Clontarf Hospital is committed to ensuring the privacy and confidentiality of your personal information/data.
We understand that the privacy and security of your information is important to you and we take that very seriously. To this end we endeavour to safeguard the privacy of all your information you entrust to us.
The purpose of our Privacy Notice is to clearly communicate to you how our hospital handles your personal information. It will give you a better and more complete understanding of the type of personal information that the hospital holds about you and the way the hospital handles that information.
The information below explains how Clontarf Hospital deals with any personal information/data you provide to us while receiving healthcare services at the hospital and will help you to understand what personal data may be collected, why it is collected, and what is done with it while receiving healthcare services.
Who Are We?
We are the Incorporated Orthopaedic Hospital of Ireland trading as Clontarf Hospital, a company limited by guarantee registered under company registration number 2346, with an address at Castle Avenue, Clontarf, Dublin 3. We are a hospital providing rehabilitation healthcare services.
We have charitable status under the Charity Act 2009 and we also operate as a Section 38 Agency under the Health Act 2004.
This notice sets out the basis on which any personal data we collect from you, or from others, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Acts 1988 – 2018 (as amended) and the General Data Protection Regulation (the GDPR) (the Acts) the Incorporated Orthopaedic Hospital of Ireland trading as Clontarf Hospital (“Clontarf Hospital”):
- is the Data Controller when acting as an employer, a supplier of health care services and where dealing with its own suppliers;
- uses a number of Data Processors who process information on our behalf and is reasonably necessary to provide you with our health care services and for administrative and internal business purposes related to your care at Clontarf Hospital.
Our Data Protection Officer (“DPO”) may be contacted at:
Phone: 01 8332521 Ext.114 Risk Management Department
Writing to: The Data Protection Officer, Risk Management Department, Clontarf Hospital, Castle Avenue, Clontarf, Dublin 3
What PERSONAL information do we collect from you and how do we process it?
When we refer to personal data in this notice, we mean information that can or has the potential to identify you as an individual.
You may give us personal data by:
- Becoming a patient at Clontarf Hospital and engaging Clontarf Hospital’s healthcare/rehabilitation services. The type of information we collect includes your name; address; contact details; date of birth; contact details of family members/guardians/next of kin; marital status; photograph; medical card number; PPS number; GP name and contact details; pharmacy name and contact details; education; demographic information; social and family history and lifestyle; information about complaints and incidents; information about your experience at Clontarf Hospital obtained from patient surveys that you have taken part in; images and recordings from our CCTV systems which are in use at our facilities for safety and security purposes; and billing information including credit card details etc.
We may also collect the following Special Categories of Personal Data:
- Information relating to your health including any treatment or care you have received and/or need; information relating to hospital appointments; diagnosis information; medication details; medical records/reports; nursing reports; services provided by us or other hospitals including occupational therapy, physiotherapy and dietetic care; admission/discharge to Clontarf Hospital and other hospitals; laboratory tests, investigation results and scans; in some circumstances, health data relating to relatives, where this is disclosed by patients; Information relating to your ethnicity and ethnic background; information relating to religious beliefs/sexual orientation.
- Interacting with us when you are a next of kin of one of our patients. The type of information we may collect includes your name; phone number; address and email address.
- Visiting one of our patients at our hospital. The type of information we may collect includes your name; the patient you are visiting and CCTV footage.
- Corresponding with us by phone, e-mail or otherwise. We ask you to disclose only as much information as is necessary to provide you with services or to submit a question/suggestion/comment in relation to our website or our services.
- Visiting our website. The type of information collected includes statistical and analytical information such as, for example, user IP addresses where they have been clipped, IP, browser types etc. For further information regarding the types of information collected when you visit our website, please see our Cookie Notice below. Any external links to other websites are clearly identifiable as such and we are not responsible for the content or Privacy Notices of those other website
A “cookie” is a small bit of data our server sends to your browser that allows our server to identify and interact more effectively with your computer. Cookies do not identify individual users, but they do identify your ISP and your browser type.
This website uses temporary cookies. This means that upon closing your browser, the temporary cookie assigned to you will be destroyed and no personal information is maintained which will identify you at a later date.
- Applying to work with us. The type of information you may provide in your CV, a cover letter, your name, address, e-mail address and phone number. CVs should include information relevant to your employment history and education (degrees obtained, places worked, positions held, relevant awards, and so forth). We ask that you do not disclose Special Categories of Personal Data or sensitive personal information (e.g. gender, height, weight, medical information, religion, philosophical or political beliefs, financial data) in your application.
- Supplying us with products or services. Suppliers provide us with information which may include a contact name; email address; business address; telephone number and billing payment details.
What information about you do we obtain from others?
When you use our healthcare services, we may obtain the following categories of personal data from others:
- date of birth;
- phone number;
- medical records and reports;
- nursing reports;
- reasons for referral;
- social history;
- medications/treatment received to date including any occupational therapy, physiotherapy and dietetic care; and
- next of kin details.
Where did we get this information?
We obtain this information from:
- other hospitals and service providers (where you are being referred to us from another hospital or service provider);
- your GP; and/or
- your family members/next of kin.
Why do we collect this information?
We collect personal data to:
- provide you with a safe healthcare service that meets your healthcare needs ;
- to provide a safe and secure hospital environment for patients, staff and all those who visit the hospital, either as visitors, external contractors or volunteers;
- to recruit staff.
We will use this information:
Patients and service users:
- To set you up as a patient on our systems;
- To provide you with healthcare and rehabilitation services;
- To create and maintain a record of your treatment which may be held in manual form and/or in electronic form within an Electronic Health Record (EHR);
- To communicate with you as part of our relationship with you to deliver safe care;
- To obtain payment of our invoices;
- To comply with applicable laws and regulations, many of which require us to report to a statutory agency. For example, certain communicable diseases are notifiable by statute. Further information is set out below regarding our sharing of your personal data;
- For the purposes of medical teaching and education;
- To report incidents as required under legislation and HSE requirements;
- To provide you with transport when needed.
- To set your company up as a supplier on our systems;
- To liaise with you about projects that we are undertaking with you;
- To fulfil our statutory function which includes an obligation [insert obligation under the statutory function;
- To ensure payment of our invoices;
- To pay you or your company for good/services supplied to us.
- To create a candidate profile for you if you are a prospective employee;
- To communicate with you about your application;
- For the security and health and safety of our patients, staff and other people on our premises.
- To administer and improve our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- As part of our efforts to keep our website safe and secure.
THE LEGAL BASES FOR THE PROCESSING OF YOUR PERSONAL DATA ARE:
- The processing is necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract (this includes the provision of a service i.e. provision of healthcare services);
- The processing is necessary in order to protect the vital interests of you or of another natural person;
- The processing is necessary for compliance with a legal obligation to which we are subject (for example, we are legally obliged to report certain information to a number of statutory agencies such as the State Claims Agency, the Department of Public health;
- That you have provided consent for the processing for one or more specified purposes for example archiving scientific, historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
The legal basis for processing your Special Category Personal Data include sensitive information relating to your health and ethnicity are;
- The processing is necessary for the provision of health care or treatment and for the purposes of medical diagnosis (Article 9(2)(h) of the GDPR and Section 52 of the Data Protection Act 2018);
- The processing is necessary in order to protect your vital interests where you are physically or legally incapable of giving consent (Article 9(2)(c) of the GDPR);
- The processing is necessary for the purpose of legal advice, legal proceedings or is otherwise necessary for the establishment, exercise or defence of legal rights (Article 9(2)(f) of the GDPR and Section 47 of the Data Protection Act 2018);
The processing is necessary in the public interest in the area of public health (Article 9(2)(i) of the GDPR and Section 53 of the Data Protection Act 2018).
Who Do we share this information with?
We may share your personal data with our selected business associates/suppliers and contractors in order to provide you with our healthcare and rehabilitation services. For example, these business partners/third parties may include:
- health insurers to secure payment for your treatment where it is covered by your private health insurance policy;
- health professionals (who are not employed by Clontarf Hospital), independent consultants and other hospitals that require your personal data as part of the provision of medical treatment;
- our web hosting provider and our IT service providers that either host or have access to our data as part of their product offering;
- regulatory bodies where we are legally obliged to disclose information to these entities. For example, an incident must be reported to the State Claims Agency;
- a death must be reported to the Coroner and an adverse drug reaction to the Irish Medicines Board. For research purposes, your information may be disclosed, in anonymised form to the Health Research Board and the Economic and Social Research Institute (ESRI);
- outsourced service providers such as the use of external laboratories, patient transport providers
We may also disclose your information to a third party where we believe that this is necessary to prevent a serious or imminent threat to your life, health, safety or to public health and/or safety. If you are made a Ward of Court, we will disclose your information to the authority or individual responsible for your care, once appropriate supporting documentation has been provided to us.
In addition, we may disclose your personal information to third parties:
How long do we keep hold of your information?
The time periods for which we retain your information depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is legally required or permitted.
For further information on the periods for which your personal data is kept, please see our data retention policy which can be accessed here [INSERT LINK TO DATA RETENTION POLICY].
Do We transfer your information Outside The European Union or European Economic Area?
The hospital does not, in its day to day activities, transfer information outside the European Economic Area (EEA).
If an occasion arises whereby the hospital transfers information outside the EEA the hospital will take reasonable steps to ensure that the third parties do not breach the GDPR requirements. The steps taken may include ensuring the third party is bound by privacy protection obligations which are the same (or substantially the same) as those which bind the hospital and requiring that the third party has information security measures in place which are of an acceptable standard.
WHAT ARE YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA?
You have the following rights:
- The right to access the personal data we hold about you.
- The right to require us to rectify any inaccurate personal data about you without undue delay.
- The right to have us erase any personal data we hold about you in circumstances such as where it is no longer necessary for us to hold the personal data or, in some circumstances, if you have withdrawn your consent to the processing.
- The right to object to us processing personal data about you in certain circumstances such as processing for profiling or direct marketing.
- The right to ask us to provide your personal data to you in a portable format or, where technically feasible, for us to port that personal data to another provider provided it does not result in a disclosure of personal data relating to other people.
- The right to request a restriction of the processing of your personal data.
Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.
You may exercise any of the above rights by contacting our Data Protection Officer as follows:
Writing to: The Data Protection Officer, Risk Management Department, Clontarf Hospital, Castle Avenue, Clontarf, Dublin 3.
Phone: 01 8332521
You may also lodge a complaint with the Data Protection Commission with respect to our processing of your personal data. The website is www.dataprotection.ie.
Please note that when you become a patient at Clontarf Hospital or otherwise use our services, the processing of your information will become a condition of the contract between us or the provision of our services as we require certain information in order to be able to provide you with our services (e.g. contact information/health related information etc.). In those circumstances, if you do not provide your information when requested, we may be unable to provide our services to you.
What will happen if we change our privacy notice?
This notice may change from time to time, and any changes will be posted on our website and will be effective when posted. Please review this notice each time you use our website or our services. This notice was last updated on 1 April 2019.
How can you contact us?
Our Data Protection Officer can be contacted using the below details:
By phone:01 8332521
Address: The Data Protection Officer, Risk Management Department, Clontarf Hospital, Castle Avenue, Clontarf, Dublin 3.
Or by email:firstname.lastname@example.org
The hospital, under EU law and the General Data Protection Regulation (GDPR) is obliged to inform users of our website what data is registered about them at all times and for what purposes it is used and where in the world it is sent.
Visitors to our website
When someone visits our website we collect standard internet log information. This information is anonymous and is not combined with any other information that you may submit on the site.
What is a Cookie?
A cookie is a small bit of data our server sends to your browser that allows our server to identify and interact more effectively with your computer. Cookies do not identify individual users, but they do identify your ISP and your browser type.
This website will set some cookies which are essential for the website to work properly. These cookies, none of which capture personally identifiable information, are as follows:
|Google Analytics||_ga||These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.||Click here for an overview of privacy at Google|
|Online form session cookie||ASP.NET_SessionId||This cookie is created when a user connects to an ASP.NET application and will expire when the user closes their browser. This cookie is essential for use of forms on our site to store the session id of the user’s current seesion and is also used in The Authority Members Area and in the Trustee E-Learning.||Visit the Microsoft website|
|Cookie Consent||euconsent ||This cookie is created when the user agrees to allow cookies|
Our website cookies:
Our website uses temporary cookies. This means that upon closing your browser, the temporary cookie assigned to you will be destroyed and no personal information is maintained which will identify you at a later date.
To find out more about cookies
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit