Privacy Policy
Our Commitment to Privacy
The BIOMEDICAL LABORATORIES CHARIS CH. CHARILAOU LTD (hereinafter the “Labs”) respect their customers’ right to privacy and confidentiality of data.
Applicable Legislation and Standards
According to the Laws on the Processing of Personal Data (Protection of the Individual) of 2001-2012 and the General Data Protection Regulation (GDPR) 2018 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, the Labs with company registration number HE61298 and registered address at Archbishop Makariou III, 41, office 22, 1065 Nicosia, Cyprus are data controllers. The General Data Protection Regulation requires that all personal and health information used or disclosed to the Labs in any form, whether electronically, on paper, or orally, are kept properly confidential.
The Labs furthermore follow strict quality management standards (hereinafter the “Management System”) and therefore comply with the ISO 15189 standard (Medical laboratories – Requirements for quality and competence) and the Registration and Operation of Clinical Laboratories Law of 1988 (132/1988). This implies that the Labs meet both technical competence requirements and management system requirements that are necessary for consistently delivering technically valid results whilst ensuring that the confidentiality of customer information is maintained at all times.
Personal Data Collection
The Labs offer Clinical Laboratory services (hereinafter the “Services”), as defined in the aforementioned Registration and Operation of Clinical Laboratories Law, for which personal data needs to be collected, processed, and retained. When ordering Services at the Labs, a Registration and Consent to the Processing of Personal Data form (hereinafter the “Consent”) is to be completed and signed by the customer disclosing the following non- exhaustive personal information: name, surname, date of birth, gender, contact details (address and/or telephone number and/or email), relevant clinical information (that may impact test results), GP/ physician name/ clinic.
By completing and signing the Consent, the customer consents to the collection, the processing and the retention of their biological sample given to the Labs for the provision of Services including the data and the results that follow from them.
Explicit customer’s consent for the processing and retention of this data is required before the Labs’ Services can commence.
Access to Personal Data
Only staff members of the Labs, registered healthcare practitioners associated with the Labs, Authorized Recipients (hereinafter the “Recipients”) as stipulated in the Consent, and whoever, subsequently, is designated as an Authorized Recipient by the customer, can have access to customer personal and test data.
Each staff member of the Labs signs a declaration of confidentiality and is specifically trained in relevant procedures of collecting, processing and retaining personal data. It is understood that the declaration of confidentiality includes unconditional adherence to this privacy policy for the duration of employment and thereafter.
Each associate of the Labs signs a declaration of confidentiality. It is understood that the declaration of confidentiality includes unconditional adherence to this privacy policy for the duration of employment and thereafter.
Referral Laboratories
The Labs offer a limited set of exclusive tests outside the in-house test capability. These tests are therefore outsourced to accredited Referral Laboratories which are carefully assessed, approved and monitored by the Labs through the control process of the management system which includes an explicit affirmation of the Referral Laboratories to comply with this – or an equivalent – privacy policy and secure storage of data. The personal data collected for testing may be disclosed, transferred to and stored with the Referral Laboratory.
Furthermore, the Labs may temporarily outsource specific tests to the Referral Laboratories due to unforeseen circumstances.
The customer’s consent obtained prior to the provision of the Services, in which the aforementioned personal data of the customer is disclosed, includes the disclosure of the personal data to the Referral Laboratories as well as the retention of their biological sample, the data and the results that follow from the services provided by the Referral Laboratories, if it is deemed necessary as mentioned above.
Reporting / Sharing Test Data
The customer selects how results are reported to them or to the authorized Recipients via the Consent. To ensure the customer’s privacy, the Labs do not disclose information by any means to anybody who is not included in the written Consent or to anybody who is not declared in a later stage as an authorized Recipient from the customer. The Labs will only release test data to comply with legal requirements.
For the results of some tests, special counselling may be needed. The Labs reserve the right to communicate data and results that follow from the provision of the Services with serious implications for the customer directly to the customer’s GP or physician to allow for an opportunity to provide adequate counselling prior to reporting results to the customer.
Any other uses or disclosures are made with the written authorization of the customer to their personal GP or physician only.
Retention
The Labs are obliged to retain the data and the results the follow from the Services for traceability and legal liability purposes for a minimum of ten years from the date of test, and for minors the period until they reach the age of 18 plus a minimum of ten years (i.e. up to the age of 28). Serum samples are retained for up to one month. Thereafter records and samples are destroyed under confidential conditions.
Marketing
The customer via the Consent has the option to choose whether their contact details will be used for the purpose of sending them News & Announcements like the non-exhaustive ones below:
- Information or other health-related services that may be of interest to the customer
- Reminders for a new appointment for health check-ups
- Surveys for quality improvement (customer focused) and marketing purposes
Surveys may be completed anonymously at customer’s discretion.
Anonymized Samples
The Labs will seek specific customer consent to retain, use
and process anonymized test samples/ data for the purpose of performing:
- Quality control activities
- Process/ test validation and training
Website
The correspondence via e-mail to info@charilaoulab.com will be retained to enable follow-up
communication and for marketing purposes as stipulated in the “Marketing” paragraph
of this privacy policy.
Our website uses ‘cookie’ technology. A cookie is a small text file that a website saves on your computer or mobile device when you visit a website. We collect certain aggregate and non-personal information through a variety of technologies when you visit www.charilaoulab.com. Aggregate and non-personal information does not relate to a single identifiable visitor. It tells us such things as how many users visited our site and the pages accessed which is tracked non-exhaustively via Google Analytics. By collecting this information, we learn how to best tailor our website to our visitors and make the website work better for them. You can disable any cookies already stored on your computer, but this might prevent the proper functioning of our website.
The website contains links to other websites and the Labs are not responsible for the content or privacy practices of these external sites.
The Labs collect information that is not used to identify or contact a customer. This includes IP addresses, referring website, duration of stay, time/date, browsing actions and patterns, etc. This information is used to better understand where visitors come from and to improve the website design/ usability. The Labs may share this data with trusted third parties for marketing purposes only.
Customer Right of Access, Amendment and Complaint
A customer may inform the Labs of any changes in their personal data which will be amended accordingly. Customers have the right to access and correct their personal information.
A customer may submit a written request to the Labs to enquire about their personal data or enquire about or review or obtain or delete their test data. When you contact us to ask about your information, we may ask you to identify yourself. This is to help protect your information.
You can exercise your rights by contacting with the Labs at +357 22758858, or via e-mail to info@charilaoulab.com or via fax at +357 22755252.
If you have a complaint and/or a request regarding the use of your personal information, please contact us to have the opportunity to put things right as quickly as possible. Please be assured that all complaints received will be fully investigated.
Policy Changes
The Labs reserve the right to make changes to the privacy policy at any time. However, any such changes shall not affect compliance with the Laws on the Processing of Personal Data (Protection of the Individual) of 2001-2012 and with the General Data Protection Regulation (GDPR) 2018 and with the current ISO 15189 standard as indicated in the “Applicable legislation and standards” paragraph of this privacy policy.
The customer has 30 calendar days upon posting of the amended privacy policy of the Labs on the website to recall the Consent if they do not agree with the aforementioned amendments.