The Hippocrateon Private Hospital is committed to protecting the privacy and security of your personal information. This Patient Privacy Notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Law on the Protection of Individuals with regards to the Processing of Personal Data and the Free Movement of such Data Act of 2018 (Law 125(I)/2018) and any other applicable data protection laws and regulations.

The Hippocrateon Private Hospital Limited is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to inform you regarding the information contained in this Privacy Notice.

What personal information do we collect about you?

  • Basic information, such as name, ID/Passport no, address, date of birth, next of kin, telephone number, email address.
  • Information about your health, such as medical history, previous hospital visits or admissions, medical reports and any clinical treatment undertaken.
  • Reports/Diagnoses, such as X-rays, scans, laboratory tests, other information from health professionals.
  • Information related to your health insurance, such as Insurance contract, Insurance coverage, etc.

Why do we collect your personal information?

  • To create your medical record
  • To inform you about your test results, appointments, etc.
  • To provide you with health care services, treatments, preventative medicine services, produce a medical diagnosis or contract with medical professionals.
  • For any payment execution


How do we collect your Personal information?

  • You personally by filling in forms, applications and accompanying documents.
  • Your representatives or legal guardians who are duly authorized by you to provide us with your personal data by filling out application forms and supporting documents.
  • Third persons who have informed you that your personal data may be transferred to third parties, including the Hospital, based on a contractual or other relationship we have with them.


How do we treat the Children's Personal Data (minors under 18)

  • We may collect personal data relating to children only on condition that we first obtain the consent of the parents or their legal guardian, unless otherwise permitted by the applicable law for the protection of personal data.
  • We may collect and process personal data about children from their parents or legal guardians in the framework of a contractual relationship and / or legal obligation of our Hospital.
  • For the purposes of this Privacy Policy, "children" are people under the age of eighteen (18).


Information is collected and used under the following lawful bases:

  • where we have consent by the data subject or legal guardian,
  • where it is necessary for the execution of a contract between us and the data subject,
  • where it is necessary for compliance with a legal obligation,
  • where processing is necessary to protect the vital interests of the data subject or of another person,
  • where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
  • where it is justified by our legitimate interests, of your legitimate interests or those of another person,
  • where processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of an employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of EU or Cyprus law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in Article 9 (3) of the GDPR.

Data Retention

Personal data is kept for as long as necessary with a minimum retention time of 15 years after the death of the subject and / or 15 years after the patient's last transaction with the Hospital under the Data Protection Commissioner's Dated 03/07/2018, based on Article 23 (1) (j), Law 138 (I) / 2001.

In some circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.


Your rights in connection with personal information.

Under certain circumstances, by law you have the right to:

  • Request access to your personal information
  • Request correction of the personal information that we hold about you
  • Request erasure of your personal information*
  • Object to processing of your personal information
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

*This only applies in certain circumstances. Based on GDPR Article 9(2)(h) and (3) relevant exceptions include processing data for:

1. medical diagnosis

2. the provision of health or social care

3. the management of health or social care systems or services.


If you want to review, verify, correct, or request erasure of your Personal Information, object to the processing of your Personal Data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer in writing at

c/o Christoforos Christoforou

Telephone: 99512278, This email address is being protected from spambots. You need JavaScript enabled to view it.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.

If you do not provide the required information, we may not be able to enter into a contractual relationship with you for the provision of any services, including medical services, as we will not be able to examine whether your request meets the relevant requirements.


For further information on the GDPR, your rights or to lodge a complaint, you can contact the office of the Commissioner for the Protection of Private Data at the following address:

Office of the Commissioner for the Protection of Private Data
1 Iasonos st.
1082 Nicosia Cyprus
Telephone number: +357 22818456
Fax number: +357 22304565                                                                                                         Email: