Introduction

At Mater Private Healthcare Group we understand that the privacy and security of your information is important to you. To this end, we endeavour to safeguard all information you entrust us with in order to protect and respect your privacy.

This Privacy Notice sets out the basis upon which we collect, use, store and disclose personal data collected from you and/or held about you, as well as your rights in relation to that data. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

For the purpose of Data Protection Laws, Mater Private Healthcare Group, with a registered address at Eccles Street, Dublin 7 and registered under company number 99197 will act as a Data Controller when acting as an employer, a supplier of health services and where dealing with suppliers and in this role it is responsible for processing your data in a safe, secure and compliant manner.

When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual.

We may hold and use personal data about you as a customer, patient or in any other capacity. Depending on the services you receive from us, this may include special category personal data such as information relating to your health

Personal data we collect from you may include the following:

  • Information that you give us when you enquire or become a patient of ours such as your name, address, contact details (including email address and phone number);
  • Information you give us when you make a payment to us, such as financial or credit card information;
  • Name and contact details (including phone number) of your next of kin or relatives;
  • Notes and reports about your health and any treatment and care you have received and/or need, including information relating to clinic and hospital visits and medicines administered;
  • Information about complaints and incidents;
  • Information obtained from customer surveys that you have taken part in;
  • Information that you give us when you submit a question/comment in relation to our services or website;
  • Information you give us using the contact us or book an appointment form on our website;
  • Information you give us when you apply for a job with us (CV, cover letter, contact details);
  • Information you give us when you publish public comments on our social media pages e.g. Facebook, Twitter, Google, LinkedIn, Boards.ie, Rate My Hospital, Reddit.ie, Glassdoor.com;
  • Images stored on the CCTV systems in use at our facilities for medical, safety and security purposes

Please note: where you have named and provided us with personal data about your next of kin, it is your responsibility to ensure that the individual is aware of and accepts the terms of this Privacy Notice.

When you use our services, we may obtain the following categories of personal data from others:

  • Your General Practitioner (GP), other medical professionals including HSE, other hospitals and health professionals when you transfer or are referred to our service;
  • Independent medical consultants who carry out procedures at the Hospitals of Mater Private Healthcare Group. To provide you with the best possible care, consultants may need to share your personal data and medical records with Mater Private Healthcare Group;
  • An external marketing company who analyse public social media pages where you publish comments about Mater Private Healthcare Group. These comments are analysed to assess the public’s opinions in relation to our services so that we may provide you with improved services;
  • Your employer or sports club if you are referred by them for medical assessment and/or treatment.

Your personal data will be kept confidential and secure and will, unless you agree otherwise, only be used for the purpose(s) for which it was collected. Your information helps us to provide and improve our services.

We will use this information as follows:

  • To create and maintain your medical record on our administration systems which records all aspects of your assessment, diagnosis and treatment while in our care;
  • To ensure that our clinical staff have the information they require for your assessment and/or treatment;
  • To generate invoices for treatment received and subsequent payment of those invoices;
  • To keep you informed on our latest services and offerings, where you have subscribed to receive such information;
  • To create a candidate profile for you if you are a prospective employee;
  • To constantly improve our website services and security;
  • To carry out internal clinical audits and enable clinical research.
  • Mater Private Healthcare Group support and promote research activity within our hospitals. Our Health Research Ethics Committee must approve research before it takes place. A retrospective chart review may be carried out without your consent where this is approved by the Ethics Committee. You will never be identified in any published results without your prior consent.

We may share your personal data with our selected business associates, suppliers and contractors to provide you with our services. For example, these business partners may include:

  • Health insurers and third party claims assessors, working on behalf of Mater Private Network, to secure payment for your treatment where it is covered by your private health insurance policy;
  • Healthcare professionals, independent consultants and other hospitals that require your personal data as part of the provision of medical treatment;
  • Information technology (IT) service providers that either host or have access to our data as part of their product offering;
  • Regulatory bodies such as HIQA, the Health and Safety Authority, where we are obliged to make data available as required;
  • Outsourced service providers, such as the use of external laboratories, third party contact centres for scheduling appointments and market research companies;
  • Other companies and organisations with whom we exchange data for the purposes of fraud protection and credit risk reduction.

We may also disclose your personal information to third parties:

  • As part of normal business processing with other companies within Mater Private Healthcare Group;
  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • If we are under a duty to disclose or share your information in order to comply with any legal obligation or in order to enforce or apply our terms of use and other agreements; or to protect our rights, property or safety of our patients or others.

In general, medical records should be retained for a period of eight years after the conclusion of treatment.

We will process your personal data throughout the course of your treatment and will then retain it for a period after that, depending on the type of data, our legitimate business needs and other legal or regulatory rules that may require us to retain it for certain minimum periods.

Once we have determined that we no longer need to hold your personal data, we will securely delete it.

CCTV Images

  • CCTV Images are retained for 30 days.
  • CCTV Images taken at the Sleep Clinic do not form part of the medical record, they are retained for a period of 30 days and deleted once the report has been reviewed. 

The legal bases for the processing of your personal data are:

  • The processing is necessary for the performance of the contract which you have entered into with us or to take steps at your request prior to entering into a contract;
  • That you have provided consent for the processing for one or more specified purposes such as marketing, for example when you fill out an admissions form and provide your consent to receiving marketing material or subscribe to receive future material;
  • The processing is necessary for compliance with certain legal obligations to which we are subject;
  • Processing necessary for the purposes of the legitimate interests which we pursue where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information.

The legal bases for the processing of your special category personal data (i.e. your medical information) are that the processing is necessary:

  • For the purposes of preventive or occupational medicine, medical diagnosis and the provision of healthcare;
  • To protect your vital interests;
  • For the establishment, exercise or defence of legal claims;
  • For compliance with certain legal obligations to which we are subject;
  • For reasons of public interest in the area of public health;
  • For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

Our legitimate interests include the outsourcing of appointment scheduling for radiology satellite clinics and conducting patient feedback surveys with the aim of improving patient experience.

In a limited number of circumstances, your personal data may need to be transferred outside of the European Union and European Economic Area to a country for which there is no adequacy decision relating to the safeguards for personal data from the European Commission.

If the destination is not the subject of an adequacy decision then either a derogation under Article 49(1) General Data Protection Regulation (GDPR) will apply which does not have to be listed here or we will ensure that appropriate safeguards will be in place to protect your data such as Standard Contractual Clauses.

You have the following rights:

  • The right to access the personal data we hold about you;
  • The right to require us to rectify any inaccurate personal data about you without undue delay;
  • The right to have us erase personal data we hold about you. It should be noted that this is not an absolute right and is limited to certain specific situations such as, for example, where processing is unlawful, where it is no longer necessary for us to hold the personal data in order to provide you with our services or, in some circumstances, if you have withdrawn your consent to the processing and there is no other legal ground for our processing of the data;
  • The right to object to us processing personal data about you such as processing for profiling or direct marketing;
  • The right to ask us to provide your personal data to you in a portable format. This right only applies to data which you have provided to us, and where the processing is carried out by automated means;
  • The right to request a restriction of the processing of your personal data.

Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.

You may exercise any of the above rights by contacting Mater Private Data Protection Officer at the details shown below.

You may lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission.

You can contact the office of the Data Protection Commission at:

Lo Call Number 1800 123 456

https://www.dataprotection.ie/

Postal Address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28.

We keep our Privacy Notice under regular review and as a result it may be amended from time to time without notice. As a result we encourage you to review this Privacy Notice regularly. Please review this notice each time you use our website or our services. This notice was last updated in February 2023.

Our Data Protection Officer can be contacted by:

Dublin

Email: dpo@materprivate.ie

Address:  The Data Protection Officer, Mater Private Network, Eccles Street, Dublin 7

_______________________________________________________________________

Cork

mpcdpo@materprivate.ie

Phone:  (021) 6013200

Address:  The Data Protection Officer, Mater Private Hospital, Citygate, Mahon, Cork.


Schedule of Services

We have set out below a list of the categories of third parties with whom we share your data. 

Category of Third Party

Description of Service Provided

Information technology (IT)

System based processing of personal and/or medical details as part of patient treatment and/or organisational/operational requirements e.g. cloud hosting services; application development and support services; Information technology (IT) infrastructure services; email services; call recording services.

Legal/Professional Advisors

The provision of business consulting, audit and legal services including access to and analysis of personal data as part of business initiatives, statutory audits, legal claims and ad-hoc consultancy advice.

Transport, Storage & Shredding

The provision of courier services for the transportation of physical documents to and from suppliers, insurers and referring corporate/medical partners.

Storage and destruction of physical files for operational and regulatory purpose.

 

Outsourced Service Providers

The external processing of personal data to external providers where Mater Private Hospital does not have either the expertise, capacity or demand to provide the processing required. E.g. test/analysis by external laboratories.

Regulatory Bodies

Provision of personal data as required to satisfy recurring obligations, audit and mandatory reporting purposes with bodies such as HIQA, TUSLA, Health and Safety Authority etc.