Merrion Fertility Clinic (MFC) is committed to ensuring the privacy and confidentiality of all patients’ personal information.
MFC must comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 1988. Compliance ensures that MFC handles all personal information, including but not limited to patient health information, in an appropriate and lawful manner.
3. How Merrion Fertility Clinic Handles Personal Information
3.1 MFC’s Legal Obligations
MFC is required to comply with the GDPR and the Data Protection Act 1988. MFC are regulated by the Office of Data Protection Commissioner (ODPC) who act as the supervisory authority.
The ODPC is an independent public authority which regulates how organisations may collect, use, disclose and store personal information and how individuals may access and correct personal information which is held relating to them.
- referring doctors
- clinical and support services
- service providers engaged by us
- medical representatives attending our facilities
- other individuals engaged by or providing services to Merrion Fertility Clinic
In order to provide the required health care services, MFC will need to collect and use patients’ personal information.
If patients’ do not provide personal data to the clinic and in turn this would prevent MFC from performing the contract we have or are trying to enter into with them, or place us in breach of the law, we may have to cancel our contract. Patients will be notified if this is the case.
3.3 What information does Merrion Fertility Clinic collect?
MFC collects personal information from patients that is reasonably necessary to provide the patient with health care services and for administrative and internal business purposes related to the attendance at MFC.
MFC collects and process data about our patients, including information that is provided to us in correspondence by phone, e-mail, post and the patient portal. The personal data provided may include, but is not limited to, patient name, address, e-mail address, phone number, photograph, passport/driving licence or other identification documents such as medical records, PPS number, medical insurance or medical card number.
MFC will generally collect health & Insurance information directly from the patient. Sometimes, MFC may need to collect information about you from a third party (such as another health service provider).
Storage of personal information will predominantly be in softcopy format (using electronic systems for storage of personal information) but may also be in physical (paper) form.
MFC only uses personal information for the primary purpose for which patients’ have given the information to us, unless one of the following applies:
- The secondary purpose is related (or for sensitive information, directly related) to the primary purpose for which the patient has given us the information and would reasonably expect, or we have told the patient, that their information is usually disclosed for another purpose or to other individuals, organisations or agencies (see related secondary purposes set out below)
- Patients’ have consented for us to use their information for another purpose, for example research
- MFC is required or authorised by law to disclose your information for another purpose
- the disclosure of your information by MFC will prevent or lessen a serious and/or imminent threat to somebody’s life, health or safety or to public health or public safety; or
- The disclosure of information by MFC is reasonably necessary for the enforcement of a criminal law or a law imposing a penalty or sanction, or for the protection of public revenue
- Related secondary purposes include:
- Service providers who provide IT and system administration services
- Professional advisers including lawyers, bankers, auditors and insurers
- Government and regulatory bodies that require us to report processing activities
- GP’s, Medical consultants, Pharmacists, third party fertility clinics, testing laboratories
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets
MFC may use or disclose personal information as specified above via electronic processes, where available or relevant.
Individuals’ have a right to have access to the personal information that MFC holds about them (for patients, this includes health information contained in their health record). Individuals can also request an amendment to personal information that we hold should one believe that it contains inaccurate information. The request will be reviewed with the relevant parties.
MFC will allow access or make the requested changes unless there is a reason under the GDPR or other relevant law to refuse such access or refuse to make the requested changes.
If MFC does not agree to change the personal information in accordance with the request, MFC will permit the individual to make a statement of the requested changes and this will be enclosed with the personal information.
Should an individual wish to obtain access to or request changes to personal information held by MFC please contact the MFC Data Protection Officer at email@example.com
3.7 Withdrawal of Consent
Individuals have the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Individuals requesting to withdraw their consent for the use of their data and related information can do so by contacting firstname.lastname@example.org
MFC will take reasonable steps to ensure that all personal information which may be collected used or disclosed is accurate, complete and up-to-date.
MFC will take reasonable steps to protect all personal information from misuse, interference, loss, unauthorised access, modification or disclosure. MFC use technologies and processes such as access control procedures, network firewalls, and physical security to protect individuals’ privacy.
4. Cross Border Disclosure
MFC may enter into arrangements with third parties to store data we collect or to access the data to provide services (such as data processing), and such data may include personal information, outside of the European Economic Area (EEA). Countries outside of the EEA do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria. MFC will take reasonable steps to ensure that the third parties do not breach the GDPR requirements. The steps MFC will take may include ensuring the third party is bound by privacy protection obligations which are the same (or substantially the same) as those which bind MFC and requiring that the third party has information security measures in place which are of an acceptable standard and approved by MFC. If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
5. Data Retention
MFC is legally obliged to retain all information required to ensure the traceability of tissue and cells for a period of not less than 30 years. This is a mandatory requirement of the Commission Directive 2006/86/EC. Data must be retained in an appropriate and readable storage medium.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you
6. How to Contact Merrion Fertility Clinic about Privacy Issues
The Data Protection Officer (DPO) is Jessica Quinn, Quality Specialist.
Post: Data Protection Officer, Merrion Fertility Clinic, 60 Lower Mount Street, Dublin 2
If MFC does not agree to provide access to personal information; or if an individual has a complaint about the information handling practices at MFC please lodge a complaint with or contact our Data Protection Officer on the details above or directly with the Office of the Data Commissioner. Full contact details can be found on their website www.dataprotection.ie
7. How Merrion Fertility Clinic Handle Personal Information on Our Website
7.1 Collection of Personal Information
When using the MFC website, MFC does not attempt to identify the individual user and we will not collect personal information unless specifically provided to us.
Sometimes, MFC may collect personal information if the individual chooses to provide this to us via an online booking or contact form. MFC will only use personal information collected via our website for the purposes for which the individual has given us this information.
7.2 Use of Third Party Service
MFC may use a third-party service to collect standard internet log information and details of visitor behaviour patterns. The purpose of this activity is to review items such as the number of visitors to the various parts of the site. This information is processed in an anonymised manner.
Where MFC provides (or where the patient has chosen) a password which enables access to certain parts of our site, the patient is responsible for keeping this password confidential. MFC requests that password are not shared with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although MFC will endeavour to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at the patient’s own risk. Once MFC has received information, we will use strict procedures and security features to try to prevent unauthorised access.
7.3 Links to Third Party Websites
The MFC website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Cookies do not identify individual users, but they do identify ISP and browser type. The MFC website uses temporary cookies. This means that upon closing the browser, the temporary cookie assigned will be destroyed and no personal information is maintained which will identify an individual at a later date.
Personal information such as email address is not collected unless provide to us. MFC does not disclose domain names or aggregate information to third parties other than agents who assist us with this website and who are under obligations of confidentiality. Individuals can configure their browser to accept or reject all cookies and to notify them when a cookie is used. MFC suggest that individuals refer to their browser instructions or help screens to learn more about these functions. However, please note that if individuals configure their browser so as not to receive any cookies, a certain level of functionality of the MFC website and other websites may be lost.Jessica