“Harold’s Cross Surgery” Privacy Policy
Introduction
This Privacy Policy outlines Harold’s Cross Surgery (STD Clinic/ED Clinic) (“we”, “our “, “Clinic” or ” the Company “) practices with respect to information collected from users who access our website at www.STDclinic.ie or www.EDclinic.ie (” Site “) book or attend appointments, or otherwise engage with our services (“Users”, “Patients”).
1. Who we are
Harold’s Cross Surgery / STD Clinic.ie / ED Clinic.ie
Address: 254 Harold’s Cross, Dublin 6W, Ireland
Contact for privacy matters:
– Call 01 5385515
– Contact Form on our website
Data Protection Officer (DPO)
We are not legally required to appoint a Data Protection Officer under GDPR Article 37, but you may contact our Privacy Lead at the contact points provided on our website.
2. Grounds for data collection
This Practice wants to ensure the highest standard of medical care for our patients.
We understand that a Medical Practice is a trusted community governed by an ethic of privacy and confidentiality.
Our practices are consistent with the Medical Council guidelines and the privacy principles of the Data Protection Acts.
This information is about making consent meaningful by advising you of our policies and practices on dealing with your medical information.
Processing of your personal information (i.e. any information which may potentially allow your identification through reasonable means; hereinafter ” Personal Information “) is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect you, our legitimate interests and for compliance with legal and financial regulatory obligations to which we are subject.
When you use the Site, you consent to the collection, storage, use, disclosure and other uses of your Personal Information as described in this Privacy Policy.
We encourage our Users to carefully read the Privacy Policy and use it to make informed decisions.
What information do we collect?
| Purpose | Legal Basis (GDPR) |
| Booking, scheduling, and managing appointments | Art. 6(1)(b) – Contract |
| Providing medical assessment, diagnosis, treatment | Art. 6(1)(b) – Contract + Art. 9(2)(h) – Healthcare provision |
| Sharing data with accredited laboratories | Art. 6(1)(b) + Art. 9(2)(h) |
| Maintaining medical records | Art. 6(1)(c) – Legal obligation |
| Communicating results and essential service updates | Art. 6(1)(b) |
| Protecting against fraud/abuse | Art. 6(1)(f) – Legitimate interest |
| Processing non-essential cookies / analytics | Art. 6(1)(a) – Consent |
| Marketing (if used) | Art. 6(1)(a) – Consent |
We do not use health data for marketing or profiling.
3. What information do we collect?
We collect two types of data and information from Users.
The first type of information is un-identified and non-identifiable information pertaining to a User(s), which may be made available or gathered via your use of the Site (“ Non-personal Information ”). We are not aware of the identity of a User from which the Non-personal Information was collected. Non-personal Information which is being collected may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preference, access time, etc.) in order to enhance the functionality of our Site. We may also collect information about your activity on the Site (e.g. pages viewed, online browsing, clicks, actions, etc.).
The second type of information Personal Information which is individually identifiable information, namely information that identifies an individual or may, with reasonable effort, identify an individual. Such information includes:
- Device Information: We collect Personal Information from your device. Such information includes geolocation data, IP address, unique identifiers and other information which relates to your activity through the Site.
- Registration information: When you register with our Site you will be asked to provide us with certain details such as: full name; email or phone number
- In order to provide for your care here we also need to collect and keep information about you and your health on our records.
- We retain your information securely and only ask for and keep information that is necessary.
- We will attempt to keep it as accurate and up to-date as possible.
- We will explain the need for any information we ask for if you are not sure why it is needed.
- We ask you to inform us about any relevant changes that we should know about. This would include such things as any new treatments or investigations being carried out that we are not aware of. Please also inform us of change of address and phone numbers.
- All persons in the practice (not already covered by a professional confidentiality code) sign a confidentiality agreement that explicitly makes clear their duties
in relation to personal health information and the consequences of breaching that duty. - Access to patient records is regulated to ensure that they are used only to the extent necessary to enable the secretary or manager to perform their tasks for the proper functioning of the practice. In this regard, patients should understand that practice staff may have access to their records for:
- » Identifying repeat prescriptions for patients.
- » Generating a medical receipts for the patient.
- » Typing referral letters to hospital consultants or allied health professionals
4. How do we receive information about you?
We receive your Personal Information from various sources:
- Directly from you when you Book your appointment, contact us
- When you use or access our Site in connection with your use of our services
- From laboratories that process your samples
- From healthcare professionals involved in your care
5. User Rights
You have the right to:
- Access your personal data
- Correct inaccurate or incomplete data
- Erase data (“right to be forgotten”) where applicable
- Restrict processing
- Object to processing
- Data portability (receive data in a structured, machine-readable format)
- Withdraw consent at any time (for processing based on consent)
Withdrawal does not affect processing that has already occurred - File a complaint with the Irish Data Protection Commission (DPC) in addition to raising concerns with us first
DPC website: www.dataprotection.ie
We respond to all valid requests within one month.
Please note that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements.
Certain rights (erasure, restriction) do not apply to medical records due to legal obligations.
If you wish to exercise any of the above rights or receive more information, please contact us using the Contact Form on our website.
6. Retention
We will retain your personal information to provide our services, and as necessary to comply with our legal obligations, resolve disputes and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable opportunity. Under applicable regulations, we will keep records containing client personal data, account opening documents, communications and anything else as required by applicable laws and regulations.
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
We keep personal data only as long as necessary for the purposes stated below:
| Data Type | Retention Period |
| Medical records | 8 years from last patient interaction (Irish Medical Council standard) |
| Laboratory data | As required by the Lab (commonly 7–30 days for samples) and not longer that medical records |
| Booking & contact information | 24 months after appointment, if needed for medical records as part of medical chart then 8yrs |
| Website analytics data | 14 months (Google Analytics standard) |
7. Cookies
We and our trusted partners use cookies and other technologies in our related services, including when you visit our Site or access our services.
Non-essential cookies are disabled by default.
We use both essential and non-essential cookies.
A. Essential Cookies
These are required for the website to function.
Legal basis: Art. 6(1)(f) – Legitimate interest
B. Non-Essential Cookies (Analytics)
Used only with your explicit opt-in consent.
– Google Analytics (IP anonymization enabled)
– Statistical and performance cookies
Your Cookie Choices
You can change or withdraw consent anytime using the on-site cookie controls.
All non-essential cookies are off by default.
You may accept or reject categories of cookies with your browser.
8. Sharing Your Data / Third-party collection of information
We only share personal data when necessary in the instance of:
A. Healthcare and Treatment
Accredited medical laboratories
– Healthcare professionals involved in your treatment
– Medical consultant (if referred)
B. Service Providers (Processors)
We use trusted service providers for:
– Website hosting
– SMS/email communications
– IT support and security
– Appointment systems
All processors are bound by legal agreements that require them to protect your data and follow our instructions.
C. Legal Obligations
We may share data (only where required by law) with:
– Legal authorities
– Regulators
– Public health authorities
We do not sell personal data.
For the information submitted to other health and social care professionals in order to provide you with the treatment and services you need, only the relevant part of your record will be released, based on your explicit consent or medical diagnosis and treatment exception (Article 9(2)(h)).
Our policy only addresses the use and disclosure of information we collect from you. To the extent you disclose your information to other parties or sites throughout the internet, different rules may apply to their use or disclosure of the information you disclose to them. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party that you choose to disclose information to.
This Privacy Policy does not apply to the practices of companies that we do not own or control, nor to individuals whom we do not employ or manage, including any of the third parties which we may disclose information to as set out in this Privacy Policy.
9. Transfer of data outside the EEA
If we transfer your data outside the European Economic Area (EEA), we do so only when:
– The European Commission has approved the country (Adequacy Decision), or
– We use Standard Contractual Clauses (SCCs) ensuring adequate data protection
We currently do not transfer any personal data outside the EEA.
If this changes, this policy will be updated before any transfer occurs.
10. How do we safeguard your information?
We take great care in implementing and maintaining the security of the Site and your information. We employ industry standard procedures and policies to ensure the safety of the information we collect and retain, and prevent unauthorized use of any such information, and we require any third party to comply with similar security requirements, in accordance with this Privacy Policy . Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our Site, and we make no warranty, express, implied or otherwise, that we will prevent such access.
We use a combination of organizational and technical measures, including:
– Pseudonymization where appropriate (e.g., lab submissions)
– Encryption in transit (HTTPS)
– Secure network controls
– Access restricted to authorized medical staff
– Encrypted storage for clinical records
– Staff confidentiality agreements
– Regular IT security audits
– Secure disposal of data and samples
11. Advertisements
We do not use a third-party advertising technology to serve advertisements when you access the Site.
12. Marketing
We do not use Personal Information such as your name, email address, telephone number, etc., ourselves or by using our third-party subcontractors, for the purpose of providing you with promotional materials.
Please note that we may send you other types of important email communications without offering you the opportunity to opt out of receiving them. These may include customer service announcements, appointment reminder, results or administrative notices.
We do not perform profiling or automated decision-making for marketing purposes.
13. Corporate transaction
We may share information in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, the transferee or acquiring company will assume the rights and obligations as described in this Privacy Policy.
14. Minors
Our services and website are not intended for individuals under 18.
We understand the importance of protecting children’s privacy, especially in an online environment.
The Site is not designed for or directed at children. Under no circumstances shall we allow the use of our services by minors without prior consent or authorization by a parent or legal guardian.
Where medically necessary, we may request proof of age.
We do not knowingly collect Personal Information from minors. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us using Contact Form on our website.
15. Updates or amendments to this Privacy Policy
We reserve the right to periodically amend or revise the Privacy Policy, to reflect changes in our services or legal obligations.; material changes will be effective immediately upon the display of the revised Privacy Policy.
Your continued use of the Site, following the notification of such amendments on our website, constitutes your acknowledgment and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.