Data Protection Statement

Data Protection Statement

Data Protection Statement

Our Lady’s Hospice & Care Services |  June 2025

Introduction:

Under the General Data Protection Regulation (GDPR) we are obliged to have a fair processing notice for personal data.  This is often referred to as a Data Protection Statement.  It provides information about the ways in which we process (collect, store and use) your personal data as a patient/client of this organisation.

This Data Protection Statement is intended specifically for patients and service users of Our Lady’s Hospice & Care Services (OLHCS). It outlines how we collect, use, and protect your personal and health-related information when you engage with our clinical and support services.

This is not the same as our general Website Data Protection Statement, which explains how we collect and handle information from visitors to our website (e.g. cookies, contact forms, etc.). If you are looking for information about how your data is processed when you use our website, please refer to our Website Privacy Notice instead.

This Statement reflects our obligations under the General Data Protection Regulation (GDPR) and the Data Protection Acts, and applies to all personal and sensitive data processed in connection with your care at OLHCS.

Personal data means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller, Our Lady’s Hospice & Care Services (OLHCS).

All medical information under GDPR is deemed a special category of personal information and, as a healthcare provider, we will endeavour to ensure your information is treated with the utmost respect and confidentiality.

Our Lady’s Hospice & Care Services is very seriously committed to protecting the privacy of all who come in contact with our services, and this includes protecting information or data of a personal and confidential nature which you give to us. We will be clear and transparent about the information which we collect and what we do with that information. This Data Protection Statement outlines these practices.

It is very important that you note it is not always possible to maintain confidentiality and OLHCS has a legal obligation to disclose facts at certain times.  However, any information you disclose to the members of the team taking care of you remains confidential unless there are very serious concerns about your safety or another person’s safety.

Confidentiality may be broken if you disclose that:

  • You are at risk of harm;
  • That a child is being neglected or experiencing physical or sexual abuse (as mandated by law);
  • That you have a suicide plan;
  • That you are at risk of harming yourself or somebody else;
  • That you were sexually abused in the past as there may still be a current risk to children or other adults from the alleged perpetrator;
  • That you have committed a serious criminal offence or are planning to do so in the future.

If this happens we will not act without talking to you first and agreeing a course of action.

If you require basic information about OLHCS’s information handling practices, view our FAQs under the heading ‘Information Governance’ on our website.  This includes a summary of how OLHCS collects, uses and discloses your personal information, and how you can contact OLHCS if you would like to access or request a correction to any personal information which OLHCS holds on you.

If you require more detailed information about OLHCS’s information handling practices, then please read this document.

Contact Details:

Data Controller

Our Lady’s Hospice & Care Services

Harold’s Cross, Dublin 6W

Tel:         (01) 4068725

Email:    info@olh.ie (general information only – NB Not for Referrals)

Email:    communityharoldscross@olh.ie (CPCT referrals)

Email:    patientservices@olh.ie (inpatient referrals)

Data Protection Officer

Ambit Compliance

OLHDPO@ambitcompliance.ie

Data Protection Lead

Patricia Pierce

Tel: (01) 4068725

Email: ppierce@olh.ie

Data Controller:

Our Lady’s Hospice & Care Services (referred to as ‘OLHCS’, (covering Harold’s Cross, Blackrock and Wicklow sites) refers to Our Lady’s Hospice & Care Services DAC and is the “data controller” of all personal information that is collected and used about you for the purposes of the Irish Data Protection Act 2018. Our Lady’s Hospice & Care Services is registered with the Companies Registration Office (company registration number 352404) and the Charities Regulatory Authority (Charities registration number CHY1144).

OLHCS collects data from you and, as a Data Controller, this means that we take full responsibility for protecting that information, only collect the information we require and only sharing that information when it is essential by law, or essential for your healthcare delivery.  We also have to ensure that anyone we share your information with has implemented a high standard of security to protect your information.

Data protection Legislation

All personal data we gather will be processed in accordance with all applicable data protection laws and principles, including the General Data Protection Regulation (EU) 2016/679 and the Data Protection Acts 1988 – 2018 (as amended).

For more information on Data Protection please view the Data Protection Commission website: https://www.dataprotection.ie/en/individuals.

What Data we Collect:

Personal data means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller.  For example, your name, date of birth, address – these clearly identify you, and you alone.
It covers any information that relates to an identifiable, living individual.

Sensitive personal data is defined in the Data Protection Acts as any personal data as to:

  • the racial or ethnic origin, the political opinions or the religious or philosophical beliefs of the data subject
  • whether the data subject is a member of a trade union
  •  the physical or mental health or condition or sexual life of the data subject,
  • the commission or alleged commission of any offence by the data subject, or
  • any proceedings for an offence committed or alleged to have been committed by the data subject, the disposal of such proceedings or the sentence of any court in such proceedings.

As a patient or resident at OLHCS, we collect information on your physical and mental health, we collect information on racial or ethnic origin, we ask you if you have a religious belief.  All of these qualify as sensitive personal data.  The Data Protection Acts require additional conditions to be met for the processing of such data.  Usually this would be your explicit consent.  With the provision of healthcare there is not a need for explicit consent as the relationship between OLHCS and you as a patient or resident is defined under:

Lawfulness of Processing

Article 6 (1) covers the lawful bases on which a data controller (OLHCS) may process personal data.

  1. Subsection (e) of this paragraph is that processing is necessary for a task carried out in the public interest or in the exercise of official authority vested in the controller; in our case this official authority is vested in us through the Health Act 2004 (as amended).

The data that we typically process for patients and service users is classified in legislation as “Special Category” data, i.e. racial or ethnic origin, religious or philosophical beliefs, genetic data, biometric data, health data, sex life details and sexual orientation. The processing of this data is strictly prohibited in general circumstances However, under Article 9 (2) (h) OLHS may process this special category personal data in the provision of health and social care services or the management of health and social care systems and services on the basis of Irish law (Health Act / Mental Health Act etc.).

How do we collect your personal data?

OLHCS collects information in a number of different ways.

This might be from a referral made by your GP or another healthcare professional you have seen, or perhaps directly from you, over the telephone or on a form you have completed.  There may also be times when information is collected from your relatives or first point of contact, e.g. if you are unable to provide the information yourself.  During your treatment, health specific data will be collected by the doctors, nurses and healthcare staff taking care of you, and will be held in your patient chart (this can be paper and/or electronic).

What information do we collect?

The information that we collect about you may include details such as:

  • Name; Address; Telephone; e-mail; date of birth; first point of contact
  • Any contact we have had with you through appointments or previous attendance at OLHCS
  • Details and records of treatment and care, notes and reports about your health, including those provided to us by a previous healthcare organisation as essential medical information
  • Results of diagnostic tests
  • Financial and health insurance information
  • Other relevant information from people who have previously cared for you
  • We may also collect other information about you, such as your sexuality, race or ethnic origin, religious or other beliefs, and whether you have a disability or require any additional support with appointments (like an interpreter or advocate).
  • CCTV and security information.

What do we use your personal data for?

OLHCS only collects personal data for a specific purpose, and in compliance with legislation, and the various reasons are outlined in the attached table.

Security of your personal data:

We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. We have an Information Technology (IT) Department who look after the technical aspects of security.  The data you provide to us is protected using TLS (Transport Layer Security) technology. TLS is the industry standard method of encrypting personal information and so that they can be securely transferred over the Internet.

We may disclose your information to trusted third parties for the purposes set out in the attached table. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with Irish and EU law on data protection rules.

Outside of the technical IT security, we also ensure that paperwork is secure.  Every staff member in OLHCS is trained on what / what not to do with your information.  Your medical records must be kept secure at all times, and only accessible to staff who need to access them.  Records are locked away in a secure location when not in use

Cookies

For detailed information about cookies. the types of cookies we use, how long they are stored, and how you can manage your cookie preferences, please refer to our Cookie Policy.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

ePrivacy Regulations

All marketing activity is carried out in compliance with the ePrivacy Regulations (S.I. 336/2011).

Third Party Websites

This Data Protection Statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements and  policies of these websites prior to making use of them. Examples used on our site include Facebook, X (Twitter), YouTube, LinkedIn, Instagram.