Website Privacy Notice (click here)

Introduction is committed to protecting your personal data when you use its website This Website Privacy Notice provides information about the way in which we use your information and the steps we take to protect your privacy/data when you use our website. This privacy statement covers and any other websites that include ‘’ in the address.

We are committed to ensuring that personal information is held fairly, lawfully and securely in accordance with privacy laws. For more information read our Data Privacy Policy.

We reserve the right to change this Web Privacy Notice at any time; notice of changes will be published on this page.

Personal information we collect about you

You can browse our website without disclosing any information about yourself. You may provide information about yourself, for example, your name, email address, telephone number, or date of birth so you can sign-up to a particular service, newsletter or so we can respond to a request from you or for any other purpose. We will only ever ask you to provide the information necessary for that purpose.
Other personal data we may collect from your interactions with our website include:

  • Your Internet Protocol (IP) address, and details of which version of web browser you used
  • Information on how you use the site, using cookies.

We use personal information only if we have a proper reason (known as a ‘legal basis’) to do so.

Why we handle personal information

In most cases, our handling of your personal information will be necessary to provide and manage services effectively and for the delivery of our public functions. We do not share personal information unless it is necessary, lawful and appropriate to do so in the circumstances.

How we use this information

We collect information about how you use We do this to help make sure the site is meeting the needs of its users and to help us make improvements, for example improving site search.

Protecting your personal information

Your trust is very important to us and we aim to have a secure and reliable website and use appropriate security technology to protect any personal data we process about you. But your use of the internet, and this website, is entirely at your own risk. We have no responsibility or liability for the security of personal information transmitted over the internet.

How we share your information

We will not:

  • Sell or rent your data to third parties
  • Share your data with third parties for marketing purposes without express permission
  • We might be required disclosing your personal information under the law

How we use cookies saves a piece of text – a cookie – on your computer’s hard disk so that it can remember who you are. Cookies are small pieces of data that are downloaded to your computer or mobile device when you visit a website or application. Cookies are generally used to monitor how a website is used and improve your online experience. They do not give us access to the rest of your computer and are not used to identify you personally. For more information how we use cookies and privacy policies of other websites see our Cookie Policy.

How to manage cookies

You can control cookies through your web browser, just click on browser settings edit the options available. For more information how to manage your cookies and privacy policies of other websites go to our Cookie Policy.

Your rights

By law you have rights over how your data is collected, processed and stored. These are:

  • the right to be informed about how we use your personal information
  • the right to ask for access to the personal information we hold about you
  • the right to ask that your personal information is given to you, or another service provider of your choice, in a commonly used format
  • the right to ask us to stop using or to delete your information
  • to right to ask us to limit what we use your personal information for
  • the right to ask us to change personal information you think is wrong
  • the right to withdraw consent you have previously given us to use your personal information
  • the right to object to automated decision making and profiling where this is used.

The rights above are not absolute. See Articles 15-21 of the GDPR.


The use of this website signifies your Consent to this Website Privacy Notice.

How to contact us

If you have any questions with our policy please contact: [email protected]

How to contact the competent authorities

The public authority responsible for the protection of personal data in Cyprus is the Commissioner for Personal Data Protection.
Address: Iasonos 1, 1082 Nicosia, Cyprus
P.O.Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22818456
Fax: +357 22304565
Email: [email protected]



Participants' Privacy Notice (click here)


This Notice is intended to inform volunteers (“you”) about the processing of information that directly or indirectly identifies you (“personal data”, “data”), carried out by the, Center of Excellence in Biobanking and Biomedical Research “Center of Excellence”,”Center”,”we”, “Biobank”). The Center, as the data controller of your personal data, respects your privacy rights and is committed to the protection and security of your personal data.

The processing of your personal data is carried out in a manner consistent with our obligations and your rights under data protection law, including the European General Data Protection Regulation 2016/679 (“GDPR”) and the Cypriot Data Protection legislation L.125(I)2018.

Personal Data we process

The Center processes the following categories of personal data when necessary for specific purposes:

  • Identity and contact details such as name, address, email, phone, date of birth
  • Biological samples and medical history concerning you or (if necessary) your relatives
  • Information about any inquiries or complaints
  • Information about your marital status, relatives, dependents
  • Information about your physical and/or psychological condition, including any disability, allergy, or food choice or disorder for which the Center should make reasonable adjustments

Why we process your personal data

In order to be able to process your personal data, we first ensure that the processing is based on at least one of the following legal bases (as applicable in each case) in accordance with Articles 6 and 9 of the GDPR:

  1. You have given specific and informed consent, for the processing of your data (e.g. collection of your explicit consent in the context of your participation in a research study)
  2. The processing is necessary for the purpose of enforcing an agreement between the Center and you
  3. The processing is necessary for the purposes of compliance of the Center with legal, regulatory or other obligations (e.g. compliance with existing legislation or regulations governing the research and work of the Center)
  4. The processing is necessary in emergency situations in order to safeguard your vital interest
  5. The processing is necessary for the purpose of pursuing the legitimate interests of the Center or a third party, provided that your interests and rights do not override the interests of the Center (e.g. for the purpose of initiating legal proceedings or supporting legal claims, or in case of retention of necessary data in the consent form or withdrawal form for the purposes of archiving, accountability and ensuring the integrity of the Centre’s procedures)

Processing special categories of data

Due to the nature of the work and the research carried out by the Center, special categories of data are being processed, which mainly concern health data (e.g. biological/genetic material). This type of data processing is carried out only with the explicit consent of the volunteers which is collected through a consent form for participation as a volunteer in the Biobank or in a specific research project. Such processing shall also be justified for the purposes of scientific research in accordance with Article 9 (2) (j) and 89 (1) of the GDPR.

Disclosure of data

The Center discloses your personal data to various categories of recipients, including the following, where necessary to comply with the Center’s legal or regulatory obligations under the Center’s terms and conditions, or where appropriate and proportionate for the pursuit of the legitimate interests of the Center:

  • Ministry of Health
  • State Health Services Organisation (SHSO, ΟΚΥπΥ)
  • External medical centers/hospitals/universities/research centers (e.g. in case of a specific research project in collaboration, on the basis of your consent or in a fully anonymous form)

The Center may also disclose or allow access to or otherwise process your personal data, if necessary, to the Center’s advisors or other service providers, e.g. lawyers, security consultants, auditors, debt collection agencies, etc., on the basis of our legal interest or legal obligation.

In all of the cases referred to above, the Centre aims to anonymize the information where necessary.

Data Transfers

There are cases where personal data may be transferred to countries outside the European Economic Area (“EEA”) provided that all necessary measures have been taken during the transfer and that the transfer is made on the basis of the necessary safeguards provided by the GDPR, and the relevant provisions of the Cypriot Legislation 125 (I) 2018. Such cases include any transfer of data to health professionals, researchers at other centers or universities, in Cyprus and abroad. In such cases, the Center shall ensure that data transmissions take place anonymously if the purpose of the transfer can be fulfilled by transmitting information which does not identify natural persons.

Data Security

 The Center is committed to always applying the highest standards of data security to ensure the confidentiality, integrity and availability of the data it processes. This is achieved through appropriate risk assessments and the implementation of response measures to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, access to personal data (breaches) which may pose a risk on your rights and freedoms. The Centre seeks the timely identification, detection, investigation and treatment of any incidents of security breach, and the minimization of the consequences.

Our personnel are trained on the duty of confidentiality and their responsibilities regarding the security of volunteer/patient information both on and outside our premises. Access to the Centre’s systems that have the personal data of volunteers/patients is only allowed to authorized personnel.

The impact that the processing may have on your rights and freedoms is always assessed and balanced. Where the risk is high, the Center ensures that it prepares an appropriate Data Protection Impact Assessment in which it documents the risks and takes mitigation measures.

 Data Retention

The Center will retain personal data for a period that processing is necessary to pursue the purposes as described in this Notice. Also, the retention period will depend on the legal obligations or guidance of the Office of the Commissioner for the Protection of Personal Data to which the Center may be subject, and which impose retention of data for a specific or minimum period.

 Your rights

  • Right to be informed and right to access your data
  • Right to rectify or correct inaccurate or incomplete data
  • Right to delete your data, especially when the purpose of processing no longer exists, where there is no legal basis for processing or when the processing is unlawful
  • Right to restrict processing, e.g. for the purpose of verifying the accuracy of the data
  • Right to object to processing, especially when we rely on the legitimate interests of the Center or third parties
  • Right to receive data (portability) in a structured, commonly used and readable format and right to transfer to another controller
  • The right not to be subject to automated decision-making, including profiling
  • Right to withdraw consent in cases where the processing is based on consent
  • Right to file a complaint to the Office of the Commissioner for the Protection of Personal Data ([email protected])

These rights are not absolute, they are subject to exceptions and apply only under certain circumstances depending on the legal basis on which we rely in each case.

We will attempt to respond to all valid requests as soon as possible and within thirty (30) days or two additional months if the request is complex or disproportionate.

 Contact info

You can contact the Data Protection Officer (DPO) of the Center for any information via email at [email protected], or by phone at +357 2289 2815, or via the contact form on the website