Data Protection Statement

WHO ARE WE?

We are Sparantus Limited trading as Highfield Healthcare (“Highfield Healthcare”), a private healthcare service provider registered under company number 285998, with a registered address at Swords Road, Whitehall, Dublin 9.

Highfield Healthcare specialises in the care of the elderly and in mental health services and operates a private psychiatric hospital and nursing homes in County Dublin.

We use certain expressions throughout this document such as Personal data and Special Categories of Personal Data.

Personal Data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special categories of Personal Data includes information about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Special categories of Personal Data can only be processed under strict conditions, including a condition requiring the express permission of the person concerned.

Data Controller means the entity which, by itself or jointly with others, determines the purpose and means of processing Personal Data.

For the purpose of the Data Protection Acts 1988 and 2003 (as amended) (the DPA) and from 25 May 2018, the General Data Protection Regulation (the GDPR), the data controller is Highfield Healthcare.

This notice sets out the basis on which any Personal Data and Special Categories of Personal Data we collect from you, or that you (or others) provide to us, will be processed by us.  Please read the following carefully to understand our practices regarding your personal data and how we will treat it.


WHAT INFORMATION DO WE COLLECT FROM YOU?

You may give us information by:

  • using any of our healthcare services and facilities in Ireland. The type of information we may collect includes your name; address; email address; phone number; date of birth; country of birth; legal status; gender; next of kin; PPS number; medical card details; private health insurance details; bank account details, car registration details and your photograph. We may also collect Special Categories of Personal Data including information relating to your ethnic background; your religion; medical records; diagnosis information; medical/physical/psychiatric history; and medication details.
  • interacting with us when you are a next of kin of one of our residents. The type of information we may collect includes your name; phone number; address; email address, and credit card details.
  • corresponding with us by phone, e-mail or otherwise.  We ask you to disclose only as much information as is necessary for the purpose of your interaction with us or when submitting a question/suggestion/comment in relation to our services or our website.
  • applying to work with us as an employee, contractor or medical/nursing student. The type of information you may provide includes your CV, your name, address, e-mail address, phone number, statement of employment or references and Garda vetting documentation. CVs should include information relevant to your employment history and education (degrees obtained, places worked, positions held, relevant awards, and so forth). We ask that you do not disclose sensitive personal information (e.g. gender, height, weight, medical information, religion, philosophical or political beliefs, financial data) in your application.

WHY DO WE COLLECT THIS INFORMATION?

We collect the Personal Data, and where necessary Special Categories of Personal Data, in order to provide you with our healthcare services, to transact business, to market our services, to recruit staff and to improve our website.

We will use this information:

  • to carry out our obligations arising from any agreements entered into between you and us e.g. to provide you with healthcare services;
  • to communicate with you as part of our relationship with you or as per our contract with you;
  • for statistical analysis purposes, to monitor our performance and quality of care;
  • for clinical audit purposes through a clinically led quality improvement process that seeks to improve patient care and outcomes through the systematic review of care against explicit criteria;
  • to carry out patient experience surveys to help us improve the quality of our services, where you have consented to this;
  • to create a candidate profile for you if you are a prospective employee which is a step we need to take prior to entering into a contract with you;
  • to communicate any upcoming Highfield Healthcare events where you have ‘opted in’ to receive such material and where such information is related to your treatment;
  • to administer and improve our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. For further information please see our Cookie Policy at http://www.highfieldhealthcare.ie/cookie-policy/;
  • as part of our efforts to keep our website safe and secure.

The legal bases for the processing of your Personal Data are:

  1. processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract;
  2. processing necessary for the purposes of the legitimate interests which we pursue prior to contract (for example, in providing you with information about our services) and post contract (for further details, see the section entitled ‘Who Might We Share Your Personal Data With?’) where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information;
  3. the processing is necessary in order to protect your vital interests or that of another person;
  4. processing based on your consent which we obtained from you when you received our services, for example, if you consent to participating in our patient experience survey
  5. processing necessary for compliance with a legal obligation to which we are subject.

The legal bases for the processing of Special Categories of Personal Data are:

  1. the processing is necessary for the provision of health care or treatment and for the purposes of medical diagnosis;
  2. the processing is necessary in order to protect your vital interests or that of another person;
  3. the processing is necessary for reasons of substantial public interest and is required under the Mental Health Act 2001 (Approved Centres) Regulations 2016, Schedule 1, the Health Act 2007 (Care and Welfare of Residents in Designated Centres for Older People) Regulations 2013, Schedule 3 and 4; Health Act (Registration of Designated Centres for Older People) Regulations 2015, and the National Vetting Bureau (Children & Vulnerable Persons) Act 2012.

WHAT INFORMATION ABOUT YOU DO WE OBTAIN FROM OTHERS?

When you use our healthcare services, we may obtain the following categories of personal data from others:

  • name;
  • address;
  • date of birth;
  • phone number;
  • gender;
  • marital status;
  • occupation;
  • religion;
  • insurer;
  • reasons for referral;
  • medical/psychiatric history;
  • medications;
  • next of kin details; and
  • name of GP.

WHERE DID WE GET THIS INFORMATION?

We obtain this information from:

  • other hospitals (where you are being admitted to one of our healthcare facilities from another hospital);
  • your referring GP; and
  • your family members in certain circumstances such as, for example, on admission to our nursing home facilities.

WHO MIGHT WE SHARE YOUR PERSONAL DATA WITH?

We may share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with selected third parties, including business partners, suppliers and sub-contractors, for example to provide you with our healthcare services and for the performance of our contract with you. Further details of the sharing of Personal Data (including, if necessary and in accordance with legal requirements, Special Categories of Personal Data) are set out below.

In addition, we may disclose your Personal Data to third parties:

  • In the event that we sell or buy any business or assets, in which case we will disclose your Personal Data and Special Categories of Personal Data to the proposed seller or buyer of such business or assets at an appropriate time;
  • If we, or substantially all of our assets, are acquired by a third party, in which case Personal Data and Special Categories of Personal Data held by us will be one of the transferred assets;
  • If we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect our rights, property, or safety, our patients, or others. This includes, without limitation, exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We have set out below a list of third parties with whom we share your Personal Data:

No Third party description
1. HSE, HIQA, Mental Health Commission, Coroners, the Health Research Board; Department of Employment Affairs and Social Protection and other government agencies where lawful to do so.
2. Other hospitals into which you are transferring, where appropriate.
3. GPs
4. Consultants on call
5. Legal advisors
6. Patients’ family members in certain circumstances
7. Sub-contractors such as, for example, occupational and physiotherapists, laboratories etc.
8. Pharmacies
9. Our insurers and insurance brokers
10. Cloud Service Providers
11. IT Back-up Providers
12. Archive/shredding companies
13. Email and IT service providers
14. Auditors
15. Accounting software
16. CCTV service providers
17. Security software
18. HR software
19. Cookie analytics service provider
20. Electronic patient management system
22. Electronic medication management system
23. Clinical audit software provider
24. Survey software provider
25. Private health insurers

HOW LONG DO WE KEEP HOLD OF YOUR INFORMATION?

The time periods for which we retain your information depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted. Further information on this is in our Data Retention Policy.


DO WE TRANSFER YOUR INFORMATION OUTSIDE THE EUROPEAN UNION OR EUROPEAN ECONOMIC AREA?

No


WHAT ARE YOUR RIGHTS WITH RESPECT TO YOUR INFORMATION?

You have the following rights:

  • The right to access the information we hold about you.
  • The right to require us to rectify any inaccurate information about you without undue delay.
  • The right to have us erase any information we hold about you in circumstances such as where it is no longer necessary for us to hold the information for your use of our services or if you have withdrawn your consent to the processing.
  • The right to object to us processing information about you such as processing for profiling or direct marketing.
  • The right to ask us to provide your information to you in a portable format or, where technically feasible, for us to port that information to another provider provided it does not result in a disclosure of information relating to other people.
  • The right to request a restriction of the processing of your information.
  • Where our processing of your Personal Data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful

Where our processing of your information is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.

You may exercise any of the above rights by: writing to the Data Protection Officer at DPO@highfieldhealthcare.ie or by post to Highfield Healthcare, Swords Road, Whitehall, Dublin 9.

You may lodge a complaint with your local supervisory authority with respect to our processing of your information.  In Ireland, the local Supervisory Authority is the Office of the Data Protection Commissioner with an address at Canal House, Station Road, Portarlington, Co. Laois.


WHAT WILL HAPPEN IF WE CHANGE OUR DATA PROTECTION STATEMENT?

This statement may change from time to time, and any changes will be posted on our website and will be effective when posted. Please review this notice each time you use our website or our services. This statement was last updated on 30th April 2018.


HOW CAN YOU CONTACT US?

You can contact us:

by phone: +353 1 837 4444

Our website is www.highfieldhealthcare.ie

Our Data Protection Officer can be contacted by email at: dpo@highfieldhealthcare.ie or by post to Data Protection Officer, Highfield Healthcare, Swords Road, Whitehall, Dublin 9.