Privacy Policy

Apollonio Private Hospital (hereinafter referred to as “we” or “Apollonio”) is committed to protect the privacy and handling of the personal data of its customers, contracting parties and partners in an open and transparent way.
We are committed to collect and process the personal data in full compliance with the General Data Protection Regulation (Regulation 2016/679) (hereinafter referred to as the “Regulation”) and the applicable legislation of Cyprus on the collection and processing of personal data (NN125(I)2018).
As such we have developed this Privacy Policy that applies to the collection, use, disclosure, transfer and storage of personal information. Below we present the privacy protection methods that we implement.

Privacy Policy for Customers, Contracting Parties and Partners

Apollonio Private Hospital

 

  • The role of Apollonio Private Hospital according to the Regulation

According to the Regulation, Apollonio Private Hospital is the Data Controller for all personal data that it retains and processes. As Data Controller, Apollonio may collect, retain and process personal data on all the customers, contracting parties and partners.

  • How is personal data collected 

Directly from you or your parents/guardians or upon a relevant authorization, by another person,

From the medical record in your patient file where medical examination results, diagnostic results, information on your medical treatments, medical reports etc. are kept on record,

From third parties, via the examinations we carry out in order to provide you with the services you have requested (e.g. family doctors, laboratories, other medical centers)

Through video surveillance for security reasons and the protection of Apollonio Hospital and the personnel, visitors, offices, assets and information thereof as well as for infrastructure reasons. The video surveillance system of the hospital records natural persons and therefore processes personal data.

  • Which personal data we collect, handle and share

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

As a Hospital, we collect and use different kind of information not only on our customers, contracting parties and partners but also on our personnel.

Visitors, public, relatives of patients:

Basic information such as name or/and last name, contact number, address, date of birth.

ID card number

CCTV footage

Patients:

Personal data provided by the patient for the appointment with doctors

Sensitive personal data including medical conditions

Notes and reports on the health and the physical condition, treatments, medical care and medical support to the patient

Medical examination results and diagnoses

Relevant information from other health service providers

Information on medication, side effects and allergies

Results of treatments

Information on payments

Personnel and partners:

Basic information such as name, address, date of birth

Contact information (telephone number, email address, etc.)

Curriculum vitae

ID card number, SSN, bank account details and other financial information

Candidate employees:

Curriculum vitae and relevant correspondence, including reference letters (if necessary)

 

  • For which purposes we use your personal data

In general, we process your personal data for the following purposes:

Provisions of preventive or curative medicine: the information you provide is used for the compliance with certain contracts on the provision of medical treatment and hospitalization, provision of information to other medical professionals in relation to other related findings, update of the patient’s profile with the medical examination results as well as for notification purposes when it is necessary for the patient to be notified on the examination results, booking of any appointments and referrals to other medical professionals.

Advertising: upon your express consent, we contact you in order to inform you on new services, invitations and newsletters and events-conferences that might be of interest to you.

Compliance: in order to enforce our terms and conditions and in compliance with our legal obligations as set out in the applicable legislation and as provided by our regulators.

For whatever grounds upon your consent, which is granted separately outside the scope of this privacy policy.

Collection of outstanding receivables.

In compliance with our legal obligations as set out in the applicable legislation or/and our commitments.

 

  • Disclosure of your personal data

If it is necessary to share your information with other parties, this is subject to strict controls and data protection agreements that provide to what extent and how this data will be used. It is possible that we share your data with:

-Doctors and other medical professionals: Doctors may have access to the personal data that they need in order to perform their duties but they are not allowed to share or use this information for any other purpose. We have implemented all reasonable measures in order to ensure that they are in compliance with the applicable data protection regulations.

-Medical laboratories and other medical services providers: To the authorized by us providers of our services (such as laboratories etc.) who carry out certain services on our behalf including the provision of services that you have requested from us.

-Other medical centers: It is possible to share your personal information with other medical centers or / and doctors to the extent that this is necessary for the provision of services, content individualization or to the extent that you have consented thereto separately from the scope of this privacy policy.

-Insurance companies: It is possible to share your personal information with insurance companies to the extent that it is necessary for the performance of the contract and to the extent that you have consented to.

 

  • How we store your personal data

The information we collect on you including your sensitive personal information is stored in  electronic and hard copy format with restricted access and it is also stored with an  authorized private data and document management  company and is processed in Cyprus and/or in specialized cases, in countries in the European Union.

 

  • Personal data retention

We retain your personal data for as long as it is necessary for compliance  purposes and it depends and varies from the nature of our legal obligations and commitments on a case-by-case basis.

To the extent that we have collected your personal data for the provision of services, management of customers and content individualization (for the description of these purposes, see above) we retain your personal data for as long as it is necessary in order to provide you with the respective services and in compliance with the relevant legislation of the Republic of Cyprus.

For any further information on the said retention periods, please contact our Data Protection Officer on 22469040.

 

  • Legal grounds for the collection, use and disclosure of your personal data

There are several legal grounds based on which we collect, use and disclose your personal data and in particular:

-Consent: Based on your consent we may use your personal data (i) in order to transfer your medical data to insurance organizations and other medical centers / doctors, (ii) in the event of promotion or advertisement purposes upon your consent and (iii) for other purposes where we ask for your consent outside the scope of this privacy policy and for which the purpose of the procedure is not related to the services that we provide to you.

-Performance of a contract: The use of your personal data for the purpose of providing services, customer management purposes and for operational and security purposes as described above, is necessary for the performance of the services provided to you according to our terms and conditions and for any other contract that you may have concluded with us.

-Compliance to legal obligations: We are allowed to use your personal data to the extent that this is necessary for the compliance with the legal obligations that we have undertaken.

-Protection of your vital interests: The processing of your personal data is necessary for the protection of your vital interests if you are not physically or mentally capable to give your consent.

-Legal interest: The processing of your personal data is necessary in order to serve the legal interests of the Data Controller or any third party except for the cases where the fundamental rights and freedoms of the data subject that need to be protected and especially when the data subject is a minor, override the said interests.

 

  • How we ensure that your personal data is secure

We have implemented appropriate technical and organizational security measures (including physical, electronic and procedural measures) in order to protect your personal data against any unauthorized access, illegal use, interventions, amendment or disclosure pursuant to the requirements of the Regulation. Our personnel has been trained on the handling, management and processing of personal data; we have introduced advanced technical measures and we have developed our policies and procedures in compliance with the General Data Protection Regulation.

 

  • Automated decision-making including profiling

We reserve the right to automated decision-making as set out below: When it is deemed necessary in order to provide you with services upon your written express consent and provided that appropriate measures on the protection of your rights have been implemented.

 

  • How you exercise your rights

If you have provided us with your personal data, you may terminate your relationship with us at any time according to the provisions of our agreement or relationship. If you choose to do so, then your personal data will be erased according to our policy on the retention of personal data and the applicable legislation. You may choose not to provide us with specific personal data; however, this may result in you not being able to receive some of our services.

In compliance with the provisions of the General Data Protection Regulation, you have the following rights as to your personal data bearing in mind however, that these rights are not absolute and under certain circumstances they are subject to conditions as provided by the law:

1. Right to access – You have the right to access your personal data as well as the right to request a copy of your personal data that Apollonio Private Hospital retains and processes.

2. Right to rectification – You have the right to ask for the rectification of your personal data that we retain which are incomplete or/and inaccurate.

3. Right of erasure – You have the right to ask for the erasure of your personal data only if one of the following grounds apply:

(i) Personal data are no longer necessary for the purposes for which they were collected or processed.

(ii) If the processing is based on your consent and you have withdrawn the said consent (on which the processing has been based) according to articles 6.1.a and 9.2.a of the Regulation and if no other legal basis on the processing applies.

(iii) If you have any objection to the processing according to articles 6.1.a and 9.2.a of the Regulation and there are no emergency nor legal grounds for the processing.

(iv) If the personal data have been processed unlawfully.

(v) If the personal data have been collected based on the provision of article 8.1. of the Regulation

4. Right to object – You have the right to object to the processing of your personal data at any time and on any grounds related to the said circumstances unless there are emergency legal grounds for the processing that supersede your interests, rights and freedoms.

5. Right to restrict the processing – You reserve the right to ask for the restriction of the processing of your personal data in order for us to abstain from any further processing of the specific information until the restriction is lifted (for example the data are rectified).

6. Right to data portability – You have the right to ask for the transfer of your personal data that you have provided to our organization. These data shall be given to you is a structured, commonly used and machine-readable format; in certain circumstances however you may also have the right to ask us to send the information to another organization considering that any such transfer is technically feasible.

7. Right to object and automated individual decision making (including profiling) – You have the right to ask us not to make any decision on you based exclusively on an automated processing including profiling, only in those cases that any such decision shall have legal or important consequences on you.

If you have any questions on the kind of personal data that we retain on you or if you wish to exercise any of your rights on your personal data, we suggest that you send a written message at dpo@apollonion.com.cy  or the address at the end of this privacy policy. However, we reserve the right to reject any request on accessing or restricting the processing or any other demand if it is deemed necessary or it is provided by law.

  • Contact details

If you have any questions on this Privacy Policy or the methods we use as to the handling of information, please contact our Data Protection Officer on 22 469040.

You may also contact us at dpo@apollonion.com.cy

File a complaint: If you feel that we have not addressed your concerns on the use of your personal data or any of your personal data, you have the right to contact us on 22469040 or at dpo@apollonion.com.cy  and file a complaint thereon. You also have the right to file a complaint with the Office of the Commissioner for Personal Data Protection.

 

Office of the Commissioner for Personal Data Protection

1 Iasonos str.,1082, Nicosia

Website: http://www.dataprotection.gov.cy

Telephone number: 22818456

Fax number: 22304565