Privacy Policy

Introduction

D.A.K NUTRILAB LTD, with registration number ΗΕ 164457, having its registered office at 12 OMHROU str., Flat 5, Aradippou,7102,Larnaca, Cyprus is committed to protecting the privacy of its clients.

This Privacy Policy (‘Policy’) explains how D.A.K NUTRILAB LTD, its subsidiaries and business unities (‘Lab’, ‘we’, ‘us’, ‘our’), being a Data Controller, collects and processes Personal Data in accordance with the Law.

D.A.K NUTRILAB LTD is a chemical lab with modern technology equipment offering a full range of services ensuring the correct diagnosis. We provide services for a range of diagnostics tests including hematology, microbiology, immunology and genetics testing (‘Services’).

Definitions

‘Data Controller’ means the person or organization which determines when, why and how to process Personal Data and implements appropriate technical and organizational measures to comply with the Law;

‘Data Protection Officer’ means the person who is formally appointed with the purpose of ensuring that we are aware of and comply with our data protection responsibilities and obligations according to the Law;

‘Data Subject’ means a living, identified or identifiable natural person about whom we hold Personal Data;

‘Personal data’ means data about the Data Subject who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.

‘Processing’ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘Special Categories of Personal Data’ means the information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.

The information that we process include Special Categories Personal Data. We always ensure that Processing is only carried out where a lawful basis for Processing exists and in accordance with the Law.

For the purposes of this Policy, Personal Data includes Special Categories of Personal Data;

‘the Law’ means the General Data Protection Regulation (2016/679) (GDPR) and the applicable Data Protection Laws of the Republic of Cyprus.;

‘Third Party’ means the recipient of your Personal Data as defined below.

The kind of information we collect about you

The purpose of the Processing of your Personal Data is largely based on each of the Services that you have requested. In general, the Personal Data is processed, within the scope of the business relationship with the client.

Contact details (e.g. names, email address, telephone numbers);
Insurance information and policies;
Bank and account details (to process or collect payments made in connection with our Services to the client);
Any additional information that can be necessary for the provision of particular Services.

On what legal basis do we process your Personal Data

We may collect and process Personal Data for any or all of the following purposes:

(a) Are necessary for the performance of an agreement/contractual relationship between you and the Lab (e.g. we need to process the Personal Data of a Client in order to fulfil the Services requested or to follow up on client’s case);

(b) You have given consent to the processing of your Personal Data for a specific purpose (e.g. consent for marketing/promotional purposes – by email, by text etc.)

Consent may be withdrawn at any time by contacting our Data Protection Officer at the contact details provided below.

(d) Are necessary for compliance with a legal obligation to which the Lab is a subject (e.g. the obligation of keeping medical records);

(e) Are necessary for the purposes of the legitimate interests pursued by the Lab or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data, in particular where the Data Subject is a child (e.g. using CCTV equipment in the public areas of the premises for monitoring and security purposes);

(f) Is required for complying with the Law and/or any applicable law or to assist in law enforcement and investigations and/or upon governmental/ competent authority requests.

We do not carry out any decision-making activities, including profiling, using your Personal Data.

Transferring your Personal Data outside European Union (‘EU’) and European Economic Area (‘EEA’)

We generally do not transfer your Personal Data to countries outside of EU and EEA, (except where required by the purposes set out in this Policy). If we need to transfer any Personal Data outside the EU and EEA for any other purpose, we always obtain your consent for the transfer to be made. We ensure that the transfer meets the relevant requirements of the Law and we take all steps required to ensure that your Personal Data continues to receive our standards of protection.

When can Personal Data be transferred outside of the EU and the EEA

If the European Commission has made a finding that the third country, territory or sectors within the third country ensures an adequate level of privacy protection (Adequacy Decision);
The Third Party has signed the standard data protection clauses (i.e. contact) adopted by the European Commission and agreed to apply the privacy standards of protection of the European Union;
The Data Subject has provided consent to the transfer.

Who Receives your Personal Data

The Personal Data are only accessible by:

The employees with a need for access to fulfil the purposes set out above. All Employees have signed a Confidentiality and Non – Disclosure Agreement;
Any doctor, hospital and/or any other medical provider who may be involved in your case;
Any of our sub-contractors and/or service providers;
The relevant Data Subject’s Insurance Company and/or any public organization respectively.

In case of an absence of your consent, your Personal Data will not be disclosed to any Third Party, other than the above-mentioned.

When we enter to an engagement with a Third Party pursuant to which Personal Data may be processed by that party, we enter into a processing agreement with that party in order to ensure that this third party implements the appropriate administrative, physical and technical measures to protect the Personal Data from unauthorized or accidental use, collection, access, damage, loss or disclosure.

Retention of Personal Data:

We will retain your Personal Data for as long as it is necessary to fulfil the purpose for which it was collected (including for the purposes of satisfying any legal, accounting or reporting requirements). We will cease to retain your Personal Data or remove the means by which your Personal Data can be associated with you (i.e. anonymize the Personal Data*) as soon as this retention no longer serves the purposes for which the Personal Data were collected (except where retention is required by applicable laws).

*Anonymize the Personal Data=The Personal Data has been de-identified by removing certain identifiers, making it unlikely that any person could be identified.

Protection of Personal Data:

To safeguard your Personal Data from unauthorized access, collection, use, damage, loss disclosure, copying or similar risks, we have introduced appropriate administrative, physical and technical measures such as up to date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of Personal Data to Third Parties. We also allow access to Personal Data only to those employees who need to know such data and they will only process your Personal Data on our instructions.

However, no method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guarantee, we try to protect the security of the Data Subject’s Personal Data and we constantly review and enhance our information security measures.

Your rights in relation to your Personal Data

Right to access:

Request access to your Personal Data (commonly referred to as a “data subject access request”). This enables you to receive a copy of your Personal Data the Lab holds about you and to check that the Lab is lawfully processing it;

Right to rectification:

Request to correct or update any of your Personal Data which the Lab holds. This enables you to have any incomplete or inaccurate information the Lab holds about you corrected;

Right to data portability:

Request the transfer of your Personal Data to another party;

Right to erasure:

Request erasure of their Personal Data. This enables the Data Subjects to ask the Lab to delete Personal Data where there is no good reason for us continuing to process it (e.g. where there is a legal obligation to keep that data, e.g. compliance with the obligation of keeping medical records).

Right to restrict processing:

Request to restrict the use of their Personal Data;

Right to object:

You have the right to object to the collection and use of your Personal Data;

Right to lodge a complaint:

You have the right to lodge a complaint about the use of your Personal Data directly with us by contacting our Data Protection Officer on one of the contact details below or directly with the Office of the Commissioner for Personal Data Protection in Cyprus at the contact details below:

Office address: Iasonos 1, 1082 Nicosia, Cyprus

Postal address: P.O. Box 23378, 1682 Nicosia, Cyprus

Tel: +357 22818456

Fax: +357 22304565

Email: commissionerdataprotection.gov.cy

How can you exercise your rights in relation to your Personal Data

You can contact our Data Protection Officer in writing or via email at the contact details provided below:

Name: Panayiotis Z. Toulouras LLC

Address: 13 Griva Digeni str., STAVRAKIS BUILDING, Floor 5, Flat 501, 6030, Larnaca, Cyprus

Email: [email protected]

We have the right to require the individual making the request to provide certain identification documents/information to be able to verify his/her identity.

The Data Protection Officer will respond to your requests within thirty (30) days after receiving your email/letter.

Changes to Policy.

We keep this Policy under review and we may modify it from time to time without any prior notice. Please, review our website periodically to ensure that you are aware of any such modifications/updates.

Cookies

Our website uses cookie technology. Cookies are small files saved to your computer or mobile device that track, save and store information as well as your interactions and usage of our website. We also collect other forms of non-personal information such as browsers used to access our website, search terms used to find the website, traffic referrals and links to our website. Cookies collected by the Lab are used to enable certain functions and tools of our website, assist in the navigation of the website, track resources and data used on this site and remember computer settings. You may prevent your computer from accepting cookies by modifying the properties on your web browser (see your browser’s “Help” option on how to do this).

We also use the services of Google Analytics software to analyze traffic to our website. Neither of these programs creates an individual profile for visitors, nor does Lab collect any personal identification information using these services. Data collected regarding site usage is compiled in aggregate to improve the performance of the website. If you do not wish your information to be included in this aggregated data through Google Analytics, modify the properties on your web browser to prevent your computer or mobile device from accepting cookies.