Data Privacy Policy

This Privacy Policy explains how and why, the American Medical Center (“we”) collect information about you and what we do with it. This Policy also explains your rights under the General Data Protection Regulation (GDPR) and how you can exercise those. In legal terms, we are the data controller, as we determine the means and/or purposes of the processing of the personal data held by us. We might be the data processors in the case that we are performing a process on behalf of another legal entity that is defining the means and/or purpose of the processing.

The General Data Protection Regulation (GDPR) governs how we take care of the information we hold about you. The first principle of the Regulation is that your personal information must be processed fairly and transparently. We have an obligation to let you know how we will securely maintain the information about you and what we will use it for.

What personal data do we collect about you?

  • basic details about you, such as name, address, date of birth, Police ID/ Passport number, referring doctors and next of kin, 
  • contacts we have had with you, such as clinic visits or hospital admissions notes and reports about your health and any treatment and care you need, 
  • details and records about the treatment and care you receive results of investigations, such as x-rays, scans and laboratory tests relevant information from other health professionals, relatives or those who care for you and know you well.

Why do we need your personal data?

  • to create your medical file,
  • to be able to contact you when need to inform you about test results, appointments, referrals,
  • to execute your payments.

We collect and use your information under the following lawful bases:

  • where we have consent by the data subject or legal guardian,
  • where it is necessary for the execution of a contract between us and the data subject,
  • where it is necessary for compliance with a legal obligation,
  • where processing is necessary to protect the vital interests of the data subject or of another person,
  • where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
  • where it is justified by our legitimate interests, of your legitimate interests or those of another person,
  • where processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of an employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of EU or Cyprus law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in Article 9 (3) of the GDPR.

Who will we share your information with:

If it is necessary to share your information with other parties, it will be subject to strict controls and data processing agreements describing to what extent and how it may be used. We may share your information with:

  • Doctors/Surgeons/Physicians,
  • Laboratories,
  • Other medical centers,
  • Insurance companies

Your rights

Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 Law 125(I)/2018, you are granted several rights regarding your personal data. You have the right to request from us access to and rectification of your personal data. If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.

Individual Rights:

  1. Right to be informed 
  2. Right to access
  3. Right to correction
  4. Right to erasure* 
  5. Right to restriction of processing
  6. Right to data portability
  7. Right to object to processing
  8. Right not to be subject to automated decision making 

*Right to erasure only applies in certain circumstances. Based on GDPR Article 9 (2)(h) and (3) relevant exceptions include processing data for:

  1. medical diagnosis
  2. the provision of health or social care
  3. the management of health or social care systems or services. 

For further information on how we process your personal data or how to exercise your rights you can contact our Data Protection Officer at dpo@amc.com.cy.

For further information on the GDPR, your rights or to lodge a complaint, you can contact the office of the Commissioner for the Protection of Private Data at the following address:

Office of the Commissioner for the Protection of Private Data
1 Iasonos st.
1082 Nicosia Cyprus
Website: http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_en/home_en?opendocument
Telephone number: 22818456
Fax number: 22304565