Introduction
Flower Hill Medical ("we", "us", "our", "the practice") is committed to protecting the privacy and security of your personal data. This policy explains how we collect, use, store, and protect your information, in line with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.
This policy applies to all patients of the practice, and to visitors to this website.
Data controller
Flower Hill Medical is the data controller for the personal data we hold about you.
- Practice address: 72B Flower Hill, Navan, Co. Meath, Ireland
- Phone: 046 908 5555
- Email: info@flowerhillmedical.ie
- Data protection queries: info@flowerhillmedical.ie
What information we collect
As your GP practice, we collect and process:
- Identity and contact data — name, date of birth, address, phone number, email, PPS number, next of kin details
- Health data — medical history, diagnoses, medications, test results, referral letters, consultation notes, and other clinical information (this is "special category data" under GDPR and receives extra protection)
- Administrative data — GMS/medical card status, insurance details, appointment history, billing records
- Website usage data — if you contact us or book online, we may collect the information you submit through forms, and standard technical data such as IP address and browser type via cookies (see the Cookies section)
Why we process your data
We process personal data for the following purposes and legal bases:
| Purpose | Legal basis |
|---|---|
| Providing medical care and treatment | Necessary for the provision of health/social care (GDPR Art. 9(2)(h)); consent for certain treatments |
| Maintaining your patient record | Legal obligation (Medical Council and HSE record-keeping requirements) |
| Contacting you about appointments, results, or recalls | Legitimate interest / necessary for healthcare provision |
| Billing and claims (e.g. GMS, PHB, insurers) | Contract / legal obligation |
| Responding to enquiries submitted via this website | Consent (you submitting the form) |
| Complying with public health reporting obligations | Legal obligation |
| Improving our website | Legitimate interest / consent (cookies) |
We do not use your health data for marketing purposes, and we do not sell your data to any third party.
Who we share your data with
We share personal data only where necessary, including with:
- Other treating clinicians involved in your care (hospitals, specialists, out-of-hours GP services, pharmacists)
- The Health Service Executive (HSE), where legally required (e.g. notifiable diseases, screening programmes)
- Laboratories and diagnostic services for test processing
- Medical indemnity insurers, if relevant to a claim
- Our IT and practice management software providers, acting as data processors under contract
- Regulatory bodies (e.g. the Medical Council), where legally required
We do not transfer your data outside the European Economic Area (EEA) unless a service provider requires it, in which case we ensure appropriate safeguards (such as EU Standard Contractual Clauses) are in place.
How long we keep your data
We retain patient records in line with Medical Council and HSE guidance:
- Adult patient records: a minimum of 8 years after the last consultation, or after the patient's death
- Children's records: retained until the patient reaches 25 years of age (or 26 if the patient was 17 at the time of the last entry), or a minimum of 8 years after last contact, whichever is longer
- Website enquiry/contact form data: retained only as long as needed to respond to the enquiry, then deleted, unless it becomes part of your patient record
Your rights
Under GDPR, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Restrict or object to certain processing, in limited circumstances (note: this may be limited for clinical records where retention is a legal obligation)
- Erasure, again subject to our legal obligation to retain medical records for the periods above
- Data portability, where applicable
- Complain to the Data Protection Commission (DPC) if you believe your data has been mishandled
To exercise any of these rights, contact us at info@flowerhillmedical.ie or 046 908 5555. We will respond within one month, as required by law.
Cookies
This website uses cookies, for example to remember your preferences and analyse site traffic. You can control or disable cookies through your browser settings.
Website security
Changes to this policy
We may update this policy from time to time. The "last updated" date at the top will reflect the most recent revision.
Contact us
If you have any questions about this privacy policy or how your data is handled, please contact:
Flower Hill Medical
72B Flower Hill, Navan, Co. Meath
Phone: 046 908 5555
Email: info@flowerhillmedical.ie