Data Subject Access Requests
You can exercise any of these rights by sending a Data Subject Request by contacting [email protected] We will acknowledge Data Subject Requests within 1 month from receipt of your valid Request. You will not normally have to pay a fee.
A ‘privacy notice’ lets you know what happens to any personal data that you may give us or that we may collect from you or about you (as a client, family member, carer, or visitor). This notice is issued by Centric Mental Health (SMH) and covers the information we hold about our patients, their families and other individuals who may use our services
Who are we and what do we do?
Centric Mental health is an Irish owned company founded by Stuart McGoldrick and, while initially part of Centric Health, became an independent business in 2018. In August 2021 Centric Mental Health became a Centric company. Our goal is to provide every client with the appropriate mental health supports. We work to help clients identify and overcome their difficulties in a straightforward, individualised, and professional way. At Centric Mental Health we understand the importance of your personal or workplace mental health needs. As the leading provider of private mental health services, our nationwide network of psychologists and psychotherapists are experienced and skilled professionals in their fields. We work with the best to offer you the same.
Why have we issued this Privacy notice
In this privacy statement, we explain what we do with the data we obtain about you. We recommend you carefully read this statement. We recognise the importance of protecting personal and confidential information in all that we do, and take care to meet our legal and other duties, including compliance with relevant law, regulations, and guidance
That means, among other things, that:
- We clearly state the purposes for which we process personal data. We do this by means of this privacy statement.
- We aim to limit our collection of personal data to only the personal data required for legitimate purposes.
- We first request your explicit consent to process your personal data in cases requiring your consent.
- We take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf.
- We respect your right to access your personal data or have it corrected or deleted
Who controls the use of your personal data?
SMH, whose registered address is Centric Mental Health, is Centric Mental Health, , Level 7, RSA House, Sandyford Rd, Dundrum, Dublin 16. If you have any queries in relation to the processing of your personal data, contact as follows: by post , by email Email: [email protected] or by phone on 01 6111719.
Under GDPR, you have rights regarding the use of your personal details and SMH as controller of that data has a responsibility in how we handle this information.
You have the right to data protection when your details are:
- held on a computer.
- held on paper or other manual form as part of a filing system; and
- images of your data, e.g. CCTV
What is the aim of these rights?
With Data protection rights we help you to make sure that the information stored with us about you is:
- Accurate and up to date.
- Only available to those who should have it.
- Only used for stated purposes.
- Stored securely
What should you expect?
- Expect fair treatment from SMH and our staff in the way we obtain keep, use and share your information.
- That you have the right to be fully informed in why we are collecting your information and how we are using it.
- That you have the right to object to SMH using your details for a particular purpose.
- That you have the right to ensure inaccurate information about you is corrected.
- Request to see a copy of all information kept about you unless providing details may cause you harm.
- Complain to the Data Protection Commissioner if you feel your data protection rights are being infringed.
What are your Rights
Under certain circumstances, by law you have the right to
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – where certain conditions apply, you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to review – in the event that SMH refuses your request under rights of access, we will provide you with a reason as to why.
- Withdraw your consent – where you have consented to receiving emails or newsletters you may withdraw your consent at any time
Right to obtain a copy of your information
Under GDPR, you have a right to obtain a copy of any information relating to you kept on computer or in a structured manual filing system.
A request for access, release or copy of personal data can only be made by our client or parent / legal guardian in the case of a minor. Any third party (registered next-of-kin or solicitors authorised by our client, Patient Legal Guardian or Power of Attorney) it must be: sent in writing to : Centric Mental Health, , Level 7, RSA House, Sandyford Rd, Dundrum, Dublin 16 or email: [email protected].
Please include the following information in your request:
- Name of psychologists and psychotherapists you attended
- Include your legal name, & date of birth
- Be accompanied by appropriate identification example Current Irish Driver’s License, Valid Passport and Proof of address example a current utility bill. This is only for the purpose of client verification.
It is important to note that SMH abide by the data minimisation principle, therefore if you only need information for a specific date and or incident, please advise us accordingly.
SMH do not issue medical – legal reports.
Can access to data be refused?
Access can be refused to some or all of the patient’s personal health information, only, if providing access is likely to cause serious harm to the physical or mental health of the requester or providing access would disclose the personal data of another person without their consent or would disclose a confidential expression of opinion about the requester.
The recommended method of delivery of the request typically is by
- Registered post via An Post service.
- Emailed using an agreed password and confirming receipt.
Consent for Minors
Where we are required to gather the personal information of a minor (defined as a person aged under 18 years of age), we will require the attendance and consent of a parent or guardian and will only acquire and store such data with their permission, as well as the awareness of the minor themselves.
Parent/Guardian attendance – this policy applies to both clinic and video appointments
Age under 12 parents or guardians will attend the first session.
Age 13 – 18 parents need to accompany young person to clinic/online session and in some instances a clinician will suggest a parent or guardian attend opening and close of session while respecting the child’s confidentiality.
Aged under 16 parents or guardians need to be on site in the clinic or in the same location if online while not attending the sessions.
Aged 16 – 18 and over parents and guardians need to be close by the clinic or in the same location if online and available if needed.
For security reasons, the clinic you attend may have CCTV cameras at the different access points in and outside the building to prevent intruders or individuals who could damage property.
As a client of SMH, member of the public or staff your image will be captured on such CCTV cameras, however images will only be disclosed where necessary to investigate a break in or other unauthorised access to the particular clinic.
Categories of Personal Data
|Category of data||Purpose of Processing||Lawful of processing|
|Administrative: name, address, contact details (phone, mobile, e mail), gender, dates of appointment||Necessary to support the administration of patient care in general practice
|Article 6.1(a): The data subject has given consent to the processing of his/her own personal data for one or more specific purposes;
Article 6.1(d): processing is necessary in order to protect the vital interests of the data subject or of another natural person;
Article 6.1(e): processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; Special Categories are processed under the derogations in Articles 9.2(h) and 9.2(i). Please see the notes under this table on how we use and process your data.
|Clinical Record: Individual Health identifier, date of birth, gender, family members, contact details of next of kin|
|Account Details: record of billable services provided, patient name, address, contact details, billing and payment records for GMS and private patients
|Article 6.1(c): processing is necessary for compliance with a legal obligation to which the controller is subject(Revenue, Medical and Legal Obligations) , and Article 6.1(b) in relation to getting paid for providing a service to private patients
How we use & Process your data
SMH collect personal and non-personal data. Personal data is information that identifies you such as your name and address. SMH will also collect sensitive data which relates to your health history.
Non-personal data is information we gather in general from mentalhealth.ie website. This cannot be used to identify or contact you. This might include your IP address, the browser you use and similar anonymous data.
Any external links to other websites are clearly identifiable as such, and we are not responsible for the content or the privacy policies of these other websites.
SMH need to process clinical information about our clients to ensure that all clinical staff have complete information to ensure you get the best treatment while under our care.
Each patient will have a unique client number and all your details are kept within your unique client record.
We process your personal data to provide you with our services and to assist us in the operation of our business. Under data protection law we are required to ensure that there is an appropriate basis for the processing of your personal data, and we are required to let you know what that basis is. All follow up emails re appointments are done in legitimate interest
There are various options under data protection law, but the primary basis that we use are (a) processing necessary for the performance of our contracts with you, (b) processing necessary in order for us to pursue our legitimate interests, (c) processing where we have your and/or your dependants’ consent, (d) processing that is required under applicable law (e ) Vital Interest.
Here are further details of our processing of your personal data below, together with the basis for that processing:
- Your information may be shared with other psychiatrists, psychologists, psychotherapists, or employee assistance programmes if a second opinion is required; this can include but is not limited to GP practices, other hospitals, other hospital departments who are involved in providing you with your care and community services.
- SMH operate a referral service with Centric Health. This will be done in conjunction with you and only relevant and appropriate clinical notes will be securely transferred.
- SMH is required to send patient details as necessary to the insurance companies in order to get a claim paid. When a patient is registered, you are asked to sign the insurance declaration. This will detail what the insurance company will expect to receive. Often an insurance company will request an audit of claims paid. SMH will supply only the information for that claim once received in writing from the insurance company.
In certain circumstances, we are required by law to report information to the appropriate authorities. This information is often provided after authority has been given by a qualified health professional. For example:
- Where a formal court order has been issued
- Section 7(1)(a) of the Ombudsman Act 1980 provides the Ombudsman with powers to acquire information or documents for the purpose of a preliminary examination or investigation by him or her under the Act.
- Ombudsman for Children: Section 14 of the Ombudsman for Children Act 2002 provides the Ombudsman for Children with the power to acquire information
- Tusla – to consider whether needs to be included or not.
The Data Protection Commissioner may, for the purposes of the investigation of a complaint under the Data Protection Acts, require the SMH to provide any documentation as is considered necessary information or documents for the purpose of a preliminary examination or investigation.
What personal data is collected?
In order to provide our services to you we need to process certain personal data in relation to you, which includes:
Biographical data – We collect the following biographical data: name, assumed names, address, phone number, email address, gender, family relationships (e.g. spouse, children), date of birth.
Payment data – If you pay by direct debit or receive payments through electronic funds transfers, we will collect the IBAN, BIC and the name of your bank/building society or your credit card details where relevant.
Interactions with us – If you interact with us, we will record details of those interactions (e.g. email correspondence and hard copy correspondence). If you make a complaint, we will process details in relation to that complaint.
Online services – When you interact with us online (by computer, tablet, or smartphone), you will often provide personal data to us, which you will be aware of when using the services or for which you give consent. We also automatically collect data about your use of our services, such as the type of device you are using and its IP address, and how you interact with the services. Further details are available in the Cookies policy that accompanies the relevant service.
Submitting a complaint
If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Data Protection Authority.