Privacy Notice - biobank.cy

Website Privacy Notice (click here)

Introduction

Biobank.cy is committed to protecting your personal data when you use its website biobank.cy. This Website Privacy Notice provides information about the way in which we use your information and the steps we take to protect your privacy/data when you use our website. This privacy statement covers biobank.cy and any other websites that include ‘biobank.cy’ in the address.

We are committed to ensuring that personal information is held fairly, lawfully and securely in accordance with privacy laws. For more information read our Data Privacy Policy.

We reserve the right to change this Web Privacy Notice at any time; notice of changes will be published on this page.

Personal information we collect about you

You can browse our website without disclosing any information about yourself. You may provide information about yourself, for example, your name, email address, telephone number, or date of birth so you can sign-up to a particular service, newsletter or so we can respond to a request from you or for any other purpose. We will only ever ask you to provide the information necessary for that purpose.
Other personal data we may collect from your interactions with our website include:

Your Internet Protocol (IP) address, and details of which version of web browser you used
Information on how you use the site, using cookies.

We use personal information only if we have a proper reason (known as a ‘legal basis’) to do so.

Why we handle personal information

In most cases, our handling of your personal information will be necessary to provide and manage services effectively and for the delivery of our public functions. We do not share personal information unless it is necessary, lawful and appropriate to do so in the circumstances.

How we use this information

We collect information about how you use biobank.cy. We do this to help make sure the site is meeting the needs of its users and to help us make improvements, for example improving site search.

Protecting your personal information

Your trust is very important to us and we aim to have a secure and reliable website and use appropriate security technology to protect any personal data we process about you. But your use of the internet, and this website, is entirely at your own risk. We have no responsibility or liability for the security of personal information transmitted over the internet.

How we share your information

We will not:

Sell or rent your data to third parties
Share your data with third parties for marketing purposes without express permission
We might be required disclosing your personal information under the law

How we use cookies

Biobank.cy saves a piece of text – a cookie – on your computer’s hard disk so that it can remember who you are. Cookies are small pieces of data that are downloaded to your computer or mobile device when you visit a website or application. Cookies are generally used to monitor how a website is used and improve your online experience. They do not give us access to the rest of your computer and are not used to identify you personally. For more information how we use cookies and privacy policies of other websites see our Cookie Policy.

How to manage cookies

You can control cookies through your web browser, just click on browser settings edit the options available. For more information how to manage your cookies and privacy policies of other websites go to our Cookie Policy.

Your rights

By law you have rights over how your data is collected, processed and stored. These are:

the right to be informed about how we use your personal information
the right to ask for access to the personal information we hold about you
the right to ask that your personal information is given to you, or another service provider of your choice, in a commonly used format
the right to ask us to stop using or to delete your information
to right to ask us to limit what we use your personal information for
the right to ask us to change personal information you think is wrong
the right to withdraw consent you have previously given us to use your personal information
the right to object to automated decision making and profiling where this is used.

The rights above are not absolute. See Articles 15-21 of the GDPR.

Consent

The use of this website signifies your Consent to this Website Privacy Notice.

How to contact us

If you have any questions with our policy please contact: [email protected]

How to contact the competent authorities

The public authority responsible for the protection of personal data in Cyprus is the Commissioner for Personal Data Protection.
Address: Iasonos 1, 1082 Nicosia, Cyprus
P.O.Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22818456
Fax: +357 22304565
Email: [email protected]

Participants' Privacy Notice (click here)

General

This Notice is intended to inform volunteers (“you”) about the processing of information that directly or indirectly identifies you (“personal data”, “data”), carried out by the biobank.cy, Center of Excellence in Biobanking and Biomedical Research “Center of Excellence”,”Center”,”we”, “Biobank”). The Center, as the data controller of your personal data, respects your privacy rights and is committed to the protection and security of your personal data.

The processing of your personal data is carried out in a manner consistent with our obligations and your rights under data protection law, including the European General Data Protection Regulation 2016/679 (“GDPR”) and the Cypriot Data Protection legislation L.125(I)2018.

Personal Data we process

The Center processes the following categories of personal data when necessary for specific purposes:

Identity and contact details such as name, address, email, phone, date of birth
Biological samples and medical history concerning you or (if necessary) your relatives
Information about any inquiries or complaints
Information about your marital status, relatives, dependents
Information about your physical and/or psychological condition, including any disability, allergy, or food choice or disorder for which the Center should make reasonable adjustments

Why we process your personal data

In order to be able to process your personal data, we first ensure that the processing is based on at least one of the following legal bases (as applicable in each case) in accordance with Articles 6 and 9 of the GDPR:

You have given specific and informed consent, for the processing of your data (e.g. collection of your explicit consent in the context of your participation in a research study)
The processing is necessary for the purpose of enforcing an agreement between the Center and you
The processing is necessary for the purposes of compliance of the Center with legal, regulatory or other obligations (e.g. compliance with existing legislation or regulations governing the research and work of the Center)
The processing is necessary in emergency situations in order to safeguard your vital interest
The processing is necessary for the purpose of pursuing the legitimate interests of the Center or a third party, provided that your interests and rights do not override the interests of the Center (e.g. for the purpose of initiating legal proceedings or supporting legal claims, or in case of retention of necessary data in the consent form or withdrawal form for the purposes of archiving, accountability and ensuring the integrity of the Centre’s procedures)

Processing special categories of data

Due to the nature of the work and the research carried out by the Center, special categories of data are being processed, which mainly concern health data (e.g. biological/genetic material). This type of data processing is carried out only with the explicit consent of the volunteers which is collected through a consent form for participation as a volunteer in the Biobank or in a specific research project. Such processing shall also be justified for the purposes of scientific research in accordance with Article 9 (2) (j) and 89 (1) of the GDPR.

Disclosure of data

The Center discloses your personal data to various categories of recipients, including the following, where necessary to comply with the Center’s legal or regulatory obligations under the Center’s terms and conditions, or where appropriate and proportionate for the pursuit of the legitimate interests of the Center:

Ministry of Health
State Health Services Organisation (SHSO, ΟΚΥπΥ)
External medical centers/hospitals/universities/research centers (e.g. in case of a specific research project in collaboration, on the basis of your consent or in a fully anonymous form)

The Center may also disclose or allow access to or otherwise process your personal data, if necessary, to the Center’s advisors or other service providers, e.g. lawyers, security consultants, auditors, debt collection agencies, etc., on the basis of our legal interest or legal obligation.

In all of the cases referred to above, the Centre aims to anonymize the information where necessary.

Data Transfers

There are cases where personal data may be transferred to countries outside the European Economic Area (“EEA”) provided that all necessary measures have been taken during the transfer and that the transfer is made on the basis of the necessary safeguards provided by the GDPR, and the relevant provisions of the Cypriot Legislation 125 (I) 2018. Such cases include any transfer of data to health professionals, researchers at other centers or universities, in Cyprus and abroad. In such cases, the Center shall ensure that data transmissions take place anonymously if the purpose of the transfer can be fulfilled by transmitting information which does not identify natural persons.

Data Security

The Center is committed to always applying the highest standards of data security to ensure the confidentiality, integrity and availability of the data it processes. This is achieved through appropriate risk assessments and the implementation of response measures to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, access to personal data (breaches) which may pose a risk on your rights and freedoms. The Centre seeks the timely identification, detection, investigation and treatment of any incidents of security breach, and the minimization of the consequences.

Our personnel are trained on the duty of confidentiality and their responsibilities regarding the security of volunteer/patient information both on and outside our premises. Access to the Centre’s systems that have the personal data of volunteers/patients is only allowed to authorized personnel.

The impact that the processing may have on your rights and freedoms is always assessed and balanced. Where the risk is high, the Center ensures that it prepares an appropriate Data Protection Impact Assessment in which it documents the risks and takes mitigation measures.

Data Retention

The Center will retain personal data for a period that processing is necessary to pursue the purposes as described in this Notice. Also, the retention period will depend on the legal obligations or guidance of the Office of the Commissioner for the Protection of Personal Data to which the Center may be subject, and which impose retention of data for a specific or minimum period.

Your rights

Right to be informed and right to access your data
Right to rectify or correct inaccurate or incomplete data
Right to delete your data, especially when the purpose of processing no longer exists, where there is no legal basis for processing or when the processing is unlawful
Right to restrict processing, e.g. for the purpose of verifying the accuracy of the data
Right to object to processing, especially when we rely on the legitimate interests of the Center or third parties
Right to receive data (portability) in a structured, commonly used and readable format and right to transfer to another controller
The right not to be subject to automated decision-making, including profiling
Right to withdraw consent in cases where the processing is based on consent
Right to file a complaint to the Office of the Commissioner for the Protection of Personal Data ([email protected])

These rights are not absolute, they are subject to exceptions and apply only under certain circumstances depending on the legal basis on which we rely in each case.

We will attempt to respond to all valid requests as soon as possible and within thirty (30) days or two additional months if the request is complex or disproportionate.

Contact info

You can contact the Data Protection Officer (DPO) of the Center for any information via email at [email protected], or by phone at +357 2289 2815, or via the contact form on the website https://biobank.cy/contact-us

Cookie	Duration	Description
cf_ob_info	past	This cookie is set by the provider Cloudflare. The cookie provides informations on HTTP Status Code returned by the origin web server, the Ray ID of the original failed request and the data center serving the traffic.
cf_use_ob	past	This cookie is set by the provider Cloudflare content delivery network. This cookie is used for determining whether it should continue serving "Always Online" until the cookie expires.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	New Relic uses this cookie to store a session identifier so that New Relic can monitor session counts for an application.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_90679816_2	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
CONSENT	16 years 4 months 8 hours 8 minutes	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
guest_id	1 year 1 month	Twitter sets this cookie to identify and track the website visitor. It registers if a user is signed in to the Twitter platform and collects information about ad preferences.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.
yt.innertube::nextId	never	These cookies are set via embedded youtube-videos.
yt.innertube::requests	never	These cookies are set via embedded youtube-videos.

Cookie	Duration	Description
_ir	session	The cookie is set by Pinterest. We do not know the exact purpose of the cookies.
li_alerts	1 year	Description is currently not available.

Website Privacy Notice (click here)

Participants' Privacy Notice (click here)

Subscribe to Our Newsletter