Call us!

Popular Topics

Search!

Privacy Policy

MEDICOVER LABORATORIES CYPRUS LTD – PRIVACY POLICY

The Diagnostic Centers, and Laboratories of the Medicover Laboratories Cyprus Ltd (hereinafter MCL) take the protection of the privacy of their patients, clients, visitors, personnel very seriously. For this reason, we strictly adhere to the following Personal Data Protection Policy, which ensures the high level of the services provided and complies with the applicable legislative and regulatory framework on the protection of personal data.

The personal data concerning you are collected and retained for the strictly necessary period, for specific, explicit, and lawful purposes, and are subject to lawful and fair processing in a transparent manner, always in accordance with the applicable legal framework and in a way that guarantees their availability, integrity, and confidentiality. Such data are, at all times, appropriate, relevant, and limited to what is necessary in view of the above purposes; they are accurate and, where required, kept up to date.

Medicover Laboratories Cyprus Ltd Details

For the provision of diagnostic services, MCL operates in the following Clinics the Clinical laboratory, as well in the following regions a MCL laboratory, which act as independent Data Controllers for the personal data and health data they are required to maintain, as well as joint Data Controllers with respect to the processing of personal data and health data, including their potential and, at times, necessary disclosure and exchange of ordinary and special category data, within the framework of providing secondary healthcare to the respective data subject, jointly determining the purposes and means of processing the personal data and health data they process.

Their details are set out, on a separate document within this webpage.

SCOPE

This Policy sets out the terms and conditions observed by MCL for the protection, in general, of the privacy of patients, companions, relatives, and any kind of persons assisting them, whose personal data are processed for the purpose of providing healthcare services, as well as of users of the applications created by the Clinics or Clinical Laboratories that MCL operates.

The purpose of this Policy is to inform you about how we collect, use, retain, share, and process data concerning you, such as your personal details and demographic data that you provide when you choose to receive healthcare services from our MCL, as well as health data that arise from the provision of our services to you.

The MCL reserves the right to amend and adjust this Policy whenever it deems this necessary or whenever it is required by applicable legislation. Any changes shall take effect from the time they are posted on the present website/application.

PRIVACY POLICY

MCL strives to conduct its business activities in accordance with the principles of privacy, as we believe these demonstrate our firm commitment to ethical and responsible practices. We recognize that innovation and new technologies lead to continuous changes with regard to risks, expectations, and legislation, and for this reason we follow privacy accountability standards and aim to promptly adapt the way we apply them in response to such changes.

This Policy also applies to all individuals whose data we process, including, but not limited to, clients, candidates, current and former employees, partners, investors, shareholders, and other stakeholders.

All MCL Employees and members of Management have significant responsibilities regarding the protection of privacy, which they are required to observe.

We recognize that unintentional errors and poor judgment in relation to data protection can create risks to individuals’ privacy and risks to the reputation, operations, compliance, and standing of our MCL. Every employee of our MCL, as well as other individuals who process data on behalf of our companies, is responsible for understanding and complying with their obligations under this Policy and applicable laws.

Our Values and Standards Regarding Privacy

We uphold our privacy values in everything we do that involves people, including the way we implement privacy standards. Our privacy values include:

Respect – We recognize that concerns about privacy are often connected to fundamental questions of who we are, how we view the world, and how we define ourselves. Therefore, we make every effort to respect the perspectives and interests of individuals and communities, and to be fair and transparent in how we use and share information relating to them.

Prevention of Harm – We understand that the misuse of information relating to individuals can cause tangible and intangible harm to people. Accordingly, we strive to prevent physical harm, financial harm, harm to reputation, or any other type of privacy-related harm.

Compliance – We have learned that laws and regulations do not always keep pace with the rapid developments in technology, data flows, and the related changes in privacy risks and expectations. Therefore, we make every effort to comply with the spirit and the requirements of privacy and data protection laws in a manner that demonstrates consistency and operational effectiveness in our business activities at a global level.

Necessity – Before collecting, using, or disclosing Personal Data, we define and document the specific, precise, and lawful business purpose for which such processing is necessary.

Fairness – We do not process Personal Data in ways that are unfair to the individuals to whom the data relate.

Transparency – We do not process Personal Data in ways or for purposes that are not transparent.

Purpose Limitation – We use Personal Data only in accordance with the principles of Necessity and Transparency.

Data Quality – We keep Personal Data accurate, complete, and up to date, in line with its intended use.

Security – We implement safeguards to protect Personal Data and Sensitive Data from loss, misuse, and unauthorized access, disclosure, or destruction, ensuring their integrity, confidentiality, and availability.

Data Transfer – We are responsible for maintaining the privacy and security of Personal Data when it is transferred to or from other organizations or across national borders, including in the context of exercising the right to data portability.

Lawfulness – We process Personal Data in compliance with the applicable legislative and regulatory framework.

DEFINITIONS

Personal data” means any information relating to an identified or identifiable natural person.

Genetic data” means personal data relating to the inherited or acquired genetic characteristics of a natural person, as derived in particular from the analysis of a biological sample of that natural person, which provide unique information about the physiology or health of that natural person.

Biometric data” means personal data resulting from specific technical processing relating to the physical, biological, or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person.

Data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of healthcare services, which reveal information about the health status of that natural person.

Special category personal data” include, among others, genetic data, biometric data, and data concerning health.

Processing of personal data” means any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor” means the natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

LEGAL FRAMEWORK FOR THE PROTECTION OF PERSONAL DATA

For the purposes of this Policy, the “legal framework for the protection of personal data” means Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR) of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as any regulation or directive issued pursuant to or for the implementation of the aforementioned General Regulation; Law 125(I) 2018 “Cyprus Data Protection Authority, measures for the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the transposition into national law of Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016, and other provisions”; as well as any national law or guideline of the Cyprus Data Protection Authority (CDPA) that is in force and applicable and relates to the processing and protection of personal data in general and, more specifically, in the field of healthcare services.

Indicatively, the following laws, as in force and as amended, apply, among others:

  • Law 150(I)/2001 – The Bioethic Law – Code of Medical Ethics
  • Law 2001 (90(I)/2001) Law on Establishment of Private Hospitals
  • 2004 Law on the Establishment and Protection of Patients’ Rights was established (1(I)/2005).
  • Data protection in health care sector (Office of Commissioner PDF — Opinion dated 3/7/2018). Regarding retention of Health Data.
  • Law 2619/1998 – Oviedo Convention
  • Relevant Regulatory Acts of the competent Independent Administrative Authorities
  • General Data Protection Regulation (EU) 2016/679
  • Implementing Law 125(i)2018 on the protection of personal data
  • Existing legislation regarding emergency measures to address the adverse consequences of the outbreak of the COVID-19 coronavirus and the need to limit its spread

WHAT DATA WE COLLECT

In summary, the personal data that are collected and further processed include:

  • First name, father’s name, date of birth, identification details, tax identification number (TIN), address, and contact details in general (including email address and telephone number), relating to you and/or your relatives.
  • Health data generated by us or provided to us in any manner.
  • Information you provide to us for payment purposes, such as bank card details.
  • Information derived from the use of websites and other digital platforms that we use for the purpose of informing you or providing services, in relation to the following services offered by the Company through its websites and/or your registration with one or more of them:
    • Subscription to a regular newsletter and receipt of information about promotional activities
    • Management of your medical file through the GESY application (General Health System), provided you have received services from the MCL and have completed the relevant registration
    • Submission of inquiries relating to services associated with our companies

In addition to the above data that you provide to the MCL, technical information that constitutes personal data may also be collected, such as the Internet Protocol (IP) address of your device (desktop computer, laptop, tablet, or smartphone). Such technical information is used for the proper operation and performance of the websites and electronic services and is not permanently stored in the MCL’s systems.

PURPOSE OF PROCESSING YOUR PERSONAL DATA

In accordance with the above legal framework, MCL collects and processes personal data of patients, their companions, or users of the websites of its companies for the purposes outlined below and only to the extent strictly necessary to effectively achieve these purposes. Such data are always relevant, adequate, and not excessive in relation to the purposes stated, and are accurate and, where necessary, kept up to date. MCL may process personal data where processing is necessary based on at least one of the following legal bases:

  • For the performance of a contract between you and us, or to take steps at your request prior to entering into a contract.
  • To comply with a legal obligation.
  • For the purposes of legitimate interests pursued by MCL.
  • When you have given your consent.
  • To protect your vital interests.
  • To perform a task carried out in the public interest.
  • For the exercise of rights and obligations arising under social security law.
  • For the establishment, exercise, or defense of legal claims, or when courts act in their judicial capacity.
  • For purposes of preventive or occupational medicine, medical diagnosis, provision of healthcare, treatment, or management of healthcare systems.

MCL retains and processes both ordinary and sensitive personal data provided by you or another person with your lawful authorization for the purpose of performing the healthcare service contract you have signed (or signed on your behalf), safeguarding your vital interests, fulfilling a legal obligation or legitimate interest of the relevant MCL company, and/or based on your consent. Such data may be transmitted within or outside the European Union to private and/or public insurers, partners/processors, or competent judicial, police, or tax authorities in accordance with applicable law.

MCL retains and processes special category data, including medical history, medical examinations, medical procedures you provide yourself or through another person on your behalf, and medical data resulting from the provision of healthcare services, for the purpose of delivering healthcare services based on preventive or occupational medicine, medical diagnosis, safeguarding your vital interests, and/or your explicit consent. These data may lawfully be shared with private or public insurers or the GESY insurance, according to your legal relationship with them, with a network of independent doctors providing services to the MCL, and with partners acting on behalf of the respective MCL company under contractual agreements for the purpose of delivering healthcare services.

In accordance with applicable law, MCL may process and transmit ordinary or special category personal data to law firms for the establishment, exercise, or defense of legal claims, or when courts act in their judicial capacity, to competent authorities, or for compliance with legal obligations or public interest requirements. MCL may also process and transmit ordinary data of the patient and/or the responsible companion for compliance with legal obligations or public interest duties to competent police, judicial, administrative, or tax authorities within or outside the European Union upon valid request. Internal audits of personal data may also be conducted where legally required, in accordance with internal procedures.

MCL may also transmit personal data, both ordinary and special category, to law firms for debt collection and settlement arising from the provision of healthcare services, for the establishment, exercise, or defense of legal claims.

Finally, with your explicit consent, MCL may process your personal data for the development, improvement, and promotion of its services, as well as for providing benefits or privileges.

DATA RETENTION PERIOD

  • MCL is required to retain documents or electronic records for the period prescribed by national legislation. Specifically, as set out in the Code of Medical Ethics (Law 150(I)/2001 – The Bioethic Law – Code of Medical Ethics), and the Data protection in health care sector (Office of Commissioner PDF — Opinion dated 3/7/2018). Regarding retention of Health Data.
  • In private medical practices and other primary healthcare units of the private sector, medical records must be retained for fifteen years from the patient’s last visit.
  • In all other cases, medical records must be retained for as long as is necessary to fulfilled the requested purposes.

Data retained for the commercial promotion of products or services and/or the provision of benefits will be deleted six months after the completion of the relevant activity.

Curricula vitae collected by the relevant Human Resources Departments are retained for one year and are then destroyed in accordance with MCL’s document destruction policy for its companies.

Tax-related records are retained in accordance with applicable tax legislation.

YOUR RIGHTS REGARDING PERSONAL DATA PROTECTION

Data protection legislation grants you the following rights, which you can generally exercise free of charge and in accordance with the legal framework:

  • Right of Access – You have the right to be informed about which personal data MCL has collected and is processing, their source, the purposes and legal basis for their processing, any recipients or categories of recipients (including in third countries), and the retention period.
  • Right to Rectification – You can request the correction of any inaccurate personal data by submitting to MCL a statement with the correct personal data.
  • Right to Completion – You can request the completion of any incomplete personal data by submitting to MCL a statement with the full personal data.
  • Right to Erasure (Right to be Forgotten) – You may request the deletion of your personal data in the following cases:
    • When your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
    • When you withdraw your consent on which the processing is based and there is no other legal basis for processing.
    • When your personal data have been processed unlawfully.
    • When there is a legal obligation to delete your personal data.
    • When personal data of a child collected through information society services were provided following the child’s consent, or with parental/guardian consent.
  • Right to Restriction of Processing – You may request the limitation of processing in the following cases:
    • You contest the accuracy of your personal data until MCL verifies their accuracy.
    • Instead of deletion, you request restriction of processing.
    • MCL no longer needs your personal data for processing purposes, but you require them to establish, exercise, or defend legal claims.
  • Right to Object – You may object to the processing of your personal data, unless there are compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims by MCL.
  • Right to Data Portability – You have the right to receive your personal data provided to MCL’s Clinics, Diagnostic Centers, Polyclinics, Servicing Areas such as Blood Collection Places in a structured, commonly used, and machine-readable format and to transmit them to another controller, where the processing is based on your consent or is necessary for the performance of a contract.
  • Right to Withdraw Consent – You may withdraw any consent you have given regarding the processing of ordinary personal data and health data, without retroactive effect.

These rights may be limited due to obligations under other laws, for example, if you request the deletion of data while MCL is legally required to retain them (Article 14 of the Code of Medical Ethics).

For any of the above matters or to resolve questions regarding applicable personal data legislation, you can contact MCL using the following methods:

  • By email: This email address is being protected from spambots. You need JavaScript enabled to view it. c/o Mr. Christoforos Christoforou
  • By mail: Addressed to the Data Protection Officer of MEDICOVER LABORATORIES CYPRUS, LTD. Piraeus Street 36, Strovolos, 2023, Nicosia,
  • By Telephone: DPO 99512278, 22322743

Medicover Laboratories Cyprus will respond to your request free of charge, without undue delay, and in any case within one month of receipt of the request, except in exceptional cases. In such cases, the deadline may be extended by an additional two months, taking into account the complexity of the request or the number of requests. MCL will inform you of any extension within one month of receipt of the request, including the reasons for the delay.

If it is not possible to fulfill your request, MCL will inform you without delay and no later than one month after receipt of the request, providing the reasons and information on your right to lodge a complaint with the Cyprus Data Protection Authority and your right to seek judicial remedy before the competent courts.

If your request is deemed by MCL to be manifestly unfounded or excessive, MCL may charge a reasonable fee considering administrative costs or may refuse to act on the request.

RIGHT TO FILE A COMPLAINT

If you believe your rights regarding the protection of your personal data have been violated, you have the right to file a complaint with:

You also have the right to seek judicial remedy before the competent courts for the protection of your personal data.

SECURITY MEASURES

MCL has implemented appropriate technical and organizational security measures to ensure compliance with legislation and the adequate protection of your personal data. Personnel and all associated doctors have been trained in accordance with MCL’s Data Protection Policies and Procedures. All partners acting on behalf of MCL as processors are bound by contracts (Data Protection Agreements) that comply with GDPR safeguards and guarantees.

NEWSLETTER

By providing your email address, you also give your consent to receive electronic communications solely for advertising and direct promotion of MCL products and/or services via a newsletter. Your email will only be used by MCL and its designated partner for sending the newsletter. Each email will clearly identify MCL and provide you with a simple, free, and accessible way to opt out and request deletion of your data from the mailing list.

COOKIES

Our website uses cookies. For more information, please visit the following link regarding our use of cookies: Cookie Policy.

MEDICOVER Laboratories Cyprus

PIREUS 36,

STROVOLOS | 2023,

NICOSIA

Cyprus

Phone: +357 22751333

E-mail info.cyprus@medicover.com

Copyright:
MEDICOVER Laboratories Cyprus | PIREUS 36, STROVOLOS | 2023, NICOSIA | email: info.cyprus@medicover.com

We want to make sure you enjoy browsing our website and have a pleasant experience. For this purpose, this website places “cookies” on your computer to collect information about how you use our website. Please click the OK button to accept the use of cookies on this website.

Privacy Policy