Last updated 27/05/2020

WHO IS COLLECTING MY DATA?

This Privacy Statement explains how GP24 will process your personal and health information in accordance with the General Data Protection Regulation 2016 (GDPR) which came into effect in May 2018, replacing the existing data protection framework under the EU Data Protection Directive.

As data controllers, GP24 employs appropriate technical and organisational measures to meet the requirements of GDPR and ensures that all processors do the same.

PRIVATE PRACTICES AND DIRECT MARKETING

We will never use your data for direct marketing purposes without your consent. At any time, you may opt out (i.e. refuse the use of your personal data), including at the time the data is collected, or on every subsequent marketing message. Unsubscribing will always be free of charge and fully respected.

It should be noted that other methods of communication (confirmation of appointments or reminders, etc.) do not fall under “direct marketing”, however consent will still be collected for this.

WHAT TYPE OF DATA IS COLLECTED?

GP24 complies with the EU General Data Protection Regulation (GDPR) 2016/679 as set forth by the European Union regarding the collection, use, and retention of personal data from European Union member countries. GP24 adheres to the requirements of lawfulness, fairness & transparency, purpose limitation, data minimisation, accuracy, retention, security, and accountability.

We Collect Two Types of Data: Personal Data, And Sensitive Personal Data.

Personal data can be used to identify or contact you, and may include: your name, address, date of birth, telephone number, and email address. This will only be collected if you voluntarily submit it to us.

Sensitive personal data is relating to your health, and is collected for the purposes of clinical assessment, treatment, programme provision or advice, and is necessary to be obtained to provide the most accurate service for you.

WHAT IS MY DATA BEING USED FOR?

We will ask you to provide, either by phone or electronic means, your name, address, date of birth, telephone number, and email address. This information provided will be used by GP24 to:

  • verify your identity

  • provide you with the service you have requested

  • respond to your enquiries or provide customer support

  • create your medical file and book your appointment(s)

  • send updates regarding your appointments and programmes

  • contact you in the case of a data breach

  • provide you with advice, dependant on the information you have given

  • seek feedback for ongoing service improvements

  • communicate with you regarding other GP24 or 10x subsidiary companies’ products and services

When we communicate with you regarding our products and services for the first time, we will give you the option to “opt-in,” and on every subsequent communication there will be an option to “unsubscribe.” If you subscribe to our email newsletter, we use email tracking to record and save your email address to your subscriber record to monitor and store your preferences.

When you have used a GP24 Service you will be asked to provide further sensitive data to allow your service provider to:

  • perform a clinical assessment

  • provide you with appropriate treatment, programmes, or advice

As GP24 and its subsidiary companies (as listed above) avail of the same diary booking system, your appointment and service type will be visible to essential personnel across GP24 and 10x’s subsidiary companies, which in some instances will include non-GP24 personnel for the purposes of health and safety, and providing meeting and greeting services. GP24 will never share your personal information with any other third party without your consent unless required to do so by law.

 

WHAT HAPPENS TO MY DATA?

All of your personal and health data is stored securely, offsite and in electronic format on a patient management system. All electronic communications are hosted within platforms which are SSL-secure, password protected and encrypted. GP24 has adequate measures in place to ensure that your information is held securely, within the EU. Any personally identifiable information you elect to make available publicly on our sites – e.g. posting comments on any of our blog posts – will be available to others

 

WHO HAS ACCESS TO MY DATA?

Access is restricted to essential personnel of GP24’s subsidiary companies who are bound by their professional ethics and/or confidentiality agreements.

We may provide non-personal data to third parties, where such information is combined with similar information of other users of our website. For example, we might inform third parties regarding the number of unique users who visit our website, the demographic breakdown of our community users of our website, or the activities that visitors to our website engage in while on our website.

The third parties to whom we may provide this information may include, commercial partners, sponsors, licensees, researchers and other similar parties. We will never disclose your Personal Data to third parties unless you have consented to this disclosure or unless the third party is required to fulfil your order (in such circumstances, the third party is bound by similar data protection requirements).

We will disclose your Personal Data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.

 

HOW LONG IS MY DATA HELD FOR?

Your data will be held by GP24 for the length legally required. In the case of healthcare, we retain records for a minimum of eight years from the date of last treatment. In the case of children's records, the period of eight years begins from the time they reach the age of 18.

After that period, your data will be securely deleted, as per our data destruction policy.

WHAT ARE MY RIGHTS?

You can contact us at any time to:

  • Request personal or sensitive personal data about yourself

  • Correct any information if it is incomplete or misleading

  • Withdraw your consent regarding the processing of your data at any time

  • Review our Data Protection Policy

  • Ask any questions about your data

Any request should be put in writing and will be responded to, by us within 30 days. Please contact us either by email at DPO@GP24.ie or by post at GP24, Unit 1A, Bracken Business Park, Bracken Road, Sandyford, Dublin 18, Dublin, D18 H283. All correspondence should be marked for the attention of our GDPR team. 

For your protection, we may need to verify your identity to process your request.

 

USE OF GP24 WEBSITES

Like most websites, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website.

This Non-Personal Data comprises of information that cannot be used to identify or contact you; such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our websites.

Any external links to other websites are clearly identifiable as such, and we are not responsible for the content or the privacy policies of these other websites.

COOKIES

This website uses “cookie” technology. A cookie is a little piece of text stored by the browser on your computer, at the request of our server. We may use cookies to deliver content specific to your interests and to save your personal preferences so you do not have to re-enter them each time you connect to our website – our cookies are not available to other websites.

You are always free to decline our cookies, if your browser permits, or to ask your browser to indicate when a cookie is being sent. You can also delete cookie files from your computer at your discretion. Note that if you decline our cookies or ask for notification each time a cookie is being sent; this may affect your ease of use of this website.

 

FACEBOOK CONVERSION TRACKING PIXEL

GP24 and its subsidiary companies may, from time to time, use Facebook Advertising, Facebook Pixel Re-Marketing, and communications. This tool allows us to understand and deliver ads, making them more relevant to you. The collected data remains anonymous, and we cannot see the personal data of any individual user.

However, the collected data is saved and processed by Facebook. Facebook may be able to connect the data with your Facebook account and use the data for their own advertising purposes (in accordance with Facebook’s Data Use Policy found under: https://www.facebook.com/about/privacy/).

Facebook has ultimate control of the information gathered through Facebook Advertising, Facebook Pixel Re-Marketing, and communications. You can opt-out of Facebook’s use of cookies and Facebook Pixel Re-Marketing through settings on your Facebook Account.

GOOGLE REMARKETING

GP24 may, from time to time, utilise Google’s remarketing technology. This allows us to display relevant ads based on the pages on the GP24 website you have viewed. The advertisements will be displayed using cookies. This cookie will not record any personal information or identify you personally.

If you would prefer to not receive any targeted advertisements, you can deactivate the use of cookies for these purposes through Google by visiting the website: https://www.google.com/settings/ads/.
Google has its own data protection policy which can be accessed here: https://www.google.com/intl/en/policies/privacy/.

 

SECURITY

We take our security responsibilities seriously, taking all reasonable steps, including appropriate technical and organisational measures to protect your data. We review our security measures regularly.

If you have reason to believe that your interaction with us is no longer secure, please contact us immediately via email hello@GP24.ie or phone +353 (01) 518 0808.

SALE OF BUSINESS

We reserve the right to transfer information (including your personal data) to a third party in the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets of our company in the following cases:

  • provided that the third party agrees to adhere to the terms of the Website Privacy Policy

  • provided that the third party will only use your Personal Data for the purposes that you provided it to us.

You will be notified in the event of any such transfer and you will be afforded an opportunity to opt-in.