Personal data means any information about an individual from which that person can be identified. It does not include data where the identity of the individual has been removed (anonymous data).

“Special category data” refers to more sensitive personal data which require a higher level of protection. This sensitive data can only be processed under strict conditions.

All patient personal data is gathered by the Hospital from many sources. You may give us your personal data at the point of admission or when you present to the hospital.

Personal data may also be provided by family members, a referring GP, another hospital or your consultant.

The type of information we collect includes your name; address; date of birth; contact details of parents/guardians/next of kin; marital status; photograph; PPS number; GP name and contact details; private health insurance details; community pharmacy name and contact details; family support service provision; education; multidisciplinary team appointments and CCTV footage.

You may also interact with us if you are a next-of-kin of one of our patients. The type of information we collect includes your name, phone number, address and e-mail address.

If you are visiting one of our patients at our hospital or any of our facilities, we may collect your name, the name of the patient you are visiting and CCTV footage.

  • If you choose to receive information in relation to our organisation or our services by signing up at a fundraising event, we may collect your contact details for those purposes.
  • You may correspond with us by phone, e-mail, via our websites, or social media pages, or otherwise. We ask you to disclose only as much information as is necessary to provide you with services or to submit a question/suggestion/comment in relation to our site or our services.
  • Applying to work with us: the type of information you may provide in your CV, a cover letter, your name, address, e-mail address and phone number. CVs should include information relevant to your employment history and education (degrees obtained, places worked, positions held, relevant awards, and so forth). We ask that you do not disclose sensitive personal information (e.g. gender, height, weight, medical information, religion, philosophical or political beliefs, and financial data) in your application.
  • Supplying us with products or services. Suppliers provide us with information which may include a contact name, e-mail address, business address, telephone number and billing payment details.

We may also collect the following Special Categories of Personal Data:

  • Information relating to your health including mental health, diagnosis information, medication details; medical records; services provided by us; admission/discharge to Saint John of God Hospital and other services; laboratory tests and results; clinical consultation recordings; current/future residential/day service provision and history; multidisciplinary team reports.
  • In some circumstances, patients may disclose data relating to their relatives and other third parties.
    Information relating to your religious beliefs; and
  • Details of your sexual orientation where you inform us of same in the course of providing healthcare services.

Vaccination and COVID pass checks

On October 18th 2021 the Chief Medical Officer informed the Minister for Health that NPHET strongly recommends “that subject to operational feasibility that the COVID-19 pass be adopted as a requirement for visitation to healthcare settings with a provision for exemptions on compassionate grounds”.

Saint John of God Hospital CLG with effect from 29 November be conducting checks digitally (for example, by scanning the QR code displayed on the pass), this will constitute processing of personal data – even if we do not keep a record of it. GDPR would therefore apply. If Saint John of God Hospital CLG makes a record of any personal data, whether we conduct visual or digital checks, then we are processing personal data GDPR would apply.

This arrangement  shall commence on (and take effect from) the Commencement date and shall continue until the date on which Saint John of God CLG cease to process (including retention of) personal data for the purpose of the project shall be:

  1. No later than 30 June 2022 (unless the legislation underpinning the Digital Covid Certificate is amended to provide for a date after 30 June 2022 or
  2. Earlier than that date by review by National Health Guidelines.

Collection and use of vaccine information by employers in healthcare settings

The collection and use of vaccine information must be for a lawful purpose under the GDPR.  Vaccine information is health information and is afforded greater protection than routine information about an individual. Saint John of God Hospital CLG has a legal obligation to protect our employees under the Safety, Health and Welfare at Work Act 2005 (as amended), (e.g. to ensure a safe workplace). This obligation together with Article 9(2) (b), processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law and Article 9(2) (i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health of GDPR provides a legal basis.