St Francis Private Hospital Data Protection Privacy Statement
|Document Code D-CO-028
||Author Susan Cummins
|Version Number V 1.0
||Approved by SMT
|First Release Date
|Responsible for implementation
|Next Review Date
|Responsible for Review & Audit
St Francis Private Hospital - Privacy Statement
At St Francis Private Hospital we understand that the privacy and security of your information is important to you. To this end, we endeavour to safeguard the privacy of all information you entrust us with in order to protect and respect your privacy.
For the purpose of Data Protection Laws, St Francis Private Hospital, with a registered address at Ballinderry, Mullingar, Co. Westmeath and registered under company number 9764175E will act as a Data Controller when acting as an employer, a supplier of health services and where dealing with suppliers and in this role, it is responsible for processing your data in a safe, secure and compliant manner.
What Personal Information may we collect from you?
When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual.
We may hold and use personal data about you as a customer, patient or in any other capacity. Depending on the services you receive from us, this may include special category personal data such as information relating to your health.
Personal data we collect from you may include the following:
- Information that you give us when you enquire or become a patient of ours such as your name, address, contact details (including email address and phone number).
- Information you give us when you make a payment to us, such as financial or credit card information.
- The name and contact details (including phone number) of your next of kin or relatives.
- Notes and reports about your health and any treatment and care you have received and/or need, including information relating to clinic and hospital visits and medicines administered.
- Information about complaints and incidents.
- Information obtained from customer surveys that you have taken part in.
- Information that you give us when you submit a question/comment in relation to our services or website.
- Information you give us when you apply for a job with us (CV, cover letter, contact details).
- Images stored on the CCTV systems in use at our facilities for safety and security purposes.
Please Note: Where you have named and provided us with personal data about your next of kin, it is your responsibility to ensure that the individual is aware of and accepts the terms of this Privacy Notice.
What personal information we may receive from third parties and other sources?
When you use our services, we may obtain the following categories of personal data from others:
- Your GP, other medical professionals including other hospitals and health professionals if are referred to our service.
- Independent medical consultants who carry out procedures at St Francis Private Hospital. To provide you with the best possible care, consultants may need to share your personal data and medical records with St Francis Private Hospital.
Why do we collect this information?
Your personal data will be kept confidential and secure and will, unless you agree otherwise, only be used for the purpose(s) for which it was collected. Your information helps us to provide and improve our services.
We will use this information as follows:
- To create and maintain your medical record on our administration systems which records all aspects of your assessment, diagnosis and treatment while in our care.
- To ensure that our clinical staff have the information they require for your assessment and/or treatment.
- To generate invoices for treatment received and subsequent payment of those invoices.
- To keep you informed on our latest services and offerings, where you have subscribed to receive such information.
- To create a candidate profile for you if you are a prospective employee.
- To constantly improve our website services and security.
- To carry out internal clinical audits.
With whom do we share this information?
We may share your personal data with our selected business associates, suppliers and contractors to provide you with our services. For example, these business partners may include:
- Health insurers to secure payment for your treatment where it is covered by your private health insurance policy.
- Health professionals, independent consultants and other hospitals that require your personal data as part of the provision of medical treatment.
- IT service providers that either host or have access to our data as part of their product offering.
- Regulatory bodies such as Tusla, the Health and Safety Authority, where we are obliged to make data available as required.
- Outsourced service providers such as the use of external laboratories.
- Other companies and organisations with whom we exchange data for the purposes of fraud protection and credit risk reduction.
We may also disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
How long do we retain your information for?
The time periods for which we retain your information depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.
For further information on the periods for which your personal data is kept, please see our data retention policy, a copy of which can be made available on request to our Data Protection Officer.
What legal basis do we have to protect your data?
The legal bases for the processing of your personal data are:
- The processing is necessary for the performance of the contract which you have entered into with us or to take steps at your request prior to entering into a contract.
- That you have provided consent for the processing for one or more specified purposes such as marketing, for example when you fill out an admissions form and provide your consent to receiving marketing material or subscribe to receive future material.
- The processing is necessary for compliance with certain legal obligations to which we are subject.
- Processing necessary for the purposes of the legitimate interests which we pursue where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information.
The legal bases for the processing of your special category personal data (i.e. your medical information) are that the processing is necessary:
- To provide you with health services.
- To protect your vital interests.
- For the establishment, exercise or defence of legal claims.
- For compliance with certain legal obligations to which we are subject.
- For reasons of public interest in the area of public health.
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
Do we transfer your data outside the EU or EEA?
No, your information will not be transferred abroad.
What are your rights with respect to your personal data?
You have the following rights:
- The right to access the personal data we hold about you.
- The right to require us to rectify any inaccurate personal data about you without undue delay.
- The right to have us erase personal data we hold about you. It should be noted that this is not an absolute right and is limited to certain specific situations such as, for example, where processing is unlawful, where it is no longer necessary for us to hold the personal data in order to provide you with our services or, in some circumstances, if you have withdrawn your consent to the processing and there is no other legal ground for our processing of the data.
- The right to object to us processing personal data about you such as processing for profiling or direct marketing.
- The right to ask us to provide your personal data to you in a portable format. This right only applies to data which you have provided to us, and where the processing is carried out by automated means.
- The right to request a restriction of the processing of your personal data.
Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.
You may exercise any of the above rights by contacting St Francis Private Hospital Data Protection Officer
You may lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission.
You can contact the Office of the Data Protection Commissioner at:
Telephone: +353 (0)761 104 800 or Lo Call Number 1890 252 231
Postal Address: Data Protection Commissioner, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois
For further information please visit the Data Protection Commissioner website www.dataprotection.ie.
Download this Statement (Word Document)
Saint Francis Private Hospital sets performance cookies.
These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages.
These cookies don't collect information that identifies a visitor.
All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
Please remember that if you delete or restrict cookies from the Saint Francis Private Hospital website you may not be able to experience the full benefit of some of the features and services the website has to offer.