Privacy Statement

Effective as of April 17, 2025. Last updated April 15, 2025

At Leopardstown Park Hospital (“LPH”, “the hospital”, “we”, “us”, “our”), we take your privacy seriously. As a registered charity (Charity Number: 20013508) operating under a service level agreement with the Health Service Executive (HSE) and registered with the Health Information and Quality Authority (HIQA), we provide a wide range of care services including day care, residential, respite, and accommodation support. We are committed to delivering high-quality, person-centred care in a respectful, safe, and supportive environment. Protecting your personal information is a key part of this commitment.

This statement explains what personal data we collect, how and why we use it, how we store and protect it, and when it is deleted. It also provides information on how you can contact us if you have any questions or concerns about how your personal data is handled. Whether you are a resident, a family member, a healthcare professional, or a visitor, this statement is intended to inform you about how your personal data is used and protected.

By using our website or services, you are agreeing to the terms described in this notice. We may update this policy from time to time, so we encourage you to check back regularly.

For any questions or concerns, you can contact our Data Protection Officer at DPO@LPH.ie

Information We Collect

Personal data means any information that relates to an individual. As a registered care provider, we collect a variety of personal information depending on how you interact with us. This includes:

  • When accessing our website or completing a Contact Us form
  • When scheduling an appointment or applying for a job
  • When engaging with our care services (as a resident, family member, or healthcare provider)
  • When signing up for our newsletter or fundraising events
  • When downloading brochures or leaflets
  • When interacting with us via social media

Examples of the information we collect:

  • Contact details (name, address, email, phone number)
  • Date of birth and identification information
  • Medical and health records
  • Assessment and care plan details
  • Job application information (CVs, qualifications, references)
  • Emergency contact and next-of-kin details
  • Website usage data (e.g., IP address, browsing behaviour)
  • Newsletter sign-up and fundraising event participation
  • Social media engagement
  • Download of brochures, leaflets, or surveys

We generally collect information directly from you, but may also receive information from third parties such as:

  • Your GP and healthcare providers
  • Social services, family support services and healthcare / disability support services.
  • From other public bodies and law enforcement authorities, or regulatory agencies.
  • Your family, or carers
  • Applicant referees
  • Where someone provides your information as a next of kin or an emergency contact

We also use CCTV on our premises to support the safety and security of all residents, staff, and visitors.

Why we collect your information

We collect and process your personal data for several reasons, including:

  • To provide and manage care services
  • To communicate with you or respond to queries
  • To operate and improve our website
  • To manage job applications
  • To comply with legal and regulatory obligations (e.g. HIQA and NHSS Act 2009)
  • To ensure the safety and wellbeing of our residents and staff

Some of the legal grounds we rely on include:

  • Your consent (e.g., when you contact us online)
  • Performance of a care contract (e.g., to provide rehabilitation, residential and nursing care)
  • Legal obligations (e.g., under the Fair Deal (NHSS Act 2009) or HIQA (Health Act 2007).)
  • Legitimate interests (e.g., running our hospital effectively)
  • Vital interests (e.g., emergencies affecting your health)

If you are the next of kin under an Enduring Power of Attorney, then your details are required to ensure that we can get the necessary authority in respect of the care services we are providing to the resident that is under your authority.

Purpose and Legal Basis for Processing Personal Data

Purpose Categories of Personal Data Legal Basis
To respond to your inquiries through “Contact Us” on our website
  • Name
  • Contact details (email address, telephone)
 Your Consent
To manage our contract for care with residents[HF1] , to provide rehabilitation, residential and nursing care and the administration of medication.
  • Name
  • Contact Details
  • Date of Birth
  • Photographs
  • Record of any accidents or incidents
  • Record of complaints raised by or about you
  • Correspondence to or about you
  • Assessments (These may include the initial Comprehensive Assessment Form; a copy of the ‘Fair Deal’ Care Needs Assessment; Dependency Assessments; Individual Assessments on specific needs, e.g. continence, falls, nutritional assessments, etc)
  • Care Plans
  • Contract for Care
  • Information about your day-to-day care
  • Next of Kin (or other appointed person)
  • Your GP
  • Details about your admission & temporary absence
  • Financial information in relation to your ‘Fair Deal’ contribution and any additional fees payable
  • Medical Records (on admission and ongoing)
  • HIQA Notification forms
  • Prescriptions and Medication Administration Records
  • Records about your future wishes (e.g. advanced care plans; Do Not Attempt Resuscitation Orders; End of Life wishes)
  • Records of any furniture or valuables you may have brought into the nursing home or deposited for safe- keeping
  • Records of your visitors
  • Referral Forms (to and from Allied Health Professionals e.g. hospitals, physiotherapists, dietitians, etc)
  • Risk assessments (e.g. risks relating to your evacuation from the centre if there is a fire; smoking risk assessments; your risk of falls; etc.)
 Manage our contract for care with you

Comply with our legal obligations

e.g. under the Fair Deal (NHSS Act 2009) or HIQA (Health Act 2007)

Look after your vital interests in the event of a medical emergency
Next of Kin – To validate necessary authority in respect of care services we are providing the resident under your authority
  • Name
  • Contact Details
 Manage contract for care with residents

Comply with our legal obligations
Next of kin – General residents’ care discussions
  • Name
  • Contact Details
 Look after residents’ vital interests in the event of a medical emergency
To respond to Job Applications
  • Name
  • Contact details (email address, telephone)
  • CV details
  • Professional qualifications
  • Professional references
  • Identification
  • Address verification
  • Gender
  • Assessment records
  • Garda Vetting and/or police clearance
  • Work permit or visa information (if applicable)
  • Pre-employment health screening or immunisation records
  • PPS number (upon offer acceptance)
  • Bank account details (if hired)

 

 Your Consent
Website Functionality & Statistics
  • IP Address
  • Device Information
  • User Preferences
  • Browsing Information
 Legitimate Interest

(Website Operation & Optimization)
If you opt in, we may use your data to send you:

Our newsletter
Event invitations and updates
Fundraising campaign details
Leaflets or brochures (digital or print)
  • Name
  • Contact details (email address, telephone)
  • Address
 Your Consent

Video Surveillance Systems

LPH uses video surveillance systems (commonly referred to as CCTV) throughout our facilities for the purpose of maintaining the safety and security of staff, patients, visitors and other attendees, traffic managemen, and to detect, investigate and/or prosecute offences and/or misconduct. Footage is typically retained for 30 days and is handled in accordance with data protection law.

Automated decision-making and profiling

We do not use any personal data for the purpose of automated decision-making or profiling.

Categories of Data Recipients

We may need to share your personal information with:

  • Healthcare professionals and service providers
  • Government bodies (e.g. HIQA, HSE)
  • IT and data storage providers
  • Legal or regulatory authorities where required by law

Access to your information is strictly limited to individuals and organisations that need it to support your care or assist in hospital operations. Any data shared is subject to appropriate safeguards.

We will take all reasonable measures to ensure that your privacy and dignity is always protected during this process and will highlight to you if there are any exceptional instances where your information may have been compromised.

Some government bodies, such as HIQA, have a legal basis to inspect information contained in your records and the hospital must make this information available to them.

Your Data Protection Rights

Under data protection law, you have the following rights:

  • Your right of access – You have the right to ask us for copies of your personal information.
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
  • Where we process your data on the basis of your consent you have the right to withdraw that consent.

If you would like to submit a request, you may do so by emailing our Data Protection Officer at DPO@LPH.ie

How to Lodge a Complaint

If you have any concerns about our use of your personal information, you can make a complaint to us at DPO@LPH.ie

If you are dissatisfied with how we handle your data, you can also lodge a complaint with the Data Protection Commission via www.dataprotection.ie

Data Retention

We will retain your personal data in accordance with our record retention policy. This policy operates on the principle that we keep personal data for no longer than is necessary for the purposes for which we have collected it. It is also kept in accordance with any legal requirements that are imposed on us. The criteria used to determine our retention periods include:

  • the length of time we have an ongoing relationship and/or provide our services;
  • whether there is a legal requirement to which we are subject; and
  • whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

International Transfers

Your personal information may be transferred to and processed in countries other than the country in which you are located. These countries may be outside of the European Economic Area and have data protection laws that are different from those in Ireland. We will take appropriate measures to ensure that your personal information remains protected in accordance with applicable law. We do this by relying on appropriate transfer mechanisms such as Standard Contractual Clauses, Adequacy Decisions or certification methods such as the EU-US Data Privacy Framework.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction.

Contacting Us

If you have questions or concerns about this Privacy Statement or how we manage your personal information, or would like to exercise any of your data subject rights, please contact:

Data Protection Officer
Leopardstown Park Hospital
Foxrock, Dublin 18
Tel: (01) 295 5055
Email: DPO@LPH.ie