Privacy Policy


Personal Data Processing Policy of The Federation of Patients’ Associations in Cyprus


The Federation of Patients’ Associations in Cyprus (hereafter referred to as ‘CyFPA,’ ‘we,’ ‘us,’ ‘our’), as the Data Controller, is committed to safeguarding your right to privacy and ensuring that the processing of your personal data is done in a transparent and secure manner.

‘Personal Data’ is considered any information that relates to a natural person whose identity can be directly or indirectly identified, particularly by reference to an identifier such as a name, identification number, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

This Personal Data Processing Policy (hereafter ‘Policy’) provides an overview of how and why we collect and process Personal Data. Additionally, it contains information about third parties receiving Personal Data, as well as the rights of individuals according to applicable domestic data protection laws and the European General Data Protection Regulation.

Please note that this Policy applies to the following categories of individuals:

  • Patients/citizens communicating with us
  • Visitors to our website
  • Job applicants and trainees (full-time and part-time)
  • Suppliers and other partners and collaborators
  • Members of affiliated associations participating in the CPUF

Who we are

The Federation of Patient Associations Cyprus (CyFPA) was founded in November 1986 and counts 37 member organizations and 3 associated members, representing thousands of members and patients nationwide. CyFPA’s goal is to serve as the umbrella organization representing all patient associations. CyFPA is a member of the European Patients Federation (EPF) and an affiliated member of Eurordis International.

CyFPA advocates for the protection of patients’ rights at all levels, in accordance with the legislation of Cyprus and the European Union, as well as ensuring the standard of healthcare. It is established as a social partner of the state on matters concerning patients

Τι Προσωπικά Δεδομένα συλλέγουμε και πως;

Οι κατηγορίες Προσωπικών Δεδομένων που συλλέγουμε και επεξεργαζόμαστε περιλαμβάνουν τα ακόλουθα:

  • Γενικές πληροφορίες ταυτοποίησης και επικοινωνίας: Όνομα, διεύθυνση, στοιχεία επικοινωνίας (αριθμός τηλεφώνου και/ή ηλεκτρονικό ταχυδρομείο), αριθμός ταυτότητας, ημερομηνία γέννησης, επάγγελμα, φύλο.
  • Στοιχεία που σχετίζονται με την υγεία:όταν είναι σχετικά με την καταγγελία / παράπονο που έχει υποβληθεί ή το πρόβλημα που έχει αναφερθεί.  
  • Τεχνικές πληροφορίες, συμπεριλαμβανομένων πληροφοριών που συλλέχθηκαν κατά την διάρκεια των επισκέψεών στην ιστοσελίδα μας, την διεύθυνση Διαδικτυακού Πρωτοκόλλου (ΔΠ), εκδοχή (version) και τύπο προγράμματος περιήγησης, τύπο συσκευής, ρυθμίσεις ζώνης ώρας, εκδοχές και τύποι προσθέσεων (plug-in) προγράμματος περιήγησης, λειτουργικό σύστημα και πλατφόρμα.
  • Πληροφορίες σχετικά με προσλήψεις, συμπεριλαμβανομένων βιογραφικών σημειώσεων, μορφωτικού ή εκπαιδευτικού υπόβαθρου, τίτλου θέσης εργασίας, ιστορικού εργοδότησης και άλλες πληροφορίες σχετικές με πιθανή πρόσληψη.

  Συλλέγουμε Προσωπικά Δεδομένα από τις ακόλουθες πηγές:

  • Κατευθείαν από εσάς:μέσω εντύπων, τηλεφωνικών επικοινωνιών, sms, επιστολών, μηνυμάτων ηλεκτρονικού ταχυδρομείου, των μέσων κοινωνικής δικτύωσης  και την ιστοσελίδα μας.
  • Από τρίτους: Όταν έχει υποβληθεί παράπονο / καταγγελία εκ μέρους σας ή όταν έχει γίνει παράπονο /καταγγελία στο οποίο κατονομάζεστε.
Σκοποί επεξεργασίας και νομικές βάσεις

In order to lawfully process the Personal Data mentioned above, we rely on one or more of the following legal bases:

  • Public Interest: Due to the nature of our work, we believe that we operate in the public interest by contributing to the improvement of public health quality.

  • Safeguarding CyFPA’s Legal Interests:
  • To defend and safeguard patient rights,
  • To ensure the provision of a satisfactory level of care to patients,
  • To contribute to the continuous improvement of the level of care received by patients,
  • To record and manage patient problems and complaints,
  • To implement measures for fraud prevention (e.g., to identify unfounded complaints),
  • To communicate for clarifications and/or conduct satisfaction surveys regarding the management of various issues,
  • To improve the experience of website visitors,
  • To protect the website, online platforms, networks, and software systems, and to protect its property (including machinery and equipment).
  • Safeguarding Patients’ Legal Interests to receive a satisfactory level of care.


  • Consent: You have consented to the collection and processing of your Personal Data by OSAK; we will use consent as a legal basis. Please note that you have the right to withdraw your consent at any time. Any processing of your Personal Data before the withdrawal of your consent will not be affected.

  • Compliance with Our Legal Obligations: In cases where the retention and processing of Personal Data are required by legislation.

  • Legal Requirements: Personal Data that may be needed to establish, exercise, or support legal claims before Courts and competent authorities.

How do we protect Personal Data

We take appropriate legal, organizational, and technical measures to protect Personal Data in accordance with the applicable data protection laws and the General Data Protection Regulation (GDPR) of the EU. We employ various technologies and security procedures to help safeguard your Personal Data from unauthorized access, disclosure, loss, use, or alteration. When we use third-party service providers, they are carefully selected and required to use appropriate measures to protect the confidentiality and security of Personal Data.

Recipients of Personal Data

We may disclose your Personal Data to some of the following selected third parties:

  • Relevant other entities (public and private) related to the issue/complaint/allegation submitted..
  • Representatives, suppliers, and service providers, such as file management service providers, IT support providers, software vendors.
  • Professional advisors such as external legal advisors and accountants.
  • Regulatory authorities, courts, competent authorities, and agencies (such as the Police).

Personal Data of Other Individuals

n case you provide us with Personal Data related to other individuals, you should ensure that those individuals are aware that their Personal Data will be used and processed by us. It is your responsibility to inform them about the content of this Policy and ensure that they understand and accept how we use their Personal Data.

Transmission of your Personal Data to a Third Country or an International Organization

CyFPA does not intend to transfer your Personal Data to countries that do not provide an adequate level of personal data protection. In case this is required, we will take measures to ensure that the Personal Data being transferred is subject to appropriate safeguards, such as entering into agreements for the transfer of Personal Data. In cases where we use agreements for the transfer of Personal Data or similar safeguards, we may be able to provide you with a copy or sample if you contact us at

Retention of Your Personal Data

In general, we will retain your Personal Data for the period required to fulfill the purposes of processing, for example, for as long as necessary to investigate and manage the complaint or grievance we have received.

Your Rights

In some cases, you may have the following rights:

  • Request a copy of your Personal Data held by CyFPA
  • Request the correction and/or deletion of your Personal Data, or restrict or object to the processing of your personal information.
  • Withdraw your consent to the processing of your Personal Data at any time when we process Personal Data based on your consent.
  • Request the acquisition and reuse of your Personal Data in a structured and commonly used format. You can also request ΟΣΑΚ to transfer such data to other organizations.
  • Submit a complaint with the Data Protection Commissioner when you believe your rights are violated.


Our website uses cookies. For more information, you can refer to the Cookies Policy posted on our website.

Personal Data of Children

We understand the importance of protecting children’s privacy. We may collect Personal Data regarding children, provided that we have obtained prior consent from their parents or legal guardians, or unless such collection is permitted by applicable laws.

Changes to the Personal Data Processing Policy

It is possible that we may amend the Personal Data Processing Policy from time to time. We encourage you to periodically check the policy to stay updated on how we process and protect your Personal Data.

Contact Us

To exercise any of your rights or if you have any other questions regarding the use of your Personal Data, please contact our Data Protection Officer at or by mail at Agiasmaton 10, 2230 Latsia, Nicosia.