Privacy Policy - biobank.cy

General

This Notice is intended to inform volunteers (“you”) about the processing of information that directly or indirectly identifies you (“personal data”, “data”), carried out by the biobank.cy, Center of Excellence in Biobanking and Biomedical Research “Center of Excellence”,”Center”,”we”, “Biobank”). The Center, as the data controller of your personal data, respects your privacy rights and is committed to the protection and security of your personal data.

The processing of your personal data is carried out in a manner consistent with our obligations and your rights under data protection law, including the European General Data Protection Regulation 2016/679 (“GDPR”) and the Cypriot Data Protection legislation L.125(I)2018.

Personal Data we process

The Center processes the following categories of personal data when necessary for specific purposes:

Identity and contact details such as name, address, email, phone, date of birth
Biological samples and medical history concerning you or (if necessary) your relatives
Information about any inquiries or complaints
Information about your marital status, relatives, dependents
Information about your physical and/or psychological condition, including any disability, allergy, or food choice or disorder for which the Center should make reasonable adjustments

Why we process your personal data

In order to be able to process your personal data, we first ensure that the processing is based on at least one of the following legal bases (as applicable in each case) in accordance with Articles 6 and 9 of the GDPR:

You have given specific and informed consent, for the processing of your data (e.g. collection of your explicit consent in the context of your participation in a research study)
The processing is necessary for the purpose of enforcing an agreement between the Center and you
The processing is necessary for the purposes of compliance of the Center with legal, regulatory or other obligations (e.g. compliance with existing legislation or regulations governing the research and work of the Center)
The processing is necessary in emergency situations in order to safeguard your vital interest
The processing is necessary for the purpose of pursuing the legitimate interests of the Center or a third party, provided that your interests and rights do not override the interests of the Center (e.g. for the purpose of initiating legal proceedings or supporting legal claims, or in case of retention of necessary data in the consent form or withdrawal form for the purposes of archiving, accountability and ensuring the integrity of the Centre’s procedures)

Processing special categories of data

Due to the nature of the work and the research carried out by the Center, special categories of data are being processed, which mainly concern health data (e.g. biological/genetic material). This type of data processing is carried out only with the explicit consent of the volunteers which is collected through a consent form for participation as a volunteer in the Biobank or in a specific research project. Such processing shall also be justified for the purposes of scientific research in accordance with Article 9 (2) (j) and 89 (1) of the GDPR.

Disclosure of data

The Center discloses your personal data to various categories of recipients, including the following, where necessary to comply with the Center’s legal or regulatory obligations under the Center’s terms and conditions, or where appropriate and proportionate for the pursuit of the legitimate interests of the Center:

Ministry of Health
State Health Services Organisation (SHSO, ΟΚΥπΥ)
External medical centers/hospitals/universities/research centers (e.g. in case of a specific research project in collaboration, on the basis of your consent or in a fully anonymous form)

The Center may also disclose or allow access to or otherwise process your personal data, if necessary, to the Center’s advisors or other service providers, e.g. lawyers, security consultants, auditors, debt collection agencies, etc., on the basis of our legal interest or legal obligation.

In all of the cases referred to above, the Centre aims to anonymize the information where necessary.

Data Transfers

There are cases where personal data may be transferred to countries outside the European Economic Area (“EEA”) provided that all necessary measures have been taken during the transfer and that the transfer is made on the basis of the necessary safeguards provided by the GDPR, and the relevant provisions of the Cypriot Legislation 125 (I) 2018. Such cases include any transfer of data to health professionals, researchers at other centers or universities, in Cyprus and abroad. In such cases, the Center shall ensure that data transmissions take place anonymously if the purpose of the transfer can be fulfilled by transmitting information which does not identify natural persons.

Data Security

The Center is committed to always applying the highest standards of data security to ensure the confidentiality, integrity and availability of the data it processes. This is achieved through appropriate risk assessments and the implementation of response measures to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, access to personal data (breaches) which may pose a risk on your rights and freedoms. The Centre seeks the timely identification, detection, investigation and treatment of any incidents of security breach, and the minimization of the consequences.

Our personnel are trained on the duty of confidentiality and their responsibilities regarding the security of volunteer/patient information both on and outside our premises. Access to the Centre’s systems that have the personal data of volunteers/patients is only allowed to authorized personnel.

The impact that the processing may have on your rights and freedoms is always assessed and balanced. Where the risk is high, the Center ensures that it prepares an appropriate Data Protection Impact Assessment in which it documents the risks and takes mitigation measures.

Data Retention

The Center will retain personal data for a period that processing is necessary to pursue the purposes as described in this Notice. Also, the retention period will depend on the legal obligations or guidance of the Office of the Commissioner for the Protection of Personal Data to which the Center may be subject, and which impose retention of data for a specific or minimum period.

Your rights

Right to be informed and right to access your data
Right to rectify or correct inaccurate or incomplete data
Right to delete your data, especially when the purpose of processing no longer exists, where there is no legal basis for processing or when the processing is unlawful
Right to restrict processing, e.g. for the purpose of verifying the accuracy of the data
Right to object to processing, especially when we rely on the legitimate interests of the Center or third parties
Right to receive data (portability) in a structured, commonly used and readable format and right to transfer to another controller
The right not to be subject to automated decision-making, including profiling
Right to withdraw consent in cases where the processing is based on consent
Right to file a complaint to the Office of the Commissioner for the Protection of Personal Data ([email protected])

These rights are not absolute, they are subject to exceptions and apply only under certain circumstances depending on the legal basis on which we rely in each case.

We will attempt to respond to all valid requests as soon as possible and within thirty (30) days or two additional months if the request is complex or disproportionate.

Contact info

You can contact the Data Protection Officer (DPO) of the Center for any information via email at [email protected], or by phone at +357 2289 2815, or via the contact form on the website https://biobank.cy/contact-us

Cookie	Duration	Description
cf_ob_info	past	This cookie is set by the provider Cloudflare. The cookie provides informations on HTTP Status Code returned by the origin web server, the Ray ID of the original failed request and the data center serving the traffic.
cf_use_ob	past	This cookie is set by the provider Cloudflare content delivery network. This cookie is used for determining whether it should continue serving "Always Online" until the cookie expires.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_90679816_2	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
CONSENT	16 years 4 months 8 hours 8 minutes	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.
yt.innertube::nextId	never	These cookies are set via embedded youtube-videos.
yt.innertube::requests	never	These cookies are set via embedded youtube-videos.

Subscribe to Our Newsletter