Ambulances/ Emergency Ambulances/ Emergency A&E menu-btn

Privacy Policy

Privacy Statement

This Privacy Policy concerns the processing of your personal data by the State Health Services Organisation under the European General Data Protection Regulation (GDPR) and the Protection of Individuals against the Processing of Personal Data and Data Trafficking Law of the Republic of Cyprus (Law 125 (I) of 2018) as part of your browsing our website www.shso.org.cy (hereinafter, the website), or your communication with us via electronic mail, telephone, fax and social media (such as Facebook, Twitter, YouTube and Instagram).

If you would like more information on how we process personal data using cookies, social plugins and other forms of tracking technology please see our Cookies Policy

Who we are:

Your personal data is processed by the State Health Services Organisation established under the Law on the State Health Services Organisation of 2001 (Law 89 (I) / 2001), located at 1 Prodromou Street & 17 Cheilonos, 3rd Floor, 1449 Nicosia (hereinafter: “SHSO”, “we”, “us”, “us”) based on the current legislation on the protection of personal data of the European Union and the Republic of Cyprus. You can contact us by email at dpo@shso.org.cy.

Where reference is made to this Privacy Policy in laws or regulations, it is understood that any amendments to those laws or regulations are included.

We reserve the right to change and adapt this Privacy Policy on our own initiative. In this case, the changes and adjustments will be notified to you through our website at least two weeks before their implementation. Any further use of our website will be subject to the amended Privacy Policy.

Which of your personal data do we process?

When you use our website or social media, we process:

  • Technical information such as device information, IP address, browser type, geographical location, and your operating system.
  • The browsing behavior, such as the duration of your visit, the links you use and the pages you visit and the frequency with which you do so.

When you contact us by email, phone, fax or social media, we process:

  • The IDs you provide to us such as your first name, last name, gender, date of birth, age, preferences and interests.
  • The contact details you provide to us, such as your email address, your mailing address, your country and your landline and mobile phone numbers.
  • The content of the communication such as your request or question.
  • The technical information for the communication such as which of us you are communicating with, the date and time of the communication.
  • Information that is publicly available about you, such as information that is publicly available on your social media profile.
  • Any other personal data you provide to us.

We receive most of your personal information directly from you, but we may also receive additional information about your browsing preferences and behavior from partners such as Google. If you would like more information about your personal data being processed and made available to others by these third parties please review their respective privacy policies.

For what purposes do we process your personal data and under what legal basis is this done?

In the table below we explain the purposes for which we process your personal data and the legal basis on which we do so. We are based on the following legal bases:

  • Our legitimate interest, such as the continuous improvement of our website, materials and services to ensure that we offer you the best possible experience, to keep them safe from any abuse or illegal activity, to spread them and to promote them and make them available to you.

Purpose

We process your personal data so that we can answer your questions and we can offer you the material or information you request or provide you with the services you request (Legal basis – Our legal interest).

We process your personal data:

  • For purposes of compliance with legal obligations with which we must comply, or
  • For the purposes of complying with any reasonable request by the competent law enforcement authorities or their representatives, judicial authorities, governmental bodies or bodies, including the competent data protection authorities, or
  • To transfer your personal information to the police or judicial authorities on our own initiative as evidence or if we have a reasonable suspicion of an illegal act or crime committed by you through the use of our website, our social networking pages or other communication channels (Legal obligation).

We process your personal data to conduct statistical analyzes in order to improve our website, promotional information, our materials and services or to develop new materials and services (Legal basis-Our legal interest).

We process your personal data to protect our legitimate interests or to protect the legitimate interests of a third party in the event that your use of our website, our social networking pages or other communication channels may be considered:

  • In breach of the applicable terms of use of our website or copyright or any other rights of ours or third party rights, or
  • As a risk or threat to the security or integrity of our website, our social networking sites, or any of our own, our selected partners or third parties, computer systems due to viruses, Trojans, spyware, malware or any other form of malicious code, or
  • In any way as abhorrent, shameful, racist, slanderous, vindictive, harmful, discriminatory or in any other way indecent or illegal (Legal basis-Our legitimate interest).

To whom do we send your personal data?

We rely on third parties, for example, to be able to provide you with our website (such as a hosting provider). Your personal data may be processed by these third parties only on our behalf and only with our express written instruction. We also guarantee that all such third parties are duly selected and committed to maintaining the security and integrity of your personal data.

We may be legally obliged to share your personal data with competent law enforcement authorities or representatives, with judicial authorities, government agencies or bodies including competent data protection authorities in order to comply with this legal obligation.

Where do we process your personal data?

Your data is processed exclusively within the territory of the Republic of Cyprus.

What quality assurance standards do we comply with?

We make every effort to process only those personal data that are necessary to achieve the purposes set out in Article 3 above.

Your personal data shall be processed only for as long as is necessary to achieve the purposes set out in Article 3 above. We will anonymize your personal data when it is no longer necessary for the purposes described in Article 3 above unless:

  • Overriding SHSO interest or any other third party regarding the retention of the identity of your personal data, or legal or regulatory obligation or court or administrative decree that does not allow us to anonymize them.
  • We will take appropriate technical and organisational measures to ensure that your personal data is protected from any unauthorised access or theft as well as from any accidental loss, alteration or destruction. Access by our staff or third party staff will only be based on the principle of “need of knowledge” and will be subject to strict confidentiality obligations. You certainly understand that security and protection are obligations for which the best possible efforts are made, but we can never guarantee them completely.

What are your rights?

You have the right to request access to all personal data that we process and that concerns you. We reserve the right to charge a reasonable administrative fee for multiple successive access requests that are clearly submitted to cause us inconvenience or harm. Each request must specify for which processing activity you wish to exercise access and must specify which categories of data you wish to access.

You have the right to correct, that is, to request that any personal data concerning you that is inaccurate to be corrected at no charge. If you request a correction, your request must be accompanied by evidence of the erroneous nature of the data for which you are seeking correction.

You have the right to withdraw your prior consent to the processing of your personal data.

You have the right to delete, ie to request the personal data concerning you to be deleted if this data is no longer necessary in the light of the purposes set out in Article 3 above. However, you should note that the deletion request will be evaluated by us against:

  • Our own interests and the interests of third parties which may take precedence over your own interests, or
  • Legal or regulatory obligations or administrative or judicial decrees that may oppose such deletion.

You have the right to restrict instead of delete, ie to request that we restrict the processing of your personal data if:

  • We verify the accuracy of your personal data, or
  • Editing is illegal and you are opposed to deleting your personal data, or
  • You need your personal data to substantiate, exercise or defend a legal claim while we no longer need your personal data for the purposes set out in Article 3 above, or
  • We verify that our legitimate interests take precedence over yours if you exercise your right of objection in accordance with Article 7.6.

You have the right to object to the processing of your personal data if:

  • The processing is based on our legal interest under Article 3 above, and
  • You can prove that there are serious and well-founded reasons in your particular situation that justify such an objection, and
  • Our legitimate interests do not outweigh your own.

However, if the intended processing is certified as direct marketing, you have the right to object to such processing free of charge and without justification.

You have the right to data portability, ie the right to receive from us in the form of a structured, widely used and computer-readable format all personal data that you have provided to us if the processing is based on your consent or in agreement with you under Article 3 above.

If you wish to exercise one or more of the rights listed above, you can contact the Organisation’s Data Protection Officer by emailing dpo@shso.org.cy. Such e-mail request will not be construed as consent to the processing of your personal data other than the processing required to manage your request. Such a request must meet the following conditions:

  • Clearly state which right you wish to exercise, and
  • Clearly state the reasons for exercising your right if required, and
  • Your request must be dated and signed, and
  • Your request must be accompanied by a digitally scanned copy of your ID proving your identity. If you use the contact form we may ask for a signed confirmation and proof of identity.

We will inform you in due time about the receipt of your request. If the request meets the above conditions and is verified as valid we will respond to this as soon as reasonably possible and no later than thirty (30) days after receipt of the request.

If you have any complaints regarding the processing of your personal data by us you can contact the Data Protection Officer of the Organisation by sending an e-mail to dpo@shso.org.cy. If you are not satisfied with our answer you can submit your complaint to the competent data protection authority.