Privacy Policy

We, at S. P. MAVROUDES CLINICAL LABORATORIES LTD, limited liability company with registration number HE 428026, registered office address at Aginoros 4B, 3026, Limassol, Cyprus, (“we” “us” or “our”) value your privacy and wish to ensure that your personal data is handled accordingly and correctly. This privacy policy (“Privacy Policy”) aims to assist you in understanding the reasons we need to collect and process your personal data, the limitation imposed on such collection and processing, your rights in respect thereof, as well as other information that may be of relevance or assistance to you.

1.    When we collect personal data

We collect personal data in the following instances and for the following groups of people: (a) when persons visit our premises and request our services; (b) when persons contact us through e-mail or by phone; (c) in respect of existing clients; (d) in respect of existing employees and (d) in respect of prospective employees. References in this Privacy Policy to “you”, “your” or “yours” should be construed as references to the foregoing persons. 

2.    What personal data we collect

Our processing of your personal data may include personal data (such as your name, surname, address, contact number etc) as well as sensitive data (such as health data, copy of your passport or ID, criminal record, social insurance number etc). Depending on the circumstances, we may collect data such as:

  • contact details, including data such as full name, phone number, e-mail address, postal address, date of birth and next of kin;

  • data relating to health, including data such as your health condition, medical records and details of patients, medical notes of our staff and other medical professionals;

  • health insurance data, including data in relation to your health insurance plans and insurance identification number;

  • employment details, including data related to employment, such as your previous title or position, your CV, previous employment experience, academic qualifications and skills, and criminal convictions (if any), social insurances number, and tax identification number; and/or

  • payment data, including data necessary to process and make payments.

3.    Data Usage

Depending on the circumstances, we use the personal data we collect for the following purposes:

  • to facilitate the provision of health services and the necessary medical attention, upon your request;

  • to contact you for matters relating to the provision of our services to you or for employment related matters or for any other permitted purposes;

  • for research purposes in relation to the development of new treatments;

  • to keep you up to date on the latest developments, announcements and other information;

  • to comply with our obligations under law and/or to defend our legal rights;

  • to be able to assess your request, whether for health or employment reasons or otherwise;

  • to perform our contractual obligations towards you, whether in our capacity as services provider or employer; and/or

  • to assess and evaluate the performance of our employees, provide equal opportunities and award them.

4.    Legal basis for processing

Depending on the circumstances, we process your personal data in reliance to one or more of the following legal bases:

  • to perform our obligations in accordance with any contract that we may have with you or in order to take steps to enter into a contract with you;

  • for actions where we obtain the consent of the relevant person for the particular processing purpose;

  • where processing is necessary in order for us to comply with a legal obligation to which we are subject to;

  • where the processing of data is necessary for the purposes of the legitimate interests pursued by us or a third party, except where such interests infringe the interests or fundamental rights and freedom of the individual who seeks protection of personal data;

  • in rare cases, where the processing of personal data may be necessary to protect your life or that of a third person;

  • processing is necessary for the purposes of carrying out our or your obligations and exercising our or your specific rights in the field of employment, social security and social protection law;

  • processing is necessary to protect your vital interests or those of another natural person where you are or that other person is physically or legally incapable of giving consent;

  • processing relates to personal data which are manifestly made public by you;

  • processing is necessary for the establishment, exercise or defence of legal claims;

  • where processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of an employee, medical diagnosis, the provision of health or treatment or the management of health systems and services pursuant to contract subject to the conditions and safeguards referred to in Article 9(3) of the GDPR; and/or

  • any other legal basis that may apply in accordance with applicable laws and regulations.

5.    Sharing data with third parties

We will not share or disclose your personal data to anyone unless we have obtained your prior consent or when you incapable of providing consent, the consent of your guardian. However, we reserve the right to disclose, communicate and share your personal data in the following instances:

  • where the disclosure is necessary to fulfil the purpose for which you have provided your personal data to us;

  • where we are required to make such disclosure in order to comply with applicable laws or if we are compelled to do so by a governmental agency, regulation, a court or other legal process. We may also disclose data if we believe disclosure is necessary to prevent or investigate a possible crime, such as fraud or identity theft or to protect our own rights or property, or to resolve any problems or inquiries or property, or to protect the rights, property or safety of others;

  • where we share your personal data with service providers we have engaged to perform services on our behalf, including  recruiting, credit card verification, storage fulfilment, disaster recovery and web-hosting service providers. We always request that our service providers protect your privacy in every possible manner and we prohibit them from using your personal data for their own marketing purposes or otherwise;

  • we reserve the right to transfer your personal data in the event of a merger, joint venture, acquisition, change of control, or other business combination. In such case, steps will be taken to ensure that your personal data will continue to be protected by this Privacy Policy; and/or

  • where the non-disclosure of data constitutes or poses a serious risk of damage to health or physical integrity or the life of a natural person or may have a serious impact on society as a whole.

Further to the above, when performing our obligations towards you, we may appoint data processors. We may appoint external data controllers where necessary to perform our obligations towards you, including auditors, accountants or other third party service providers. All parties that act as joint data controllers or as our data processors respect and protect the security, integrity and confidentiality of your personal data in accordance with applicable laws.

Indicatively we set out below a non-exhaustive list of third parties with whom we may (depending on the circumstances) share your personal data:

  • doctors, surgeons, physicians;

  • laboratories and/or other medical centres;

  • public and governmental authorities and institutions, including the Health Insurance Organisation, regulatory authorities, tax authorities;

  • banks and other financial services providers;

  • IT support services providers;

  • accountants;

  • auditors;

  • other data controllers engaged or otherwise connected with the provision by us to you of our services; and

  • insurance companies.

At all times, we shall disclose your personal data in accordance with what is stated in this Privacy Policy and applicable laws and regulations.

6.   Security

We take the appropriate technical and organisational measures to keep your personal data confidential and secure in accordance with our internal policies and procedures. Notwithstanding any measures we take to protect your persona data, we cannot guarantee that: (i) such security measures will prevent our computers from being accessed illegally, and (ii) the personal data will not be stolen, misused or altered.

7.   Data removal 

Your personal data will be retained in accordance with the appropriate retention period for each category of data and in strict compliance with applicable law. The length of such period is based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and business purposes.

In particular, where we collect your data to:

  • perform our contractual obligations towards you as a services provider, the retention period shall, subject to any further lawful processing (including a requirement to retain personal information for compliance with a legal requirement to which we are subject to), be at least six years from the date of our last interaction with you;

  • perform our contractual obligations towards you as an employer, the retention period of the personal information of the employees shall, subject to any further lawful processing (including a requirement to retain personal information for compliance with a legal requirement to which we are subject to), be for a period equal to the relevant limitation period of actionable claims prescribed under applicable law; and

  • evaluate your application to work with us, your personal data shall, subject to any further lawful processing (including your consent to us to retain such data, and/or requirement to retain personal data for compliance with a legal requirement to which we are subject to), be securely deleted or destroyed following an unsuccessful application for employment.

8.    Your rights

We want you to understand the control and rights you have over your data. Accordingly:

  • Right to access: you can request details of the personal data we hold about you and how we process it. In case that we do not hold and/or process any personal data that concerns you, we will inform you accordingly.

  • Right to rectification: you can request and obtain without undue delay the rectification of inaccurate personal data we hold on you. If you are entitled to rectification and if we have shared your personal data with others, we will let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we have shared your personal information with so that you can contact them directly.

  • Right to erasure: you can request the erasure of your personal data and we will be obliged to do so without undue delay. We will not be required to satisfy your foregoing request where if, inter alia, processing of your personal data is required for our compliance with a legal obligation that we are subject to and/or for the establishment, exercise or defence of legal claims.

  • Right to restriction: you can ask us to restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of that personal data. If you are entitled to restriction and if we have shared your personal data with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.

  • Right to lodge a complaint: you can lodge a complaint with the Office of the Data Protection Commissioner in case you are not satisfied with the manner we process your personal data.

  • Right to portability: you can ask us to provide you with your personal data in a structured, commonly used and machine readable format and to transmit, where technically feasible, such data to another controller without hindrance, where (i) processing is based on your consent or on the performance of a contract with you; and (ii) such processing is carried out by automated means.

  • Right to withdraw consent: if our legal basis for processing your personal data is that of consent, you can withdraw such consent at any time. If you choose to do so there may be potential consequences which we will tell you about at that time.

  • Right to object: if you believe your fundamental rights and freedoms outweigh our legitimate interests, you can object to any processing of your personal data that is carried out on the basis of our legitimate interests. Once you have objected, we will have the opportunity to demonstrate that we have compelling legitimate interests to continue processing your personal data which override your rights and freedoms.

9.    Information

To exercise any of the abovementioned rights, please contact us at 357 25374636 or email us at info@mavroudeslabs.com. In order to provide our services to you we may ask you to produce evidence to confirm your identity such as providing us with a valid identity card.  

 

Last update: September 2022