Rotunda IVF (company number 537027) (“us”, “we” or “our”) understand how important privacy and security of information is to our patients. We do our utmost to safeguard your personal data and to ensure you feel confident and secure in the protection afforded to your personal data.
The types of personal data we process
Personal data refers to information that identifies you or could identify you. It does not include data where the identity has been removed (i.e. anonymous data).
In order to deliver safe and effective treatment, and in order to comply with our legal obligations including those relating to the provision of fertility treatment, we require certain personal data about our patients.
If you do not provide us with your personal data we may not be able to provide you with our services or respond to your questions or requests. We will tell you when we ask for personal data which is a contractual requirement, is needed to perform our functions or to comply with our legal obligations.
We may collect or ask you to provide the following types of personal data:
This information includes your name, date of birth, gender, address, PPS number, health insurance information and contact details (including email address and phone number).
You will be asked to take a photo at initial consultation. This is to allow staff to perform visual confirmation of identification. The photo is only visible to staff members when they access your chart and is only used for identification purposes. It may also include images recorded on our CCTV cameras during the course of your appointments.
This may be required when you make a payment to us by credit card or electronic transfer.
Your medical information includes your health data and can include the referral type where your GP has referred you to us e.g. fertility consultation. A medical record is created for each medical, nursing or laboratory procedure and saved to your electronic patient chart. These records may also include ultrasound images, test results and consultation notes. You will be asked to provide contact information for your GP if you are happy for us to communicate with them.
All contact you have with the clinic is recorded in your medical record. An entry is recorded into your electronic chart for every phone call, email or any communication between you and Rotunda IVF. Emails and phone call recordings may also be retained for certain periods of time.
This information may include patient satisfaction surveys you have completed, verbal communication to a staff member or a complaint. It also includes comments made in relation to our online presence.
Where do we collect this personal data?
Most personal data collected will be requested directly from you for example in the new patient form. We also receive data such as test results from third party facilities who have completed testing on our behalf or from your GP where they have referred you to us. For certain treatments we work with partner clinics, who may send us data in relation to your treatment cycle.
If you are attending the clinic with a partner they may have provided us with certain details, such as your name, address, gender, date of birth, contact details, relationship to them and PPS Number.
If you contact us for any reason, we may keep a record of that correspondence in accordance with our record retention policy.
Why do we collect your personal data?
Our goal is to deliver the best possible care to all of our patients. We will hold, process and may disclose personal data for the following purposes:
|Purpose(s) for processing||Legal basis for procesing|
||The processing is necessary to perform a contract or enter into a contract with you|
||The processing is necessary for us to comply with legal and regulatory obligations|
||The processing is necessary to support our legitimate interests in managing our business (to keep our records updated and to study how website users use our services) provided such interests are not overridden by your interests and rights|
||The processing is necessary to support our legitimate interests in managing our business (to protect our business, reputation, resources and equipment) provided such interests are not overridden by your interests and rights|
||The processing is necessary to support our legitimate interests in managing our business (to deliver the best possible care to all of our patients) provided such interests are not overridden by your interests and rights.|
Special Categories of Personal Data
Certain categories of personal data are regarded as “special” including health data (both physical and mental), biometric and genetic data, ethnic or racial origin and sexual orientation. We process your special data only where we have a legal basis e.g. with your explicit consent which you may withdraw at any time.
Management of your Personal Data
Who do we share your personal data with?
In order to provide you with our services and to comply with our legal obligations, we may share your personal data with certain third parties which include:
- Testing facilities or healthcare providers that require your personal data as part of the provision of medical treatment;
- Service providers, agents and advisors that have access to your personal data as a necessary and controlled part of the provision of service;
- Regulatory bodies and law enforcement bodies such as the HPRA;
- Our parent company and their representatives, insurers and legal advisors.
How long do we retain your personal data for?
We will only store your personal data for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we provide our services; (ii) where we are subject to a legal requirement; and (iii) whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
The EU Tissue and Cell Directive 2004/23/EC requires that records relating to the collection, storage, and use of tissues and cells are maintained for a period of thirty years. If you engage in a treatment cycle data must be retained by law for that period.
Call recordings are retained for a period of 3 months. For further information on the periods for which your other personal data is kept, please see our data retention policy, a copy of which can be made available on request to our Data Protection Officer.
Sending data outside the European Union (EU) or European Economic Area (EEA)
Your personal data may be transferred to and stored at a destination outside the EU or European Economic Area (“EEA”) for the purposes described above. For certain treatment programmes it may be necessary to send personal data to healthcare professionals/laboratories operating outside of the EEA.
Rotunda IVF is part of parent company based in Australia. On some occasions it may be necessary to share personal data with them or their representatives for the purposes of risk management and insurance purposes.
It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers including those in the US. Such staff may be engaged in the processing of your request for information and the provision of support services.
To the limited extent that it is necessary to transfer personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under GDPR Article 46.2 or adequacy decision under GDPR Article 45. Please contact us if you wish to obtain information concerning such safeguards (see Contact Us below).
Rotunda IVF will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Statement. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask that you not to share a password with anyone. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website; any transmission is entirely at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
What are your rights in relation to your personal data?
You have several rights in relation to your personal data, which may be subject to certain limitations and restrictions. These rights are to:
- access a copy of the personal data we hold about you;
- have us correct any inaccurate personal data about you and complete any personal data that is incomplete;
- erasure of your personal data. Please note, this right does not apply for example, where the processing is necessary to comply with a legal obligation or for the establishment, exercise or defence of legal claims;
- request a copy of your personal data in a portable format.
- request a restriction of the processing of your personal data;
- withdraw your consent. If we are processing your personal data on the legal basis of consent, you are entitled to withdraw your consent at any time. However, the withdrawal of your consent will not invalidate any processing we carried out prior to your withdrawal and based on your consent;
- object to the processing of your personal data where we are processing your personal data in reliance on our legitimate interests. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate grounds which override your interests and you have a right to request information on the balancing test we have carried out. You also have the right to object where we are processing your personal data for direct marketing purposes.
If you wish to exercise any of these rights, please contact us (see Contact Us below). We may request proof of identification to verify your request.
You also have the right to make a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The Irish Data Protection Authority contact details are:
We may, from time to time, provide links to third party websites. In addition, third parties websites may also provide links to the site. Should you choose to visit these third party websites, you should review their privacy policies to ensure you understand and are comfortable with their practices concerning your personal information. We do not accept, and do disclaim, any responsibility for the privacy policies and information protection practices of any third party website (whether or not such site is linked on or to the Site). These links are provided to you for convenience purposes only, and you access them at your own risk. Please check these policies before you submit any personal data to these websites.
Changes to our Privacy Statement
Questions, comments, requests and complaints regarding this Privacy Statement and your personal data are welcome and should be addressed to our Data Protection Officer:
Address: The Data Protection Officer, Rotunda IVF, The National Fertility Centre, Rotunda Hospital, Parnell Square, Dublin 1, Ireland