Our Privacy notice will be a statement and describe to our patients, carers, visitors, the general public and staff how we collect, use, store, retain and disclose the personal data and information that we hold.
The following Privacy Notice forms a part of our ongoing commitment to the fair and lawful processing of all personal data.
We are governed by the following guidelines and legislation:
Data Protection Act 2018
General Data Protection Regulations (GDPR) 2018
Data Protection Act 1988 and 2003
Freedom of Information Act 2014
e-Privacy Regulations 2011
Our Health Care Professionals including Consultants, Doctors. Nurses, and support staff are also regulated and governed by appropriate professional bodies.
3fivetwo Group process personal information and data in order to enable us to support the provision of healthcare services to patients, maintain our own accounts and records, promote our services, and to support and manage our employees. We also process personal information about health care professionals that deliver services throughout the organisation.
We also use information to support and monitor our services to enable the delivery of high quality healthcare. This type of information will usually be provided in an aggregate or anonymised form, so that we cannot identify an individual.
3fivetwo Group may ask for and hold various details of personal information regarding yourself which will be used to aid in the delivery of appropriate care and treatment. The data collected may include the following:
The following may also be collected in certain circumstances:
The information and data described above is collected in a number of different ways and can include:
To protect your confidentiality it is important to us that all of your information is kept safe and secure.
Information and data that is collected is kept within secure paper and electronic records. Access to these records is restricted to only those who require access.
The Data Protection Act 1988 and as of 25th May, GDPR, regulate the processing of personal information and data. The strict principles within these Acts govern our duty and our use of any data.
The use of Technology allows us to protect personal data in various ways, including the restriction of access. When keeping your information safe, our guiding principle is that we are holding your data within the strictest confidence.
Everyone that works within 3fivetwo Group is subject to the Common Law Duty of Confidentiality, the Data Protection Act 2003 and GDPR 2018.
Information that is provided to us in confidence will only be used for the purpose that it was collected for, unless there are other circumstances which are covered by law.
All 3fivetwo Staff are required to undertake training in Data Protection/GDPR, Confidentiality, IT and Cyber Security and other specialist training dependent on job role.
To enable us to fulfil our duties and ensure that the best care possible is provide we will need to share information about you with others. We may need to share your information with a range of other parties including Health and Social care organisations and regulatory bodies. You may be contacted by any one of these organisations for a specific reason, the organisation will have a duty to be able to tell you why they are contacting you.
Where appropriate and in accordance with local laws and requirements, we may share your personal data, in various ways and for various reasons, with the following categories of organisations:
Where sharing patient information is shared with other organisations, an information sharing agreement will be drawn up to ensure that all information that is shared is done so in a way which complies with all relevant legislation.
Your right to withdraw consent:
You have the right to refuse and/or withdraw you consent to information sharing at any time. You will have any possible consequences of this fully explained to you. This could include delays in you receiving relevant care.
One of the main objectives of GDPR is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. These are described in more detail below.
Within 3fivetwo Group there is a senior person who has responsibility for protecting the confidentiality of all of your information.
Under GDPR this person is known as the Data Protection Office (DPO). They can be contacted with any queries relating to your Data and how this is being used.
Data Protection Officer
Under The Data Protections Act 1998 and GDPR any person may request access to the information (with some exemptions) that is held about them.
Data Subject Access Requests (DSAR):
Within the law you have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. At this point we may comply with your request or, additionally do one of the following:
Right to erasure:
In some situations (for example, where your data has been processed unlawfully), you have the right to request us to “erase” your personal data.
Your request will be responded to within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree if certain limited conditions apply.
Once your request has been agreed, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. This will in turn minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
You can unsubscribe to our marketing at any time by contacting us and letting us know your preference.
Right of data portability:
If you wish, you have the right to transfer your data from us to another data controller. We will be able to you help with this. This can be done by either directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format.
Right to lodge a complaint with a supervisory authority:
You also have the right to lodge a complaint with your local supervisory authority, details of which can be found below:
The Data Protection Commissioner
21 Fitzwilliam Square
Telephone +353 57 8684800 / +353 (0)761 104 800
Lo Call Number 1890 252 231
Fax +353 57 868 4757
In order for us to operating in the most efficient way, it is possible that we may have to transfer or store your data internationally.
It is important to us to make sure that your data are stored and transferred only in ways which are secure. Therefore we will only transfer personal data outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
– by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws; or
– by signing up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
– transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation; or
– where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer data outside the EEA in order to meet our obligations under that contract if you are a Client of ours); or
– where you have consented to the data transfer.