Privacy Policy

Statement on the Protection of Personal Data

This Privacy Policy governs the processing of your personal data by Polis Medical Centre based on the European General Data Protection Regulation (GDPR) and the Law on the Protection of Natural Persons Against the Processing of Personal Data and the Free Movement of Such Data of the Republic of Cyprus (Law 125(I) of 2018) as part of your navigation of our website www.polimedical.com.cy (hereinafter “the website”), or your communication with us via email, telephone, fax and social media (such as Facebook, Twitter, YouTube and Instagram).
If you would like more information on how we process personal data through the use of cookies, social plugins, and other tracking technologies, please refer to the Cookies Policy.

1. Who are we?

Your personal data are processed by Polis Medical Centre, established under the Private Hospitals (Establishment and Operation Control) Law of 2001 (Law 90(I)/2001), with registered offices at 13 Efesou Street, Polis Chrysochous, Paphos, 8820, Cyprus (hereinafter “Polis Medical Centre”, “we”, “us”, “our”), in accordance with the applicable legislation on the protection of personal data of the European Union and the Republic of Cyprus. You can contact us by email at: drdemetris@polimedical.com.cy.

Where this Privacy Policy refers to laws or regulations, such references include any amendments to those laws or regulations.
We reserve the right to change and adapt this Privacy Policy on our own initiative. In such a case, changes and adaptations will be communicated to you through our website at least two weeks prior to their entry into force. Any further use of our website will be subject to the amended Privacy Policy.

2. What personal data do we process?

When you use our website or social media, we process:

  • Technical information such as device information, IP address, browser type, geographical location, and operating system.

  • Browsing behaviour, such as the duration of your visit, the links you use, the pages you visit, and how frequently you do so.

When you contact us by email, telephone, fax, or social media, we process:

  • Identity details you provide, such as your first name, surname, gender, date of birth, age, preferences, and interests.

  • Contact details you provide, such as your email address, postal address, country, and fixed and mobile telephone numbers.

  • The content of your communication, such as your request or query.

  • Technical information about the communication, such as with whom you communicated, the date, and the time.

  • Publicly available information about you, such as details visible on your social media profile.

  • Any other personal data you provide to us.

We receive most of your personal data directly from you, but we may receive additional information about your preferences and browsing behaviour from our partners, such as Google. If you would like more information on the personal data processed and made available by these third parties, please consult their own privacy policies.

3. For what purposes do we process your personal data and on what legal basis?

In the table below we explain the purposes for which we process your personal data and the legal basis on which we do so. We rely on the following legal bases:

  • Our legitimate interest, such as the continuous improvement of our website, content, and services to ensure we provide you with the best possible experience; to keep them secure against misuse or illegal activity; to distribute, promote, and make them available to you.

Purpose
We process your personal data to respond to your enquiries and to provide you with the materials or information you request, or to provide the services you request (Legal basis – Our legitimate interest).

We process your personal data:

  • To comply with legal obligations to which we are subject, or

  • To comply with any reasonable request from competent law enforcement authorities or representatives, judicial authorities, governmental bodies or agencies, including competent data protection authorities, or

  • To transfer your personal data to the police or judicial authorities on our own initiative as evidence, or if we have reasonable suspicions of illegal activity or a crime committed by you through the use of our website, our social media pages, or other communication channels (Legal basis – Legal obligation).

We process your personal data to carry out statistical analyses in order to improve our website, promotional information, content, and services, or to develop new content and services (Legal basis – Our legitimate interest).

We process your personal data to protect our legitimate interests or the legitimate interests of a third party in cases where your use of our website, social media pages, or other communication channels could be considered:

  • A violation of the applicable terms of use of our website, intellectual property rights, or any of our rights or those of a third party, or

  • A risk or threat to the security or integrity of our website, social media pages, or our, our partners’ or any third party’s IT systems due to viruses, trojans, spyware, malware, or any other type of malicious code, or

  • In any way offensive, disgraceful, racist, defamatory, vengeful, harmful, discriminatory, or otherwise inappropriate or unlawful (Legal basis – Our legitimate interest).

4. To whom do we send your personal data?

We rely on third parties, for example, to provide our website (such as a hosting provider). These third parties are only permitted to process your personal data on our behalf and only upon our explicit written instructions. We also guarantee that all such third parties are selected with due diligence and are bound to maintain the security and integrity of your personal data.

We may be legally obliged to share your personal data with competent law enforcement authorities or representatives, judicial authorities, governmental bodies, or agencies, including competent data protection authorities, in order to comply with our legal obligation.

5. Where do we process your personal data?

Your data are processed exclusively within the territory of the Republic of Cyprus.

6. With which quality standards do we comply?

We make every effort to process only those personal data that are necessary to achieve the purposes set out in Article 3 above.

Your personal data are processed only for as long as necessary to achieve the purposes set out in Article 3 above. We will anonymise your personal data when they are no longer necessary for the purposes described in Article 3 above unless:

  • Polis Medical Centre or a third party has an overriding interest in retaining the identifiability of your personal data, or

  • There is a legal or regulatory obligation or judicial or administrative order preventing us from anonymising them.

We will take appropriate technical and organisational measures to ensure your personal data remain secure against unauthorised access or theft, as well as against accidental loss, alteration, or destruction. Access by our staff or third-party staff will be on a strictly “need-to-know” basis and subject to strict confidentiality obligations. You understand, of course, that security and protection are obligations to which best efforts are applied but cannot ever be absolutely guaranteed.

7. What are your rights?

You have the right to request access to all personal data that we process and that relate to you. We reserve the right to charge a reasonable administrative fee for multiple successive access requests clearly made with the intent to cause inconvenience or harm. Each request must specify for which processing activity you wish to exercise your right of access and must identify the categories of data you wish to access.

You have the right to rectification, i.e., to request that any personal data relating to you that are inaccurate be corrected free of charge. If you submit a rectification request, it must be accompanied by evidence of the incorrect nature of the data for which you seek correction.

You have the right to withdraw your previously given consent for the processing of your personal data.

You have the right to erasure, i.e., to request that personal data relating to you be deleted if those data are no longer necessary in light of the purposes set out in Article 3 above. However, please note that a request for erasure will be assessed by us against:

  • Our own interests and the interests of third parties, which may override your interests, or

  • Legal or regulatory obligations, or administrative or judicial orders that may oppose such erasure.

You have the right to restriction instead of erasure, i.e., to request that we restrict the processing of your personal data if:

  • We are verifying the accuracy of your personal data, or

  • The processing is unlawful, and you oppose the erasure of your personal data, or

  • You need your personal data to establish, exercise, or defend a legal claim while we no longer need your personal data for the purposes set out in Article 3 above, or

  • We are verifying whether our legitimate interests override yours if you exercise your right to object under Article 7.6.

You have the right to object to the processing of your personal data if:

  • The processing is based on our legitimate interest under Article 3 above, and

  • You can demonstrate that there are compelling legitimate grounds relating to your particular situation that justify such objection, and

  • Our legitimate interests do not override yours.

However, if the intended processing qualifies as direct marketing, you have the right to object to such processing free of charge and without providing justification.

You have the right to data portability, i.e., the right to receive from us in a structured, commonly used, and machine-readable format all the personal data you have provided to us if the processing is based on your consent or on a contract with you under Article 3 above.

If you wish to submit a request to exercise one or more of the above rights, you may contact the Organisation’s Data Protection Officer by sending an email to drdemetris@polimedical.com.cy. Such an email request will not be interpreted as consent for the processing of your personal data beyond what is required for the management of your request.

Such a request must meet the following conditions:

  • Clearly state which right you wish to exercise, and

  • Clearly state the reasons for exercising your right if required, and

  • Be dated and signed, and

  • Be accompanied by a digitally scanned copy of your identity card proving your identity. If you use the contact form, we may ask for signed confirmation and proof of identity.

We will notify you promptly of the receipt of your request. If the request meets the above requirements and is verified as valid, we will respond as soon as reasonably possible and no later than thirty (30) days after receiving the request.

If you have any complaint regarding the processing of your personal data by us, you may at any time contact the Organisation’s Data Protection Officer by email at drdemetris@polimedical.com.cy. If you are not satisfied with our response, you may lodge your complaint with the competent data protection authority.