Privacy Policy

When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual.

We may hold and use personal data about you as a customer, patient or in any other capacity. Depending on the services you receive from us, this may include special category personal data such as information relating to your health.

Personal data we collect from you may include the following:

• information that you give us when you enquire or become a patient of ours such as your name, address, contact details (including email address and phone number);
• information you give us when you make a payment to us, such as financial or credit card information;
• the name and contact details (including phone number) of your next of kin or relatives;
• notes and reports about your health and any treatment and care you have received and/or need, including information relating to clinic and hospital visits and medicines administered;
• information about complaints and incidents;
• information obtained from customer surveys that you have taken part in;
• information that you give us when you submit a question/comment in relation to our services or website;
• information you give us using the contact us or book an appointment form on our website;
• information you give us when you apply for a job with us (CV, cover letter, contact details);
• information you give us when you publish public comments on our social media pages e.g. Facebook, Twitter, Google, LinkedIn, Boards.ie, Rate My Hospital, Reddit.ie, Glassdoor.com
• images stored on the CCTV systems in use at our facilities for safety and security purposes 

Please note: where you have named and provided us with personal data about your next of kin, it is your responsibility to ensure that the individual is aware of and accepts the terms of this Privacy Notice.

When you use our services, we may obtain the following categories of personal data from others:

• your GP, other medical professionals including HSE, other hospitals and health professionals when you transfer or are referred to our service;
• independent medical consultants who carry out procedures at the Hospitals of Mater Private Healthcare Group. To provide you with the best possible care, consultants may need to share your personal data and medical records with Mater Private Healthcare Group;
• an external marketing company who analyse public social media pages where you publish comments about Mater Private Healthcare Group. These comments are analysed to assess the public's opinions in relation to our services so that we may provide you with improved services.
• your employer or sports club if you are referred by them for medical assessment and/or treatment.

Your personal data will be kept confidential and secure and will, unless you agree otherwise, only be used for the purpose(s) for which it was collected. Your information helps us to provide and improve our services.
 
We will use this information as follows
 

• To create and maintain your medical record on our administration systems which records all aspects of your assessment, diagnosis and treatment while in our care;
• To ensure that our clinical staff have the information they require for your assessment and/or treatment;
• To protect your safety post treatment through necessary follow up by manufacturers of the medical devices and equipment used in your treatment; 
• To generate invoices for treatment received and subsequent payment of those invoices;    
• To keep you informed on our latest services and offerings, where you have subscribed to receive such information;
• To create a candidate profile for you if you are a prospective employee;
• To constantly improve our website services and security;
• To carry out internal clinical audits.

We may share your personal data with our selected business associates, suppliers and contractors to provide you with our services. For example, these business partners may include:
 

• health insurers to secure payment for your treatment where it is covered by your private health insurance policy;
• health professionals, independent consultants and other hospitals that require your personal data as part of the provision of medical treatment;
• IT service providers that either host or have access to our data as part of their product offering;
• regulatory bodies such as HIQA,  the Health and Safety Authority, where we are obliged to make data available as required;
• manufacturers of medical devices and equipment for patient safety purposes, to allow for any necessary follow up post treatment, such as, for example, product recall; 
• outsourced service providers such as the use of external laboratories and marketing companies;
• other companies and organisations with whom we exchange data for the purposes of fraud protection and credit risk reduction.

We may also disclose your personal information to third parties:
 
As part of normal business processing with other companies within the Mater Healthcare Group;

• In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
• If we are under a duty to disclose or share your information in order to comply with any legal obligation or in order to enforce or apply our terms of use and other agreements; or to protect our rights, property or safety of our patients or others.

We attach a supporting Schedule with a list of the categories of third parties with whom we share your data.

The time periods for which we retain your information depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.

For further information on the periods for which your personal data is kept, please see our data retention policy, a copy of which can be made available on request to our Data Protection Officer.

The legal bases for the processing of your personal data are :

• The processing is necessary for the performance of the contract which you have entered into with us or to take steps at your request prior to entering into a contract;
• that you have provided consent for the processing for one or more specified purposes such as marketing, for example when you fill out an admissions form and provide your consent to receiving marketing material or subscribe to  receive future material;
• the processing is necessary for compliance with certain legal obligations to which we are subject;
• processing necessary for the purposes of the legitimate interests which we pursue where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information.

In a limited number of circumstances, your personal data may need to be transferred outside of the European Union and European Economic Area to a country for which there is no adequacy decision relating to the safeguards for personal data from the European Commission.  

If the destination is not the subject of an adequacy decision then either a derogation under Article 49(1) GDPR will apply which does not have to be listed here or we will ensure that appropriate safeguards will be in place to protect your data such as Standard Contractual Clauses, your consent or Privacy Shield for US transfers.

You have the following rights:

• The right to access the personal data we hold about you;
• The right to require us to rectify any inaccurate personal data about you without undue delay;
• The right to have us erase personal data we hold about you. It should be noted that this is not an absolute right and is limited to certain specific situations such as, for example, where processing is unlawful, where it is no longer necessary for us to hold the personal data in order to provide you with our services or, in some circumstances, if you have withdrawn your consent to the processing and there is no other legal ground for our processing of the data;
• The right to object to us processing personal data about you such as processing for profiling or direct marketing;
• The right to ask us to provide your personal data to you in a portable format. This right only applies to data which you have provided to us, and where the processing is carried out by automated means;
• The right to request a restriction of the processing of your personal data.

Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.

You may exercise any of the above rights by contacting the Mater Private Data Protection Officer at the details shown below. 

You may lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission.

You can contact the Office of the Data Protection Commissioner at:

Telephone: +353 (0)761 104 800 or Lo Call Number 1890 252 231

E-mail: info@dataprotection.ie

Postal Address: Data Protection Commissioner, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois

For further information please visit the Data Protection Commissioner website www.dataprotection.ie.

We keep our Privacy Policy under regular review and as a result it may be amended from time to time without notice. As a result we encourage you to review this Privacy Notice regularly. Please review this notice each time you use our website or our services. This notice was last updated on 18 May 2018.

Our Data Protection Officer can be contacted by:

Email:  dpo@materprivate.ie

Phone:  (01) 885 8888

Address:  The Data Protection Officer, Mater Private Hospital, Eccles Street, Dublin 7