GDPR – General Information

The General Data Protection Regulation (GDPR) is an EU regulation intended to unify and strengthen data protection for European citizens. GDPR comes into effect on May 25, 2018. It will replace the existing Data Protection Acts 1998 and 2003.

Grange Cross Medical aims to ensure the highest standard of medical care for our patients. We understand that confidentiality is a fundamental principle of medical ethics and is central to the trust between patients and doctors. The privacy practices and GDPR policy we adopt in our practice are in line with the Medical Council guidelines and the privacy principles of Data Protection legislation.

A copy of our GDPR policy is available on request through reception and you are welcome to review the policy. We reserve the right to amend this policy at any time, at our discretion. We will notify you of changes to this policy where we are required to do so. 

​

What information do we collect about you?

When you attend or register with us as a patient, we collect the personal details specified in the patient registration form. With your prior knowledge and consent, we may take up copies of your medical records from a previous GP etc. Your GP is also likely to receive updates from other health professionals, hospitals etc involved in your treatment and care.

​

Why do we collect this information?

We collect this information to provide appropriate treatment and services to you and to ensure your continuity of care and patient safety. We also collect information when required to by law.

​

On what basis do we process this information?

Your personal information is mostly collected directly from you and processed by us with your knowledge and express consent. You may withdraw your consent to the processing of your personal information at any time.

Sometimes, your personal information may be processed in accordance with Grange Cross Medical legal obligations, e.g. mandatory reporting obligations in relation to infectious diseases etc. 

​

Who will we share your information with?

We may share your information with other healthcare professionals and third party service providers e.g. laboratories when it is necessary and appropriate for your treatment and care.

​

How long do we keep hold of your information?

We retain records in accordance with the National Hospitals Office (NHO) Code of Practice for Healthcare Records Management which can be viewed at www.hse.ie.

 

Data Protection Officer

Grange Cross Medical registered Data Protection Officer is Paul O Grady. Any queries, concerns or requests to exercise your rights under Data Protection legislation may be addressed to Paul O Grady at paul@grangecrossmedical.ie

​

Your Rights

Under Data Protection legislation, you have the right to:

​

-         Withdraw consent to the processing of your personal information. 

​​

(Note: If you withdraw consent, we may not be able to continue to provide treatment and services to you. We will talk to you about the possible consequences of withdrawing consent, if and when you let us know that you are thinking of this. The withdrawal of consent will not undermine the lawfulness of processing carried out prior to the withdrawal)

​

Request to access the information we hold about you.

​

Request the correction of inaccuracies in / erasure of the information held about you.

Request the restriction of processing of the information we hold about you.

​

-          Exercise your entitlement to data portability.

​

-          Make a complaint to the Office of the Data Protection Commissioner of Ireland.

​

Please address any rights requests by email to paul@grangecrossmedical.ie

​

Our Website

Each time any visitor uses the Grange Cross Medical website, we may collect one or both of two different types of information.

Non-individual specific statistics 
The first type of information is statistical and analytical information collected on a non-individual specific basis about visitors to the our website. We gather general information about how many visitors use the website, how many visitors return to the website, what pages they visit etc. This information lets us monitor traffic on the website so that we can manage its capacity, efficiency, design and content. It helps us to understand website traffic patterns and to know, for example, which parts of the website are the most popular / useful.

Personal information 
The second type is information which is personal or particular to a specific visitor. This information is collected by specific request so you will be fully aware when you are providing this information to us. This might arise when you seek an appointment online.

Security of information transmitted to our website 
Grange Cross Medical cannot guarantee the security of your personal information transmitted to our website. Transmission of your personal information is at your own risk. Once we receive your personal information, we will use appropriate security measures to seek to prevent unauthorised access or disclosure.

External websites 
Our website may contain links to and from other websites. Those websites have their own privacy policies and Grange Cross Medical does not accept any responsibility or liability for those policies. You are advised to check those policies before you submit any personal information to those websites.