The purpose of the Privacy Notice is to inform you about the processing of information which may directly or indirectly identify you ("personal data", "data”), in hard copy and electronic form, carried out by Biopsy Diagnosis (CY) LTD ("we") in connection with the provision of our services. We act as the data controller of your personal data.
We process your personal data in accordance with the European General Data Protection Regulation 2016/679 ("GDPR") and the Cypriot Data Protection Law 25 (I) 2018.
We have implemented appropriate technical and organisational measures to ensure the appropriate level of security against the risks of data security breaches.
Personal Data we process
We process the following categories of your personal data where absolutely necessary:
- Identity information, full name, and date of birth
- Medical history provided by you or your referral doctor.
- Clinical findings
- Financial / payment information
Legal basis for processing
We process your personal data, after first ensuring that at least one of the legal bases of the GDPR applies. That is:
- When you wish to receive informational messages about our services based on your consent.
- When the processing is necessary for the purposes of the performance of the agreement for the provision of our services.
- When the processing is necessary for the purposes of complying with legal, regulatory, or other obligations.
- When the treatment is necessary in emergency situations in order to protect your vital interests.
- Processing is necessary for the purpose of pursuing our legitimate interests provided that your rights do not override those interests (e.g., for the safety of our patients, systems, and procedures).
Special category data processing
Special categories of data are also being processed, mainly related to health data (e.g., medical history, clinical findings, etc.). The processing of such data is carried out solely for the purposes of preventive or occupational medicine, medical diagnosis, provision of health care or treatment under European or Cypriot law or under contract with health professionals.
We may disclose your personal information to various categories of recipients, including the following, where this is permissible and necessary for our compliance with specific law or regulation or the performance of our obligations:
- External physicians
- External medical centres and/or laboratories
- Insurance companies
We may transfer some data to third countries outside the European Economic Area (“EEA") e.g., to private and / or NHS organizations located in the United Kingdom for diagnostic purposes only. In the case that any such transfer includes personal data, we will ensure that it is based on one of the necessary safeguards provided under the GDPR and the relevant provisions of the Cypriot Legislation 125 (I) 2018.
The retention period of your data will not exceed 15 years after the last entry in our archiving system. The retention period in each case will be determined by our legal obligations and the instructions of the Office of the Commissioner for Personal Data Protection which require the retention of data for a specific or minimum period.
- Right to be informed about the processing of your data and your data protection rights.
- Right to correct inaccurate or incomplete data.
- Right to delete your data, especially when the purpose of processing no longer exists, there is no legal basis for processing or when the processing is unlawful.
- Right to restrict processing, e.g., for the purpose of verifying the accuracy of the data.
- Right to object to processing, especially when we rely on our legitimate interests.
- Right to receive data (portability) in a structured, commonly used, and readable format and right to transfer to another controller (e.g., another doctor/medical centre).
- The right not to submit your personal data to automated decision making, including profiling.
- Right to withdraw consent in cases where the processing was based on consent.
- Right to file a complaint to the Office of the Commissioner for Personal Data Protection ( firstname.lastname@example.org ).
These rights are not absolute, they are subject to exceptions and apply only under certain circumstances depending on the legal basis on which we rely in each case.
We will attempt to respond to all valid requests as soon as possible and within thirty (30) days or in two additional months if the request is complex or disproportionate.
For more information you can contact us via email info @biopsydiagnosis.com or by phone 22343438.