Privacy Policy

General Data Protection Regulation (GDPR) Policy for Carrickmines Medical

 

Effective Date: 01/06/2025

 

1. Introduction

Carrickmines Medical is committed to safeguarding the privacy and security of your personal data. This policy outlines how we collect, use, store, and protect your data in compliance with the General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018, and any other relevant data protection legislation.

 

As a healthcare provider, we are required to handle personal data with the highest levels of care, ensuring that it is processed lawfully, fairly, and transparently.

 

2. Data Controller and Contact Information

Dr Niall Feeney is the data controller for personal data processed at our practice. If you have any questions about this policy or your data rights, please contact us:

• Data Protection Officer (DPO): Dr Niall Feeney

• Address: Carrickmines Medical, Unit 3 The View, Carrickmines Manor, D18KC43

• Email: manager@carrickminesmedical.ie

• Phone Number: 087 338 0888

 

3. Types of Personal Data We Collect

We collect a variety of personal data from our patients, including:

• Personal Identifiable Information (PII): Name, address, contact details, date of birth, and gender.

• Medical Information: Health history, medical records, treatment details, diagnoses, test results, prescriptions, and other health-related data.

• Financial Information: Billing and payment details.

• Emergency Contacts: Name and contact information of individuals in case of emergencies.

• Communication Data: Correspondence via phone, email, and other communication channels.

 

4. How We Collect Your Personal Data

We collect your personal data in the following ways:

• Directly from you: When you register as a patient, visit the practice, or communicate with us.

• From third parties: Such as hospitals, specialists, pharmacies, insurance providers, or other healthcare professionals involved in your care.

• Via technology: Through our website or online booking system, if applicable.

 

5. Legal Basis for Processing Your Data

We process your personal data on the following lawful bases:

• Consent: When you provide us with explicit consent for specific processing activities (e.g., marketing).

• Contractual necessity: To provide healthcare services as part of our contractual relationship with you.

• Legal obligation: Compliance with legal and regulatory requirements, such as keeping accurate medical records and reporting for insurance purposes.

• Vital interests: To protect your life in situations of medical emergency.

• Public interest/official authority: When processing is necessary for the performance of our medical duties or for public health reasons.

 

6. How We Use Your Personal Data

We process your personal data for the following purposes:

• Healthcare provision: To assess your health, diagnose medical conditions, provide treatment, and manage your care.

• Billing and payment: To process payments, insurance claims, and provide invoices.

• Communication: To contact you regarding appointments, test results, and other healthcare-related matters.

• Legal compliance: To meet our obligations under healthcare regulations and the law.

• Quality improvement and research: With your consent, for purposes of medical research, training, or quality assurance.

 

7. How We Store Your Personal Data

We store your personal data securely using appropriate technical and organisational measures to protect it against unauthorised access, loss, or destruction. This includes:

• Secure storage systems (e.g., encrypted digital files and locked physical records).

• Strict access controls to ensure that only authorised personnel can access your data.

• Regular audits of data security practices.

 

8. Data Sharing and Third Parties

We may share your personal data with third parties in the following situations:

• Healthcare providers: To facilitate referrals, specialist treatments, or obtain second opinions.

• Insurance companies: For billing, claims, and reimbursement purposes.

• Public authorities: In compliance with legal obligations, such as public health monitoring, or for reporting notifiable diseases.

• IT service providers: To maintain and support our computer systems (who are bound by confidentiality agreements).

We will never sell or rent your personal data to third parties.

 

9. Data Retention

We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for legal, regulatory, or record-keeping obligations. After this period, we will securely delete or anonymise your data.

• Medical records: Retained in line with statutory and professional guidelines (e.g., for 7 years after your last treatment or as required by law).

• Billing information: Retained for at least 7 years for tax and financial record-keeping.

 

10. Your Data Protection Rights

Under the GDPR, you have the following rights in relation to your personal data:

• Right to access: You can request a copy of the personal data we hold about you.

• Right to rectification: You can request corrections to any inaccurate or incomplete personal data.

• Right to erasure: You can request that we delete your personal data (subject to certain legal exceptions).

• Right to restriction of processing: You can request that we limit the processing of your personal data in certain circumstances.

• Right to data portability: You can request that we transfer your data to another service provider.

• Right to object: You can object to certain types of data processing, including marketing or profiling.

• Right to withdraw consent: If we are processing your data based on consent, you can withdraw it at any time.

 

To exercise any of these rights, please contact us using the contact details above. We will respond to your request within one month, or notify you if we need more time to process your request.

 

11. Data Breach Notification

In the event of a data breach that could result in a risk to your rights and freedoms, we will notify you without undue delay. We will also report the breach to the Data Protection Commission (DPC) where required by law.

 

12. Updates to this Policy

We may update this policy from time to time to reflect changes in our practices or to comply with changes in data protection law. We will notify you of any significant updates.

 

13. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC):

• DPC Contact Information:

  • Website: https://www.dataprotection.ie

  • Email: info@dataprotection.ie

  • Phone: +353 57 868 4800

 

14. Conclusion

At Carrickmines Medical, we are committed to respecting and protecting your privacy. We will continue to ensure that your personal data is processed in compliance with the GDPR and that it remains secure at all times.