Application Privacy Policy – myHCN- version 1.7
1. Purpose of the Application
The myHCN application allows existing subscribers of the company to view information related to their account, including:
• service details
• packages and subscriptions
• invoices and billing information
• support-related information
• service-related updates
• documents or contracts related to their subscription
The application functions exclusively primarily as a viewing tool for data that already exists in the company’s internal systems and, where such functionality is provided, as a means of electronic notification, acceptance, or signing of documents related to the subscriber.
The application:
• does not allow account creation
• does not allow users to freely or arbitrarily enter or modify personal data
• does not collect new personal data from users for advertising or vcommercial purposes.
2. Data Collection
The application does not collect new personal data for advertising or vcommercial purposes..
The following are not used:
• usage analytics tools
• user tracking mechanisms
• advertising identifiers
• user profiling for commercial purposes
All information displayed in the application originates exclusively from the company’s internal systems for the purpose of providing services to existing subscribers.
For the operation of certain application services, limited technical or functional data may be stored, such as:
• Firebase Cloud Messaging token for sending notifications
• device platform, such as iOS or Android • application version
• device identifier, where required for the proper management of notifications
• notification permission status
• date and time of creation, update, or last use of the notification token
• notification sending and delivery information
• information required for the electronic acceptance or signing of contracts
3. Maps and Navigation
The application includes a map feature to display company stores or service locations.
Important:
• The application does not request or use the user’s location.
• The application does not access GPS or device location data.
• The application does not store the user’s geographic location data.
When the user selects the “Directions” option, the application opens the device’s preinstalled navigation application, such as:
• Google Maps
• Apple Maps
Navigation is handled entirely by those applications and is subject to their own privacy policies.
The application does not receive, store, or process any location data.
4. Notifications and Updates
The application does not use push notification services for advertising or user tracking.
User updates:
• are displayed within the application
• are provided by the company server when the user logs in
• may be sent through push notifications, provided that the user has allowed notifications on their device
The application may use push notifications to send functional updates to the user.
Notifications may include, indicatively:
• new service updates
• technical or operational updates
• updates related to requests, tasks, or faults
• updates related to contracts or documents
• important messages concerning the subscriber’s account or customer support Firebase Cloud Messaging, provided by Google, is used for sending push notifications.
For this purpose, the application and the company server may store:
• Firebase Cloud Messaging token
• device type or platform, such as iOS or Android
• application version
• device identifier, where required for the proper management of notifications
• information on whether the user has allowed notifications
• date and time of the last token update
• notification sending and delivery information, such as delivery status, Firebase message identifier, number of attempts, and any technical sending error
The above data is used exclusively for sending functional notifications related to the application.
The application does not use:
• advertising notifications
• behavioral tracking
• notifications for commercial or advertising targeting
The user may disable notifications at any time through the device settings.
5. Use of Firebase
The application uses Firebase services only for displaying dynamic content inside the application and for functional technical services.
Specifically:
• Firebase Analytics is not used
• No advertising identifiers are collected
• No user tracking is performed
• Firebase Cloud Messaging may be used for sending functional push notifications
• Firebase Crashlytics may be used for recording technical errors and improving application stability
• Firebase services may be used for displaying dynamic content, such as text or images
Firebase is used solely as a tool for delivering dynamic text and image content within the application and for sending functional application notifications without collecting user data for advertising or commercial purposes. Any technical data that may be collected through Firebase Crashlytics is used exclusively for identifying and resolving technical issues in the application.
6. Electronic Acceptance and Signing of Contracts
The application may provide the ability to view, accept, or electronically sign contractual documents related to the subscriber.
For this functionality, the company may process and store data necessary to document the procedure, such as:
• customer code
• contract identifier
• contract number or contract details
• contract status • date and time of creation, sending, acceptance, or signing
• verification information through OTP code, where applicable
• technical information such as IP address, user agent, platform, or device type
• electronic PDF files of the contract before and after signing
• technical security fingerprints, such as file hashes, for integrity and proof purposes
• audit and activity history related to the acceptance or signing process
This data is used exclusively for:
• completing the acceptance or signing process
• proving the transaction
• protecting against unauthorized use
• ensuring the security of the process
• complying with the company’s legal, contractual, and accounting obligations
This data is not used for advertising or commercial purposes.
7. Login Security
Access to the application requires secure authentication.
Security measures include:
• encrypted communication via HTTPS / TLS
• authentication tokens with limited lifetime
• temporary account lock after repeated failed login attempts
•secure storage of tokens on the device
•protection against unauthorized access
User passwords are never stored within the application.
8. Data Security
To protect user data, the following technologies are used:
Android
• Jetpack Security EncryptedSharedPreferences
• AES-256 encryption
• key management via Android Keystore
iOS
• token storage in the iOS Keychain
• access policy: WhenUnlockedThisDeviceOnly
Additionally:
• HTTPS communication (TLS 1.2 or higher)
• clear-text traffic disabled
• secure network configurations
• authentication tokens with limited lifetime
• server-side access controls
• technical activity logging where required for security and audit purposes
9. Data Sharing
The application does not sell, share, or transfer user data to third parties for commercial purposes.
All data processing takes place exclusively within the company’s internal systems for the purpose of providing services to subscribers.
Certain technical data may be processed by technical service providers used for the operation of the application, such as Google Firebase services for notifications, technical stability, or content delivery. The use of such providers is strictly limited to functional purposes and to the provision of services to subscribers.
Data is not used for advertising targeting or commercial exploitation.
10. Data Retention
The application does not store personal data beyond what is strictly necessary for maintaining the user session.
Upon logout:
• authentication tokens are removed where required
• session data is cleared
• temporary data is deleted
Push notification tokens may be retained on the company server for as long as necessary to enable the sending of functional notifications, even when the user does not have an active session in the application.
Push notification tokens cease to be used when:
• the user disables notifications from the device settings
• the token is no longer valid
• the device or application installation is no longer active
• the company no longer needs the token for functional notifications
Data related to notification sending and delivery is retained for as long as required for technical monitoring, proof of delivery, and security purposes.
Data related to contracts, acceptances, signatures, and transaction documentation is retained for as long as required by law, contractual obligations, and the need to prove the transaction.
11. User Rights
In accordance with the GDPR, users have the right to:
• access their personal data
• request corrections
• request restriction of processing
• request deletion where applicable
• object to processing, where applicable
• request data portability, where applicable
Requests can be submitted through the company’s official customer support channels.
The fulfillment of certain requests may be subject to limitations where data retention is required by law, contract, accounting obligations, or for proving a transaction.
12. Legal Compliance
The application complies with:
• GDPR (EU Regulation 2016/679)
• Greek and European data protection legislation
• Apple App Store and Google Play Store requirements
• applicable security and data protection requirements for mobile applications
13. Contact
For matters concerning personal data protection, user rights, or the use of the application, users may contact the company through its official customer support channels.