The Hippocrateon Private Hospital is committed to protecting the privacy and security of your personal information. This Patient Privacy Notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Law on the Protection of Individuals with regards to the Processing of Personal Data and the Free Movement of such Data Act of 2018 (Law 125(I)/2018) and any other applicable data protection laws and regulations.
The Hippocrateon Private Hospital Limited is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to inform you regarding the information contained in this Privacy Notice.
What personal information do we collect about you?
Why do we collect your personal information?
How do we collect your Personal information?
How do we treat the Children's Personal Data (minors under 18)
Information is collected and used under the following lawful bases:
Personal data is kept for as long as necessary with a minimum retention time of 15 years after the death of the subject and / or 15 years after the patient's last transaction with the Hospital under the Data Protection Commissioner's Dated 03/07/2018, based on Article 23 (1) (j), Law 138 (I) / 2001.
In some circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Your rights in connection with personal information.
Under certain circumstances, by law you have the right to:
*This only applies in certain circumstances. Based on GDPR Article 9(2)(h) and (3) relevant exceptions include processing data for:
1. medical diagnosis
2. the provision of health or social care
3. the management of health or social care systems or services.
If you want to review, verify, correct, or request erasure of your Personal Information, object to the processing of your Personal Data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer in writing at
c/o Christoforos Christoforou
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.
If you do not provide the required information, we may not be able to enter into a contractual relationship with you for the provision of any services, including medical services, as we will not be able to examine whether your request meets the relevant requirements.
For further information on the GDPR, your rights or to lodge a complaint, you can contact the office of the Commissioner for the Protection of Private Data at the following address:
Office of the Commissioner for the Protection of Private Data
1 Iasonos st.
1082 Nicosia Cyprus
Telephone number: +357 22818456
Fax number: +357 22304565 Email: commissionerdataprotection.gov.cy