Search
Search
START TYPING AND PRESS ENTER TO SEARCH

Privacy Policy

What is the purpose of this document?

Platonas Medical Center (PMC), based in Nicosia, undertakes to protect the confidentiality and security of your Personal Data. The Patient Privacy Policy describes how your Personal Information is collected, processed and used during and after the relationship established between the Hospital and the patient in accordance with the General Data Protection Regulation (EU) 2016/679 and the legislation, the 2018 Law on the Protection of Natural Persons Against the Processing of Personal Data and the Free Circulation of such Data (Law 125(I)/2018) and any other applicable laws and regulations for the protection of the Personal Data of Patients.

The Hospital is the “Controller”, and this means that it has the responsibility to decide how and why your Personal Data is processed. The law, regarding the protection of Personal Data, requires us to share with you all the information contained in this Privacy Policy.

The type of Information the Hospital holds about you. 

Personal Data (or Personal Information) is any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one whose identity can be ascertained, directly or indirectly, by reference to an identifier identity, such as name, ID number, location data, etc. In addition, there are “special categories” or sensitive Personal Data that require a higher level of protection, such as political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health-related data or data related to a natural person’s gender or sexual orientation. It does not include information from which the identity of a natural person has been removed, i.e., it has been made anonymous.
The appropriate personal data protection policy document has been implemented as well as safeguards which the Hospital is obliged to observe during the processing of such Data.The following categories of Personal Information concerning you will be collected, stored, and used:
• Demographic Data e.g. First Name, Last Name, Gender, Date of Birth, Age
• Contact Data, e.g., Phone Number, Email, Address
• Photographic / Visualized Data such as CCTV
• Data with Social Identifiers e.g., ID passport
• Data relating minors.
• Next of kin details and emergency contact information.
• Information related to your health insurance, e.g., Insurance Policies, Insurance Covers
• In addition, the following “special categories” of more sensitive Personal Information will be collected, stored, and used:
• Information regarding your health, including medical conditions, health and disease records, information derived from the analysis or examination of a body part or bodily substance, including genetic Data and biological samples. Also, any information regarding, for example, illness, disability, risk of illness, medical history, clinical care, or the physiological or biomedical condition of the subject of Personal Data regardless of its source, for example, from a physician or other health care professional; hospital, medical device or from an in vitro diagnostic test.
• Medical diagnoses, test results, evaluations by treating physicians and any treatment or intervention provided.
• Genetic Information and Biometric Data.
• Physiological characteristics of your body, for example, weight and height

 

How your Personal Data is collected. 

We collect and process various types of personal data, which we receive from:

• you in person by completing forms, applications, and accompanying documents.
• your representatives who are duly authorized by you to provide us with your personal data by completing application forms and accompanying documents.
• third parties who have informed you of the fact that your personal data may be transferred to third parties, including the Hospital, based on a contractual or other relationship we have with them. Such third parties may be governmental or non-governmental entities, such as for example Diagnostic Centers, Doctors, Chemists, Tax Departments, Insurance Companies, Personal Doctors, Ministries, etc.

How the Hospital will use the Children’s Personal Data. 

We understand the importance of protecting personal data concerning children. We may collect personal data in relation to children only if we have first obtained the consent of their parents or legal guardian, unless otherwise permitted by applicable data protection legislation. We may collect and process personal data about children from their parents or legal guardians within the framework of a contractual relationship and/or legal obligation of our hospital. For the purposes of this Privacy Policy, “children” are persons under the age of eighteen (18).

How the Hospital will use your Information.

Your Personal Information will only be used where permitted by law. They will mostly be used in the following circumstances:

• Where necessary to fulfil the contract entered with you.
• In specific cases, with your express consent.
• For purposes of preventive medicine, medical diagnosis, provision of medical care or treatment, or pursuant to a contract with a medical professional.
• Where compliance with a legal obligation is required.
• Where your vital interests need to be protected
• Where necessary for the public interest, scientific research, or statistical purposes.

Circumstances in which your Personal Data will be used.

All the categories of information in the list above (see paragraph 2 above) are necessary primarily to perform the contract with you, which includes use for the purpose of providing medical care services and to comply with legal liabilities.
In some cases, your Personal Information may be used to pursue your legitimate interests or the interests of third parties, provided that your interests and fundamental rights do not override those interests.

The cases in which your Personal Information will be processed are listed below.

• Your Personal Data will be collected, processed, stored, and maintained for the purpose of providing medical care services, treatments, preventive medicine services, making a medical diagnosis or in accordance with a contract with medical professionals within the Hospital who are engaged in providing the most above services.
• Your Personal Information will be sent to the Ministry of Health of Cyprus or elsewhere i.e., national cancer research centers for statistical purposes if requested.
• Your Personal Information will be disclosed to medical professionals, who do not employ by the Hospital, from whom you have received medical care services, in accordance with the contract and/or due to a previous examination and/or with whom you have consulted, such as personal doctors or other hospitals.
• Your Personal Information will be disclosed to medical professionals not employed by the Hospital, from whom you may wish to receive medical services.
• Copies of your Personal Data will be disclosed and given to the recipients you have named (with consent given by you to the hospital).
• Images from a closed surveillance system (CCTV) will be stored for the purpose of the security of the Hospital’s premises, for the prevention, monitoring, and collection of evidence regarding any crimes or other wrongdoings that take place in the Hospital’s premises.
• Your Personal Data will be disclosed to health insurance companies with whom you maintain health insurance, when requested, in accordance with the terms of your contract with the respective insurance companies for the purposes of ensuring the quality and cost-effectiveness of the procedures used for reimbursement claims for benefits and services in the health insurance system and the management of insurance claims.
• Your Personal Data will be disclosed to third party contractors, for example, IT consultants, for the purpose of providing IT services related to the operation of the Hospital, the management and organization of the Information collected during the provision of its services to you.

The Hospital will not share your personal data with third parties for their own purposes.

Automated decision-making process.

Automated decision making occurs when an electronic system processes personal data to decide, without the intervention of human intervention. The Hospital does not currently carry out such processing. If this is necessary, you will be informed in writing before any such processing takes place.

If you fail to provide Personal Information.

If you do not provide us with the required information, we may not be able to enter a contractual relationship with you for the provision of any services, including medical services, as we will not be able to examine whether any of your requests meet the relevant conditions.

Change of purpose.

Your Personal Information will only be used for the purposes for which it was collected, unless it is reasonably believed by the Hospital that it needs to be used for another purpose and provided that that other purpose is consistent with the original purpose. If they need to be used for an unrelated purpose, you will be notified, and an explanation will be provided as to the legal basis that allows such use. It is noted that it is possible to process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

If you fail to provide Personal Information.

There may be a need to share your Data with third parties, including third party service providers and other Hospital entities. Third parties are required to maintain the security of your Data and treat it in accordance with the law. Your Personal Information may be transferred outside the EU. If this is done, you can expect to be provided with a similar level of protection in respect of your Personal Information.


Why may my Personal Information be shared with third parties?
Your Personal Information will be shared with third parties where this is required by law, where it is necessary to manage the contractual relationship with you, where you have given us your consent or where there is another legitimate interest of the Hospital.


Which third party service providers can process my Personal Information?
“Third parties” include third party service providers (including IT consultants and named agents). IT services are partly carried out by third party service providers.


How secure is my Information with third party service providers and other Hospital entities? All third-party service providers as well as other entities of the Hospital are obliged to take appropriate security measures to protect your Personal Information, to comply with the Hospital’s policies. Third party service providers are not permitted to use your Personal Data for their own purposes. It is allowed to process your Personal Data only for specific purposes and according to the guidelines they get from the Hospital. All providers of services to the Hospital have contracted with the Hospital for the purpose of processing as an Executor and have accepted the Hospital’s confidentiality agreement as a legal agreement to perform the purpose stated in their contract with the Hospital.

When may my Personal Information be shared with other Hospital entities?
Your Personal Information may be exchanged with other entities of the Hospital during the periodic reporting of the Hospital’s activities, in the context of reorganization of the operations or restructuring of the Hospital, for the purposes of maintaining the Data storage system.


What about other third parties?
Your Personal Information may be shared with other third parties, for example, in the context of a possible sale or restructuring of the Hospital. It may also become necessary to share your Personal Information with a regulatory authority or for legal compliance purposes. In this case the Hospital will notify you of your consent to the further processing of your data if the original purpose of processing your data changes.

Transfer of information outside the EU.

Your Personal Information collected about you will be transferred to countries outside the EU where your doctor, healthcare professionals or named recipients (for whom you have consented to such transfers) reside ) or where your health insurance company is based. These transfers will be made for the purpose of performing your contract with the relevant doctor, healthcare professional or insurance company, or where your named recipients request information about you.
Depending on the country to which your Personal Data is transferred there may or may not be a European Commission decision regarding that country’s data security adequacy. This means that the country to which your Data is transferred may or may not be considered to provide adequate protection for your Personal Information, but the Hospital will transfer that Personal Data in compliance with the provisions of applicable Data protection laws.

Data Security.

Measures have been put in place to protect your Data. Details of these measures are available upon request. Your Personal Information will be processed by third parties only upon instructions from the Hospital and after they agree to treat the Information as confidential and keep it secure.
Appropriate security measures are in place to prevent accidental loss, use or unauthorized access, alteration, or disclosure. In addition, there is a restriction on access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know it. They will only process your Personal Information following the instructions of the Hospital and are subject to an obligation of confidentiality.
A process has been put in place to manage any perceived breach of Data security and you will be notified of it, should it occur. Any relevant regulatory authority that the Hospital is required by law to notify will also be notified.

Data Retention.

Retention is provided for health care purposes (as long as necessary). In the case of the Hospital, personal data is kept for as long as necessary with a minimum retention period of 15 years after the death of the subject and/or 15 years after the patient’s last transaction with the Hospital based on the Directive of the Commissioner for Personal Data Protection dated 03 /07/2018, based on Article 23(1)(i), Law 138(I)/2001.
In some circumstances your Personal Information may be anonymized so that it can no longer be identified with you and in such case, it may be used without further notice to you.

Rights to Personal Data.

It is the patient’s duty to notify the Hospital of any changes.
It is important that your Personal Information is kept accurate and up to date. Therefore, please notify the Hospital of any changes to your Personal Information during our partnership. Your rights in relation to Personal Information.

Under certain conditions, you have the right by law to:

• Right to access your Personal Information (commonly known as a “personal data access request”). This enables you to obtain a copy of the Personal Information held on file by the Hospital and to check that it is being processed in accordance with the law.
• Right to correct your Personal Data. This provides you with the opportunity to correct and/or complete any incomplete or inaccurate Information held on file by the Hospital.
• Right to delete your Personal Data. This gives you the ability to ask the Hospital to delete or remove Personal Information if there is no valid legal reason to continue processing it. You also have the right to request the erasure or removal of Personal Information for which you have exercised the right to object to its processing (see below). In some cases, it may be demonstrated by the Hospital that there are compelling, legal reasons for processing your Information that override your rights and freedoms.
• Right to object to your Personal Data. Object to the processing of your Personal Information where the Hospital is based on legitimate interests (or the interests of a third party) and there is a reasonable reason in relation to your situation that prompts you to object to the processing. You also have the right to object to the processing of your Personal Information for direct marketing purposes. In some cases, it may be demonstrated by the Hospital that there are compelling legal reasons for processing your information that override your rights and freedoms.
• Right to restriction of processing of your Personal Information. This gives you the possibility to request the suspension of the processing of your Personal Information, for example, if you want its accuracy or the reason for its processing to be confirmed.
• Right to transfer your Personal Information to third parties.
• Right to withdraw consent. Where you have provided your consent to the collection, processing, and transfer of your Personal Information for a specific purpose, you have the right to withdraw your consent in respect of that specific processing at any time. For withdrawing your consent, please contact the Hospital or the Personal Data Protection Officer. When notification that you have withdrawn your consent has been received, your information will no longer be processed for the purpose or purposes to which you originally agreed, unless there is another legal basis for such processing.


If you wish to review, verify, correct, or request deletion of your Personal Information, object to the processing of your Personal Information, or request that a copy of your Personal Information be transferred to another party, please contact our Privacy Officer in writing:


c/o Mr Christoforos Christoforou
Tel: +357 99512278, e-mail: christof@sizerro.com

 

Usually, no payment is required. 

You are not required to pay any amount to access your Personal Information (or to exercise any of your other  rights). However, the Hospital may charge a reasonable amount if your claim is clearly unfounded or excessive. 

What the Hospital might need from you. 

It may be necessary to request certain information from you to verify your identity and your right to access the  Information (or to exercise any of your other rights). This is yet another appropriate security measure to ensure  that Personal Information is not disclosed to any person who is not entitled to receive it. 

Data Protection Officer. 

The Hospital has appointed a Data Protection Officer (DPO), Christoforos Christoforou, to oversee compliance with  this Privacy Policy. If you have any questions regarding this or regarding the way your Personal Information is  handled, please contact the DPO at christof@sizerro.com 

or phone 99512278

Right to file a complaint 

If you feel that your concerns and questions have not been fully answered by us regarding how we use your data,  you have the right to lodge a complaint. You also have every legal right to file a complaint with the Office of the  Commissioner for Personal Data Protection, on the website www.dataprotection.gov.cy, which is the supervisory  authority for personal data protection issues in Cyprus.
You are not required to pay any amount to access your Personal Information (or to exercise any of your other rights). However, the Hospital may charge a reasonable amount if your claim is clearly unfounded or excessive.
What the Hospital might need from you.
It may be necessary to request certain information from you to verify your identity and your right to access the Information (or to exercise any of your other rights). This is yet another appropriate security measure to ensure that Personal Information is not disclosed to any person who is not entitled to receive it.

Data Protection Officer.
The Hospital has appointed a Data Protection Officer (DPO), Christoforos Christoforou, to oversee compliance with this Privacy Policy. If you have any questions regarding this or regarding the way your Personal Information is handled, please contact the DPO at</
christof@sizerro.com
or phone 99512278.

Cookies Policy.

Our website uses cookies to make it work better and improve your experience. To learn more about how we use cookies, see our cookie policy.

Changes to this Privacy Policy.

The Hospital reserves the right to change or modify this Privacy Policy at any time deemed necessary. You will be duly notified when there are changes or modifications to this Policy and the revision date shown on the home page will vary. However, it is recommended that you review this Policy periodically so that you are always aware of how the Hospital processes and protects your personal data.