Owner and Data Controller: timiosstavroshospital.com.cy
We ask you to read this Privacy Notice carefully as it contains important information on who we are, how and why we collect, store, use and share your personal information, your rights in relation to your personal information and on how to contact us and the supervisory authorities in the event that you have a complaint.
Process of personal data
We process personal data that you provide to us in the course of our services.
Information we collect
Please note that the data we collect vary among the different services we provide.
The purpose for processing your personal data and the legal ground of this processing
We collect and process personal data in full compliance with the provisions of the Regulation as well as the national legislation.
Who we share your data with
In the course of our operation, the relevant employees responsible for the performance of our contractual and legal obligations receive the necessary data.
Under Article 28 of the Regulation, we have the right to designate a processor. In such a case, it is likely that the processor will receive your personal data to provide services.
Furthermore, the company is legally obliged to transfer your personal data to various government authorities and/or services.
It is possible for us to share your personal data to other people/companies/organisations if you have given us your express consent for such transfer.
How long your personal data will be kept for
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn.
Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Transfer of your personal data outside the EE or to an international organization
We do not transfer of your personal data outside the EE or to an international organization.
Keeping your personal data secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to have access to it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
You have a number of important rights, under the Regulation. Specifically:
right to access your personal data (Article 15): meaning you might receive information and/or copy of the personal information we hold free of charge.
right to rectification (Article 16): you might ask us to correct any mistakes in your information which we hold.
right to erasure (“right to be forgotten”) (Article 17): you might ask us to erase the personal information concerning you. However, we reserve the right to deny the erasure, if the processing is necessary for compliance with a legal obligation, for reasons of public interests or for the establishment, exercise or defence of legal claims.
right to restriction of processing (Article 18): you might require us to restrict our processing of your personal data if you contest the accuracy of your personal data, the lawfulness of the processing, or you have objected to processing (according to article 21, see below) and you wait for our reply whether we have legitimate grounds which override yours.
right to data portability (Article 20): you have the right to request and receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to a third party under certain circumstances.
right to object (Article 21): you have the right to object at any time to processing of personal data concerning you which is based on performance of a task carried out in the public interest or for the purposes of the legitimate interest pursued by us or third parties (article 6 (1) (e) and (f) of the Regulation).
right to withdraw your consent: you reserve the right to withdraw your consent at any time. However, the withdrawal of the consent does not affect the lawfulness of the processing based on consent before its withdrawal.
If you like to exercise any of those rights
How to complain
Automated individual decision-making
As a rule, we do not make automated decisions. If we make use of automated decision-making, you will be properly informed if this is necessary on the basis of the relevant legislation.
Changes in this privacy notice
We ask you to periodically visit our website for any updates of this privacy notice.