WINGS ICT Solutions takes into consideration the protection of the privacy of everyone using its mobile advisory application MigraineNet, recognizing the fundamental importance of protecting personal data, especially the sensitive one. For this reason, WINGS ICT Solutions follows this Personal Data Privacy Policy with responsibility, which ensures the high level of services offered to you and strictly adheres and complies to the current legal framework, having fully complied with its obligations as Data Controller deriving from the General Data Protection Regulation (EU) 2016/679 (GDPR).

This Personal Data Protection Policy in accordance with Article 13 of the General Data Protection Regulation of the EU 2016/679 (GCPR or GDPR), as well as the relevant Greek legislation in force, informs you of the personal data relating to you, which is collected and processed by WINGS ICT Solutions, the legal basis for their processing, the purposes of their processing, the way they are used and protected, the possibilities and the rights you have under the above legal frame.

This Personal Data Protection Policy, which provides any person using MigraineNet may be amended at regular intervals to ensure that it is always up–to– date and consistent with existing legal provisions. Please visit our website regularly to make sure you are aware of any changes.

What is personal data? – Basic Definitions

1. The term “personal data”, in accordance with Article 4§1 of the General Data Protection Policy (GDPR), refers to any information relating to an identified or identifiable individual (data subject), hereinafter referred to as “Personal Data or Data”. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. The term “processing” of personal data in accordance with Article 4§2 of the General Data Protection Regulation of the EU 2016/679 (GDPR) refers to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. The term “Controller” of personal data, in accordance with Article 4§7 of the General Data Protection Regulation of the EU 2016/679 (GDPR), refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
4. The term “data processor” of personal data pursuant to Article 4§8 of the General Data Protection Regulation of the EU 2016/679 (GCPR or GDPR) refers to the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
5. The term “consent” of the person subject to personal data pursuant to Article 4§11 of the General Data Protection Regulation of the EU 2016/679 (CPC or GDPR) refers to any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
6. The term “data concerning health” in accordance with Article 4§15 of the General Data Protection Regulation of the EU 2016/679 (CPC or GDPR) refers to personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.

1. What personal data relating to you does the MigraineNet application collect?

MigraineNet collects and processes only those personal data related to you which are strictly necessary to serve the purpose for which they were given and are used only for that purpose and only after WINGS ICT Solutions has received your explicit prior consent. Particularly:

1.1 Common personal data relating to you:

MigraineNet collects only those personal data relating to you which may include, but are not limited to:

Table 1 – Inputs from Profile Information

Table 2 – Inputs from “Daily Form” Information

1.2. Health and sensitive data:

Table 3 – Inputs from Profile Information

Table 4 – Inputs from Incident Information

Table 5 – Inputs from “Daily Form” Information

2. What is the purpose of processing your personal data?

WINGS ICT Solutions will process your personal data for the purposes listed below:

• To provide our services, understand your needs and communicate with you, we collect data that allow us to contact you and to analyze how you interact with our app.
• User profiling for exploiting common experiences among the users; Analysis of the user’s migraine past incidents and therefore identification of his/her migraine pattern; and
• Provision of personalized insights with respect to future migraine incidents.

Your personal data is collected:

• From you, when filling electronic forms and making use of MigraineNet.
• Automatically through your browser or mobile device that you use to access his website. Except for any Personal Data relating to you that is collected by Cookies, your Personal Data collection is limited to what you have expressly provided for a specific purpose and provided you have given your explicit prior consent.

The processing of both your common personal data and your sensitive data is done in the performance of using MigraineNet and is based on positive action, free, specific, explicit and fully informed consent, which you can freely revoke at any time.

3. Time of retention of your personal data

We follow generally accepted industry standards and internal procedures to protect the data submitted to us during transmission, storing, and processing. We store your data for as long as is needed to provide our Services. We may store it for longer, but only in a way that it cannot be tracked back to you. This means that we will keep your personal information for as long as required by law, until we no longer have a valid reason for keeping it or until you request us to stop using it. We delete all personally identifiable data we have about you within 30 days of receiving your data deletion request. If you only use our app infrequently, we will retain your information and keep your account open, until you decide to close your account. Please make sure you request a copy of your data before you ask to delete your data, as your data will not be retrievable afterwards.

When you provide your personal data to us, we take the appropriate technical and organizational measures to ensure that they are kept in safety. We update and control the security technology used on a sustained basis. We restrict access to the absolutely necessary personal data relating you and make them accessible only to those who need to know your data. Among other methods, WINGS ICT Solutions has implemented the following appropriate technical and organizational measures and procedures to protect your personal data from any loss, alteration, damage or unlawful processing:

• Use of servers located in places with classified and restricted access and subject to regular check and monitoring.
• Use of information systems and programs for computers compliant with the GDPR standards, installed in a way that minimizes the use of personal data.
• Assessment of individual procedures for the retention of personal data and safe deletion / destruction;
• Business continuity measures.
• Storing and maintaining your personal data (both common and sensitive) in electronic or printed form, in a special storage area, protected and secure, without unauthorized access.
• Coding, Encryption of data.
• Continuous adaptation and updating of the operation of its processes and systems. It is your responsibility to safeguard the devices you use to access our online services (such as laptops, tablets and mobile devices), and to use appropriate security settings on those devices. If those devices are lost, stolen or misplaced, others may be able to access your account and your personal information using those devices. If you log into MigraineNet using a public computer or device, or the computer or device of another person, you should affirmatively log out of your account (i) prior to ending your session, or (ii) if you will be inactive on the MigraineNet for more than a few minutes otherwise, the next user of that computer or device may be able to access your account and the Information in your account if your session has not ended. You agree that we are not responsible for any harm that may result from someone accessing your account or personal information on a lost, stolen or misplaced device or on a public computer or kiosk where you do not for any reason take the necessary steps to log out of your account prior to ending a session on such public computer or kiosk.

4. Who are the recipients of your personal data?

The processing of your personal data is done by automated mechanisms developed by WINGS and WINGS employees bound with NDAs to the company.

4.1. WINGS ICT Solutions guarantees that will not transmit, notify, concede, etc. your personal data unless it is required by applicable law and is required to be made to public / judicial / supervisory bodies and authorities. WINGS ICT Solutions will also not transmit your personal data to third parties without your consent, unless such transfer is required for the provision of our services.

4.2. We will implement reasonable and appropriate security procedures consistent with prevailing industry standards to protect data from unauthorized access by physical and electronic intrusion. Unfortunately, no data transmission over the Internet or method of data storage can be guaranteed 100% secure. Therefore, while we strive to protect your Personal Information by following generally accepted industry standards, we cannot ensure or warrant the absolute security of any information you transmit to us or archive at this site.

4.3. All data is stored in Greece and European Union.

5. Your rights

You have the following rights under the legal framework of the GDPR:

• Right to be informed – Right to know if we are processing your personal data (who we are, why we are processing your personal data, what type of personal data we are processing, details about the lawful basis for processing your personal data etc.).
• Right to access – Right to receive information on whether data is being processed and accessed. Right to information on this processing (who, for what purpose, recipients, retention period, etc.)
• Right to rectification – Right to correct inaccurate personal data and fill in incomplete information.
• Right to erasure (‘right to be forgotten’) – Right to request the deletion of any data relating to the subject under certain conditions and to the extent that it does not conflict with any other legal provision (data that are no longer necessary, withdrawal of consent, data submitted to illegal processing).
• Right to Restrict Processing – when data accuracy is questioned, processing is illegal, data is no longer needed by the controller, the data subject opposes the automated processing.
• Right to data portability – Right to request the transfer of personal data to another person responsible for processing in a structured, widely used and mechanically readable form, as long as this does not conflict with another prohibition of law (e.g., medical confidentiality).
• Right to object – Right to object to the processing of your data.
• The right to address to the relevant data protection authority for any matter concerning its competence in relation to the above described processing of personal data relating you.
• Right to withdraw consent – If you have given your consent to anything we do with your information, you have the right to withdraw your consent at any time. Although if you do se, it does not mean that anything we have done with your information with your consent up to that point is unlawful.

You can exercise your above rights upon submitting a written request to the DPO for MigraineNet, who must respond to you without charge and within 30 days from the date of filing the application.

6. Consequences of non-provision of your data

In order to use MigraineNet your personal data is necessary; therefore, in the event of your refusal, for your provision of your necessary personal data, you will not be able to use the above application.

7. How do you contact us?

You can contact us for any questions regarding the processing of your personal data by sending an email to info@wings-ict-solutions.eu or by sending a form to the following address: Syggrou av. 189, Nea Smyrni, 17121, GREECE.

8. How to contact the appropriate Authority?

Should you wish to report a complaint or if you feel that WINGS ICT Solutions has not addressed your concern in a satisfactory manner, you may contact Data Protection Authority, Kifisias 1-3, 11523, Athens, Greece, contact@dpa.gr, call center +302106475600.

9. Publication Information – Changes and Updates

1. This Privacy Policy was last updated on 31/05/2020.

WINGS ICT Solutions reserves the right to modify and update this Privacy Policy at any time, for any reason, without notice to you, other than posting the updated Privacy Policy on its website. It may periodically send an email to remind you of the changes and updates of this Privacy Policy, but you should check this website frequently to update your current Privacy Statement.