Tullamore: 057 934 9388

email us: [email protected]

HearMed Medical Centre Privacy Statement

Introduction

HearMed Medical Centre (a division of HearMed Acoustic Healthcare) is committed to protecting your privacy. We respect your rights and will always handle your personal information lawfully, fairly, and transparently in compliance with the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018. This Privacy Statement explains what personal data we collect, how we use and share it (including internal transfers as part of our care workflow), how we store it securely, and your rights as a data subject. It applies to all personal data of patients (and website users or other individuals) that we process in the course of providing our healthcare services.

Data Controller and Contact Information

HearMed Medical Centre, located at Patrick Street, Tullamore, Co. Offaly, is the “Data Controller” for your personal data. This means we determine the purposes and means of processing your information. If you have any questions about this Privacy Statement or wish to exercise your rights, you can contact us at:

  • Email: [email protected]
  • Phone: 057 9349388
  • Postal Address: HearMed Medical Centre, Patrick Street, Tullamore, Co. Offaly

We have not appointed a formal Data Protection Officer (DPO); instead, our data protection matters are handled on a case-by-case basis. You can direct any queries or concerns to the contact details above.

Personal Data We Collect

We only collect data that is necessary for your care and our legitimate purposes. The types of personal data we may collect and process include:

  • Identification and Contact Details: Name, date of birth, address, telephone number, email, and other contact information.
  • Medical Information: Health history, symptoms, test results (e.g. hearing test outcomes), diagnoses, treatment plans, medications, and any other details relevant to your care. This may also include information about your general practitioner or referring doctor, and relevant lifestyle or social information that affects your healthcare.
  • Appointment and Attendance Details: Appointment dates, records of visits or consultations, and related notes.
  • Financial and Billing Information: Payment details, insurance information (if you provide it for claim purposes), and billing records.
  • Signature and Consent Data: Digital signatures and other explicit indicators of consent.
  • Website Usage Data: If you use our website or online services, we may collect technical data like your IP address or cookies. (See our Website Privacy Policy for more details on online data collection.)
  • Emergency Contact or Next-of-Kin: Contact information for a family member or other person you designate for emergency or support purposes.

We may collect this information directly from you (for example, when you register as a patient, fill out forms, or undergo an examination). In some cases, we also receive data from third parties, such as referrals or medical records from other healthcare providers or insurance companies in relation to your claims. We will only process such third-party information in accordance with this Privacy Statement and applicable laws.

How We Use Your Personal Data (Purposes and Legal Bases)

We process your personal data only for specific and legitimate purposes, and where we have a legal basis under GDPR to do so. These purposes include:

  1. Provision of Healthcare Services: We use your information to assess your health, provide medical diagnosis and treatment (e.g. hearing tests, diagnosing conditions, recommending or dispensing hearing aids), and to manage your ongoing care. This is our primary purpose and is performed on the legal basis that processing is necessary for the provision of medical care. For special category data (health information), we rely on GDPR Article 9(2)(h) and applicable national law.
  2. Administration and Operations: We use personal data to schedule appointments, send you reminders, maintain medical records, perform invoicing and accounting tasks, and generally run our clinic. The legal bases include performance of our contract with you, compliance with legal obligations (e.g. maintaining proper records), and our legitimate interests in providing high-quality healthcare.
  3. Communication with You: We may use your contact details to communicate with you about test results, treatment plans, or other queries. With your permission, we may also send you health-related updates (e.g., new services or events). Essential communications are based on our contract and legitimate interest; optional marketing communications rely on consent, which you can withdraw at any time.
  4. Quality Assurance, Training, and Audit: To maintain high standards of care, we may use anonymised or aggregated data for clinical audit, service evaluation, or staff training. If identifiable data is necessary, we ensure strict confidentiality measures are in place, in line with our legitimate interest in improving healthcare services.
  5. Legal and Regulatory Compliance: We may process and retain data as required by healthcare regulations, tax laws, court orders, or other legal obligations. In emergencies, we may share information to protect your vital interests (GDPR Article 6(d)). We do not engage in automated decision-making or profiling using your medical data.

Internal Data Transfers and Workflow

To ensure continuity and quality of care, information entered in the initial (reception) form—including identification details, medical information, and consent (via your digital signature)—may be internally transferred to your designated clinician. This is achieved through our secure electronic system where, upon saving your form, a resume link is automatically emailed to the clinician based on the clinician you have selected.

  • Limitations on Certain Data: Due to technical constraints, some data fields (for example, digital signature images) may not automatically transfer to the clinician’s view. In such cases, the original submission is securely retained in our records, and alternative internal procedures are in place to ensure the integrity and availability of your consent.
  • Purpose of Transfer: These internal transfers are solely for the purpose of ensuring you receive a seamless and continuous healthcare service.

Sharing Your Personal Data (Third-Party Disclosures)

We treat all patient information with the utmost confidentiality. We do not sell your data. However, in the course of providing care and operating our services, we may share your personal data with:

  • Other Healthcare Providers: Your GP or specialists, as needed for referrals or continuity of care.
  • Laboratories and Medical Service Partners: External labs or suppliers (e.g., hearing aid manufacturers) for diagnostic tests or device fabrication.
  • Insurance Companies or Third-Party Payers: Where necessary to process insurance claims or financial reimbursements, with your authorization.
  • Service Providers (Processors): Trusted IT, administrative, or archival vendors who act on our behalf under strict contracts that protect your data.
  • Regulatory Bodies and Law Enforcement: If required by law, court order, or regulatory inspections.

Data Storage and Security

We take robust technical and organizational measures to secure your personal data against accidental or unlawful loss, access, or disclosure. Electronic medical records are protected by encryption, passwords, and access controls; physical files are stored in locked cabinets. All staff and authorized processors are bound by confidentiality and undergo data protection training. If a data breach occurs that risks your rights and freedoms, we will notify you and the Data Protection Commission as required.

Data Retention

We will not keep your personal data longer than necessary for the purposes explained above or as required by law. Our general retention guidelines are:

  • Adult Patients: Records are retained for at least 8 years after your last interaction with us.
  • Children’s Records: Retained until they reach 26 years of age or 8 years after the date of death.

After these periods, we securely delete or anonymise the data. In limited cases, we may retain minimal information to confirm past treatment or meet legal obligations, but we will not keep full detailed records beyond what is necessary.

International Data Transfers

We primarily store and process your personal data in Ireland or the European Economic Area (EEA). If we ever need to transfer data outside the EEA (for instance, to a cloud provider or specialist lab), we will ensure GDPR-compliant safeguards (e.g. European Commission adequacy decisions or Standard Contractual Clauses) are in place, and we will inform you where necessary.

Your Data Protection Rights

As a data subject, you have rights under GDPR, including:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct or update any inaccurate data.
  • Right to Erasure: Ask us to delete your data in certain circumstances, subject to legal requirements.
  • Right to Restrict Processing: Limit how we process your data in specific situations.
  • Right to Data Portability: Obtain your data in a machine-readable format for transfer elsewhere.
  • Right to Object: Object to certain processing (e.g., direct marketing).
  • Right to Withdraw Consent: If you have given consent for a particular use, you can withdraw it at any time.

To exercise these rights, contact us using the details above. We will do our best to respond promptly and lawfully. If you are unhappy with our response, you have the right to lodge a complaint with the Data Protection Commission (www.dataprotection.ie, +353 57 8684800).

Keeping Your Information Up-to-Date

Please let us know if your contact or medical details change. Accurate information helps us provide safe, efficient care. You may review or correct your data at any visit or by contacting us.

Data Controller Responsibilities

We follow GDPR principles by collecting and using data fairly and lawfully, limiting what we collect to what is necessary, keeping data accurate and up to date, and retaining it only for as long as needed. We also implement security measures to protect your information and review our practices regularly to maintain compliance. Our staff are trained to ensure confidentiality and respect for your rights.

Updates to This Privacy Statement

We may update this Privacy Statement to reflect changes in our practices or the law. The effective date at the top indicates when it was last revised. If there are significant updates, we will notify you through appropriate channels. We encourage you to review this statement periodically.

Contact and Complaints

If you have questions, concerns, or requests about this Privacy Statement or how we handle your data, please contact us at 057 9349388 or [email protected]. We will address your query promptly. If you believe we have not handled your data lawfully or are dissatisfied with our response, you have the right to lodge a complaint with the Data Protection Commission at www.dataprotection.ie or by phone at +353 57 8684800. However, we would appreciate the chance to address your concerns first, so feel free to reach out to us directly.

By attending HearMed Medical Centre or using our services, you acknowledge that your personal data will be processed as outlined above, including internal transfers between our reception and your designated clinician to ensure seamless care. We are dedicated to safeguarding your personal information and providing excellent healthcare in compliance with all relevant data protection rules.