Privacy Policy
INTRODUCTION
Bettystown Medical Practice is committed to protecting and respecting your privacy. We wish to be transparent regarding how we process your personal information and demonstrate that we are accountable, in accordance with the EU General Data Protection Regulation (EU 2016/679). It is the intention of this Privacy Policy to explain to you, the Privacy Management practices of Bettystown Medical Practice in relation to the personal information we collect and process about you. Our practices also conform with Medical Council guidelines.
In accordance with the EU GDPR (2016/679) and the Data Protection Act 2018, Bettystown Medical Practice is identified as a Data Controller, there may be occasions, when we are also identified as a Data Processor.
This online Privacy Policy relates to personal information which we collect through our website and associated technologies, including email correspondence.
By willingly providing personal and other information to us you are consenting to the terms and conditions of this Privacy Policy. Please read this policy carefully, as this sets out the basis on which any personal information, we collect from you, or that you provide to us, will be collected, and processed by Bettystown Medical Practice.
WHO ARE WE?
Bettystown Medical Practice is a group GP medical practice established in 1980, our registered address is … Bettystown, Co Meath, Ireland. We are a community based GP practice and pride ourselves on the delivery of patient care we provide.
HOW WE COLLECT PERSONAL INFORMATION ABOUT YOU
When you browse our website www.bettystownmedicalpractice.ie we will collect information about you such as the website you came from, IP address, domain types, i.e., co.uk and .com, your browser type, the country where your internet service is located, the pages of our site that were viewed during your visit and search terms you used. This information is only used for our own research and to improve our service to you. Your IP address is used to gather local broad demographic information.
We collect personal information from you when you register on our website, either by email, or when you complete and submit any of our online forms, to contact us, to make an enquiry and to submit a prescription renewal. Categories of personal information that we collect, and process include, your name, date of birth, marital status, email address, postal address, phone number (s) and any other information that itself can identify or, when tied to the above information, may identify you as a specific individual.
To enable us to provide and deliver our services to our patients it will also be necessary for us to collect Special Categories of personal information, (sensitive information), including, gender, ethnicity, sexual orientation, medical history, family medical history, PPS detail, medical card detail, next of kin detail. This, however, is not an exhaustive list of the categories of personal information that Bettystown Medical Centre will collect and process relating to our patients.
We will also collect and process personal information relating to our external suppliers and stakeholders regarding the services they provide to us and on our behalf.
To measure the effectiveness of our online presence, Bettystown Medical Practice, may use Cookies to determine the path users take on our site and to identify repeat visitors to the website.
HOW WE USE YOUR PERSONAL INFORMATION
To process your personal information, we are mandated to identify our lawful basis to collect and further process your personal information. In accordance with EU GDPR legislation, we will rely most commonly on the following legal bases to collect and further process your personal information, Consent, Explicit Consent, Contractual Necessity, Legal Obligation, Legitimate Interest, Vital Interest Interest.
We may engage with third-party stakeholders and working partners for the following purposes:
To facilitate our services
To provide the services on our behalf
To perform related services or
To assist us in analysing how our services are used.
We may process your personal information for more than one lawful basis depending on the specific purpose for which we are using your personal information.
We set out below a description of various ways we process your personal information and details of the legal bases we rely on to do so. Please note that this is not an exhaustive list of our processing activities.
|
PURPOSE |
CATEGORY OF DATA |
LAWFUL BASIS |
|
To register you as a patient |
Name, address, phone no, email address |
Contractual Necessity, Consent, Explicit Consent |
|
To provide and deliver our services to you |
Name, address, phone no, email address |
Contractual Necessity, Consent, Explicit Consent, Vital Interest, |
|
To reply to enquiries |
Name, address, phone no, email address |
Contractual Necessity/Consent/Explicit Consent
|
|
To enable you to you to avail of our services |
Name, address, email address, financial personal information |
Consent, Explicit Consent and/ Contractual Necessity, Vital Interest |
|
To Issue invoices/payment services |
Name, Address, email address Financial information |
Contractual Necessity/Legitimate Interest |
|
To manage and administer the use of our services & relationship with patients and external stakeholders |
Name, Address, Email address, phone no |
Contractual Necessity/ Consent, Explicit Consent, Legitimate Interest/ Vital Interest |
|
To comply with our legal obligations |
Name, address, and email address). |
Legal obligation |
|
To contact you regarding relevant information or services, to assist you in healthcare needs |
Name, email address, phone no |
Consent/explicit consent/Vital Interest
|
|
To register you as a Working Partner/Stakeholder. |
Name, email address, phone no, postal address |
Consent & Contractual Necessity |
|
For the prevention and detection of crime |
Name, email address, |
Public Interest |
SOURCE OF COLLECTION
You provide personal information to us when you visit our website www.bettystwonmedicalpractice.ie. We also collect personal information when you send us an email or send an enquiry, or when you submit a prescription renewal. Personal information relating to our external Stakeholders is also collected and processed through email communication and by visiting our website.
CALL RECORDING POLICY
This policy outlines the practice’s call recording process. The purpose of call recording is to provide a record of incoming and outgoing calls which can:
Identify practice staff training needs
Protect practice staff from nuisance and abusive calls
Establish facts relating to incoming/outgoing calls made (e.g. complaints)
Identify any issues in practice processes with a view to improving them.
Purpose
The purpose of this policy is to ensure that call recording is managed in line with GDPR and Data retention requirements. This will generally involve the recording of telephone conversations which is subject to the Telecommunications Act 1984. The practice will make every reasonable effort to advise callers that their call may be recorded and for what purpose the recording may be used. This will normally be via a pre-recorded message within the telephone system, the privacy notice in our waiting room and on the practice website. The voice file will be stored within a recording system to which the same rules of confidentiality apply. Where a patient requests to listen to a recording then this should be allowed within the general provisional data subject access under the Data Protection Act 2018. Scope This policy applies to all practice staff including any contracted or temporary workers. All calls via the telephone systems used in the practice will be recorded, including:
- All external incoming calls
- All external outgoing calls made by practice staff
- All external call transfers
Recording will automatically stop when the practice staff member terminates the call.
Playback / monitoring of recorded calls
Monitoring of the call recordings will be undertaken by the Practice Manager. Any playback of recordings will take place in a private setting and where applicable, individuals should be given the opportunity to listen to relevant recordings to receive feedback and developmental support. All recordings will be stored securely online, and access to these will be controlled and managed by the Practice Manager. Recordings will be accessed by logging in to a dedicated, password protected online system. Calls will be retained by the Practice for a period of 1 year.
Confidentiality
The Data Protection Act allows access to information that is held about an individual and their personal data. This includes recorded telephone calls. Requests for copies of telephone conversations can be made under the Data Protection Act as a “Subject Access Request”. After assessing whether the information can be released, the requestor can be invited to the practice premise to hear the recording. The right to be forgotten does not override legal and compliance obligations. If there is a request form an external body relating to the detection or prevention of a crime (e.g. police), then requests for information should be directed to the Practice Manager. Under GDPR, organisations are prohibited from recording the personal conversations of staff, even with consent, and therefore need to ensure that while business calls are recorded, personal calls always remain private.
DO WE USE COOKIES?
Yes, we use Cookies on www.bettystownmedicalpractice.ie. Cookies are files with a small amount of data that is commonly used as an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer’s hard drive. We use Cookies which are necessary to enable core functionality, such as security, network management and accessibility.
Our website also uses Google Analytics to collect information and to improve our service. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of the service. For full information on our use of Cookies, we would refer you to our separate Cookie Policy which you will find on our website www.bettystownmedicalpractice.ie.
GOOGLE ANALYTICS
Bettystown Medical Practice use Google Analytics to analyse the performance of www.bettystownmedicalpractice.ie. The information Google Analytics gathers using our website’s cookies generate generic reports about the use of our website. The information generated by the Cookie about your use of the site (including your IP address) will be transmitted to and stored by Google on servers in the U.SA. Visitors to our website can choose to opt out of the use of Google Analytics by installing the browser plug in https://tools.google.com/dlpagw/gaoptout.
THIRD PARTY SITES
Our service may contain links to other sites. If you click on a Third-Party link, you will be directed to that site. Please be aware that these third-party sites are not operated by Bettystown Medical Practice. We strongly advise you to review the privacy policies of these third-party sites. We do not take any responsibility for the content of privacy policies or practices of any third-party sites or services.
CONSENT FOR MINORS
Where we are required to gather the personal information of a minor, we will require the attendance and consent, explicit consent of a parent or guardian and we will only collect and process that personal information with their permission, as well as the awareness of the minor themselves.
Where the parents of the minor are not able to provide such consent, the support and of a recognised body will act ‘in loco parentis’, – for example, the family GP, school principal, social worker or Gardai will be consulted to ensure that any such processing of personal information is conducted in accordance with the Vital Interests of the minor. As much as possible the minor will be made aware of the processing activities and its purposes.
INTERNATIONAL TRANSFERS
There may be occasions when it is necessary for Bettystown Medical Centre to transfer personal information beyond European borders. We will ensure that the respective non-European countries have implemented adequate data protection security safeguards which meet EU GDPR requirements. In addition, we will also ensure that all appropriate Data Sharing Agreements have been implemented.
Please note that outside the EU and the EEA different standards of data protection might apply. By completing and submitting any online forms on our website, you acknowledge and consent that data may be transferred across international borders, including to countries outside the EU and the EEA.
HOW WE KEEP YOUR PERSONAL INFORMATION SAFE
Bettystown Medical Practice is committed to the protection and security of your personal information. We use a variety of security technologies and procedures to protect your personal information from, unauthorised use and access, accidental loss, unlawful destruction, alteration, unlawful disclosure. As effective as security practices are, no physical or electronic system is entirely secure. We cannot guarantee the complete security of our data bases, nor can we guarantee that information that you supply will not be intercepted while being transmitted to us over the internet. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level within our company. We will continue to revise policies and procedures and review our systems and we will implement additional security features as new technologies become available. Any transmission of personal information is at your own risk. When we receive your personal information, we use appropriate security measures to prevent your personal information from being compromised in any way. When you contact us to ask about your personal information, we may ask you to identify yourself, this is to help protect your personal information.
HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
At Bettystown Medical Practice we do not retain personal information for longer than is necessary to enable us to provide our services. As we work in a highly regulated sector, we are mandated to comply with both independent statutory and regulatory obligations which will influence the retention periods of various categories of personal information. We will retain your personal information in accordance with our separate Records Retention Policy (a copy of which is available upon request).
WHO ARE WE SHARING YOUR PERSONAL INFORMATION WITH?
There may be circumstances when Bettystown Medical Practice is legally mandated to share personal information in accordance with Independent Statutory legislation and regulatory requirements. In addition, there may be circumstances where it is necessary to share personal information with Working Partners and Stakeholder to enable us to provide our services efficiently. Bettystown Medical Practice will ensure that all Data Sharing Agreements and Contracts have been implemented prior to the sharing of any personal information. Access to personal information to external Stakeholders and Working Partners will only be afforded when a specific legal and lawful purpose (s) has been identified. We detail below a list of our Stakeholders and Working Partners with whom we share personal information for the purposes of providing our products and services to clients. This list is, however, not exhaustive:
- Web Hosting Co
- IT Provider/Support
- SaaS Platforms, Socrates
- Accountant
- HSE, Primary Care, Pharmacists
- Consultants, Solicitors, Private Hospitals, Insurance Companies
DATA SUBJECTS RIGHTS
In accordance with The EU General Data protection Regulation (EU 2016/679) and The Data Protection Act (2018) you are afforded the following rights in certain circumstances.
Right of Access: You have the right to obtain confirmation from us, whether we process personal information about you and where that is the case, access to the personal data, including the purposes of processing and the categories of personal data concerned. The recipients or categories or recipients to whom the personal information have been or will be disclosed. You may also submit a written request for a copy of personal information you believe we may be processing about you. A request for access, release or copy of personal information can only be made by the Data Subject (Patient, or individual to whom the data relates to), or any Third Party (registered next of kin, or solicitors, authorised by the Data Subject, Data Subject Legal Guardian, or Power of Attorney).
Access can be refused to some or all of the patient’s personal health information, only, if providing access is likely to cause serious harm to the physical or mental health of the data subject or providing access would disclose the personal information of another person without their consent or would disclose a confidential expression of opinion about the data subject.
Right to Rectification: You have the right to the rectification of inaccurate personal information about you without undue delay.
Right to Erasure: You may ask us to delete your personal information, however, this is not an absolute right and any such request will be considered in accordance with EU GDPR legislation.
Right to Restrict & Object: You have the right to restrict and object to Bettystown Medical Practice using your personal information.
Right to Data Portability: Upon receipt of your written request, where possible, we can share a digital copy of your personal information with you or another organisation.
HOW YOU CAN CONTACT US
Bettystown Medical Practice have not appointed a designated Data Protection Officer. However, in the event you have any concerns regarding how we collect and process your personal information you can contact our Data Protection Compliance Officer by sending an email to info@bettystownmedicalpractice.ie.
You can also write to our Data Protection Compliance Officer, Bettystown Medical Practice, Suite 2, First Floor, Bettystown Primary Care Centre.
You may wish to also contact the Data Commissioners Office, 21 Fitzwilliam Square South, Dublin 2. (Tel No: 00 353 578684800)
Please keep us informed of any relevant changes that Bettystown Medical Practice should be aware of, such as, change of address, phone numbers, email address, family circumstances, any new treatments, or investigations.
CHANGES TO THIS PRIVACY POLICY
We will make changes to this Privacy Policy from time to time, particularly when we make changes regarding how we process your personal information and expand our services. Details of any changes made will be posted here so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our site after we post any such changes, you accept and agree to the privacy policy as modified.
JUNE 2021