1. Introduction

American Medical Center (hereinafter “we”, “us” or “our”) is committed to privacy and secure processing of the personal data it maintains for its clients, associates and collaborators, in an open and transparent manner. We are also committed to the collection and processing of any personal data, in full compliance with the General Regulation on the Protection of Personal Data of the European Union (Regulation 2016/679, GDPR) (hereafter referred to as “the Regulation”) and the legislation in force in Cyprus that governs the collection and processing of Personal Data of Individuals (L. 125 (I)/2018). Personal Data means any Data relating to an identified or identifiable natural person (‘data subject’).

Thus, we have developed this Privacy Policy that governs the collection, use, disclosure, transfer and storage of personal data. Please read our privacy practices carefully to understand our policies regarding your data and how we treat them, and do not hesitate to contact us for any questions.

For additional information on how we use information collected from the CCTV system operating at our locations, you can contact us at [email protected] and ask for our CCTV Policy.

 

  1. Our role under the Regulation

Under the Regulation, the American Medical Center is the Data Controller for all personal data it maintains and processes.

As a Data Controller, the American Medical Center in specific cases is allowed to collect, maintain and process the personal data of all customers and collaborators.

As a Data Processor, the American Medical Center shall process personal data as per the means and purposes defined by the Data Controller.

 

  1. How are Personal Data Collected

This privacy policy applies to Data we collect:

 

  1. Types of Personal Data Collected

We collect and use several types of data for the individuals we co-operate with, including Data by which subjects may be identified; an identifiable natural person (‘data subject’) is one who can be identified, directly or indirectly.

Namely, personal data that we collect, process and share may include:

A. For visitors, volunteers to any of our initiatives, members of the public, people that are next of kin to a patient:

 

B. For patients:

 

C. For employees or collaborators:

 

For candidates for recruitment

 

  1. Purposes for Which We Use Your Personal Data

In general, we might process your personal data for the following purposes:

 

  1. Disclosure of Your Personal Data

If it is necessary to share your information with other parties, it will be subject to strict controls and data processing agreements describing to what extend and how it may be used. We may share your information with:

 

We may also disclose your Personal Data to other third parties, including official authorities, courts, or other public bodies:

 

  1. How We Store Your Personal Data

The Data that we collect about you, including Personal Data, is safely stored and processed in European Union.

 

  1. Retention of Personal Data

The period for which we keep your Personal Data that is necessary for compliance and legal enforcement purposes varies and depend on the nature of our legal obligations and claims in the individual case. Please note that medical records are kept for fifteen (15) years after the patient’s last visit or fifteen (15) years after the patient’s passing.

To the extent we have collected your Personal Data for purposes of provision of services, customer management, and customization of content as described above, we keep your Personal Data for as long as you are associated with us, as needed to provide you with our respective services and in compliance with relevant laws of Cyprus.

Any personal data collected under the lawful basis of the consent, such as contact details for communication purposes will be deleted when you withdraw your consent. You may withdraw your consent at any given time that you desire.

For further Data regarding specific retention period please contact us at [email protected].

 

  1. Legal Bases for Collection, Use and Disclosure of Your Personal Data

There are different legal bases that we rely on to collect, use and disclose your Personal Data, namely:

 

  1. How We Protect the Security of Your Personal Data

We take appropriate security technical and organisational measures (including physical, electronic and procedural measures) to safeguard your Personal Data from unauthorized access, unlawful use, intervention, modification or disclosure under the requirements of the Regulation. For example, only authorized employees are permitted to access Personal Data, and they may do so only for permitted business functions. In addition, we have trained our employees on how to handle, manage and process personal data, applied upgraded technical measures and transformed our policies and procedures in a way that will comply with the General Data Protection Regulation.

 

  1. Automated Decision-Making, Including Profiling

None of our processes is based on automated decision-making, nor profiling.

 

  1. Choices About How We Collect, Use and Disclose Your Personal Data

We strive to provide you with choices regarding the Personal Data you provide to us. You can choose not to provide us with certain Personal Data, but that may result in you being unable to use certain services.

Subject to the provisions of the General Data Protection Regulation – GDPR, you have the following rights in regard to your Personal Data: (Please note, these rights are not absolute and, in some cases, they are subjected to conditions as defined by Law):

  1. Right of Access – You have the right to access your own Personal Data, as well as the right to request a copy of your personal data that is maintained and processed by our company.
  2. Right of Rectification – You have the right to request the correction of any incomplete and / or inaccurate personal Data we hold for you.
  3. Right to Erasure – You have the right to request the deletion of personal Data only if one of the following reasons is true:
    • Personal Data are no longer necessary in relation to the purposes for which they were collected or processed.
    • If the processing is based on your consent and you have withdrawn this consent (on which processing is based) in accordance with Articles 6.1.a and 9.2.a of the Regulation and if no other legal basis, for processing, applies.
    • If you object to processing in accordance with Article 21.1 of the Regulation and there are no compelling and legitimate reasons for processing.
    • If personal Data have been processed illegally.
    • If personal Data should be deleted in compliance with a legal obligation under EU law to which our company is subject to.
    • If the personal data have been collected in relation to the provision of referred to in Article 8.1 of the Regulation.
  4. Right to Object – You have the right to oppose the processing of your Personal Data at any time and for reasons related to a specific situation, unless there are compelling legitimate reasons for processing that override your interests, rights and freedoms.
  5. Right to Restriction of Processing – You reserve the right to request the restriction of processing on your Personal Data so that we may no longer process the specific Data until the restriction is lifted (for example, the data have been corrected).
  6. Right to Data Portability – You have the right to request the transfer of your personal data, that you have provided to our company. These data will be given to you in a format that is structured, widely used and machine readable and, in certain cases you may also have the right to request for us to send the Data to another organization, provided that such a transfer is technically feasible.
  7. Right to Object and Automated Individual Decision-Making (Including Profiling) – You have the right to request that we do not make any decision, regarding you, solely on the basis of automated processing, including profiling, only in the case that this decision has legal or significant consequences on you.

 

If you have any questions in regard to the kind of personal data we hold for you, or if you want to exercise any of your personal data rights, please send a written request to [email protected] or to the postal address provided at the bottom of this Privacy Policy. However, we reserve the right to reject any requests for access or for imposing restrictions or other claims if required or permitted by the law.

 

  1. Changes to Our Privacy Policy

We may modify or revise our privacy policy from time to time. Although we may attempt to notify you when major changes are made to this privacy policy, you are expected to periodically review the most up-to-date version found at our website http://amc.com.cy/ so you are aware of any changes, as they are binding on you.

 

  1. No Error Free Performance

We do not guarantee error-free performance under this privacy policy. We will use reasonable efforts to comply with this privacy policy and will take prompt corrective action when we learn of any failure to comply with our privacy policy. We shall not be liable for any incidental, consequential or punitive damages relating to this privacy policy.

 

  1. Contact Data

If you have any questions about this privacy policy or our Data-handling practices, please contact us at [email protected]. You may also contact us at Spyrou Kyprianou Avenue 215, Strovolos 2047, Cyprus, telephone +357-22476777.

 

Submission of a Complain: If you feel that your concerns in regard to the use of your personal data or any of your data protection rights have not been addressed by us, you have the right to contact us at [email protected] and submit a complain. You also have the right to submit a complaint with the Personal Data Protection Commissioner’s Office at http://www.dataprotection.gov.cy.

 

Last Modified date:  14/06/21