Privacy Policy, Cookie Policy and GDPR Compliance statement

Who are we / what is “The Children’s Practice”? Who is the Data Controller?

The Children’s Practice is a private provider of children’s medical services in Dublin, Ireland. The Children’s Practice Data Controller is Turlough Bolger. This statement relates to our privacy practices and GDPR compliance in connection with this website, www.thechildrenspractice.ie. We are not responsible for the content, privacy practices or GDPR compliance of other websites. Any external links to other websites are clearly identifiable as such.

The Children’s Practice website and our email is hosted by LetsHost.ie, and you can read more about LetsHost and their GDPR compliance here: https://www.letshost.ie/gdpr-statement/

Where are we? Where is the location of processing?

The Children’s Practice offers clinic-based appointments from The Children’s Practice, Suite 5 Cubes 1, Beacon South Quarter, Dublin 18. We can be contacted by phone on 01 2955 956, by fax on 01 697 5775 and our email address is admin@thechildrenspractice.ie. Personal Data is processed at our clinic base, registered address or at other locations where our medical staff may be located on occasion.

What personal data do we process? How do we process data?

We process the following data:

  • Names (of parents / guardians and children)
  • Their address(es)
  • Their contact details such as telephone numbers / email addresses
  • Their Dates of birth

We process information relating to the health (physical and mental) and education of children using our service. We also process text submitted via forms on our website (which may or may not include names, e-mail addresses and telephone numbers) and IP addresses. We collect information in manual / paper and electronic formats. We do not record telephone calls or conduct audio or video recording.

We do not currently process any kind of credit card information via our website.

How do we store and protect data?

Physical / paper-based data is stored at our clinic at Sandyford in County Dublin under lock and key. Electronic data is similarly stored on remote cloud servers and devices storing this information are password protected.

Some client information submitted via webforms such as clients looking to make an appointment with The Children’s Practice and / or those who submit a query via our website are stored temporarily on our servers as a backup in case of any email issues in terms of delivery – but once this correspondence has been answered / dealt with these records are periodically removed.

All data is accessible only by The Children’s Practice staff. We do not email patient reports.

Information provide via this website is secured within HTTPS networks. HTTPS is the protocol over which data is sent between your browser and The Children’s Practice website. The “S” at the end of HTTPS stands for secure and indicates that these communications are encrypted.

How long do we retain data for?

Our stance on data retention is guided by the HSE. As per the HSE’s most recently (2013) published Records Retention Periods policy (https://www.hse.ie/eng/services/list/3/acutehospitals/hospitals/ulh/staff/resources/pppgs/rm/recret2013.pdf), we retain paper and electronic information relating to children / young people until the patient’s 25th birthday or 26th if the young person was 17 at the conclusion of treatment, or 8 years after death.

We retain financial data – this being typically paper receipts and invoices stored in a paper format – for the current year plus six years. Once a retention period has expired, data is destroyed under confidential conditions.

Why do we process personal data?

We process data as part of the process of providing Paediatric medical services. This includes, but is not limited to booking clinic appointments, carrying out assessments and interventions, referring children to / discussing children’s health needs with parents / guardians and other professionals, invoicing, end-of-year accounting and other day-to-day administration purposes that are within our legitimate interests.

Who do we share data with and why?

The Children’s Practice does not share data with individuals, companies or organisations except under the following circumstances:

  1. With your Consent – we will share personal information relating to your child with other professionals when we have your written permission to do so; examples include referring your child to another professional or sending a copy of your child’s medical report to their school.
  2. For processing by third parties – including LetsHost (website host), and our Accountants.
  3. For legal reasons – The Children’s Practice will share personal information with outside organisations when legally obliged to do so e.g. at the request of the Garda√≠ or Revenue Commissioners.

Consent: Prior to initial assessment / consultation / intervention, we provide parents / guardians of under 16s with a Consent Form which must be signed before assessment / consultation / intervention commences. Young people aged 16+ are required to sign their own Consent Form. Our Consent Form does not contain pre-ticked boxes and does not assume Consent; Consent must be freely given. Once provided, Consent remains valid for two years, although parents / guardians and young people can withdraw their Consent by advising us in writing of their desire to do so.

What is GDPR? The General Data Protection Regulation (GDPR) is a piece of legislation prepared by the European Union that aims to give you more control over how your data is used and protected. The new legislation comes into effect on the 25th May 2018. GDPR affords you the following rights:

  1. Right to be Informed: You have the right to be provided with “fair processing information”, which will be completely transparent about how we have gathered and will use your data. You have the right to be notified about any third party processors with whom we share your personal data, along with the reason for doing so.
  2. Right of Access: You have the right to confirmation that your personal data are being processed and to access a copy of your personal data.
  3. Right of Rectification: You have the right to have your personal data corrected if it is inaccurate or incomplete.
  4. Right to Erasure: You have the right to have your personal data deleted from our systems in the following situations:
    • When you withdraw consent
    • Data deletion is to comply with a legal obligation
    • Where the data was unlawfully processed
    • Where it is no longer necessary
    • Where you object to the processing
    • Where the personal data is processed to offer “information society services” to a child
  5. We may have grounds to refuse such deletion requests for the following reasons:

    • Exercise the right of freedom of expression
    • For public health purposes in the public interest
    • To comply with legal obligations
    • The exercise or defence of legal claims
    • Archiving purposes in the public interest
  6. Right to Restrict Processing: You have the right to request that we no longer process your data, but that we can still store it.
  7. Right to Data Portability: You have the right to obtain and reuse your personal data for your own purposes, without hindrance. We will provide the data to you in a structured and widely used machine readable form.
  8. Right to Object: You have the right to object to any direct marketing from us. We will immediately cease any such marketing upon request (via an unsubscribe link at the bottom of the direct marketing e-mail).
  9. strong>Rights in relation to Automated Decision Making and Profiling: We do not carry out any automated decision making or profiling activities, so this right does not apply in this circumstance.

To exercise these rights, please send an e-mail to admin@thechildrenspractice.ie. We may ask you to verify your identity as part of processing the requests to exercise your rights. We will endeavour to respond to all requests within 30 days of receiving the initial request. If we are unable to complete the request within the 30 day limit, we will notify you within the required time limit.

Use of cookies: This website uses temporary “session” cookies which enable a visitor’s web browser to remember which pages on this website have already been visited. A cookie is a small piece of data that may be stored on your computer or mobile device. Further information on cookies can be found at http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm Information on stopping unwanted cookies in Chrome, Firefox, Opera, Safari and Internet Explorer browsers is available via your browser’s help/settings menu. Cookies which may be collected include JSESSIONID, PHPSESSID, @@History/@@scroll|#, _ga, _gat, _gid, p.gif, collect, r/collect, crumb, ss_cid, ss_cvisit, ss_cvr, ss_cvt, TrackJS, trustedsite_session and usage.gif.

Technical details in connection with visits to this website are logged by our internet service provider for our statistical purposes. No information is collected that could be used by us to personally identify website visitors. The technical details logged are confined to the following items:

  • the IP address of the visitor’s web server – this is the identifying details for your computer, or your internet company’s computer, expressed in “internet protocol” code (for example 192.16x.xx.xx). Every computer connected to the web has a unique IP address, although the address may not be the same every time a connection is made.
  • the top-level domain name used (for example .ie, .com, .org, .net)
  • the previous website address from which the visitor reached us, including any search terms used
  • Google Analytics which shows the traffic of visitors around this web site (for example pages accessed and documents downloaded). You can read more about Google Analytics’s Privacy Policy here: https://support.google.com/analytics/answer/6004245?hl=en
  • the type of web browser and operating system used by the website visitor.

“The Children’s Practice” makes no attempt to identify individual visitors, or to associate the technical details listed above with any individual, nor will we disclose such technical information in respect of individual website visitors to any third party (apart from our internet service provider, which records such data on our behalf and which is bound by confidentiality provisions in this regard), unless obliged to disclose such information by law. The technical information will be used only by “The Children’s Practice” and only for statistical and other administrative purposes. You should note that technical details, which we cannot associate with any identifiable individual, do not constitute “personal data” for the purposes of the GDPR.

Cross-border data transfer: Our use of LetsHost and our email hosted by LetsHost means that certain personal data may be stored on servers located outside of the EU. We understand that these companies are GDPR compliant and have subscribed to the EU-US and Swiss-US Privacy Shield which is a regulatory implementation designed to guarantee that EU citizens are adequately protected under EU data protection laws as their data passes into and out of the United States. Read more about Privacy Shield here: https://www.privacyshield.gov/welcome

Complaints about how your data is processed: If you are concerned about how personal data is processed by The Children’s Practice, please contact us via this link: https://www.thechildrenspractice.ie/contact/ or by emailing admin@thechildrenspractice.ie

Third Party links: This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website to which this website contains a link. The inclusion of a link on the website does not imply endorsement of the linked website by us. Additionally, we may provide you with access to third-party functionality that permits you to post content to your social media account(s). Please note that any information that you provide through use of this functionality is governed by the applicable third party’s Privacy Policy, and not by this Privacy Policy, and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to such websites. We seek to protect the integrity of this site and welcome any feedback about linked sites, including if a specific link does not work.

Updates or Questions: This Privacy Policy is reviewed periodically and amendments will be posted on this page. Last updated 06/06/2018.