Search this site
Search this site

Privacy Policy

Practice Privacy Statement

Here at Spiddal Medical we want to ensure the highest standard of medical care for our patients. We understand that a General Practice is a trusted community governed by an ethic of privacy and confidentiality.

Our approach is consistent with the Medical Council guidelines and the privacy principles of the Data Protection Regulations. It is not possible to undertake medical care without collecting and processing personal data and data concerning health. In fact, to do so would be in breach of the Medical Council’s ‘Guide to Professional Conduct and Ethics for Doctors’.

This Privacy Policy governs the way Spiddal Medical Centre collects, uses, maintains and discloses information collected from users (individually, a “User”) of the website (“Site”). This privacy policy applies to the Site and all products and services offered by Spiddal Medical Centre.

Legal Basis for Processing Your Data

This practice has voluntarily signed up for the ICGP Data Protection Guideline for GPs. The processing of personal data in general practice is necessary in order to protect the vital interests of the patient and for the provision of health care and public health. You can access the Guideline at In most circumstances we hold your data until 8 years after your death or 8 years since your last contact with the practice. There are exceptions to this rule and these are described in the Guideline referenced above.

Managing Your Information

In order to provide for your care here we need to collect and keep information about you and your health on our records.

  • We retain your information securely.
  • We will only ask for and keep information that is necessary. We will attempt to keep it as accurate and up to-date as possible. We will explain the need for any information we ask for if you are not sure why it is needed.
  • We ask you to inform us about any relevant changes that we should know about. This would include such things as any new treatments or investigations being carried out that we are not aware of. Please also inform us of change of address and phone numbers.
  • All persons in the practice (not already covered by a professional confidentiality code) sign a confidentiality agreement that explicitly makes clear their duties in relation to personal health information and the consequences of breaching that duty.
  • Access to patient records is regulated to ensure that they are used only to the extent necessary to enable the secretary or manager to perform their tasks for the proper functioning of the practice. In this regard, patients should understand that practice staff may have access to their records for:
    • Identifying and printing repeat prescriptions for patients. These are then reviewed and signed by the GP.
    • Generating a sickness certificate for the patient. This is then checked and signed by the GP.
    • Typing referral letters to hospital consultants or allied health professionals such as physiotherapists, occupational therapists, psychologists and dieticians.
    • Opening letters from hospitals and consultants. The letters could be appended to a patient’s paper file or scanned into their electronic patient record.
    • Scanning clinical letters, radiology reports and any other documents not available in electronic format.
    • Downloading laboratory results and Out of Hours Coop reports and performing integration of these results into the electronic patient record.
    • Photocopying or printing documents for referral to consultants, attendance at an antenatal clinic or when a patient is changing GP.
    • Checking for a patient if a hospital or consultant letter is back or if a laboratory or radiology result is back, in order to schedule a conversation with the GP.
    • When a patient makes contact with a practice, checking if they are due for any preventative services, such as vaccination, ante natal visit, contraceptive pill check, cervical smear test, etc.
    • Handling, printing, photocopying and postage of medico legal and life assurance reports, and of associated documents.
    • Sending and receiving information via Healthmail, secure clinical email.
    • And other activities related to the support of medical care appropriate for practice support staff.

 Personal Identification Data

We may collect personal identification data from a User in a range of ways, including but not limited to, when a User visits our site, fills in a form, and in connection with other activities, services, features or resources we make available on our Site. A User may be asked for, as applicable, name, mailing address, email address, date of birth, phone number and prescriptions requested. A User may also visit our Site anonymously. We will only collect personal identification data from a User for the purpose they chose to provide it for. A User can always refuse to supply personal identification data, except that it may prevent them from participating in certain Site-related actions.

Non-personal Identification Data

We may collect non-personal identification data about a User whenever they interact with our Site. Non-personal identification data may include a User’s browser name, the type of computer used and technical information about a User, including their method of connecting to our Site, such as the operating system and the Internet service providers utilised and other related information.

Web Browser Cookies

Our Site uses “cookies” to enhance User experience. Some cookies are necessary for the functioning of the site. We also use non-essential cookies to help us measure actions on our Site to provide the best user experience, such as Google Analytics, and to provide updates to you outside of our website, such as Facebook. Non-essential cookies may be opted out of by clicking “Decline” on the notification bar on the Site.

How we Use Collected Information

Spiddal Medical Centre may collect and use a User’s personal information to:

– Improve customer service – Data a User discloses helps us to reply to customer service needs and support requests more effectively.

– Personalize User experience – We may use data in aggregate to identify how our Users as a group use our services delivered on our Site.

– Improve our Site – We may use feedback from a User to improve our services and products.

– Administer a Site function, such as promotion, survey or contest – Send a User information they opted to receive about subjects we think will interest them.

– Send periodic emails – We may use the email address provided to send a User information and updates related to their care. It may also be used to respond to their queries, questions, and other requests. If a User chooses to contact us via our contact form or our prescription refill request form, they will receive email and possibly phone replies. A User who submits either of these contact forms must check the box signifying that they agree to this privacy policy.

How We Protect User data

We implement suitable data collection, storage and processing procedures and security methods to protect against unauthorised access, alteration, disclosure or destruction of your personal data and data stored on our Site.

Sharing a User’s Personal Information

We do not sell, trade, or rent a User’s personal data to others. We may share generic aggregated demographic information not associated with any personal data involving visitors and users with our business partners, trusted affiliates and advertisers for the purposes previously outlined above. We may use third party service providers to help us to operate our company and the Site or manage activities on our behalf, such as sending out surveys and newsletters. We may share your data with these third parties for these limited objectives, only when you have given us your permission.

We use reCAPTCHA on our Contact form and Request a Repeat Prescription form. This is a Google product which filters spam submissions. By using these forms, you consent to this Privacy Policy and to the policy set out in Google’s Privacy Policy.

Disclosure of Information to Other Health and Social Care Professionals

We may need to pass some of this information to other health and social care professionals in order to provide you with the treatment and services you need. Only the relevant part of your record will be released. These other professionals are also legally bound to treat your information with the same duty of care and confidentiality that we do.

Recipients with whom we share personal data:

Health and Social Care Providers
Other GPs, HSE, Voluntary Hospitals, Private Hospitals and Clinics, Private Consultants, Physiotherapists, Occupational Therapists, Palliative Care Services, Out of Hour Services, Pharmacies, Nursing Homes, Counselling Services, Diagnostic Imaging Services, Hospital Laboratories, Practice Support Staff, GP Locums and other healthcare providers.

Data Processors with a Contract
GP Practice Software Vendors (Clanwilliam Health- Socrates), Online Data Backup Companies, Healthlink

Legal Arrangements
Coroner, Revenue, Social Protection, Medical Council

Public Health
Infectious Diseases Notification, Influenza Surveillance, National Cancer Registry and other National Registries.

Disclosure of information to Employers, Insurance Companies and Solicitors:

Disclosures Required or Permitted Under Law

The law provides that in certain instances personal information (including health information) can be disclosed, for example, in the case of infectious diseases.

Disclosure of information to Employers, Insurance Companies and Solicitors:

  • In general, work related Medical Certificates from your GP will only provide a confirmation that you are unfit for work with an indication of when you will be fit to resume work. Where it is considered necessary to provide additional information we will discuss that with you. However, Department of Social Protection sickness certs for work must include the medical reason you are unfit to work.
  • In the case of disclosures to insurance companies or requests made by solicitors for your records we will only release the information with your signed consent.


Use of Information for Training, Teaching and Quality Assurance

It is usual for GPs to discuss patient case histories as part of their continuing medical education or for the purpose of training GPs and/or medical students. In these situations the identity of the patient concerned will not be revealed.

In other situations ,however, it may be beneficial for other doctors within the practice to be aware of patients with particular conditions and in such cases this practice would only communicate the information necessary to provide the highest level of care to the patient.

Our practice is involved in the training of GPs and is attached to a General Practice Training Programme. As part of this programme GP Registrars will work in the practice and may be involved in your care.

Use of Information for Clinical Audit

It is usual for patient information to be used for clinical audit in order to improve services and standards of practice. GPs on the specialist register of the Medical Council are required to perform yearly clinical audits. Information used for such purposes is done in an anonymised or pseudonymised manner with all personal identifying information removed.

If it were proposed to use your information in a way where it would not be anonymous or the Practice was involved in external research we would discuss this further with you before we proceeded and seek your written informed consent. Please remember that the quality of the patient service provided can only be maintained and improved by training, teaching, audit and research.

Managing User Information

There are actions you may take to manage your data during your use of this Site and below are a few examples of ways you can control this:

  • You may click “Decline” on the cookie information bar, which disables 3rd party cookies (Google Analytics & Facebook).
  • You may choose at any time not to opt into certain services or promotions on our Site.
  • You may choose not to use either the Contact form or the Request a Repeat Prescription form.

If you believe the data we are holding about you is incorrect, you may request a copy of this data or that it be deleted, then please write to us, email us or use the contact form provided.

Changes to this Privacy Policy

Spiddal Medical Centre reserve the right to modify our Privacy Policy at any time. When updates are made, we will amend the date at the end of this page. We urge Users to frequently check this page for any updates to remain informed about how we are helping to protect the personal data we collect. Users accept and agree that it is their responsibility to reexamine this privacy policy regularly and remain aware of any modifications.

User Acceptance of These Terms

By utilising this Site, you signify your acceptance of this policy. If you do not consent to this policy, please do not use this Site. Your continued use of the Site after changes have been made to this policy will be considered your acceptance of those changes.

Contacting Us

If you have any questions about this Privacy Policy, the practices and dealings of this Site, please contact us at:

Spiddal Medical Centre
Co. Galway
H91 FPP6

Tel: 091 553 135

Fax: 091 504 921


This Privacy Policy was last updated: September 24, 2019