Privacy Notice
General information
This Privacy Notice is intended to inform you about the processing of information that directly or indirectly identifies you (hereby referred to as the ‘Personal Data’) carried out by SVINC LTD a company incorporated in Cyprus with company registration No. HE433305 and having its registered office address at Georgiou A, 41 Dasoudi Tower Germasogeia 4047 Limassol Cyprus (hereby referred to as the “SVINC” ‘’Company’ or “we”). The Clinic is dedicated to treating your Personal Data with responsibility and is committed to safeguarding your privacy rights at all times.
Our data processing practices adhere to the relevant local legislation, including the Data Protection Legislation, the Privacy and Electronic Communications (EC Directive) Regulations 2003, and EU Regulation No. 2016/679, commonly known as the General Data Protection Regulation (collectively referred to as the ‘GDPR’).
Below are the categories of personal data we process for specific purposes:
- Identity, photograph and contact details such as, name, address, email, phone number, date of birth.
- Medical history concerning you or (if necessary and relevant) your family, whether provided by you, by referrals or by other authorized third parties.
- Information about your nationality and the right to receive medical care in Cyprus regarding the provision of cross-border healthcare to insured patients.
- Information relevant to provided therapies
- Financial data / payment details related to your care.
- Information about any surveys, complaints or other enquiries.
- Information about your marital status, relatives, or emergency contacts.
- Information on the physical and / or your psychological state, including disabilities, allergies, dietary, for which the hospital must make reasonable adjustments.
This Privacy Notice outlines the foundation on which we may collect, use, or otherwise process personal data through our website (Website), downloadable software, mobile applications, desktop applications, content, features, functions, and/or via the Account, or through any other services provided by us, where a link to this Privacy Notice is displayed. Additionally, it covers all other forms of communication with you, whether written or oral, such as email, chat, or phone (collectively referred to as the “Services”), when you make use of our Services, and the choices you have regarding that personal data.
We use your personal data to provide and enhance our Services. Your acceptance of this Privacy Notice is considered to take place upon your initial use of our website and any of the Services.
Why we process your personal data
To process your personal data, we ensure that such processing is grounded on at least one of the following legal bases:
- You have provided clear and explicit consent for the processing. For example, when a patient chooses to receive informational and promotional messages from us, or to receive examination results via a mobile application.
- Processing is necessary for the fulfillment of an agreement between you and us, or when it is necessary to take steps, following your instructions, prior to entering into such an agreement. For instance, processing related to the payment made by you for oue services.
- Processing is necessary to comply with any legal or regulatory obligations to which we are subject to.
- Processing is crucial to safeguard your vital interests in emergency situations.
- Processing is essential to pursue the legitimate interests of our Company or a third party, provided that your interests and rights do not override those of our Company. For example, processing your personal data to ensure proper governance, manage our activities, guarantee your safety, and secure our facilities and systems, or to provide patients with necessary information related to their care.
Processing of your data
Processing of your personal data is carried according to the principles of lawfulness, fairness, transparency and always adhering to the intended purpose of data processing, the principle of data minimization, accuracy, limited data storage, data integrity, confidentiality and accountability. Our Company may process your personal data for any of the following reasons:
- To perform its contract with you,
- To perform compliance checks, such as verification of your identity, and helping to detect fraudulent or malicious activity on our website or services,
- To maintain our accounts and records,
- To manage our business needs, such as monitoring, analyzing, and improving the services and the Website’s performance and functionality,
- To comply with all applicable laws and regulations; and/or
For the purposes of safeguarding our legitimate interests and your interests and fundamental rights do not override those interests.
Data Retention
We will not retain your personal data for any longer than is necessary, considering the reason(s) for which it was initially collected in accordance with this Privacy Notice. To determine the appropriate retention period for your personal data, we consider the volume, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means. We also consider the applicable legal, regulatory, tax, accounting, and other requirements.
To comply with the applicable legal, regulatory, tax, and accounting requirements, we retain your personal data for a minimum period of 5 years from the date our business relationship is terminated. There may be instances where we need to retain your information for a longer period, such as to comply with regulatory or legal requirements, or for our legitimate business purposes, including responding to queries or complaints, combating fraud and financial crime, and addressing requests from regulators.
Upon the expiration of the personal data retention period, the personal data is securely erased through irreversible destruction. We also notify all third parties to whom the personal data was transferred regarding such erasure and request them to implement similar actions on their part.
Data Security
We safeguard your data by adhering to industry-standard data protection regulations. We classify data into categories (e.g. technical, personal, cookie) and employ relevant protective measures. Our secure computer systems have restricted access to prevent unauthorized entry, disclosure, alteration, or deletion of personal data.
We are unwavering in our commitment to consistently uphold the highest data security standards, ensuring the confidentiality, integrity, and availability of processed data. This involves conducting thorough risk assessments and implementing responsive measures to mitigate the risks of accidental or unlawful data destruction, loss, alteration, unauthorized access, or disclosure that might compromise data security. We allocate all necessary resources and mechanisms and proactively identify, detect, investigate, and address any security breaches or incidents, always with the aim of safeguarding the privacy rights of our patients.
Our staff undergo comprehensive training to comprehend their duty of confidentiality and their obligations regarding patient information security, both on our premises and in the community. Access to our systems containing patient information is granted to staff strictly on a need-to-know basis and only if they are authorized to do so. In any case, personnel are restricted to the specific type of information they are permitted to access.
Data Collections
Direct Interactions
You will provide to us your Identity, Contact and Financial Data online through the Website and/or by completing and filling online forms and/or by corresponding with us by emails or otherwise. Personal data is submitted to us when you register an Account with us.
We require to collect the above data in order to that we are able to (i) provide our services efficiently, (ii) to comply with our ongoing legal and regulatory obligations, including, inter alia, (a) to prevent fraud and money laundering acts and/or (b) conduct the assessment of suitability and appropriateness test.
If you fail to provide the data when requested we may not be able to perform the contract we have or trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel a Service you have with us but we will notify you if this is the case at the time.
It is important that the data we hold about you is accurate and current. Please keep us informed if your data changes during your relationship with us.
Automated Technologies or Interaction
When using our services, your device automatically transmits to us its technical characteristics. Locale (a set of parameters that determine regional settings of your interface, namely, residence country, time zone and the interface language) is used for the purpose of providing you with the best possible service within our platform.
Using the information about IP address, cookies files, information about browser and operating system used, the date and time of access to the site, and the requested pages addresses allows us to provide you with the optimal operation on our web application, mobile and/or desktop versions of our application and monitor your behavior for the purpose of improving the efficiency and usability of our Services.
We use web analytics tools to track performance of our website and marketing source of user by cookies in order to optimize our marketing costs and provide users with better experience.
You may at any time request that we refrain from any such transmissions (to the degree this is possible and subject to any of our legal obligations) by sending your request to the DPO using our details in the OUR CONTACT DETAILS below using the registered email address you disclosed and registered with us. We will address your request within 30 business days.
Cookies
A cookie is a small piece of data, often including a unique identifier, that is sent from a website’s computer to your computer or device browser and is stored on your device’s hard drive to track site usage. A website may send its own cookie to your browser if your browser’s preferences allow it. However, to protect your privacy, your browser only allows a website to access the cookies it has already sent to you, not the cookies sent by other websites. First-party cookies are those placed directly by us and are used exclusively by us. We use cookies to enhance and improve your experience on our website and to provide and enhance our products and Services. We have carefully selected these Cookies and have taken measures to ensure that your privacy and personal data are always protected and respected.
When you use our website, you may also receive certain third-party cookies on your computer or device. Third-party cookies are placed by websites, services, and/or parties other than us. For more details, please refer to the table below. All Cookies used on our website are in accordance with applicable legislation regarding the use of cookies.
Our website utilizes analytics services, which are a set of tools used to collect and analyze anonymous usage information, enabling us to gain a better understanding of how our Website is used. This, in turn, allows us to enhance our Website and the Services offered through it. While you are not obligated to allow us to use these cookies, their use poses no risk to your privacy or your secure use of our website. They enable us to continually improve our website, providing a better and more useful experience for you.
You will be prompted to provide cookie consent by acknowledging the privacy and cookie policies during the registration of your account. By giving your consent to the placement of Cookies, you enable us to offer you the best possible experience and service. If you wish, you may deny consent to the placement of Cookies; however, certain features of our Site may not function fully or as intended.
You can choose to delete cookies on your computer or device at any time, but you may lose any information that allows you to access our website more quickly and efficiently, including, but not limited to, login and personalization settings. It is recommended that you keep your internet browser and operating system up-to-date, and consult the help and guidance provided by the developer of your internet browser and the manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
You can instruct your browser to enable or disable cookies, refuse all cookies, or indicate when a cookie is being sent. Please note that by doing so, you may not be able to use all the provided functions of our website and/or Services in full.
We use the following cookies:
Strictly Necessary Cookies | These are cookies that are required for the operation of Our Site. They include, for example, cookies that enable you to log into secure areas of our website. |
Analytics and Performance Cookies | We use third party analytics providers, such as Google Analytics to collect information about the usage of our services and enable us to improve how these services work, for example, by ensuring that users are finding what they are looking for easily. |
Functionality Cookies | These are used to recognise you when you return to Our Site. This enables us to personalise our content for you and remember your preferences (for example, your choice of language or region). |
Targeting Cookies | We use third party targeting tools, such as LinkedIn Insights and ads tags. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. |
Your Rights
Under certain circumstances in accordance with GDPR and the applicable local legislation as amended from time to time you have rights, which we will always work to uphold. Some of the rights are rather complex and include exemptions, thus we strongly advise you to contact us (at the contact details listed in the section OUR CONTACT DETAILS below) and/or seek guidance from the regulatory authorities for a full explanation of these rights. You can find a summary of your rights below in this section:
Information
You have the right to be informed about how we collect and use your personal data. Feel free to contact us if you have any questions.
Access
You can request a copy of the personal data we hold about you after verifying your identity.
Rectification
If any of your personal data held by us is inaccurate or incomplete, you have the right to have it corrected.
Erasure
You can ask us to delete or dispose of your personal data, though legal requirements may sometimes prevent us from doing so
Restriction
You can request to prevent the processing of your personal data, though this might affect the services we can provide
Objection
You can object to the use of your personal data for specific purposes
Withdrawal of Consent
You can withdraw your consent for us to use your personal data if we rely on it as the legal basis
Data Portability
If you provided personal data to us directly, and we process it with your consent or for a contract, you can request a copy to use with another service or business.
Automated Decision-Making
We do not use your personal data for automated decision-making or profiling
Please note that these rights are not absolute, they are subject to exceptions and apply only under certain circumstances depending on the legal basis on which we rely in each case.
We will try to respond to all valid requests as soon as possible and within thirty (30) days or two additional months if the request is complicated or disproportionate.
Contact details
You can contact our data protection officer (DPO) for any further information or any questions regarding this Privacy Notice, either via email [email protected]
To enable us to process your request, please contact us using the registered email address you disclosed and registered with us. We may require that you provide us with proof of your identity, such as by providing us with a copy of a valid form of identification. This is to ensure that we appropriately protect the personal data we hold from unauthorized access requests and comply with our security obligations.
If you have any questions or want more details about how we use your data, you may contact us at the above contact details, and we will be happy to provide you with further details.
If following your request to us, we are unable to provide you with a satisfactory answer then you may lodge a complaint with the local data protection supervisory authority. The data protection supervisory authority in Cyprus is Commissioner for Data Protection P.O. Box 23378, 1682 Nicosia, Cyprus- www.dataprotection.gov.cy
We would however appreciate the chance to deal with your concerns before you approach the GRA, so please contact us in the first instance.