Privacy Statement
This Privacy Policy concerns the processing of your personal data by the State Health Services Organisation under the European General Data Protection Regulation (GDPR) and the Protection of Individuals against the Processing of Personal Data and Data Trafficking Law of the Republic of Cyprus (Law 125 (I) of 2018) as part of your browsing our website www.www.shso.org.cy (hereinafter, the website), or your communication with us via electronic mail, telephone, fax and social media (such as Facebook, Twitter, YouTube and Instagram).
If you would like more information on how we process personal data using cookies, social plugins and other forms of tracking technology please see our Cookies Policy
Who we are:
Your personal data is processed by the State Health Services Organisation established under the Law on the State Health Services Organisation of 2001 (Law 89 (I) / 2001), located at 1 Prodromou Street & 17 Cheilonos, 3rd Floor, 1449 Nicosia (hereinafter: “SHSO”, “we”, “us”, “us”) based on the current legislation on the protection of personal data of the European Union and the Republic of Cyprus. You can contact us by email at dpo@www.shso.org.cy.
Where reference is made to this Privacy Policy in laws or regulations, it is understood that any amendments to those laws or regulations are included.
We reserve the right to change and adapt this Privacy Policy on our own initiative. In this case, the changes and adjustments will be notified to you through our website at least two weeks before their implementation. Any further use of our website will be subject to the amended Privacy Policy.
Which of your personal data do we process?
When you use our website or social media, we process:
When you contact us by email, phone, fax or social media, we process:
We receive most of your personal information directly from you, but we may also receive additional information about your browsing preferences and behavior from partners such as Google. If you would like more information about your personal data being processed and made available to others by these third parties please review their respective privacy policies.
For what purposes do we process your personal data and under what legal basis is this done?
In the table below we explain the purposes for which we process your personal data and the legal basis on which we do so. We are based on the following legal bases:
Purpose
We process your personal data so that we can answer your questions and we can offer you the material or information you request or provide you with the services you request (Legal basis – Our legal interest).
We process your personal data:
We process your personal data to conduct statistical analyzes in order to improve our website, promotional information, our materials and services or to develop new materials and services (Legal basis-Our legal interest).
We process your personal data to protect our legitimate interests or to protect the legitimate interests of a third party in the event that your use of our website, our social networking pages or other communication channels may be considered:
To whom do we send your personal data?
We rely on third parties, for example, to be able to provide you with our website (such as a hosting provider). Your personal data may be processed by these third parties only on our behalf and only with our express written instruction. We also guarantee that all such third parties are duly selected and committed to maintaining the security and integrity of your personal data.
We may be legally obliged to share your personal data with competent law enforcement authorities or representatives, with judicial authorities, government agencies or bodies including competent data protection authorities in order to comply with this legal obligation.
Where do we process your personal data?
Your data is processed exclusively within the territory of the Republic of Cyprus.
What quality assurance standards do we comply with?
We make every effort to process only those personal data that are necessary to achieve the purposes set out in Article 3 above.
Your personal data shall be processed only for as long as is necessary to achieve the purposes set out in Article 3 above. We will anonymize your personal data when it is no longer necessary for the purposes described in Article 3 above unless:
What are your rights?
You have the right to request access to all personal data that we process and that concerns you. We reserve the right to charge a reasonable administrative fee for multiple successive access requests that are clearly submitted to cause us inconvenience or harm. Each request must specify for which processing activity you wish to exercise access and must specify which categories of data you wish to access.
You have the right to correct, that is, to request that any personal data concerning you that is inaccurate to be corrected at no charge. If you request a correction, your request must be accompanied by evidence of the erroneous nature of the data for which you are seeking correction.
You have the right to withdraw your prior consent to the processing of your personal data.
You have the right to delete, ie to request the personal data concerning you to be deleted if this data is no longer necessary in the light of the purposes set out in Article 3 above. However, you should note that the deletion request will be evaluated by us against:
You have the right to restrict instead of delete, ie to request that we restrict the processing of your personal data if:
You have the right to object to the processing of your personal data if:
However, if the intended processing is certified as direct marketing, you have the right to object to such processing free of charge and without justification.
You have the right to data portability, ie the right to receive from us in the form of a structured, widely used and computer-readable format all personal data that you have provided to us if the processing is based on your consent or in agreement with you under Article 3 above.
If you wish to exercise one or more of the rights listed above, you can contact the Organisation’s Data Protection Officer by emailing dpo@www.shso.org.cy. Such e-mail request will not be construed as consent to the processing of your personal data other than the processing required to manage your request. Such a request must meet the following conditions:
We will inform you in due time about the receipt of your request. If the request meets the above conditions and is verified as valid we will respond to this as soon as reasonably possible and no later than thirty (30) days after receipt of the request.
If you have any complaints regarding the processing of your personal data by us you can contact the Data Protection Officer of the Organisation by sending an e-mail to dpo@www.shso.org.cy. If you are not satisfied with our answer you can submit your complaint to the competent data protection authority.