Privacy Policy

  • Home
  • Privacy Policy

Medisec Ireland CLG Privacy Policy

About Medisec

Medisec Ireland CLG is a single agency intermediary with Allianz plc, regulated by the Central Bank of Ireland. Medisec is a private company, limited by guarantee and is registered in Ireland (company number. 216570.) 

Our trading address is 7 Hatch Street Lower, Dublin 2.  We can be contacted by telephone at 01 661 0504 and by email at info@medisec.ie.

Medisec is an Irish company, owned by its members.  Medisec arranges competitively priced medical indemnity insurance for general practitioners.  Medisec assists its members with complaints and disciplinary matters. Medisec gives its members round-the-clock advice and support and best practice guidance.  You can find more information about Medisec on www.medisec.ie.

 

Our Data Protection Statement

This data protection statement takes effect from 25 May 2018.  We control and are responsible for the personal information that we collect, store and process about you.  Medisec is a Data Controller of your personal information and this policy explains how we use this information so please read it carefully.  In this data protection statement, the terms “we”, “our” and “us” refer to Medisec.

 

Information collected from members

When you apply for Medisec membership, we collect the personal details requested in the Professional Indemnity Insurance Proposal Form for General Medical Practitioners Medisec Master Policy Arrangement document.  

When you contact us to administer your membership or for medico legal advices, we collect the information and personal data required to complete the task at hand.  This may include processing account / personal banking / direct debit details. 

We may, in some circumstances, need to collect special category personal information from you (such as medical or health information or medical records).

 

Keep us up to date!

It is your duty to inform us of changes.

It is important that the personal information we hold about our members is accurate and current. Please keep us informed if your personal information changes during your Medisec membership, to ensure we can keep the information on our systems up to date and accurate.

You can contact us by telephone or email as set out above in the “About Medisec” section.

 

How do we collect members’ information?

Members’ personal information is usually collected directly from you for example, when you submit a membership application form, or contact us by telephone or email with a query.

In some circumstances, your personal information may be collected from a third party.  By way of examples:

  1. With a GP’s prior permission and approval, his/her practice manager may contact us in relation to administering that GP’s indemnity policy.
  2. We may check publicly available information such as the electoral roll and court judgments. For example, we use a GP’s Medical Council Registration Number as confirmed to us to cross-check their registration with the Irish Medical Council and we access the publicly available information about that GP on the Irish Medical Council’s website.

 

Information we collect and how we use it

We collect, use, store and transfer different kinds of personal information and use it for a variety of different purposes.

 

Information type

How we use it/Purpose

Lawful basis

Personal contact information including address, email address, telephone numbers

To process membership applications

To help administer products and services

To respond to queries and complaints and to ensure that we provide the best service possible

To send important updates and information as part of our risk and education guidance on best practice

To keep a record of membership applications

Contract, Article 6 GDPR

Consent, Article 6 GDPR

Name, date of birth

To process membership applications, to verify identity

 

Contract, Article 6 GDPR

Consent, Article 6 GDPR

Training and qualification details

To process membership applications

Contract, Article 6 GDPR

Consent, Article 6 GDPR

Bank account details, including IBAN, BIC, sort code and account name

To process SEPA direct debit mandates and to receive payments

Contract, Article 6 GDPR

Legal obligations, Article 6 GDPR

Special category personal data regarding members

To administer membership

To process requests for lifestyle breaks

To process requests to incept ill health status

To assist members facing allegations of a relevant medical disability before the Medical Council

To assist members who are engaged with the Health Committee of the Medical Council

To assist members in the context of a Medical Council complaint / Inquiry when their personal health is a relevant issue e.g. to ground a privacy application, mitigating factor etc

Consent, Article 6 GDPR

Contract, Article 6 GDPR

 

Explicit consent, Article 9 GDPR

Interactions with our staff by telephone / email / incoming fax / in person

Such interactions are logged so that Medisec can deal with queries and satisfy requests. These records may also be used to monitor and train our staff and / or to provide services.

Please note that telephone calls to and from Medisec are not recorded. 

Contract, Article 6 GDPR

Legitimate interest, Article 6 GDPR

Details of general advisory queries, litigation claims, Medical Council complaints and Inquiries and HSE investigations and complaints involving Medisec members

To provide members with a 24 hour helpline (by phone / email) for medico-legal queries

To log queries received

To monitor the response time of our service

To investigate and provide legal advice in the context of anticipated, intimated or actual litigation brought by such third parties against Medisec members

To provide legal advice in the context of regulatory or supervisory authority complaints and / or Inquests involving our members

To compile anonymised statistics

To identify trends for risk / education purposes

To comply with professional requirements imposed on solicitors

Contractual, Article 6 GDPR

Legitimate interest, Article 6 GDPR

 

Legal claims, Article 9 GDPR

Your comments, suggestions and past complaints, responses to Medisec member relationship management surveys

To analyse, assess and improve our services and for training and quality control purposes

Contract, Article 6 GDPR

Legitimate interest, Article 6 GDPR

“Cookie” technology on the Medisec website.

Cookies are small pieces of information, held in simple text files, stored on your computer, tablet, laptop or smartphone whenever you visit a website or mobile app.

The Medisec website uses cookies – please see below under Medisec Website and our use of Google Analytics and Cookies

Contract, Article 6 GDPR

Legitimate interest, Article 6 GDPR

Personal data regarding Third Party litigants, complainants, patients and / or their legal representatives

To deal with claims, Inquests, Medical Council complaints and HSE complaints and / or investigations involving Medisec members

Contract, Article 6 GDPR

 

Special category personal data regarding Third Party litigants, complainants, patients

To investigate and provide legal advice in the context of anticipated, intimated or actual litigation brought by such third parties against Medisec members

 

To provide legal advice in the context of regulatory or supervisory authority complaints and / or Inquests involving our members.

Contract, Article 6 GDPR

Legal claims, Article 9 GDPR

Personal data regarding Third party service providers e.g. panel law firms

Dealing with and corresponding in relation to advisories that are sent for external advice, claims, Inquests, Medical Council complaints and HSE complaints and / or investigations

Contract, Article 6 GDPR

Consent, Article 6 GDPR

Personal data regarding underwriters, claims handlers, management in Allianz

To correspond in relation to claims, membership and for day to day business purposes

Contract, Article 6 GDPR

Consent, Article 6 GDPR

Personal data regarding unsuccessful applicants for membership, consisting of names only.

To keep a record of declined applications for membership in Medisec’s legitimate business interests

Legitimate interest, Article 6 GDPR

Personal data regarding unsuccessful job applicants, consisting of cvs.

To deal with any subsequent challenge on equality / fair procedures grounds

To have a panel in the event that the preferred candidate declines the role or in the event that similar future vacancy arises within 12 months

Legitimate interest, Article 6 GDPR

Images from CCTV cameras in and around the Medisec office 

For security purposes

Legitimate interest, Article 6 GDPR

 

Legal bases for processing your information.

As above, we rely on a number of different legal bases to use your personal information and set out more information in that regard below

 

  1. a)  To enter into and perform a contract with you

It is necessary to collect personal information when we are asked to process an initial application for membership and when we are providing professional indemnity and membership services to existing members.

 

Medisec provides professional indemnity and membership services acting as an insurance intermediary, which means we are required to provide your personal information to our underwriters, Allianz plc in connection with the provision and administration of professional indemnity and related services. 

 

If we need to collect personal data by law, or under the terms of a contract with you and you do not provide that data on request, we may not be able to perform the contract we have or are trying to enter in to with you. 

 

For example, we may need certain information from you to meet our obligations under anti-money laundering legislation before providing certain professional indemnity and membership services to you.  We may not be able to provide those services without that personal data.  We will notify you of this at the time, if this issue arises.

 

  1. b)  To comply with our legal obligations

We are required to process your personal information to comply with certain legal obligations that we have. These include verifying your personal information to meet our legal and compliance obligations, including detecting and preventing money laundering, tax avoidance and financing of terrorism.

 

  1. c)  For our legitimate business interests

Where we process your information for our legitimate interests, we ensure that the impact on your privacy is minimised and that there is a fair balance between our legitimate interest and your fundamental rights and freedoms

 

Medisec has a legitimate interest in the effective management of its business. We may use your personal information to manage our everyday business needs including accounting and internal reporting needs. We may also use it to carry out market research, to administer the provision of our products and services, to ensure appropriate IT security and to prevent fraud. 

Medisec has a legitimate interest in connecting with its members and updating members on our products and services, on important risk and educational matters, on company developments and to invite you to events which we feel may interest you.

 

If you disagree with your information being processed in this manner, you can exercise your right to object – see below.

 

  1. d)  For the establishment, exercise or defence of legal claims

We sometimes process your personal information, including special category personal information, where it is necessary for the establishment, exercise or defence of legal claims. 

 

  1. e)  Consent

We will, in certain circumstances, rely on your explicit consent to process your personal data, including special category personal data. This consent can be withdrawn at any time by using the contact details of the DPO set out below.  If you choose to withdraw your consent, it will not affect the lawfulness of any data processing that Medisec carried out, based on your consent before you withdrew it. 

 

Sharing your information with third parties

We sometimes need to share your personal information with third parties in order to provide professional indemnity and membership services to you.

 

Third Party Service Providers: We will share your information with our underwriters, Allianz who may use your information for the purposes of insurance administration (including underwriting, processing, claims handling, reinsurance and fraud prevention).  Specifically, the personal details specified in the Professional Indemnity Insurance Proposal Form for General Medical Practitioners Medisec Master Policy Arrangement document will be shared with Allianz, in addition to whatever information is required for the purposes of administering your membership and providing services to you.

 

We might also share your information with third party service providers who are bound by confidentiality agreements, including for example, our external panel solicitors who may be instructed to assist you in relation to a claim, Medical Council complaint, Inquest, investigation or general advisory matter. 

 

Our panel solicitors are:

  • Eugene F Collins Solicitors, Temple Chambers, 3 Burlington Road, Dublin 4, Tel: 01 202 6400
  • Comyn Kelleher Tobin Solicitors, 2 George’s Quay, Ballintemple, Co Cork, Tel: 021 462 6900
  • O’Connor Solicitors, 8 Clare Street, Dublin 2, Tel: 01 676 4488
  • McMahon and Associates Solicitors, Suite 223 Capel Building, Mary’s Abbey, Dublin 7, Tel: 01 878 8112
  • Ronan Daly Jermyn Solicitors, The Exchange, George’s Dock, IFSC, Dublin 1, Tel: 01 605 4200.

 

From time to time, we may also need to instruct local agents who are not on our panel.

 

We may also share your personal information with third party service providers that perform services and functions at our direction and on our behalf such as accountants, auditors, actuaries, tax advisors, IT service providers, printers, business advisors and providers of security and administrative services. 

 

  • Our IT providers are Big Bear Sound, bigbearsound.com, Tel: 01 4100 212
  • Our auditors are BDO Ireland, Beaux Lane House, Mercer Street, Dublin 2, Tel: 01 470 0000.

 

An Garda Síochána, government bodies, or other government officials: we may share your personal information with an Garda Siochána, or other government bodies or agencies including but not limited to the Revenue Commissioners, if required to do so by law. 

 

Third party direct marketing

Medisec will never share its members’ personal information with third parties for the purposes of direct marketing. 

 

Transfers outside the European Economic Area

We do not currently transfer your personal data outside the European Economic Area. 

 

Storage Periods

We will retain your personal information for the purpose of satisfying any legal, accounting or reporting requirements.  How long certain information is stored depends on the nature of the information we hold and the purpose for which it is processed.

For example we may hold some personal information for a period of seven years from the date of completion of any contract with you.  We may hold personal information relating to litigation in which you were involved for a period of ten years following the conclusion of such litigation. In relation to declined membership applications, Medisec has a legitimate business interest in holding minimal personal information consisting of names only, indefinitely so that we can identify if an applicant has been previously declined.

 

Security and confidentiality

Medisec staff members are authorised to access your personal information when that information is relevant to the performance of their duties.  This may be in connection with the delivery of services to you or in accordance with legal or regulatory obligations. 

All Medisec staff members have signed and are required to abide by strict confidentiality agreements.  We have put in place procedures to deal with any suspected personal data breach and will notify you and the Office of the Data Protection Commissioner of a breach where legally required to do so.

 

Medisec direct marketing to non-Medisec GPs

From time to time, we contact non-member GPs who have opted in to receiving our communications and we send them  our newsletter, invitations to Medisec events and details of products and services we provide.  Non-member GPs who no longer wish to receive such communications from us can let us know at any time by telephone or email as set out above in the “About Medisec” section.

 

Medisec contacting non-GP third party stakeholders

From time to time, we contact non-GP third parties who are stakeholders in the Irish healthcare system and medico-legal sphere who have opted in to receiving our communications and we send them our newsletter, invitations to Medisec events and details of products and services we provide.  Non-GP third party stakeholders are not eligible for Medisec membership and as such, our communication with them does not constitute marketing.  Non-GP third party stakeholders who no longer wish to receive such communications from us can let us know by telephone or email as set out above in the “About Medisec” section.

 

Medisec website and our use of Google Analytics and Cookies

Each time a visitor uses the Medisec website, we collect two different types of information, whether the visitor is a Medisec member or not.

 

Non-individual specific statistics

The first type of information is statistical and analytical information collected on a non-individual specific basis about visitors to the Medisec website.  We gather general information about how many visitors use the website, how many visitors return to the website, what pages they visit etc.  This information lets us monitor traffic on the Medisec website so that we can manage its capacity, efficiency, design and content.  It helps us to understand website traffic patterns and to know, for example, which parts of the website are the most popular / useful.  

 

Personal information

The second type is information which is personal or particular to a specific visitor.  This information is collected by specific request so you will be fully aware when you are providing this information to us.  Generally this information is requested when you enquire via email about or apply for membership, when you contact us to administer your membership or when you contact us for medico-legal assistance.

 

Our use of Google analytics

Medisec uses the industry standard Google Analytics package to track the use of its website. The Google Analytics package uses a suite of cookies in order to anonymously track statistics like unique visitors to the website, how long users visit the website for and how users found the website.

A cookie is a small data file that is transferred to your device for record-keeping purposes.  For example, a cookie can allow the website to recognise your browser, to store your preferences and to let you navigate the website effectively.  Cookies provide us with statistical data which helps us to learn about visitor patterns and behaviours on our website and to improve and develop the Medisec website. 

 

Information collected may be transmitted to and stored by Google on services in the United States.  Google may transmit this information to third parties where required to do so by law or where such third parties process the information on Google’s behalf.

Your browser may allow you to adjust how it handles cookies e.g. declining all cookies or prompting you whether to accept each cookie.  Please note that some parts of the website may not work as intended or at all without cookies.

 

Cookies used by Google Analytics

__utma

This is the main way Google Analytics tracks unique visitors. Stored in this cookie is a unique visitor ID, the date and time of their first visit, the time their current visit started and the total number of visits they have made.

 

The __utma cookie is a persistent cookie that expires in two years. With each new visit, the expiration date is refreshed.

 

__utmb

This is how Google Analytics decides whether a visit has timed out and also how deep a visit has gotten. It stores the number of page views in the current visit and the start time of the visitor's current visit.

 

The __utmb cookie is a persistent cookie that expires in 30 minutes. Each page view refreshes it.

 

__utmc

The __utmc cookie is the only session cookie used by Google Analytics. Its only purpose is to register that the visit ended if the browser gets closed.

 

__utmz

This is the traffic source cookie. It can attribute visit information and conversions to specific marketing campaigns or traffic sources. Each time the visitor comes to the site, the code stores new referral or campaign variable information in the visitor's cookies.   It contains all of the traffic source information for the current visit, if it was different from the previous visit. If no traffic source information can be found for the current visit, the cookie is not changed.  This is a persistent cookie with a catch: it expires in six months and is only refreshed when the traffic source changes.

 

Sending it to Google Analytics

All of this cookie information is sent to Google Analytics via the __utm.gif request that it makes with each page view. When Google Analytics processes data, it relies on this cookie information (among other pieces of data in the query string) to populate Medisec’s Google analytics reports.

 

Security of information transmitted to our website

Medisec cannot guarantee the security of your personal information transmitted to our website.  Transmission of your personal information is at your own risk.  Once we receive your personal information, we will use appropriate security measures to seek to prevent unauthorised access or disclosure.

 

External websites

Our website may contain links to and from other websites.  Those websites have their own privacy policies and Medisec does not accept any responsibility or liability for those policies. You are advised to check those policies before you submit any personal information to those websites.

 

Your Rights

By law you have the right to:

 

Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.  We will endeavour to respond to your request within a month i.e. 30 calendar days of receipt of the request.  If we cannot deal with your request within a month, we may extend this period by a further period of two months.  We will tell you if we need to do this and we will explain why.

 

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

 

Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

 

Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

 

Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

 

Request the transfer of your personal information to another party. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Officer in writing.

 

No fee usually required

Generally, you will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

 

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

 

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.  

 

Your rights can be limited by data protection legislation in some situations. For example, Medisec is not obliged to rectify or delete your personal information where doing so would prevent us from meeting our contractual obligations to you, or where Medisec is required or permitted to process your personal information for legal purposes or otherwise in accordance with our legal obligations.

If you want to exercise any of your rights, please contact our Data Protection Officer in writing using the postal or email contact details set out below.

 

Right to make a complaint to the Data Protection Commissioner

You have the right to make a complaint at any time to the Office of the Data Protection Commissioner.  We would however appreciate the chance to deal with your concerns before you approach the Office of the Data Protection Commissioner, so please contact us in the first instance.

You can visit the website of the Office of the Data Protection Commissioner at www.dataprotection.ie for more details or you can write to:

 

Office of the Data Protection Commissioner

Canal House,

Station Road,

Portarlington,

Co. Laois,

R32 AP23

Phone: + 353 57 868 4800 / + 353 761 104 800

Email: info@dataprotection.ie

 

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for coordinating our approach to compliance with our data protection obligations.  If you have any questions about this data protection statement, if you would like to exercise your legal rights or if you would prefer not to receive updates from us, please contact our Data Protection Officer:

Data Protection Officer

Medisec Ireland CLG

7 Hatch Street Lower

Dublin 2

Email: info@medisec.ie.

Telephone: 01 661 0504

 

Updates to this Data Protection Statement

We will update this data protection statement from time to time. Medisec reserves the right to amend this policy at any time, at its discretion.  You are encouraged to review this policy from time to time.  We will notify you of changes to this data protection statement where we are required to do so.  The most up to date version of this data protection statement will always be available on the Medisec website.