WHO IS COLLECTING MY DATA?
This Privacy Statement explains how Spectrum Mental Health www.spectrummentalhealth.ie / www.mentalhealth.ie will process your personal and health information in accordance with the General Data Protection Regulation 2016 (GDPR) which comes into effect in May 2018, replacing the existing data protection framework under the EU Data Protection Directive. Spectrum Mental Health is a subsidiary organisation of Spectrum Health who are registered with the Data Protection Commissioner (DPC) Registration Number 13807/A as data controllers. As data controllers, Spectrum Health employs appropriate technical and organisational measures to meet the requirements of GDPR and ensures that all processors do the same.
We collect personal information from you when you apply for one of the services which we offer, this may be via an online form, a video consultation, a follow up question, a telephone call, an email or other means. It is necessary for us to collect sensitive data (such as medical information) relating to you so that our team can make a decision if the service (and treatment) is safe and suitable for you. We collect your email and mobile number so that our team can contact you if required.
Should you contact us by any electronic format, including Web Chat, online form messages, phone, or email or by any other method – we may hold the content, contact details and any additional information you provide to us on record for future reference and use by Spectrum Mental Health.
If you give us your credit card details then we will process payments using Secure Sockets Layer (SSL) security but we will not keep a record of your card details on our servers.
PRIVATE PRACTICES AND DIRECT MARKETING
We will never use your data for direct marketing purposes without your consent. At any time, you may opt out (i.e. refuse the use of your personal data), including at the time the data is collected, or on every subsequent marketing message. Unsubscribing will always be free of charge and fully respected.
It should be noted that other methods of communication (confirmation of appointments or reminders, etc.) do not fall under “direct marketing”, however consent will still be collected for this.
WHAT TYPE OF DATA IS COLLECTED?
Spectrum Health & Spectrum Mental Health complies with the EU Data Protection Directive 95/46/EC as set forth by the European Union regarding the collection, use, and retention of personal data from European Union member countries. Spectrum Health & Spectrum Mental Health has certified that it adheres to the requirements of notice, choice, onward transfer, security, data integrity, access and enforcement.
We collect two types of data: personal data, and sensitive personal data.
· Personal data can be used to identify or contact you, and may include: your name, address, date of birth, telephone number, and email address. This will only be collected if you voluntarily submit it to us.
· Sensitive personal data is relating to your health, and is collected for the purposes of clinical assessment, treatment, programme provision or advice, and is necessary to be obtained in order to provide the most accurate service for you.
WHAT IS MY DATA BEING USED FOR?
When you contact Spectrum to avail of any of our services, including but not limited to:
· Physiotherapy: The Physio Company – www.thephysiocompany.com
· Speech and Language Therapy: Spectrum Speech – www.spectrumspeech.ie
· Podiatry/Chiropody: Spectrum Foot Clinics – www.spectrumfootclinics.ie
· Dietetics/Nutrition: Spectrum Nutrition – www.spectrumnutrition.ie
· 3D Running & Gait Analysis: Run360 – www.run360.ie
· Fitzwilliam Private Clinic Services: www.fitzwilliamprivateclinic.ie
We will ask you to provide, either by phone or electronic means, your name, address, date of birth, telephone number, and email address. This information provided will be used by Spectrum to:
· verify your identity
· provide you with the service you have requested
· respond to your enquiries or provide customer support
· create your medical file and book your appointment(s)
· send updates regarding your appointments and programmes
· contact you in the case of a data breach
· provide you with advice, dependant on the information you have given
· seek feedback for ongoing service improvements
· communicate with you regarding other Spectrum Health products and services
When we communicate with you regarding our products and services for the first time we will give you the option to “opt-in,” and on every subsequent communication there will be an option to “unsubscribe.” If you subscribe to our email newsletter, we use email tracking to record and save your email address to your subscriber record to monitor and store your preferences.
When you attend a Spectrum Mental Health Service you will be asked to provide further sensitive data to allow your service provider to:
· perform a clinical assessment
· provide you with appropriate treatment, programmes or advice
As Spectrum Mental Health and its subsidiary companies (as listed above) avail of the same diary booking system, your appointment and service type will be visible to essential personnel across Spectrum Health’s subsidiary companies, which in some instances will include non-Spectrum personnel for the purposes of health and safety, and providing meeting and greeting services. Spectrum Mental Health will never share your personal information with any other third party without your consent unless required to do so by law.
WHAT HAPPENS TO MY DATA?
All of your personal and health data is stored securely, offsite and in electronic format on a patient management system. All electronic communications are hosted within platforms which are SSL-secure, password protected and encrypted. Spectrum Mental Health has adequate measures in place to ensure that your information is held securely, within the EU. Any personally identifiable information you elect to make available publicly on our sites – e.g. posting comments on any of our blog posts – will be available to others
WHO HAS ACCESS TO MY DATA?
Access is restricted to essential personnel of Spectrum Health’s subsidiary companies who are bound by their professional ethics and/or confidentiality agreements.
We may provide non-personal data to third parties, where such information is combined with similar information of other users of our website. For example, we might inform third parties regarding the number of unique users who visit our website, the demographic breakdown of our community users of our website, or the activities that visitors to our website engage in while on our website.
The third parties to whom we may provide this information may include, commercial partners, sponsors, licensees, researchers and other similar parties. We will never disclose your Personal Data to third parties unless you have consented to this disclosure or unless the third party is required to fulfil your order (in such circumstances, the third party is bound by similar data protection requirements).
We will disclose your Personal Data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.
HOW LONG IS MY DATA HELD FOR?
Your data will be held by Spectrum Mental Health as long as is legally required. In the case of healthcare, we retain records for a minimum of eight years from the date of last treatment. In the case of children's records, the period of eight years begins from the time they reach the age of 18.
After that time period your data will be securely deleted, as per our data destruction policy.
WHAT ARE MY RIGHTS?
You can contact us at any time to:
· Request personal or sensitive personal data about yourself
· Correct any information if it is incomplete or misleading
· Withdraw your consent regarding the processing of your data at any time
Any request should be put in writing and will be responded to by us within 30 days.
If you email us your request for changes, please ensure it is clear regarding exactly what personal data you would like changed. For your protection, we will only be able to implement requests with respect to the data associated with the particular email address on which the request was sent, and we may need to verify your identity before implementing your request.
Please contact us either by email at DPO@spectrummentalhealth.ie or by post at 95 Merrion Square West, Dublin 2. All correspondence should be marked for the attention of the Spectrum Mental Health GDPR Team.
USE OF SPECTRUM MENTAL HEALTH WEBSITES
Like most websites, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website.
This Non-Personal Data comprises of information that cannot be used to identify or contact you; such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our websites.
Any external links to other websites are clearly identifiable as such, and we are not responsible for the content or the privacy policies of these other websites.
You are always free to decline our cookies, if your browser permits, or to ask your browser to indicate when a cookie is being sent. You can also delete cookie files from your computer at your discretion. Note that if you decline our cookies or ask for notification each time a cookie is being sent, this may affect your ease of use of this website.
FACEBOOK CONVERSION TRACKING PIXEL
Spectrum Health and its subsidiary companies (including Spectrum Mental Health) may, from time to time, use Facebook Advertising, Facebook Pixel Re-Marketing, and communications. This tool allows us to understand and deliver ads, making them more relevant to you. The collected data remains anonymous, and we cannot see the personal data of any individual user.
However, the collected data is saved and processed by Facebook. Facebook may be able to connect the data with your Facebook account and use the data for their own advertising purposes (in accordance with Facebook’s Data Use Policy found under: https://www.facebook.com/about/privacy/).
Spectrum Health and its subsidiary companies (including Spectrum Mental Health) may, from time to time, utilise Google’s remarketing technology. This allows us to display relevant ads based on the pages on the Spectrum website you have viewed. The advertisements will be displayed using cookies. This cookie will not record any personal information or identify you personally.
Google has its own data protection policy which can be accessed here: https://www.google.com/intl/en/policies/privacy/.
We take our security responsibilities seriously, taking all reasonable steps, including appropriate technical and organisational measures to protect your data. We review our security measures regularly.
If you have reason to believe that your interaction with us is no longer secure, please contact us immediately via email firstname.lastname@example.org or phone +353-1-6111-719.
Sale of Business
We reserve the right to transfer information (including your personal data) to a third party in the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets of our company in the following cases:
· provided that the third party will only your Personal Data for the purposes that you provided it to us.
You will be notified in the event of any such transfer and you will be afforded an opportunity to opt-in.
UPDATES TO THIS PRIVACY STATEMENT
We may change this privacy statement, however the “last updated” date will always be listed at the top of this page. Any changes will be effective immediately.