Privacy Policy

Privacy Policy – JHS Medical Ltd

JHS Medical Ltd is a private medical clinic based at 509/510 Q House, 76 Furze Road, Sandyford, Dublin 18, Ireland. This privacy policy provides information about the personal information we process about you as a data controller, in compliance with the General Data Protection Regulation (GDPR).
Our Data Protection Registration Number is 17011-A
Please contact John Scurr at [email protected] with any questions or request about the personal information we process.

Your rights

We are committed to protecting your rights to privacy. They include
Right to be informed about what we do with your personal data;
Right to have a copy of all the personal information we process about you;
Right to rectification of any inaccurate data we process, and to add to the information we hold about you if it is in complete;
Right to be forgotton and your personal data destroyed
Right to restrict the processing of your personal data;
Right to object to the processing we carry out based on our legitimate interest;

The personal data we process, why we process it and where it comes from and the legal basis for doing so.

Patients:

We process the personal data of patients who attend our clinic or patients for whom we receive referral letters from General Practitioners and Consultants and also personal data of the General Practitioners and Consultants.
The Personal Data may include
Names, contact details and dates of birth
Financial details and bank details
Information about race, ethnic origin and sex
Medical/Health information
The personal data is generally provided by the patient or by the referring clinician.
We process data because it is in our legitimate interests as a Medical Practice providing a medical service to do so. We need to see and analyse information in order to be able to treat patients and invoice patients and insurance companies
In relation to any special category personal data, such as health records or information concerning race, ethnic origin or sex, we rely on the legal claims basis for processing this data, in addition to our legitimate interest.
In many cases an individual has consented to the transfer of their personal data to us. Where an individual has consented, he or she may easily withdraw it by notifying John Scurr on [email protected].

Other personal data

We also process personal data pursuant to our legitimate interests in running our business such as;
Invoices and receipts
Accounts, VAT and tax returns
Insurance policies and related documents
As an employer we process personal data further to contracts of employment with our employees. The information includes;
Names, addresses and contact details
Pay and bank details, pay slips, PAYE numbers
Curriculum Vitae, contracts of employment, references and appraisals
Health information (in reliance on the occupational health exemption contained in the Data Protection act 2018).
Finally we run a client relationship management system. Any personal data on the system can be withdrawn at any time by contacting John Scurr.

Retention Period

Personal data is retained indefinitely unless we receive a request to destroy it
Administrative data is retained for up to six years as necessary, in the unlikely event there are queries from HMRC and the VAT commissioner.
Personal data relating to employees who have left our employment is also retained for up to six years as necessary. This is the time limit for bringing a breach of contract claim.

Whom do we share personal data with?

We share personal data internally strictly on a need to know basis.
We do not share personal data with anyone external to the organisation other than with
Referring clinicians and GP’s
Insurance Companies
Hospitals if we have to arrange admissions and procedures
HMRC and the VAT Commissioner as they require
Outsourced services providers such as shredding facilities subject to GDPR compliant written contracts.
Our accounts

If you have any concerns about the way your personal information has been processed, please contact John Scurr above.