On May 25th 2018, a new EU General Data Protection Regulation (GDPR) came into effect which replaced the existing 1995 EU Data Protection Directive (European Directive 95/46/EC).
The main objective of the new legislation was to ensure consistency regarding data privacy laws across Europe by changing the way organisations approach data privacy. The fundamental aim of GDPR is to protect all EU citizens from privacy and data breaches. This new law gives individuals complete authority over their personal data in terms of who has it, where it is stored, how it is stored, the length for which it is stored and the purpose for which it is gathered.
How your personal data is used and the legal basis for its processing?
We process your personal data for medical purposes to provide healthcare services to you, on the basis of your contract with Aut Even. Medical purposes include the provision of medical care and treatment, preventative medicine, medical diagnosis, medical research, and the management of healthcare services, including audit and quality control.
What data is collected about you?
To provide treatment to you, Aut Even needs to process your medical records and related personal information, such as your address and other contact details.
How is your personal data collected?
We obtain your personal data directly from you in the course of your admission, diagnosis and treatment. We may also be provided with information necessary for your treatment by other healthcare providers, such as your GP or other hospitals which have been involved in your care and treatment.
How is your personal data disclosed?
Your data will be provided as necessary for medical purposes to those involved in your treatment and care including, where applicable, other hospitals or your health insurer. Medical consultants practicing at Aut Even are independent medical practitioners and not employees of the hospital.
Your data may also be disclosed where required or authorised by law, for example, for medical research or public health purposes.
Aut Even may from time to time use service providers located outside of the European Union to process patient data. When this is done, at least one of the following safeguards to protect your personal data to a similar level as within Europe will be applied, i.e.:
- We will use service providers located in countries which have been designated by the European Commission as having an adequate national standard of data protection, or;
- For transfers to the United States of America, our service providers may be registered under and have committed to adhering to the Privacy Shield Framework, or;
- We will require our service providers to adopt the standard data protection contract clauses pre-approved by the European Commission.
We will only retain your personal data for as long as is necessary to fulfil the medical purposes for which it is recorded, including any legal or regulatory requirements to maintain records.
Your Data Protection rights
- You have the right to be provided on request with a copy of your personal data. For requests for health related data, we are obliged to consult with the appropriate health practitioner (normally, your treating clinician) to ensure providing the data to you will not result in serious harm to your physical or mental health.
- You have the right to rectification of inaccurate data we may have recorded about you.
- You have the right to the erasure of your data (“right to be forgotten”) which we no longer have justification for recording.
- You have the right to object to processing of your data which is being done by Aut Even on the basis of its legitimate interests.
- You have the right to restrict the processing of your personal data when:
- the basis for its processing is in dispute;
- its accuracy is in dispute;
- we cannot establish a lawful basis for its processing, but you do not wish it to be erased;
- we no longer need your data, but you need it for the establishment, exercise, or defence of legal claims;
- you object, where applicable, to our processing of your data on the basis of our legitimate interests, pending verification of whether your interests override ours;
- You have the right to be provided with a copy of your data in machine readable format, or to have it transferred directly to another data controller (“data portability”).
If you are not satisfied with our responses or are otherwise concerned with how we process your personal data, you also have the right to make a complaint to the Data Protection Commission.
How to contact us:
We can be contacted at: Aut Even Hospital, Freshford Road, Co. Kilkenny,R95 D370. 056 777 5275 / firstname.lastname@example.org
Aut Even’s Data Protection Officer can be contacted by post or phone at the above address, or by email at email@example.com