Title Only
Privacy Policy
Text Formatted

1. Introduction

The “Mora Thavmata” Association (“the Organization”) is a charitable Non-Governmental Organization (NGO) operating in Cyprus with the aim of supporting preterm infants, their families, and Neonatal Intensive Care Units (NICU). It is a member of the EFCNI (European Foundation for the Care of Newborn Infants), an organization that promotes the improvement of newborn care worldwide.

This Privacy Policy describes how the Organization processes and protects personal data within the framework of using the “Preterm Infants Mothers' Diary” application (“the Application”).

The Organization complies with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the relevant legislation of the Republic of Cyprus 125(I)/2018, applying the principles of Privacy by Design and Privacy by Default.

 

2. Data Controller

The Data Controller is:

Mora Thavmata Association
21 Panteli Katelari, Libra House, Office 304
Nicosia, Cyprus
Email: [email protected]

For personal data protection issues, you may contact the Data Protection Officer (DPO) at:
Email: [email protected]
Phone: +357 96820000

 

3. Data Protection and Access Restriction

The Application is designed with a focus on enhanced user privacy through the implementation of appropriate technical and organizational security measures, including encryption.

Data entered by users—such as diary entries, notes, photos, and videos—is stored securely. It is not accessible by the Organization during the routine operation of the Application and is not subject to active monitoring or evaluation.

Access to data content may only occur exceptionally by authorized persons if it is absolutely necessary for technical support, system security, or compliance with legal obligations. In all cases, access restriction and confidentiality measures are strictly applied.

 

4. Categories of Data Collected

Within the operation of the Application, the following categories of data may be collected:

4.1 User Content Data

Data entered by users in the Application, such as diary entries, notes, information, photos, and videos, remains private and is not accessible by the Organization during routine operation.

4.2.  Anonymized and/or Aggregated Statistical Data

The Application collects and processes anonymized and/or aggregated usage data, which does not allow for the identification of a natural person.

4.3. Technical Data

Technical data may be collected, such as:

  • Device information

  • Log files

  • Notification identifiers

these are used for the security and smooth functioning of the Application.

 

5. Purpose of Processing 

The Organization processes data for:

 

  • Providing and ensuring the proper functioning of the Application.

  • Improving services and user experience.

  • Statistical analysis of usage.

  • Understanding general trends related to preterm birth.

The Organization does not use user content for profiling, behavioral analysis, or automated decision-making.

 

6. Legal Basis for Processing

Data processing is based on user consent (Article 6 GDPR), the legitimate interest of the Organization regarding the security and operation of the Application, and, where applicable, Article 9 GDPR for sensitive data entered by the user themselves.


7. Data Transfer to Third Parties

Third-party service providers are used to provide the Application, such as:

  • Cloud hosting services

  • Technical support services

These providers act as Data Processors and are bound by contracts to comply with the GDPR. In the event of data transfer outside the European Economic Area (EEA), appropriate safeguards are applied, such as Standard Contractual Clauses (SCCs) or other mechanisms under Article 46 GDPR.

 

8. Data Retention

Personal data is retained for as long as the user maintains an active account.

Content data remains under the user's control and is kept until deleted by them.

Upon account deletion:

  • Data is deleted or anonymized where technically feasible.
  • Data may remain temporarily in backups.
  • Data is permanently deleted according to the Organization’s policies.

Statistical data may be kept in an anonymized form.

The Organization ensures that data is not kept longer than necessary, in accordance with the principle of storage limitation.

 

9. User Rights

Users have the following rights:

  • Access
  • Rectification (Correction)
  • Erasure (Right to be forgotten)
  • Restriction of processing
  • Data portability
  • Withdrawal of consent

The Organization responds to requests within a reasonable timeframe and no later than one (1) month, as per GDPR requirements.

 

10. Account and Data Deletion

The user may delete their account at any time. Upon deletion:

  • Data becomes inaccessible.
  • Data may remain temporarily in backups.
  • Data is permanently deleted according to the Organization’s policies.

Deletion is completed without undue delay and, where technically feasible, within thirty (30) days.

 

11.  Data Security

The Organization implements appropriate technical and organizational measures, such as:

  • Data encryption
  • Access control
  • Secure infrastructure and system management

12.  Use of Community Features

Users are responsible for the content they share. Sharing the personal data of third parties without a legal basis is strictly prohibited.

 

13. Amendments

This Policy may be amended. Users will be informed of changes via the Application.

 

14. Contact

[email protected]