Applicant Privacy Policy


This Privacy Notice sets out how St. George & Bluecross Private Hospitals Ltd ("We" or the “Company”) collects and processes personal data as part of any recruitment process relating to job applicants ("You"). The Company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

This Privacy Notice has been prepared in accordance with the provisions of the EU General Data Protection Regulation (“GDPR”) and the relevant laws of the Republic of Cyprus.

Any questions relating to this Privacy Notice or requests in respect of personal data should be directed to our Data Protection Officer (DPO) at

Who we are

The St George & Blue Cross Private Hospital Ltd is the outcome of a merge that took place in 01/04/2012 when two of the best-known private hospitals in Paphos, St George Private Hospital and Blue Cross Medical Centre, have merged. The purpose of this merge was to form a comprehensive care center that is unique to the Paphos region. Our combined experience, expertise and resources, and our state-the-art medical equipment, allows us to offer a very high standard of care and at the same time provide complete and comprehensive treatment to our patients. Our Vision is to become a centre of excellence in not only the Paphos region but in Cyprus and that is why we follow local and international standards of care. The St George & Blue Cross Private Hospital Ltd is accredited and licensed to provide comprehensive care services by the Cyprus Ministry of Health.

Our medical centre offers a large group of internationally trained and acknowledged physicians. Our nursing staff headed by a British trained Matron, is fully qualified and trained according to British nursing care standards. Our physicians and support staff offer the most up-to-date in- and out-patient treatments in a committed and dedicated manner for a truly unique healthcare experience.

Blue Cross Hospital is located at 51 Demokratias, Avenue P.O.Box 62213, 8062, Paphos, Cyprus and St. George Hospital is located at 29 Eleftherios Venizelos Avenue, P.O. Box 62259, 8062, Paphos, Cyprus.

We strive to protect personal data and apply high standards of conduct when it comes to privacy issues. We ensure that its applicants are provided with the appropriate training in order to handle personal data securely and in accordance with the laws. Furthermore, we endeavor to ensure that any parties with whom we co-operate apply the same high standards when it comes to data protection and privacy as we do.

What data do we collect?

We process data in the context of recruitment. In this context we collect certain categories of personal information us directly from all candidates, either by CV and/ or personal interviews, including:

  • contact details (including names, postal addresses, email addresses and telephone numbers);
  • details of your qualifications, skills, experience and employment history;
  • information about your current level of remuneration, including benefit entitlements;
  • whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process;
  • Employment application and CV;

Important notice on Special Category Data

In certain instances, the personal data you provide to us for these purposes may include "Special Category Data" (i.e. information concerning race, ethnic origin, trade union membership, health data or data relating to a person's criminal record or alleged criminal activity). Such data will not be processed by us without your explicit consent.

Why do we need it?

We need to process your data in order to assess your application and carry out the recruitment process effectively. We may also need to process your data to enter into a contract with you, in which case your data as an employee will be further processed in accordance with our Employee Personal Data Protection Policy. In some cases, we may need to process data to ensure that we are complying with our legal obligations. For example, to check a successful applicant's eligibility to work in the EU before employment starts.

We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job.

We may also need to process data from job applicants to respond to and defend against legal claims.

We may also collect information about whether or not an applicant is disabled to make reasonable adjustments for candidates who have a disability. We process such information to carry out our obligations and exercise specific rights in relation to employment.

If your application is unsuccessful, we may keep your personal data on file in case there are employment opportunities and vacancies relevant to your qualifications in the near future. In this case we will ask for your consent in advance and you are free to withdraw your consent at any time.

We shall not carry out any automated decision-making activities, including profiling, using your personal information.

For further information on the use and storage of your data, please visit the Company’s Data Protection Policy at

Sources and Recipients of data

Your information will be shared internally within the Company for the purposes of the recruitment process. This includes members of the HR department, interviewers involved in the recruitment process, managers in the department with a vacancy.

Requests for access to be restricted in any particular manner should be made and will be considered and, where possible with reference to legal and regulatory obligations, actioned.

We take the security of your data very seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

Rights of Data subjects

Data subjects in the European Union (or any jurisdiction with equivalent legislation to the European Union General Data Protection Regulation) have certain rights in respect of their personal data. If you wish to exercise any rights under the GDPR or any other applicable data protection laws (including the right to withdraw any consent to processing previously given; the right of access to data; or to have data corrected, updated, rectified or erased; or for access to data to be restricted or provided to any third party; or to object to any particular processing; or to lodge a complaint with the relevant supervisory authority; or the right o data portability) you may send us a relevant request

In response to such requests, we reserve the right to require the individual making the request to provide certain details about himself/herself so that we can validate that the individual is indeed the person whom the data refers to. We are required to respond to the request of the individual within 40 days and it will endeavour to do so wherever possible. We reserve the right to charge a reasonable fee to cover any expenses that may arise from the request.

In any case in which you choose not to provide any personal data, or where any of the rights set out above are exercised to limit the processing of personal data, we may be unable to carry out the recruitment process successfully and you may not be offered a position.

Retention of data

We retain all personal data in accordance with the Data Retention Policy.

If your application for employment is unsuccessful, we may hold your data on file for up to 6 months after the end of the relevant recruitment process with your consent and we may contact you in the future if we believe that you may be interested in any vacancies and employment opportunities that may arise within the Company.

At the end of that period, or once you withdraw your consent, your data will be irreversibly deleted If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment. Your personal data as an employee of the Company will be further processed as may be required for the purposes of the performance of your Employment Contract or by law and in accordance with our Employee Privacy Notice.

Any requests for further information in relation to the continued processing of specific data and requests for destruction of data should be made to

For further information on the retention and destruction processes of the Company, please visit the Company’s Data Retention Policy at

Changes to this Privacy Notice

We keep this Privacy Notice under review in order to ensure that it is in line with any changes to the laws relating to privacy and personal data. Any updates will be provided to You promptly.

This Privacy Notice was last updated on 25 May 2018.

Complaints procedure

The Company has a Data Protection Officer and all enquiries in respect of this Privacy Notice or any requests to exercise any of the rights set out above should be directed to the Data Protection Officer via

If you still feel that your personal data has not been handled properly according to the law, you can make a complaint to the Office of the Commissioner for Personal Data Protection, at:

1 Iasonos Str., 1082 Nicosia, P.O. Box 23378, 1682 Nicosia Tel: +357 22818456 Fax: +357 22304565 Email:


Opening Hours

Monday - Friday: 9.00 - 19.00
Saturday: 9.00 - 13.00
Sunday: Only Doctor(s) on Call