It is our policy to collect, process and share your Data provided to us by you in order to carry out the services requested by you and any contact in relation to those services only. Your Data will not be used for any other purposes other than those explicitly stated in this policy or requested by you in your dealings with us.
1. The identity of the controller.
You are hereby informed that the Data that you provide is collected, used, protected, processed and shared by the clinic directors, Alana Digan and Rachel Chambers.
2. Collection of Data
We may collect Data about our clients, prospects and visitors.
Your Data are collected when you browse our website, contact us via email, phone or in person or through our website.
Data we collect fall into the following categories:
- Identification information
- Contact information
- Medical information
- Browsing information
- Transaction history
These Data are gathered directly from you via online booking and from direct communication with us, i.e. client intake form, emails, phone calls, transactions. Browsing history is collected via automated methods.
2.1. Information you provide to us
We process Data you provide directly to us, in particular when you complete a client intake form or book online.
For example, we collect Data when you create a booking, apply for a job, request customer support or otherwise communicate with us.
The Data may include the following data as well as any other type of information that we specifically request you to provide to us through our client intake forms, such as:
- Date of Birth
- Phone no
- Doctor’s details
- Emergency contact details
- Medical history
- Treatment notes
- Browsing data
- Transaction history
2.2. Data We collect automatically when you use our online services
When you access or use our online services, we automatically collect the following information about you via Google Analytics:
- Log Information:We log information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to Our Services.
- Device Information:We collect information about the computer or mobile device you use to access Our Services, including the hardware model, operating system and version, unique device identifiers and mobile network information.
- Location Information:We may with your consent collect information about the location of your device each time you access or use one of Our mobile applications. If you initially consent to Our collection of location information, you may be able to subsequently stop the collection of these Data through your device operating system settings. You may also stop Our collection of location information by following the standard uninstall process to remove Our mobile applications from your device.
2.3. Information we collect automatically through Cookies and other tracking technology
Some of the cookies are used for the exclusive purpose of enabling or facilitating communication or are strictly necessary for the provision of our online services.
You have the ability to decline cookies by changing the settings on your browser but this might prevent you from benefiting from some elements of our online services. You can also consult or destroy cookies if you wish, since they are stored on your hard disk.
We may also use these technologies for other purposes than our online service operation such as:
- To improve our online services;
- To remember you, for your convenience, when you use our online services.
2.4. Third Party Cookies
When you access or use our online services, one or more cookies from third party are likely to be placed on your equipment.
We inform you that we have no access and cannot exercise any control over third party cookies. However, we shall ensure that the partner companies agree to process the information collected on our online services in compliance with the GDPR and undertake to implement appropriate measures for securing and protecting the confidentiality of the Data.
3. How we use the Data
We may use information about you for the following purposes:
- provide, maintain and improve our services
- provide and deliver the service you request, process transactions and send you related information including confirmations and invoices
- in the case of emergency contact details, to hold and act on that data only where it is warranted to serve the vital interests of one of our clients who has provided your details
- send you technical notices, updates, security alerts and support and administrative messages
- respond to your comments, questions, requests and provide customer service
- monitor and analyse trends, usage and activities in connection with our services
- personalize and improve the services we provide
- contact tracing during the COVID-19 pandemic
According to the GDPR, each Data processing is performed on one of the following legal basis:
- your consent
- the performance of the service requested by you
4. How we share your Data
- We share your Data with Cliniko, our online booking system to help us provide our service including bookings, transactions, booking confirmations.
- We share some of your Data with Gmail for business, in order to provide customer service relating to our business.
- In response to a request for information if we are required by, or believe disclosure is required by, any applicable law, regulation or legal process, including in connection with lawful requests by law enforcement, national security, or other public authorities, with the proper authority to submit such a request.
- Contact information for any clients or visitors in the clinic around the time of a suspected or confirmed case of COVID-19 in the clinic, will be shared with the relevant authorities such as the HSE. Those same clients or visitors will be contacted by the clinic at that time also.
5. The period of Data retention
Our insurance providers require us to retain all records for a period of 7 years after the last appointment, or in the case of minors, for 7 years after their 18th birthday. We retain clinic notes indefinitely.
We hold transaction data indefinitely on our online system to provide best customer service.
CV’s are held only for the time they are to be reviewed or otherwise processed should further action be taken in regards to employment.
Card details, when payments are taken over the phone, the card number is input directly to the terminal and is never written or stored anywhere.
6. Data transfer
Upon receiving a written request from you seeking Data transfer, we will provide a hardcopy copy of your original treatment notes with no alterations from the original. These will be handed in person or send by registered post.
7. Data amendments
Upon receiving a request from you in regards to updating Data held by us, we will seek to correct our records at the earliest possible time.
We are committed to taking appropriate measures designed to keep your Data secure. Our technical, administrative and physical procedures are designed to protect Data from loss, theft, misuse and accidental, unlawful or unauthorized access, disclosure, alteration, use and destruction. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received.
9. Your rights
Under the General Data Protection Regulations 2018 (GDPR) individuals have the significantly strengthened rights to:
- obtain details about how their data is processed by an organisation or business;
- obtain copies of personal data that an organisation holds on them;
- have incorrect or incomplete data corrected;
- have their data erased by an organisation, where, for example, the organisation has no legitimate reason for retaining the data;
- obtain their data from an organisation and to have that data transmitted to another organisation (Data Portability);
- object to the processing of their data by an organisation in certain circumstances;
- not to be subject to (with some exceptions) automated decision making, including profiling.
10. In the event of a Breach
Every precaution will be taken to avoid a breach of your Data, but if such a breach should occur, it will be documented, assessed as to its severity and appropriate action taken. The Data Protection Commissioner will be informed, An Garda Siochana and financial institutions will be contacted for assistance and you will be contacted to help you take steps to mitigate the risks to yourself, if it is deemed a severe enough breach as to put you, your identity, your financial means etc. at risk.