
