TEMPERATURE CONTROLLED PHARMACEUTICALS LIMITED
Privacy Notice
This Privacy Notice applies to all current and former patients of Mater Misericordiae University Hospital to whom Temperature Controlled Pharmaceuticals Limited, a company incorporated under the laws of Ireland with company number 310575 and registered address at 15-17 Willow Business Park, Knockmitten Lane, Dublin 12, Dublin, D12 T6C6 (“TCP Homecare”) provides independent nursing services.
For the avoidance of doubt, TCP Homecare is the controller of personal data processed in accordance with this Privacy Notice.
Please read the following carefully to understand our practices regarding your personal data and how we treat and safeguard it.
Personal data means any information relating to an identified or identifiable living natural person (“data”). TCP Homecare at all times will seek to ensure that all data that is obtained and/or retained in relation to you and your medical history will be processed according to applicable data protection law.
The type of data that TCP Homecare may collect, store or process about you in connection with the delivery of our service to you is:
We may collect your data directly from:
LOCATION OF YOUR DATA
All data will be held securely in written and/or electronic format at TCP Homecare premises and/or at the premises of an approved electronic hosting provider in Ireland.
Contact
TCP Homecare as data controller: TCP HOMECARE, 2-3 Westland House, Westland Business Park, Willow Road, Clondalkin, D12EA03, Dublin, Ireland, Data.Protection@tcp.ie
TCP Homecare Data Protection Officer: David Lawless, United Drug House, Magna Drive, Magna Business Park, Citywest, D24XKE5, Dublin 24, Ireland, Data.Protection@tcp.ie
General purpose
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Irish Data Protection Acts and other applicable data protection provisions. Data is processed only insofar as is necessary and permitted under data protection law, for example to enable us to provide our services, fulfil our contractual obligations or to the extent that you consent to data processing
Data recipients
Your data will be shared with TCP Homecare internal departments or organisational units to the extent that this is necessary for the fulfilment of our service.
Your data will be shared with the following external recipients:
Transfers to third countries
Our technology providers may carry out some processing activities (for example support function) from the ‘third countries’ (countries outside the EU or the EEA or outside of countries subject to adequacy decision of the European Commission) which is a ‘transfer’ of your data to third countries under the GDPR. If we ‘transfer’ your data to such third countries, we will ensure that appropriate measures are in place to protect your data and to comply with our obligations under the data protection law. This may mean that we enter into contracts in the form approved by the European Commission, and that we implement appropriate technical and organisational measures in respect of such transfers. If you would like to receive further details about measures we have taken in relation to the transfer of your data to third countries, or copies of the agreements that we have put in place in relation to transfers, please contact us at data.protection@tcp.ie.
Data deletion and storage duration
We do not keep your data longer than it is necessary for the purpose for which we collect it. We also keep your data in accordance with the legal requirements imposed on us which means the retention period differs depending on the data. In determining the retention periods, we may take into account whether we need to retain data in order to: (a) meet statutory requirements, (b) defend any legal claims, (c) meet our reasonable business requirements.
Your rights as a data subject
You may assert your rights listed below at any time.
Right of access
You are entitled, pursuant to Art. 15 GDPR, to obtain following information from us at any time and free of charge: your data that we process, the purposes of the processing, the categories of recipients of your data, the envisaged period for which the data will be stored or, in the case of transfer to a third country, the appropriate safeguards. You are also entitled to obtain a copy of your data.
Right to rectification, erasure, restriction of processing
Should the data we process about you be inaccurate or incomplete or if the processing is unlawful, you can request that we rectify, supplement or restrict the processing of your data or erase the data to the extent permitted by law, Art. 16, 17 and 18 GDPR. There is no right to erasure if the processing of data is necessary (i) to exercise the right of freedom of expression and information, (ii) to comply with a legal obligation to which we are subject (e.g. statutory retention periods), (iii) to establish, exercise or defend legal claims, (iv) in the public interest, (v) in the exercise of official authority vested in the controller, (vi) for health or social care purposes, for public health purposes in the public interest.
Right to data portability
If you have provided us with your data on the basis of your consent or as part of an existing contractual relationship with us, we will, at your request, make the data available to you in a structured, commonly used and machine-readable format or, where technically feasible, will transmit them to a third party named by you.
Right to object
If we process your data in order to pursue a legitimate interest, you may object to this processing on grounds relating to your particular situation, Art. 21 GDPR. The right to object may be exercised only within the confines of Art. 21 GDPR. Moreover, our interests may override the cessation of processing, meaning that, despite your objection, we are entitled to process your personal data.
Right to lodge a complaint
You are welcome to contact our Data Protection Officer named in Section 2 with questions, suggestions and complaints.
You are also entitled, subject to Art. 77 GDPR, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The right to lodge a complaint applies regardless of any other administrative or judicial remedies.
The supervisory authority in Ireland is:
Office of the Data Protection Commissioner.
Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland
Phone +353 (0761) 104 800
LoCall 1890 25 22 31
Fax +353 57 868 4757
Email: info@dataprotection.ie
Consent/rights of withdrawal
In the event that you give or have given us your consent to the collection, processing or use of your data, you can withdraw this consent at any time by notifying us. An email is sufficient, but you can reach us via any a preferred method. You also have the right, on grounds relating to your particular situation, to object to the processing of your data on the basis of Art. 6, para. 1(e) (performance of a task carried out in the public interest) or Art. 6, para. 1(f) GDPR (legitimate interests pursued by the controller); the same applies to profiling pursuant to those provisions. In this event, we will no longer process your data, unless we can demonstrate compelling and legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims. If the data concerning you is processed in order to engage in direct marketing, you have the right to object at any time to the processing of this data for the purposes of such marketing. If you object to the processing for direct marketing purposes, the data will no longer be processed for those purposes.
Amendments
We reserve the right to amend this Privacy Statement at any time.
Last Updated: 13th August 2024, Version: 1.1
Privacy Notice
This Privacy Notice applies to all current and former patients of Mater Misericordiae University Hospital to whom Temperature Controlled Pharmaceuticals Limited, a company incorporated under the laws of Ireland with company number 310575 and registered address at 15-17 Willow Business Park, Knockmitten Lane, Dublin 12, Dublin, D12 T6C6 (“TCP Homecare”) provides independent nursing services.
For the avoidance of doubt, TCP Homecare is the controller of personal data processed in accordance with this Privacy Notice.
Please read the following carefully to understand our practices regarding your personal data and how we treat and safeguard it.
Personal data means any information relating to an identified or identifiable living natural person (“data”). TCP Homecare at all times will seek to ensure that all data that is obtained and/or retained in relation to you and your medical history will be processed according to applicable data protection law.
The type of data that TCP Homecare may collect, store or process about you in connection with the delivery of our service to you is:
- Contact and other personal data, for example: your name, address, contact details, phone number, email address, date of birth, PPS number, gender, family relationships, and next of kin information.
- Health data: your medical history and any prescribed medications; and any necessary health and medical information as is necessary and proportionate in the context of our services including such information as may be gathered during any visit or included in the visit report.
- Interactions data: if you interact with us, we will record your details of these interactions (meetings, phone calls, emails, hard copy correspondence)
- Website and Enquiries: When you interact with us using our website, any data that you may provide to us and any automatically collected data such as IP address and type of device. Further details as to how we process your data when you access or use our website are available at: www.tcp.ie
We may collect your data directly from:
- Your referring medical team – your data may be provided to us by your consultant and medical team when referring you for our service.
- Your insurance provider
- Our interactions with you
- Your website use and enquiries: when you interact with us using our website.
LOCATION OF YOUR DATA
All data will be held securely in written and/or electronic format at TCP Homecare premises and/or at the premises of an approved electronic hosting provider in Ireland.
Contact
TCP Homecare as data controller: TCP HOMECARE, 2-3 Westland House, Westland Business Park, Willow Road, Clondalkin, D12EA03, Dublin, Ireland, Data.Protection@tcp.ie
TCP Homecare Data Protection Officer: David Lawless, United Drug House, Magna Drive, Magna Business Park, Citywest, D24XKE5, Dublin 24, Ireland, Data.Protection@tcp.ie
General purpose
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Irish Data Protection Acts and other applicable data protection provisions. Data is processed only insofar as is necessary and permitted under data protection law, for example to enable us to provide our services, fulfil our contractual obligations or to the extent that you consent to data processing
| To permit our nurses to provide the service to you in your home and to give you treatment | Your consent |
| To create aggregate activity, quality and customer satisfaction reports in respect of performed services | Necessary to pursue our legitimate interests pursuant to Art. 6.1(f) GDPR: to enable us to run our business and manage our services effectively |
| To monitor the quality of our service To provide information to an authorised third party (subject to such third-party entering confidentiality agreement) for the purposes of compliance and/or quality auditing | Necessary to pursue our legitimate interests pursuant to Art. 6.1(f) GDPR: to enable us to run our business, to monitor the quality of our services, to check that all processes are being followed |
| To contact you in respect of and carry satisfaction surveys (optional) in respect of the service being delivered which may involve data being passed to an independent third party so as to enable us to get your feedback on the service. This will be carried out through written format or by telephone call. | Your consent |
| Website use and enquiries | Further details as to how we process your data when you access or use our website are available at: www.tcp.ie |
Your data will be shared with TCP Homecare internal departments or organisational units to the extent that this is necessary for the fulfilment of our service.
Your data will be shared with the following external recipients:
- referring hospital and medical team
- sponsor of the service: for example, manufacturer, insurance provider, HSE
- regulatory bodies in order to report pharmacovigilance data including details of adverse events or adverse reactions or other reportable events (if applicable)
- replacement service providers
- external service providers who are acting as processors on our behalf or who perform various functions for us (e.g. technology providers, IT service providers, data centres, companies that destroy data or courier services)
- other third parties with your consent
Transfers to third countries
Our technology providers may carry out some processing activities (for example support function) from the ‘third countries’ (countries outside the EU or the EEA or outside of countries subject to adequacy decision of the European Commission) which is a ‘transfer’ of your data to third countries under the GDPR. If we ‘transfer’ your data to such third countries, we will ensure that appropriate measures are in place to protect your data and to comply with our obligations under the data protection law. This may mean that we enter into contracts in the form approved by the European Commission, and that we implement appropriate technical and organisational measures in respect of such transfers. If you would like to receive further details about measures we have taken in relation to the transfer of your data to third countries, or copies of the agreements that we have put in place in relation to transfers, please contact us at data.protection@tcp.ie.
Data deletion and storage duration
We do not keep your data longer than it is necessary for the purpose for which we collect it. We also keep your data in accordance with the legal requirements imposed on us which means the retention period differs depending on the data. In determining the retention periods, we may take into account whether we need to retain data in order to: (a) meet statutory requirements, (b) defend any legal claims, (c) meet our reasonable business requirements.
Your rights as a data subject
You may assert your rights listed below at any time.
Right of access
You are entitled, pursuant to Art. 15 GDPR, to obtain following information from us at any time and free of charge: your data that we process, the purposes of the processing, the categories of recipients of your data, the envisaged period for which the data will be stored or, in the case of transfer to a third country, the appropriate safeguards. You are also entitled to obtain a copy of your data.
Right to rectification, erasure, restriction of processing
Should the data we process about you be inaccurate or incomplete or if the processing is unlawful, you can request that we rectify, supplement or restrict the processing of your data or erase the data to the extent permitted by law, Art. 16, 17 and 18 GDPR. There is no right to erasure if the processing of data is necessary (i) to exercise the right of freedom of expression and information, (ii) to comply with a legal obligation to which we are subject (e.g. statutory retention periods), (iii) to establish, exercise or defend legal claims, (iv) in the public interest, (v) in the exercise of official authority vested in the controller, (vi) for health or social care purposes, for public health purposes in the public interest.
Right to data portability
If you have provided us with your data on the basis of your consent or as part of an existing contractual relationship with us, we will, at your request, make the data available to you in a structured, commonly used and machine-readable format or, where technically feasible, will transmit them to a third party named by you.
Right to object
If we process your data in order to pursue a legitimate interest, you may object to this processing on grounds relating to your particular situation, Art. 21 GDPR. The right to object may be exercised only within the confines of Art. 21 GDPR. Moreover, our interests may override the cessation of processing, meaning that, despite your objection, we are entitled to process your personal data.
Right to lodge a complaint
You are welcome to contact our Data Protection Officer named in Section 2 with questions, suggestions and complaints.
You are also entitled, subject to Art. 77 GDPR, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The right to lodge a complaint applies regardless of any other administrative or judicial remedies.
The supervisory authority in Ireland is:
Office of the Data Protection Commissioner.
Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland
Phone +353 (0761) 104 800
LoCall 1890 25 22 31
Fax +353 57 868 4757
Email: info@dataprotection.ie
Consent/rights of withdrawal
In the event that you give or have given us your consent to the collection, processing or use of your data, you can withdraw this consent at any time by notifying us. An email is sufficient, but you can reach us via any a preferred method. You also have the right, on grounds relating to your particular situation, to object to the processing of your data on the basis of Art. 6, para. 1(e) (performance of a task carried out in the public interest) or Art. 6, para. 1(f) GDPR (legitimate interests pursued by the controller); the same applies to profiling pursuant to those provisions. In this event, we will no longer process your data, unless we can demonstrate compelling and legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims. If the data concerning you is processed in order to engage in direct marketing, you have the right to object at any time to the processing of this data for the purposes of such marketing. If you object to the processing for direct marketing purposes, the data will no longer be processed for those purposes.
Amendments
We reserve the right to amend this Privacy Statement at any time.
Last Updated: 13th August 2024, Version: 1.1