Personal Data Protection Policy for Natural Persons
The security of your personal data is extremely important and for this reason, through this Policy we demonstrate our respect for your privacy and ensure the security of your personal data.
This Personal Data Protection Policy provides information regarding the way in which your personal data is used by us as part of the medical services we provide as well as the measures we have taken to protect and keep this data safe. This policy covers the following topics:
- What is personal data?
- What personal data is collected?
- How is your personal data collected?
- How is your personal data processed?
- Publishing your information?
- Protection of personal data?
- Your rights?
- Contact us.
1. What is personal data?
“Personal data” is any information relating to an identifiable or identified natural person, such as a name, an identification number, location data or data specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of the natural person.
Furthermore, due to the nature of the services offered, namely medical services, it is clarified that data belonging to special categories are also collected, as provided for in the General Data Protection Regulation (“GDPR”). Special Categories of personal data also include genetic data and data relating to health.
Health data are personal data relating to the physical or mental health of a natural person, including data relating to the provision of healthcare services and revealing information relating to their health status.
Genetic data are personal data relating to the genetic characteristics of a natural person that were inherited or acquired, as resulting, in particular, from an analysis of a biological sample of that natural person and which provide unique information regarding the physiology or health of that natural person.
2. What personal data is collected
In the course of our activities, we collect, process and protect your personal data, in accordance with this policy and the provisions of Cyprus and European law. We will collect and process some or all of the following personal data:
(a) Information about you such as your name, address, email address, telephone number, gender, date of birth.
(b) Data concerning your health and genetic data.
(c) Personal data that may relate to or affect your health.
(d) Any correspondence with you.
3. How your personal data is collected
Your personal data is collected on the basis of the contract between us. The processing of your data is necessary for the purposes of medical diagnosis, provision of healthcare and treatment.
This data is collected at the stage of concluding the contract between us, throughout the duration of healthcare and after its transfer by another healthcare professional at your request.
4. How your personal data is processed
Your personal data is processed in accordance with the European General Data Protection Regulation (EU) 2016/679 (GDPR) and the Protection of Natural Persons with regard to the Processing of Personal Data and the Free Movement of such Data Law of 2018 (Law 125(I)/2018), as amended from time to time. In any case, we reserve the right to amend and/or update this Policy, depending on the legal framework in force at any time.
Your personal data is collected by Dr. Georgallas and/or on his behalf for predetermined, explicit and legitimate purposes.
Only data that is strictly necessary for the fulfilment of specific purposes is collected and such data is processed lawfully and fairly. It is kept and archived in a form that allows your identification, for a limited period of time and only for the period required for the specific purposes in question. Specifically, your data is kept for 10 years after the completion and/or termination of the contract between us.
Without prejudice to the above paragraph, we list the categories of data that we collect and the reason for processing:
| Category of the Subject of the Data | Data | Purpose of processing |
| Patients and/or Patient Representatives | Name, surname, age, profession, telephone no., and/or email address | Contacting patients or their representatives for information regarding any test results, regarding appointment reminders or for scheduling or rescheduling appointments, for settling any debts, for responding to any questions, comments, complaints and other relevant communications in the context of the patient’s treatment. |
| Patients | Health data and genetic data | Execution of a health service contract, medical diagnosis, provision of healthcare and treatment, protection of public interest in the field of public health (if provided for by law) |
It is understood that we reserve the right to access and use or disclose certain information for fraud prevention purposes as required by applicable laws, regulations and best practices at any time. If false or inaccurate information is provided and fraud is detected or suspected, details may be passed to fraud prevention agencies and/or other relevant organisations and may be recorded by me or them.
For any questions regarding the legal bases on which the processing is based, please contact Dr. Georgallas using the details set out in the “Contact” section below.
5. Publication of your information
Your personal data may be disclosed to third parties, including insurance companies, judicial services and/or regulatory authorities and/or law enforcement agencies and/or to any competent authority in connection with the conduct of an investigation, if this is required under any applicable law.
Furthermore, publication or disclosure of your information to third parties may only be made:
a) If you give your written consent.
b) The disclosure is made for the purposes of your treatment by another competent healthcare provider upon your request.
c) There is a legal obligation to disclose.
d) In the event that the Council of the Medical Body of the Pancyprian Medical Association (PIS) decides that disclosure should be made, pursuant to article 15(f) of Law 1(I)/2005.
6. How your personal data is protected
When processing your personal data, appropriate technical and organizational security procedures are applied and the necessary organizational and technical measures are taken in order to minimize the risk of unauthorized disclosure or processing of your personal data, as well as accidental or unlawful access to them, destruction, loss or alteration. In particular, all information you provide is stored on secure servers, we implement a security policy in the systems to protect your personal data and our employees are trained in this area.
We ensure that our employees and partners who process your personal data conclude agreements and/or sign a confidentiality statement for the protection of your personal data, maintain appropriate technical and organizational security procedures and necessary and appropriate technical and organizational measures to safeguard the security and confidentiality of your personal data.
Your personal data is not stored for longer than is reasonably necessary to serve the purposes for which it was collected.
7. Your rights
We will make reasonable efforts to keep your personal data accurate. To assist in this, you should inform us of any changes to your personal data by contacting us using the details provided in the “Contact” section below.
Under the General Data Protection Regulation, you have the following rights:
a) The right to request the correction of inaccurate personal data and/or the completion of incomplete data,
b) The right to request the deletion of your data. Your data will be deleted if it is no longer necessary for the purposes for which it was collected and provided that there are no reasons for compliance with a legal obligation, public interest or public health that require its retention.
c) The right to restrict the processing of your data provided that:
(i) The accuracy of the data is contested and for as long as necessary to verify its accuracy,
(ii) You do not need your data, but you wish to retain it for legal claims,
(iii) You oppose the deletion of the data and instead wish to restrict its use.
d) The right to request further details regarding the way in which your data is processed,
e) The provision of a copy of your personal data.
All of the above-mentioned rights are exercised by you on the basis of the General Data Protection Regulation and the exceptions referred to in the said Regulation, while the examination of any request by us is made on the basis of the Regulation and of any other law which may make the retention of data and/or its processing for specific purposes mandatory as well as on the basis of the Safeguarding and Protection of Patients’ Rights Law of 2004.
You can exercise these rights by contacting us using the details mentioned in the “Contact” section below.
If you are not satisfied with the use of your personal data or with the response you received in any exercise of these rights, you have the right to submit a complaint to the Commissioner for Personal Data Protection.
8. Contact
Questions, comments and requests regarding this Personal Data Protection Policy are welcome and should be addressed to Dr. Constantinos Georgallas in the following ways:
Telephone: 00357 22 20 33 11
Fax: 00357 22 37 44 59
Email: info@drgeorgallas.com
This Policy may be revised unilaterally by Dr. Constantinos Georgallas at any time and without notice.
Any changes to the Personal Data Protection Policy will be posted on the website drgeorgallas.com and, where necessary, will be communicated to you via email. Please check frequently for any updates or changes to this Policy.