This Privacy Notice explains how the AIMIS Healthcare Group collects and processes data, whether on individuals (including personal data in respect of individuals who are clients, intermediaries or other third parties that AIMIS Healthcare Group interacts with, or any individual who is connected to those parties) or otherwise. Where the data held are on individuals, this document also sets out the rights of those individuals in respect of that personal data. This privacy notice is part of our commitment to ensure that we process any individuals’ personal data in accordance with the applicable laws.
This Privacy Notice has been prepared in accordance with the provisions of the EU General Data Protection Regulation (“GDPR”).
Any questions relating to this Privacy Notice or requests in respect of personal data should be directed to - Mr. Achilleas Trichias our Data Protection Officer (DPO) at [email protected].
WHO WE ARE
AIMIS Healthcare Group is a healthcare provider, offering elite medical services to patients globally. Operating from Cyprus, Europe, AIMIS Healthcare Group accommodates patients from all corners of the world, at its state-of-the-art facilities, offering an incomparable patient experience. The Group consists of AIMIS Spine, AIMIS Robotics, AIMIS Clinics, AIMIS Labs and AIMIS Diagnostics, bringing together the best International and American medical professionals, who utilize the most innovative medical technology available to date. Our vision is to offer and transfer world class US surgical advancements and technologies in minimally invasive surgery and related treatments to the world. After treating patients from 69 different countries worldwide, our “Medical Centre of Excellence” is fully equipped for all of your medical needs – second to none!
AIMIS Healthcare Group recognises the importance of protecting personal data and confidential information. AIMIS Healthcare Group strives to protect personal data and apply high standards of conduct when it comes to privacy issues. It ensures that its employees are provided with the appropriate training in order to handle personal data promptly and in accordance with the applicable laws.
WHO IS THE DATA CONTROLLER
The Data Controller responsible for keeping your personal data confidential and secure is AIMIS Healthcare Group (the “Data Controller”). The contact information of the Data Controller is as follows:
AIMIS Healthcare Group
Address: Theodorou Potamianou 50, Kato Polemidia 4155, Limassol, Cyprus.
Tel: +357 25 864000
Fax: +357 25 320370
Email: [email protected]
Contact: Mr. Achilleas Trichias
THE KIND OF INFORMATION WE COLLECT ABOUT YOU
AIMIS Healthcare Group collects and processes data in the context of providing healthcare services to its clients/patients. The categories of data it may collect and process, according to the particulars of each case, include:
- Contact details (including names, postal addresses, email addresses and telephone numbers);
- Personal Information (including date of birth, health history information for you and your family, details about your treatment, medicines you take and care, careers, legal representatives, insurers, emergency contact details);
- Details of medical, lab and imaging records of treatments and care (including notes and reports about the individual’s health);
- Tests and results from investigations (including x-rays and other images, blood tests, laboratory tests etc.);
- Information from people who care for you and know about you (i.e. relatives and health professionals);
- Any additional information that can be required in the course the provision of our health services;
- Bank and account details;
- Information obtained through internet and telephone contact;
- Insurance information and policies
- Other personal and financial information obtained for Credit Worthiness.
Important notice on Special Category Data (Sensitive Information)
The personal data that AIMIS Healthcare Group processes include "Special Category Data" (which includes information on a person's race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data processed for the purpose of uniquely identifying a natural person, health data, disabilities, allergies, heath conditions, data on a person's sex life or sexual orientation or data relating to a person's criminal record or alleged criminal activity).
WHY DO WE NEED YOUR PERSONAL INFORMATION AND HOW WE USE IT
AIMIS Healthcare Group ensures that the data collected and processed is relevant to one or more processing activities and that AIMIS Healthcare Group does not collect or process more or less data than what is reasonably required for achieving the purpose of each processing activity. Furthermore, for each purpose of processing, there is always at least one lawful basis to secure that the rights of individuals are safeguarded by all means. The purposes of processing and the lawful basis of each processing activity are the following:
- To take informed decisions about your healthcare and to ensure that your treatment is safe and effective;
- To work effectively with other medical providers, organisations and doctors who may be involved in your care;
- To review the care provided in order to ensure it is of the highest possible standard;
- To improve individual care and diagnosis;
- To develop and offer suitable new treatments and methods;
- To enter into client relationship and for offering the healthcare services of AIMIS Healthcare Group;
- To follow up on patient’s post-op comments and deal with enquiries and complaints;
- To promote, improve and expand the provision of AIMIS Healthcare Group’s services;
Lawful Basis of Processing (in relation to points 1-9)
In cases where an individual has been provided with this Privacy Notice and provides personal data thereafter, the processing may be carried out on the basis of consent (including explicit consent).
Consent may be withdrawn at any time by writing to [email protected].
It is in the legitimate interests of AIMIS Healthcare Group as a provider of services in the healthcare sector to collect and process certain personal data, sensitive or otherwise in the context of providing those services.
The processing is necessary for AIMIS Healthcare Group to be able to offer any healthcare services and to perform and fulfil the contract/arrangement with the individual for the provision of the relevant healthcare services.
- For marketing purposes including sending updates on important developments and news about AIMIS Healthcare Group’s work and invitations to educational seminars and/or events;
Lawful Basis of Processing: In cases where an individual has been provided with this Privacy Notice and provides personal data thereafter, the processing may be carried out on the basis of consent (including explicit consent).
Consent may be withdrawn at any time by writing to [email protected] or by unsubscribing by following the appropriate procedure which can be found in the relevant marketing material (e.g. by selecting the “unsubscribe” option in the email sent to you)
It is in the legitimate interests of AIMIS Healthcare Group as a provider of healthcare services to process personal data to communicate with persons on topics and events which may be of interest to those individuals.
- To ensure the security of AIMIS Healthcare Group’s systems, staff and premises (including the use of CCTV equipment in the public areas of the premises);
Lawful Basis of Processing: It is in the legitimate interests of AIMIS Healthcare Group to protect its business environment, staff and premises from being misused or victimized in any way and to ensure that business operations run smoothly without unauthorized interruption
By entering AIMIS Healthcare Group’s premises, any individual automatically consents to the use of CCTV for monitoring purposes and to abide by the internal health and safety procedures of AIMIS Healthcare Group.
- For the purposes of internal know-how and training of healthcare professionals, to prepare statistics and for research purposes;
Lawful Basis of Processing: It is in the legitimate interests of AIMIS Healthcare Group as a provider of healthcare services to process data for internal know how and staff training.
- Any other purpose(s) which has been agreed by or notified to you.
AIMIS Healthcare Group shall not carry out any automated decision-making activities, including profiling, using your personal information.
For further information on the use and storage of your data, please visit the AIMIS Healthcare Group Data Protection Policy at www.aimis.com
WHO RECEIVES YOUR PERSONAL DATA
Reasonable endeavours are taken to ensure that the personal data is only accessible by those with a need for access to fulfil the purposes set out above. Requests for access to be restricted in any particular manner should be made to [email protected] and will be considered and, where possible with reference to legal and regulatory obligations, actioned.
- Employees of AIMIS Healthcare Group who are acquainted with the GDPR have signed the AIMIS Healthcare Group Confidentiality and Non-Disclosure Statements;
- Other healthcare providers in the private and public sector as may be required (including any hospitals, clinics, doctors or institutions providing healthcare services in relation to any matter on which AIMIS Healthcare Group is instructed) where disclosure to that provider of services is considered necessary to fulfil the purposes set out above;
- Any sub-contractors, agents or service providers of AIMIS Healthcare Group;
- Public and private organizations (including local authorities, insurers);
- Independent Subcontractors (including dentists, opticians, pharmacists);
- Third parties with whom AIMIS Healthcare Group engages for the hosting of events or other marketing initiatives, educational seminars and research purposes;
- Law enforcement agencies where considered necessary for AIMIS Healthcare Group to fulfil legal obligations applicable to it;
- Regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material;
Unless expressly declared in this Privacy Notice or with the prior consent of the individual, personal data collected from an individual will not be disclosed to any third party other than the above-named parties.
Where AIMIS Healthcare Group is entering into an engagement with a third party pursuant to which data may be processed by that third party, AIMIS Healthcare Group will seek to enter into an agreement with that third party setting out the respective obligations of each party and it will seek to be reasonably satisfied that the third party has measures in place equal to those of AIMIS Healthcare Group to protect data against unauthorised or accidental use, access, disclosure, damage, loss or destruction.
Transfer of Data to Third Countries
In the event that any such third party is outside of the European Union and where the data being transferred would include personal data which would be protected under applicable Data Protection regulation AIMIS Healthcare Group will ensure that it meets the relevant requirements of that Data Protection regulation prior to carrying out any such transfer. This may include only transferring the data where AIMIS Healthcare Group is satisfied that:
- the non-European Union country has Data Protection laws similar to the laws in the European Union;
- the recipient has agreed through contract to protect the information in the same Data Protection standards as the European Union;
- we have obtained consent from relevant data subjects to the transfer;
- if transferred to the United States of America, the transfer will be to organizations that are part of the Privacy Shield;
- the individual or institution to where the personal data is transferred, is part of the medical evaluation process & possible treatment of the patient
WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
Data subjects in the European Union (or any jurisdiction with equivalent legislation to the European Union General Data Protection Regulation) have certain rights in respect of their personal data (including the right to be informed, the right of access, the right of rectification, the right to erasure - also known as “the right to be forgotten”, the right to restrict processing, the right to data portability, the right to object and the right to withdraw your consent).
Any such individual wishing to exercise any rights under applicable data protection laws should send the request in the first instance to [email protected].
In response to such requests, AIMIS Healthcare Group reserves the right to require the individual making the request to provide certain details about himself/herself so that AIMIS Healthcare Group can validate that the individual is indeed the person whom the data refers to. AIMIS Healthcare Group will be required to respond to the request of the individual within 40 days and it will endeavour to do so wherever possible.
In any case in which a data subject chooses not to provide any personal data, or where any of the rights set out above are exercised to limit the processing of personal data, AIMIS Healthcare Group may be unable to provide relevant services, or there may be restrictions on the services which can be provided.
USE OF PERSONAL DATA IN LEGAL PROCEEDINGS
If it becomes necessary that AIMIS Healthcare Group has to take action against you for any reason whatsoever, including but not limited to recovering from you any money you may owe to AIMIS Healthcare Group, you expressly agree that the personal data provided by you can be relied upon in identifying and taking legal action against you.
AIMIS Healthcare Group retains personal data in accordance with the Data Retention Policy. Any personal data provided to aimis Healthcare Group is retained according to AIMIS Healthcare Group’s ISO procedure 002, Clause 4.2.4 – Control of Records - to fulfil the purposes for which the data was collected. After the fulfilment of the purposes for which the personal data was collected, such data will be destroyed, and a Destruction Certificate will be retained in AIMIS Healthcare Group records, unless destruction is prohibited for legal, regulatory or technical reasons.
Any requests for further information in relation to the continued processing of specific data and requests for destruction of data should be made to [email protected].
For further information on the retention and destruction processes of the Firm, please visit AIMIS Healthcare Group Data Retention Policy at www.aimis.com
According to ISO Accreditations.
CHANGES TO THIS PRIVACY NOTICE
AIMIS Healthcare Group keeps this Privacy Notice under review in order to ensure that it is in line with any changes to the laws relating to privacy and personal data. Any updates will appear on AIMIS Healthcare Group website at www.aimis.com
This Privacy Notice was last updated on 26th August 2020.
AIMIS Healthcare Group has a Data Protection Officer and all enquiries in respect of this Privacy Notice or any requests to exercise any of the rights set out above should be directed to the Data Protection Officer via email at [email protected] or by post at:
Mr. Achilleas Trichias
Theodorou Potamianou 50, Kato Polemidia 4155, Limassol – Cyprus.
RIGHT TO LODGE A COMPLAINT WITH THE COMMISSIONER’S OFFICE.
If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Office of the Commissioner for Personal Data Protection, at:
1 Iasonos Str., 1082 Nicosia,
P.O. Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565
Email: [email protected]
WITHDRAWAL OF CONSENT
If you wish to withdraw your consent to the processing of your personal data please let us know in writing by sending a letter to the address of:
AIMIS Healthcare Group
Theodorou Potamianou 50,
Polemidia 4155, Limassol – Cyprus,
or [email protected]. Please note that if you withdraw your consent, we may not be able to provide our health services to you.
I have read the contents of this form which has been provided to me by AIMIS Healthcare Group and I consent to the collection and processing of the persona data described above for the purpose of providing health services.
……………………………………………….. …../…../….. Signature of Proposer Date
I wish to be informed of the services, products or plans offered by AIMIS Healthcare Group from tie to time. For this purpose, I consent to the processing of my personal data by AIMIS Healthcare Group for the purpose of sending such information and communications.
……………………………………………….. …../…../….. Signature of Proposer Date