Mother & Child Medical Center Limited (referred to hereafter as “Mother & Child Medical Center” or “we”) is committed to ensuring the privacy of our patients and website visitors. This policy explains what personal data we may collect about you when you interact with us and how we use it.
Who are we?
Pursuant to applicable data protection legislation, the European Union General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR Regulation”) and the legislation in force in Cyprus which governs the collection and processing of personal data, Mother & Child Medical Center is the “data controller” in relation to the processing of personal data held by us.
Your personal data
We will use your personal data for the reasons set out below. We will collect most of this directly during the registration and/or admission process but there may be sources of personal data collected indirectly as set out further down below. Under applicable data protection legislation, there are two categories of personal data:
Personal Data: This is data related to an identifiable person or data that can be used to identify a distinct individual. Examples of personal data we collect and process include names, email addresses, location, telephone numbers, ID numbers.
Sensitive Personal Data: Sometimes referred to as “Special Category Data”, this is data that is deemed to be more sensitive than the above personal data. For example, medical records, genetics, biometric data, medical examination results, diagnostic tests, medical records, medical history, names of doctors and relatives, details of previous contacts, details of treatments and required care, etc.
Where this policy states “your data/your personal data”, we are referring to Personal Data and Sensitive Personal Data unless otherwise stated.
How and when personal data is collected?
You directly provide us with most of the data we collect. We collect data and process data when you:
- voluntarily complete our admission form or any other form in the clinic.
- submit an enquiry via our website.
- communicate with us by phone or email.
- communicate with us to arrange appointments.
- attend appointments and as part of the consultation process.
- make payments to us or require a refund.
- visit Mother & Child Medical Center Limited as we may operate CCTV systems for security purposes.
We may also receive your data indirectly from the following sources:
- Your parents / guardians or related authorization to another.
- Your referring doctor.
- From your medical file where there are results of medical examinations, diagnostic results, data of medical care, medical reports, etc.
- Through third parties to whom we assume you have given your permission to share with us the information they hold about you, e.g. laboratories, diagnostic centres, insurance companies.
What personal data do we collect?
- Basic details about you, such as name, address, date of birth, ID/Passport number, referring doctors, phone numbers, email address, next of kin, payment details.
- Details about contacts we have had with you, such as clinic visits or clinic admission notes and reports about your health and any treatment and care you need.
- Details and records about the treatment and care you receive, results of investigations, such as x-rays, scans and laboratory tests, relevant information from other health professionals.
- Details of your interactions with us through our call centre, in clinic or online. For example, we may make note of conversations and maintain phone call logs.
How and why do we use your personal data?
We use your personal data for the following purposes:
- To provide to you the services requested, to fulfil our contractual obligations to you or to comply with the law.
- To be able to contact you when we need to inform you about test results, appointments, referrals or regarding your enquiry.
- To make sure we’re speaking to the right person – to help prevent and detect fraud.
- To take payment and process refunds.
- To provide customer service.
- To create your inpatient medical record.
- Compliance: for the implementation of our terms and conditions and for compliance with our legal obligations, as arising from applicable laws or our regulators.
The legal bases we rely on
Below we outline the bases under which we may process your personal data:
- To support the provision of your health or social care, to decide how best to provide treatment to you pursuant to Article 9 (2) (h) of the GDPR Regulation.
- When you or your legal guardian have given your/their consent
- When it is necessary to fulfil our contractual obligations.
- When it is necessary to protect your vital interests where the processing of your personal data is necessary to protect someone’s life.
- Where we are required by law or regulatory bodies to process your data.
- Where we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not significantly impact your rights or freedom.
How we protect your data
We take the security of your data seriously and take all appropriate steps to protect it from unauthorised access, loss and misuse. Access to any sensitive personal data we may collect (such as medical records) is further restricted.
How long do we keep your data?
We only keep your data for as long as is necessary to fulfil the purpose for which it was collected. At the end of the period, your data will either be deleted or anonymised so that it can be used in a non-identifiable way for statistical analysis which helps us make improvements to our service and business.
Who do we share your personal data with?
We may share your data with:
- Your treating doctor, other health professionals (e.g. laboratories and other medical service providers) when this is required in relation to your care.
- Other medical centers to the extent that this is necessary for the purposes of the treatment and care you need.
- Insurance companies.
- Health Insurance Organisation.
- Our legal and professional advisors.
- Any other individual or third party that you have explicitly requested us to do so.
What are your rights?
You have many rights relating to your personal data including:
- The right to access the personal data we hold about you.
- The right to request the correction of inaccurate data about you. If we hold inaccurate or out of date information about you, you can request that we change or update it.
- The right to request that we delete your data or stop processing it – in some instances such as where we no longer need it, we can delete your personal data.
- The right to object to processing by us of your personal data.
- The right to request that we transfer the personal data that we have collected to you or to another controller, under certain conditions.
- The right to withdraw your consent – Whenever you have given us your consent to use your personal data, you have the right (in certain circumstances) to withdraw that consent at any time.
Please note there may be instances where we refuse your request for any of the above where we have a strong overriding reason or are legally obliged to.
If you wish to exercise any of your rights, have a complaint or questions about this policy, please see the below sections for contact details of the Data Protection Officer.
We do not collect personal data relating to children under the age of 16. If you are a parent or guardian of a child under the age of 16 and think that we may have information relating to that child, please contact us. We will ask you to prove your relationship to the child but if you do so you may (subject to applicable law) request access to and deletion of that child’s personal data.
We do collect information on newborns at the Mother & Child Medical Center such as their birthweight, height, measurements and record any underlying conditions to assist us to execute our services to you.
If you have concerns about aspects of the way your data has been handled or used by us and are not satisfied with our response, you have the right to file a complaint to the Office of the Commissioner for Personal Data Protection.
Or write to:
Data Protection Officer
The Mother and Child Medical Center
9- 11 Penelopis Delta Str.
Nicosia 1076, Cyprus
This Policy was last updated on the 20th February 2021