Privacy Notice
1. WHO ARE WE?
We are Saint John of God Hospital CLG (“SJOGH CLG”) with an address at Granada, Stillorgan Road, Stillorgan, Co. Dublin. We are part of the Saint John of God Hospitaller Services Group, which has its headquarters in Rome.
Saint John of God Hospital CLG is the data controller who determines the purposes and means of the processing of personal data for both Saint John of God Hospital and Saint Joseph’s Centre Shankill. Personal data may be collected directly by our staff, but in some circumstances by medical consultants, or other healthcare professionals who are involved in your treatment.
SJOGH CLG provides mental health services to private and public patients in Ireland. Saint Joseph’s Shankill provides person-centred care to our residents living with dementia specific needs, a copy of their privacy notice can be read at Saint Josephs Shankill | Dedicated to dementia care
This notice sets out the basis on which any personal data we collect from you, or from others, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
For Data Protection related queries, our Data Protection Officer can be contacted by:
Email: DPOHosp@sjog.ie
Post: Data Protection Officer, Saint John of God Hospital, Stillorgan, Co. Dublin, A94 FH92
2. WHAT PERSONAL INFORMATION DO WE COLLECT FROM YOU?
We have set out below, the types of personal and special category data which SJOGH CLG may collect.
“Personal data” means any information relating to you which allows us to identify you, such as, your name, contact details, payment details and information about your use of the Hospital’s services. Personal data does not include data where the identity of the individual has been removed, i.e., anonymous data.
“Special category data” refers to more sensitive personal data which requires a higher level of protection, such as data relating to your health, religious beliefs, or political opinions. This sensitive data can only be processed under strict conditions.
Category | Personal Data Processed |
Personal Data | |
Patient Details | When you become a patient of the Hospital and throughout your time as a patient, we will collect: · Full Name · Address · Contact details · Date of Birth · Gender · Marital status · PPS Number · Patient Number · Next of kin contact details/Emergency contacts · Family support service provision · Financial information · Information shared during treatment which may include third party data. · Admission/discharge to SJOGH and other services. |
Next of Kin/Visitors Details | If you are one of our patients’ next of kin or a visitor of the Hospital, we may collect: · Name · Phone Number · Address · Email Address |
Referrer & General Practitioner Details | Where an individual is referred to our services, we may collect: · Name · Contact details · Address/Practice address · Relation to patient |
Financial and Insurance Details | Where you are a patient of the Hospital, we may collect: · Bank Details · Insurance Policy Details |
Website User Details | When you access our website, we may collect: · IP address · Device type · Browser type |
Fundraiser Details | Where you choose to become a donor or fundraiser: · Name & Contact details · The event which you may have attended · Payment details |
Communications Data | Where you correspond with us by phone, e-mail, via our websites, or social media pages, or otherwise, for feedback, queries, complaints etc. We ask you to disclose only as much information as is necessary to provide you with services or to submit a question/suggestion/comment in relation to our site or our services. When you communicate with us, we may collect: · Name & Contact details · Details in relation to your feedback/query/comment/complaint.
We may also communicate with you. Where you have opted into receiving information from SJOGH CLG such as, updates and information about our services, upcoming events and campaigns, educational material, press releases, we will collect: · Name & Contact details |
Job Applicants Details | Where you apply for a vacant position at SJOGH CLG, we will collect: · Information contained in CVs · Name · Address & Contact details · Employment History · Education · Application Form details
We ask that you do not disclose any sensitive information in your application. |
Supplier Details | Where suppliers provide us with services, we will collect: · Name · Business address & Contact details · Billing payment details |
CCTV Data | Where you are a patient, visitor, or an employee of the Hospital we may collect: · Images and Recordings of you entering/on the premises |
Special Categories of Data | |
We will only collect and process special categories of data where it is necessary to provide you with the services you require and as part of a contract with health professionals. | |
Health & Medical Details | When you become a patient of the Hospital and throughout your time as a patient, we will collect: · Clinical and Consultation notes · Medical records · Medication information · Information which you inform us of, throughout the course of providing healthcare services |
Job Applicants Details | Prior to becoming an employee of the Hospital, we may collect: · Garda Vetting · Pre-employment Medical Information |
3. WHAT INFORMATION ABOUT YOU DO WE OBTAIN FROM OTHERS AND WHERE DO WE GET THIS INFORMATION?
When you use our healthcare services, we may obtain some of the above categories of personal data, such as, reasons for referral, medical history, and medications information, contact details, etc. from others, including:
- Other hospitals and service providers (where you are being referred to us from another hospital or service provider)
- Your referring GP or your consultant
Your family members, carers and/or next of kin
4. PURPOSES FOR COLLECTION AND OUR LAWFUL BASES FOR PROCESSING
In most cases, we collect information from you for the primary purpose of providing care and treatment to you and for associated administrative processes, for example, arranging payment for the services. Your personal data will be processed as part of our contract with you to provide you with these services. We are also obliged to record certain patient information under the Mental Health Act 2001 approved centre regulations.
The processing of special category data may also be necessary for reasons of public interest in the area of public health. If the purpose of the processing is for a reason other than the reasons outlined, we will seek explicit consent to process your special category personal data.
Below we have outlined what we do with your personal data, why we do it (the purpose) and our legal basis for processing.
What We Do | Why We Do It | Personal Data Involved | Our Legal Basis |
Add you to our waiting lists | So that we can offer you or your loved one a place as soon as one becomes available. | · Patient Details · Next of Kin Details · Insurance Details · Health & Medical Details | Performance of a Contract |
Manage and deliver your care and treatment | To provide care and treatment to you. | · Patient Details · Health & Medical Details | Performance of a Contract
For the provision of Health, Social Care, Treatment and Management of our Services.
Legal Obligation – Mental Health Act 2001 |
Contact you in relation to queries and appointments | To ensure your queries are answered and that you are kept up to date about upcoming visits. | · Patient Details · Next of Kin Details · Insurance Details · Health & Medical Details | Performance of a Contract
|
Carry out fundraising and marketing activities | To keep you up to date with events and other news. | · Fundraising Data · Communications Data | Your Consent |
Carry out surveys | To ensure patient satisfaction or manage areas of dissatisfaction. | · Patient Details · Details about experiences | Your Consent |
Carry out health research studies | To help develop understanding about health risks and causes to develop new treatments.
All applications to conduct health research studies must first receive approval from our Research Ethics Committee.
All health research in Ireland is governed by the Health Research Regulations 2018 (HRR) and the amended regulations 2021. | Health & Medical Details | Your Explicit Consent or in accordance with the HRR. |
Carry out Retrospective Chart Review studies | To help develop understanding about health risks and causes to develop new treatments.
If your records and data are to be used for a Retrospective Chart Review, your personal data will be protected by being fully anonymised or given a unique code so that your name does not appear alongside the information or in any of the results of the research. Any findings from a study that are published will not identify you. Any such study will be reviewed and approved by a research ethics committee prior to commencement.
| Health & Medical Details | Our Legitimate Interests
Public Interest, Scientific, Historical Research Purposes |
Conduct clinical audits | To improve and advance treatment and care and to ensure best practice and for quality assurance and improvement purposes.
If your records/data are to be used for activities such as clinical audit and quality improvement, all information will be anonymised meaning that it cannot be traced back to any service user. | Health & Medical Details | Our Legitimate Interests |
Communicate with you as part of our relationship with you or as per our contract with you | · To set you up as a supplier on our systems. · To ensure payment of our invoices. · To consult with you about projects that we are undertaking with you. | Supplier Details | Performance of a Contract |
Process job applications | To determine if you are the right fit for an open role.
We use a third-party service provider to manage our recruitment process. | Job Applicant Details | Our Legitimate Interests |
CCTV recording | For security and health and safety purposes. | CCTV Data | Our Legitimate Interests |
5. OUR WEBSITE
When visiting our website, we will not attempt to identify you as an individual user or collect personal information from you.
We may sometimes include on our website, links to third party websites. We are not responsible for the content or privacy practices employed by websites that are linked from our website.
Our website uses certain cookies. Our cookie policy can be accessed Cookie Policy (stjohnofgodhospital.ie).
6. WHO DO WE SHARE THIS INFORMATION WITH?
We will only use or share your personal information for the primary purposes for which it was collected, for related secondary purposes which you might reasonably expect (or that we have told you), or as required or permitted by law. We may also share your personal data with our selected business associates, suppliers, and contractors (data processors) to provide you with our services. This may include, for example:
- Medical Professionals including your GP, occupational therapists, dentists, dieticians, opticians, and hospice carers.
- Our Pharmacy Partners
- Our Catering Services
- Our Incident Management Platform
- Our Recruitment Platform Providers
- Our Web Hosting Providers
- Archive/Shredding Providers
- Your Insurance Company, where you have given us the details to pay for your treatment.
- Our Professional Advisers, such as legal advisors, insurance advisors, etc.
In addition, we may disclose your personal information:
- If we are under a duty to disclose your information to comply with a legal obligation or where there is a requirement to report to a statutory agency, for example:
- To the Mental Health Commission
- To HIQA
- The Irish Medicines Board
- To the Revenue Commissioners
- To Tusla
- The Gardaí or other law enforcement agencies
- As part of a project with other companies in the Saint John of God Hospitaller Services Group.
- Where the healthcare professional reasonably believes the use or disclosure of your personal data is necessary to lessen or prevent a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety.
- To enforce or apply our terms of use and other agreements or to protect our rights, property, or the safety, our customers, or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If we, or all of our assets are acquired by a third party, information held by us about our customers and service users will be one of the transferred assets.
A list of our data processors is available from the DPO.
7. HOW LONG DO WE KEEP HOLD OF YOUR INFORMATION?
The time periods for which we retain your information depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.
We have a Policy and Schedule in relation to the Retention of Records that aligns with the HSE 2013 Retention Schedule and other industry standard guidelines.
For further information on the periods for which your personal data is kept, please see our Data Retention Policy which can be accessed from the DPO.
8. TRANSFERS OUTSIDE OF THE EUROPEAN UNION OR EUROPEAN ECONOMIC AREA
In extremely limited circumstances, we may need to transfer your personal data outside of the European Economic Area (EEA).
In such cases, we will ensure that any transfer of your personal data to countries outside the EEA is subject to appropriate safeguards meaning that your personal data will receive the same level of protection as within the EEA and under the principles set out in this Privacy Notice.
9. AUTOMATED DECISION–MAKING AND PROFILING
SJOGH CLG does not conduct Automated Decision Making or Profiling activities.
10. WHAT ARE YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA?
You have the following rights:
- The right to access the personal data we hold about you.
- The right to require us to rectify any inaccurate personal data about you without undue delay.
- The right to have us erase any personal data we hold about you in circumstances such as where it is no longer necessary for us to hold the personal data or, in some circumstances, if you have withdrawn your consent to the processing.
- The right to object to us processing personal data about you such as processing for profiling or direct marketing.
- The right to ask us to provide your personal data to you in a portable format or, where technically feasible, for us to port that personal data to another provider provided it does not result in a disclosure of personal data relating to other people.
- The right to request a restriction of the processing of your personal data.
You may exercise any of the above rights by contacting the DPO –
Address: Data Protection Officer, Saint John of God Hospital, Stillorgan, Co. Dublin, A94 FH92
Phone: +353 1 639 2958
Email: DPOHosp@sjog.ie
You may lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission. The website is www.dataprotection.ie
HOW TO MAKE A DATA SUBJECT ACCESS REQUEST
Requests for access to personal data should be made to the Data Protection Officer or the Medical Records Officer. To ensure that we can action your request as quickly as possible, we ask that you include the following information in your request:
- Identify the records or information that you require.
- Provide full personal contact details.
- Provide a copy of one form of identification, i.e., passport or driving licence.
If you are making a request on behalf of another individual, we will require written authority from that individual in order to release their records to you.
11. FUNDRAISING AND MARKETING MESSAGES
If you have opted-in to receive marketing communications from SJOGH CLG, we will use the details you provide to us to send you updates on upcoming events, fundraisers etc., happening at SJOGH.
You have the right to ask us not to process your personal details for such purposes and you can change your mind and ‘opt out’ of receiving marketing updates at any time.
HOW TO OPT-OUT
To do so, simply click the ‘unsubscribe’ button located at the bottom of any email which you receive from us.
Alternatively, send us an email, writing “unsubscribe” in the subject heading to DPOHosp@sjog.ie
Please note that opting out of marketing messages will not stop service communications.
12. WHAT WILL HAPPEN IF WE CHANGE OUR PRIVACY NOTICE?
This notice may change from time to time, and any changes will be posted on our site and will be effective when posted. Please review this notice each time you use our site or our services. This notice was last updated in September 2023.
13. HOW CAN YOU CONTACT US?
For Data Protection related queries, our Data Protection Officer can be contacted by:
Email: DPOHosp@sjog.ie
Post: Data Protection Officer, Saint John of God Hospital, Stillorgan, Co. Dublin, A94 FH92
14. CORONAVIRUS AND DATA PROTECTION
All measures taken in response to Coronavirus involving the use of personal data, including health data, will be necessary and proportionate. Where SJOGH CLG. is acting on the guidance or directions of public health authorities, or other relevant authorities, Article 9(2)(i) GDPR and Section 53 of the Data Protection Act 2018 will permit the processing of personal data, including the sharing of limited health data, (e.g. reporting results of Coronavirus testing, personal data in relation to the provision of vaccinations to staff, list of staff vaccinations), once suitable safeguards are implemented. Such safeguards may include limitation on access to the data and strict time limits for erasure.
Employers will also have a legal obligation to protect their employees under the Safety, Health, and Welfare at Work Act 2005 (as amended). This obligation, together with Article 9(2)(b) GDPR provides a legal basis to process personal data, including health data, where it is deemed necessary and proportionate to do so.
