Medisec Ireland CLG is a single agency intermediary with Allianz plc, regulated by the Central Bank of Ireland. Medisec is a private company, limited by guarantee and is registered in Ireland (company number. 216570.)
Our trading address is 7 Hatch Street Lower, Dublin 2. We can be contacted by telephone at 01 661 0504 and by email at firstname.lastname@example.org.
Medisec is an Irish company, owned by its members. Medisec arranges competitively priced medical indemnity insurance for general practitioners. Medisec assists its members with complaints and disciplinary matters. Medisec gives its members round-the-clock advice and support and best practice guidance. You can find more information about Medisec on www.medisec.ie.
This data protection statement takes effect from 25 May 2018. We control and are responsible for the personal information that we collect, store and process about you. Medisec is a Data Controller of your personal information and this policy explains how we use this information so please read it carefully. In this data protection statement, the terms “we”, “our” and “us” refer to Medisec.
When you apply for Medisec membership, we collect the personal details requested in the Professional Indemnity Insurance Proposal Form for General Medical Practitioners Medisec Master Policy Arrangement document.
When you contact us to administer your membership or for medico legal advices, we collect the information and personal data required to complete the task at hand. This may include processing account / personal banking / direct debit details.
We may, in some circumstances, need to collect special category personal information from you (such as medical or health information or medical records).
It is your duty to inform us of changes.
It is important that the personal information we hold about our members is accurate and current. Please keep us informed if your personal information changes during your Medisec membership, to ensure we can keep the information on our systems up to date and accurate.
You can contact us by telephone or email as set out above in the “About Medisec” section.
Members’ personal information is usually collected directly from you for example, when you submit a membership application form, or contact us by telephone or email with a query.
In some circumstances, your personal information may be collected from a third party. By way of examples:
We collect, use, store and transfer different kinds of personal information and use it for a variety of different purposes.
How we use it/Purpose
Personal contact information including address, email address, telephone numbers
To process membership applications
To help administer products and services
To respond to queries and complaints and to ensure that we provide the best service possible
To send important updates and information as part of our risk and education guidance on best practice
To keep a record of membership applications
Contract, Article 6 GDPR
Consent, Article 6 GDPR
Name, date of birth
To process membership applications, to verify identity
Training and qualification details
Bank account details, including IBAN, BIC, sort code and account name
To process SEPA direct debit mandates and to receive payments
Legal obligations, Article 6 GDPR
Special category personal data regarding members
To administer membership
To process requests for lifestyle breaks
To process requests to incept ill health status
To assist members facing allegations of a relevant medical disability before the Medical Council
To assist members who are engaged with the Health Committee of the Medical Council
To assist members in the context of a Medical Council complaint / Inquiry when their personal health is a relevant issue e.g. to ground a privacy application, mitigating factor etc
Explicit consent, Article 9 GDPR
Interactions with our staff by telephone / email / incoming fax / in person
Such interactions are logged so that Medisec can deal with queries and satisfy requests. These records may also be used to monitor and train our staff and / or to provide services.
Please note that telephone calls to and from Medisec are not recorded.
Legitimate interest, Article 6 GDPR
Details of general advisory queries, litigation claims, Medical Council complaints and Inquiries and HSE investigations and complaints involving Medisec members
To provide members with a 24 hour helpline (by phone / email) for medico-legal queries
To log queries received
To monitor the response time of our service
To investigate and provide legal advice in the context of anticipated, intimated or actual litigation brought by such third parties against Medisec members
To provide legal advice in the context of regulatory or supervisory authority complaints and / or Inquests involving our members
To compile anonymised statistics
To identify trends for risk / education purposes
To comply with professional requirements imposed on solicitors
Contractual, Article 6 GDPR
Legal claims, Article 9 GDPR
Your comments, suggestions and past complaints, responses to Medisec member relationship management surveys
To analyse, assess and improve our services and for training and quality control purposes
“Cookie” technology on the Medisec website.
Cookies are small pieces of information, held in simple text files, stored on your computer, tablet, laptop or smartphone whenever you visit a website or mobile app.
Personal data regarding Third Party litigants, complainants, patients and / or their legal representatives
To deal with claims, Inquests, Medical Council complaints and HSE complaints and / or investigations involving Medisec members
Special category personal data regarding Third Party litigants, complainants, patients
To provide legal advice in the context of regulatory or supervisory authority complaints and / or Inquests involving our members.
Personal data regarding Third party service providers e.g. panel law firms
Dealing with and corresponding in relation to advisories that are sent for external advice, claims, Inquests, Medical Council complaints and HSE complaints and / or investigations
Personal data regarding underwriters, claims handlers, management in Allianz
To correspond in relation to claims, membership and for day to day business purposes
Personal data regarding unsuccessful applicants for membership, consisting of names only.
To keep a record of declined applications for membership in Medisec’s legitimate business interests
Personal data regarding unsuccessful job applicants, consisting of cvs.
To deal with any subsequent challenge on equality / fair procedures grounds
To have a panel in the event that the preferred candidate declines the role or in the event that similar future vacancy arises within 12 months
Images from CCTV cameras in and around the Medisec office
For security purposes
As above, we rely on a number of different legal bases to use your personal information and set out more information in that regard below
It is necessary to collect personal information when we are asked to process an initial application for membership and when we are providing professional indemnity and membership services to existing members.
Medisec provides professional indemnity and membership services acting as an insurance intermediary, which means we are required to provide your personal information to our underwriters, Allianz plc in connection with the provision and administration of professional indemnity and related services.
If we need to collect personal data by law, or under the terms of a contract with you and you do not provide that data on request, we may not be able to perform the contract we have or are trying to enter in to with you.
For example, we may need certain information from you to meet our obligations under anti-money laundering legislation before providing certain professional indemnity and membership services to you. We may not be able to provide those services without that personal data. We will notify you of this at the time, if this issue arises.
We are required to process your personal information to comply with certain legal obligations that we have. These include verifying your personal information to meet our legal and compliance obligations, including detecting and preventing money laundering, tax avoidance and financing of terrorism.
Where we process your information for our legitimate interests, we ensure that the impact on your privacy is minimised and that there is a fair balance between our legitimate interest and your fundamental rights and freedoms
Medisec has a legitimate interest in the effective management of its business. We may use your personal information to manage our everyday business needs including accounting and internal reporting needs. We may also use it to carry out market research, to administer the provision of our products and services, to ensure appropriate IT security and to prevent fraud.
Medisec has a legitimate interest in connecting with its members and updating members on our products and services, on important risk and educational matters, on company developments and to invite you to events which we feel may interest you.
If you disagree with your information being processed in this manner, you can exercise your right to object – see below.
We sometimes process your personal information, including special category personal information, where it is necessary for the establishment, exercise or defence of legal claims.
We will, in certain circumstances, rely on your explicit consent to process your personal data, including special category personal data. This consent can be withdrawn at any time by using the contact details of the DPO set out below. If you choose to withdraw your consent, it will not affect the lawfulness of any data processing that Medisec carried out, based on your consent before you withdrew it.
We sometimes need to share your personal information with third parties in order to provide professional indemnity and membership services to you.
Third Party Service Providers: We will share your information with our underwriters, Allianz who may use your information for the purposes of insurance administration (including underwriting, processing, claims handling, reinsurance and fraud prevention). Specifically, the personal details specified in the Professional Indemnity Insurance Proposal Form for General Medical Practitioners Medisec Master Policy Arrangement document will be shared with Allianz, in addition to whatever information is required for the purposes of administering your membership and providing services to you.
We might also share your information with third party service providers who are bound by confidentiality agreements, including for example, our external panel solicitors who may be instructed to assist you in relation to a claim, Medical Council complaint, Inquest, investigation or general advisory matter.
Our panel solicitors are:
From time to time, we may also need to instruct local agents who are not on our panel.
We may also share your personal information with third party service providers that perform services and functions at our direction and on our behalf such as accountants, auditors, actuaries, tax advisors, IT service providers, printers, business advisors and providers of security and administrative services.
An Garda Síochána, government bodies, or other government officials: we may share your personal information with an Garda Siochána, or other government bodies or agencies including but not limited to the Revenue Commissioners, if required to do so by law.
Medisec will never share its members’ personal information with third parties for the purposes of direct marketing.
We do not currently transfer your personal data outside the European Economic Area.
We will retain your personal information for the purpose of satisfying any legal, accounting or reporting requirements. How long certain information is stored depends on the nature of the information we hold and the purpose for which it is processed.
For example we may hold some personal information for a period of seven years from the date of completion of any contract with you. We may hold personal information relating to litigation in which you were involved for a period of ten years following the conclusion of such litigation. In relation to declined membership applications, Medisec has a legitimate business interest in holding minimal personal information consisting of names only, indefinitely so that we can identify if an applicant has been previously declined.
Medisec staff members are authorised to access your personal information when that information is relevant to the performance of their duties. This may be in connection with the delivery of services to you or in accordance with legal or regulatory obligations.
All Medisec staff members have signed and are required to abide by strict confidentiality agreements. We have put in place procedures to deal with any suspected personal data breach and will notify you and the Office of the Data Protection Commissioner of a breach where legally required to do so.
From time to time, we contact non-member GPs who have opted in to receiving our communications and we send them our newsletter, invitations to Medisec events and details of products and services we provide. Non-member GPs who no longer wish to receive such communications from us can let us know at any time by telephone or email as set out above in the “About Medisec” section.
From time to time, we contact non-GP third parties who are stakeholders in the Irish healthcare system and medico-legal sphere who have opted in to receiving our communications and we send them our newsletter, invitations to Medisec events and details of products and services we provide. Non-GP third party stakeholders are not eligible for Medisec membership and as such, our communication with them does not constitute marketing. Non-GP third party stakeholders who no longer wish to receive such communications from us can let us know by telephone or email as set out above in the “About Medisec” section.
Each time a visitor uses the Medisec website, we collect two different types of information, whether the visitor is a Medisec member or not.
The first type of information is statistical and analytical information collected on a non-individual specific basis about visitors to the Medisec website. We gather general information about how many visitors use the website, how many visitors return to the website, what pages they visit etc. This information lets us monitor traffic on the Medisec website so that we can manage its capacity, efficiency, design and content. It helps us to understand website traffic patterns and to know, for example, which parts of the website are the most popular / useful.
The second type is information which is personal or particular to a specific visitor. This information is collected by specific request so you will be fully aware when you are providing this information to us. Generally this information is requested when you enquire via email about or apply for membership, when you contact us to administer your membership or when you contact us for medico-legal assistance.
Medisec uses the industry standard Google Analytics package to track the use of its website. The Google Analytics package uses a suite of cookies in order to anonymously track statistics like unique visitors to the website, how long users visit the website for and how users found the website.
A cookie is a small data file that is transferred to your device for record-keeping purposes. For example, a cookie can allow the website to recognise your browser, to store your preferences and to let you navigate the website effectively. Cookies provide us with statistical data which helps us to learn about visitor patterns and behaviours on our website and to improve and develop the Medisec website.
Information collected may be transmitted to and stored by Google on services in the United States. Google may transmit this information to third parties where required to do so by law or where such third parties process the information on Google’s behalf.
Your browser may allow you to adjust how it handles cookies e.g. declining all cookies or prompting you whether to accept each cookie. Please note that some parts of the website may not work as intended or at all without cookies.
This is the main way Google Analytics tracks unique visitors. Stored in this cookie is a unique visitor ID, the date and time of their first visit, the time their current visit started and the total number of visits they have made.
The __utma cookie is a persistent cookie that expires in two years. With each new visit, the expiration date is refreshed.
This is how Google Analytics decides whether a visit has timed out and also how deep a visit has gotten. It stores the number of page views in the current visit and the start time of the visitor's current visit.
The __utmb cookie is a persistent cookie that expires in 30 minutes. Each page view refreshes it.
The __utmc cookie is the only session cookie used by Google Analytics. Its only purpose is to register that the visit ended if the browser gets closed.
This is the traffic source cookie. It can attribute visit information and conversions to specific marketing campaigns or traffic sources. Each time the visitor comes to the site, the code stores new referral or campaign variable information in the visitor's cookies. It contains all of the traffic source information for the current visit, if it was different from the previous visit. If no traffic source information can be found for the current visit, the cookie is not changed. This is a persistent cookie with a catch: it expires in six months and is only refreshed when the traffic source changes.
All of this cookie information is sent to Google Analytics via the __utm.gif request that it makes with each page view. When Google Analytics processes data, it relies on this cookie information (among other pieces of data in the query string) to populate Medisec’s Google analytics reports.
Security of information transmitted to our website
Medisec cannot guarantee the security of your personal information transmitted to our website. Transmission of your personal information is at your own risk. Once we receive your personal information, we will use appropriate security measures to seek to prevent unauthorised access or disclosure.
Our website may contain links to and from other websites. Those websites have their own privacy policies and Medisec does not accept any responsibility or liability for those policies. You are advised to check those policies before you submit any personal information to those websites.
By law you have the right to:
Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. We will endeavour to respond to your request within a month i.e. 30 calendar days of receipt of the request. If we cannot deal with your request within a month, we may extend this period by a further period of two months. We will tell you if we need to do this and we will explain why.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Officer in writing.
No fee usually required
Generally, you will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Your rights can be limited by data protection legislation in some situations. For example, Medisec is not obliged to rectify or delete your personal information where doing so would prevent us from meeting our contractual obligations to you, or where Medisec is required or permitted to process your personal information for legal purposes or otherwise in accordance with our legal obligations.
If you want to exercise any of your rights, please contact our Data Protection Officer in writing using the postal or email contact details set out below.
You have the right to make a complaint at any time to the Office of the Data Protection Commissioner. We would however appreciate the chance to deal with your concerns before you approach the Office of the Data Protection Commissioner, so please contact us in the first instance.
You can visit the website of the Office of the Data Protection Commissioner at www.dataprotection.ie for more details or you can write to:
Office of the Data Protection Commissioner
Phone: + 353 57 868 4800 / + 353 761 104 800
We have appointed a Data Protection Officer (DPO) who is responsible for coordinating our approach to compliance with our data protection obligations. If you have any questions about this data protection statement, if you would like to exercise your legal rights or if you would prefer not to receive updates from us, please contact our Data Protection Officer:
Data Protection Officer
Medisec Ireland CLG
7 Hatch Street Lower
Telephone: 01 661 0504
We will update this data protection statement from time to time. Medisec reserves the right to amend this policy at any time, at its discretion. You are encouraged to review this policy from time to time. We will notify you of changes to this data protection statement where we are required to do so. The most up to date version of this data protection statement will always be available on the Medisec website.