Practice privacy statement

Privacy Statement

Strand Medical D3

Last updated: 29th December 2025 by MM

Strand Medical D3 is committed to providing the highest standard of medical care for our patients. We recognise that general practice is a trusted community service governed by a strong ethic of privacy and confidentiality. We manage personal data in accordance with the General Data Protection Regulation (GDPR), Irish data protection law, and Medical Council guidance.

This Privacy Statement explains how we collect, use, store, and share your personal data, and how we ensure your consent is meaningful.

1. Who We Are (Data Controller)

Strand Medical D3
1 Philipsburgh Ave, Fairview, Dublin 3, D03P897
+35312150770

For the purposes of data protection law, Strand Medical D3 is the Data Controller of your personal data.

2. What Information We Collect

To provide safe and effective medical care, we collect and retain information including:

a) Personal Information

  • Name, address, date of birth

  • PPS number

  • Telephone number and email address

b) Health Information (Special Category Data)

  • Medical history and clinical notes

  • Consultation records

  • Test results, referrals, prescriptions

  • Correspondence from hospitals and other healthcare providers

c) Administrative Information

  • Appointment records

  • Medical card / GP visit card status

  • Private fee and eligibility information

We only collect information that is necessary, and we aim to keep it accurate and up to date. We may ask you to inform us of relevant changes, such as new treatments, investigations, or changes to your contact details.

3. How and Why We Use Your Information

We use your personal data to:

  • Provide medical assessment, diagnosis, and treatment

  • Maintain accurate clinical records

  • Communicate with you about appointments and care

  • Coordinate care with other healthcare professionals

  • Meet legal, regulatory, and professional obligations

  • Support the safe and effective running of the practice

Your consent is a key principle underpinning how we manage your health information.

4. Legal Basis for Processing

We process your data under the following legal bases:

  • Provision of healthcare and treatment (GDPR Article 9(2)(h))

  • Compliance with legal and regulatory obligations

  • Public interest in healthcare delivery

  • Your explicit consent, where required

5. Practice Staff Access to Records

All members of the practice team are bound by strict confidentiality obligations. Staff who are not regulated by a professional confidentiality code sign explicit confidentiality agreements outlining their duties and the consequences of breach.

Access to patient records is restricted and role-specific, and is permitted only where necessary for the functioning of the practice. This may include:

  • Processing repeat prescriptions (reviewed and signed by a GP)

  • Preparing social welfare certificates (checked and signed by a GP)

  • Typing referral letters to consultants and allied health professionals

  • Opening, scanning, and filing correspondence from hospitals and specialists

  • Downloading and integrating laboratory results and out-of-hours reports

  • Printing or copying records for referrals or GP transfer (with consent)

  • Checking whether results or correspondence have been received

  • Identifying patients due preventative or recall services (e.g. vaccinations, cervical screening, antenatal care)

  • Handling medico-legal, insurance, and life assurance reports

6. Sharing Your Information with Other Professionals

We may share relevant information with:

  • Other GPs and healthcare professionals involved in your care

  • Hospitals, laboratories, and diagnostic services

  • The HSE, where required

Only the minimum necessary information is shared. All recipients are legally obliged to maintain confidentiality to the same standard as this practice.

7. Disclosures Required or Permitted by Law

In certain circumstances, disclosure of information may be required or permitted by law, including:

  • Notification of specified infectious diseases

  • Statutory reporting obligations

Employers, Insurance Companies, and Solicitors

  • Medical certificates for work generally confirm incapacity and expected return date only

  • Social welfare certificates must include the medical reason for incapacity

  • Disclosure to insurers or solicitors occurs only with your signed consent

8. Training, Teaching, and Medical Education

Strand Medical D3 is involved in:

  • GP training

  • Medical student placements

Students may be present in the practice and involved in patient care under supervision. You may decline student involvement at any time.

GPs may discuss anonymised patient cases for education and professional development. Patient identity is not disclosed.

9. Audit, Quality Improvement, and Research

Patient information is routinely used for:

  • Clinical audit

  • Quality assurance

  • Practice improvement

This is normally done using anonymous or pseudonymised data. Where identifiable data or external research involvement is proposed, we will discuss this with you in advance and seek your explicit written consent.

10. Data Storage, Security, and Retention

Your information is stored securely in electronic and/or paper format using appropriate technical and organisational safeguards.

Medical records are retained in line with professional and legal guidance. For medico-legal reasons, records may be retained for many years after your last contact with the practice.

11. Your Rights

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request restriction of processing in certain circumstances

  • Object to certain types of processing

Access requests can usually be dealt with informally with your GP. Formal written requests may be made, and a reasonable fee may apply where requests are excessive.

12. Transfer to Another GP Practice

If you choose to transfer to another GP, we will provide a copy of your records to your new doctor on receipt of your signed consent. For medico-legal reasons, we will also retain a copy of your records for an appropriate period.

13. Complaints

If you have concerns about how your data is handled, please contact the practice first.

You also have the right to complain to: Data Protection Commission (Ireland) www.dataprotection.ie

14. Changes to This Statement

This Privacy Statement may be updated periodically. The most recent version will always be available on our website.