PHEXMED (website url address: https://phexmed.com/) appreciates your business and trust. PHEXMED Is committed to protecting your privacy and legal rights when handling your personal information.
Our Privacy Notice intends to provide clear information regarding the data we collect and you or anyone you have provided information about e.g. your dependants, how we use and protect it.
EU GDPR – General Data Protection Regulation requires that data controllers provide certain information to persons whose information (personal data) they hold and use.
Also, we provide information regarding your rights that relate to the data we process.
Where you have any queries regarding our Privacy Notice, please contact us via: [email protected]
Privacy Notice Definitions
- ‘we’ ‘our’ ‘us’ ‘Company’ is a direct reference to PHEXMED.
- ‘Services’ means physiotherapists care related services provided by us.
- GDPR means EU General Data Protection Regulations, which came into being on 25th May 2018.
- Data Controller, Data Subject and Personal Data have the meaning given to them in GDPR.
All personal data you supply will be controlled by Giorgos A. Stylianou Center of Physiotherapy Ltd.
Giorgos A. Stylianou Center of Physiotherapy Ltd complies with the EU General Data Protection Regulation (GDPR).
The Data Controller is Giorgos A. Stylianou Center of Physiotherapy Ltd.
Giorgos A. Stylianou Center of Physiotherapy Ltd will not transfer your data outside the European Economic Area.
This Privacy Notice applies to any person who enquiries about, uses or purchases our service.
2. DATA COLLECTED
DATA STORAGE LOCATION
GDPR Regulation insists that appropriate technical procedures are taken to prevent unlawful access or processing of personal data.
The level of technical safeguarding of data should be appropriate to the nature/content of data in questions.
Standard personal information includes, however not limited to:
- Name and address
- Email address
- Telephone number
- Date of birth
Personal information relating to health may include test results and communications from other medical professionals which relates to your current and past medical care.
By using the Site, you agree to the collection and use of information in accordance with this policy. We may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally, identifiable information may include, however is not limited to your name (“Personal Information”).
If you register on our website, we store your chosen username and your email address and any additional personal information added to your user profile. You can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit this information.
Linked to Regulation 2016/679, the General Data Protection Regulation.
Consent remains one of six lawful bases to process personal data per Article 6 GDPR.
When initiating activities that involve processing of personal data, a Data Controller must always take time to consider what would be the appropriate lawful ground for the processing.
Consent can only be an appropriate lawful basis if a data subject is offered control and is offered a genuine choice with regard to accepting or declining the terms offered or declining them without detriment.
When asking for consent a Data Controller has the duty to assess whether it will meet all the requirements to obtain valid consent.
Article 4(11) of GDPR defines consent as: ‘any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement of by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
RIGHT TO ERASE/REMOVE
You have the right to request removal of personal information.
We will consider all said requests in conjunction with the legal requirement to retain information relating to your healthcare provided by us. Where we determine, we cannot delete data, you still have the right to request restriction on processing of your personal data.
WHERE WE SEND YOUR DATA
Visitor comments may be checked through an automated spam detection service.
3. EMBEDDED CONTENT
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We provide you with the choice to accept this or not, we prompt consent boxes for all embedded content, and no data is transferred before you consented to it.
The checkboxes below show you all embeds you have consented to so far. You can opt-out any time by un-checking them and clicking the update button.
Where you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Where you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
5. WHO HAS ACCESS TO YOUR DATA
If you are not a registered client for our site, there is no personal information we can retain or view regarding yourself.
If you are a client with a registered account, your personal information can be accessed by:
- Our system administrators.
- Our supporters when they (in order to provide support) need to get the information about the client accounts and access.
6. THIRD PARTY ACCESS TO YOUR DATA
We don’t share your data with third-parties in a way as to reveal any of your personal information like email, name, etc.
7. HOW LONG WE RETAIN YOUR DATA
When you submit a request, and appointment or a comment, its metadata is retained until (if) you tell us to remove it. We use this data so that we can recognize you and approve your appointments or comments automatically instead of holding them for moderation.
If you register on our website, we also store the personal information you provide in your user profile. You can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit that information.
8. SECURITY MEASURES
We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personal identifiable information is not captured/hijacked by third parties without authorization.
In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.
The security of your Personal Information is important to us but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
9. YOUR DATA RIGHTS
If you have a registered account on this website or have left comments, you can request an exported file of the personal data we retain, including any additional data you have provided to us.
You can also request that we erase any of the personal data we have stored. This does not include any data we are obliged to keep for administrative, legal, or security purposes. In short, we cannot erase data that is vital to you being an active customer (i.e. basic account information like an email address).
This does not include any data we are obliged to keep for administrative, legal, or security purposes.
If you wish that all of your data is erased, we will no longer be able to offer any support or other product-related services to you.
Your privacy is critically important to us. Going forward with the GDPR we aim to support the GDPR standard. Therefore, it is the intent of PHEXMED to comply with the European General Data Protection Regulation. For more details please see here: EU GDPR Information Portal.
10. RELEASE OF YOUR DATA FOR LEGAL PURPOSES
At times it may become necessary or desirable to PHEXMED, for legal purposes, to release your information in response to a request from a government agency. You agree that we may disclose your information to a third party where we believe, in good faith, that it is desirable to do so for the purposes of a civil action, criminal investigation, or other legal matter. In the event that we receive a subpoena affecting your privacy, we may elect to notify you to give you an opportunity to file a motion to quash the subpoena, or we may attempt to quash it ourselves, but we are not obligated to do either. You release us from any damages that may arise from or relate to the release of your information to a request from law enforcement agencies or private litigants.
Any passing on of personal data for legal purposes will only be done in compliance with Republic of Cyprus law.