Privacy Policy

What is General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) is essentially a new Data Protection framework that applies across the EU from 25 May 2018.

“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”  

Under the General Data Protection Regulation (EU) 2016/679, the Mater Misericordiae University Hospital is a “Controller” in respect to personal data that you provide to us. For information on GDPR, you can visit the Data Protection Commissioner website here.

What does GDPR mean for individuals and organisations?

GDPR is based on the core principles of data protection. These principles require organisations and businesses to:

• collect no more data than is necessary from an individual for the purpose for which it will be used

• obtain personal data fairly from the individual by giving them notice of the collection and its specific purpose

• retain the data for no longer than is necessary for that specified purpose

• to keep data safe and secure

• provide an individual with a copy of his or her personal data if they request it


Under the GDPR individuals have the significantly strengthened rights to:

• obtain details about how their data is processed by an organisation or business

• obtain copies of personal data that an organisation holds on them

• have incorrect or incomplete data corrected

• have their data erased by an organisation, where, for example, the organisation has no legitimate reason for retaining the data

• obtain their data from an organisation and to have that data transmitted to another organisation (Data Portability)

• object to the processing of their data by an organisation in certain circumstances

• not to be subject to (with some exceptions) automated decision making, including profiling

What is personal data?

The term ‘personal data’ means any information relating to an identifiable person (called a data subject) who can be directly or indirectly identified, in particular by reference to an identifier. This definition provides for a range of personal identifiers which can includes name(s), identification number(s), location data or online identifier (e.g. IP address).

What are rights of individuals (data subjects) under GDPR?

The GDPR provides the following rights for individuals:

1. The right to be informed

2. The right of access

3. The right to rectification

4. The right to erasure/right to be forgotten

5. The right to restrict processing

6. The right to data portability

7. The right to object

8. Rights in relation to automated decision making and profiling

The Data Protection Commissioner has a useful Guide to the Rights of Individuals under the General Data Protection Regulation (GDPR) available here

Can an individual see the information Equillence holds about them?

Yes, you can see your information on request. Just contact us by email at Alternatively, you can fill out our Subject Access Request Form. We will need to confirm your identity before we release the information.

If you are unhappy with our response to your request, you can contact the Data Protection Commission:
Data Protection Commission
Canal House
Station Road
Co. Laois

Tel: 1890 252 231

What does this privacy policy cover?

We take your privacy very seriously. This privacy policy governs and details the main privacy principles we apply to the data we collect through our services. Click here to access our privacy policy governing our corporate website.

Useful Links

Link to the text of General Data Protection Regulation (in English)

Link to the Data Protection Act 2018 on Irish Statute Book website

Link to Data Protection Commissioner website

Link to European Data Protection Board website