Privacy Notice

Who are we?

We are Dublin Dental University Hospital at Lincoln Place Dublin D02 F859.

We provide dental care to patients and dental education to students

Dublin Dental University Hospital was established under S.I.129 of 1963 under the Health (Corporate Bodies) Act 1961. It is governed by a board appointed by the Minister for Health.

This notice sets out the basis on which any personal data we collect from you, or from others, will be processed by us.  Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

For the purpose of the Data Protection Acts 1988 to 2018 and the General Data Protection Regulation (GDPR) (together the Acts):

  • The data controller is Dublin Dental University Hospital, as an employer and as a provider of health (dental) services.
  • The data processor is Dublin Dental University Hospital in relation to employee pension data.

Our data protection contact and Data Protection Officer (“DPO”) may be contacted at dataprotection@dental.tcd.ie

What personal information do we collect from you?

You may give us personal data by:

  • Corresponding with us by phone, e-mail or otherwise.  We ask you to disclose only as much information as is necessary to provide you with our services or to submit a question/suggestion/comment in relation to our website.
  • Engaging the Dublin Dental University Hospital’s services and attending the hospital as a patient. Patients supply us with information which may include their contact details; next of kin or relatives contact information; email; address; telephone number and billing payment details and health related data. In some circumstances, patients may disclose health data relating to their relatives.
  • Filling in forms on our website such as the Contact Us form.
  • Applying to work with us. The type of information you may provide in your CV, a cover letter, your name, address, e-mail and phone number. CVs should include information relevant to your employment history and education (degrees obtained, places worked, positions held, relevant awards, and so forth). We ask that you do not disclose sensitive personal information (e.g. gender, height, weight, medical information, religion, philosophical or political beliefs, and financial data) in your application.
  • Applying for a course with us. The type of information you will be asked to submit will include  your name, address, date of birth, email, phone number, educational details  and relevent employment history. As above, we ask that you do not disclose sensitive personal information (e.g. gender, height, weight, medical information, religion, philosophical or political beliefs, and financial data) in your application.
  • When you pay for our services, e.g. in person, over the phone or online.
What information about you do we obtain from others?

When you use our services, we may obtain personal data from others, for example:

  • Your General Dental Practitioner (GDP), other medical professionals including the HSE, other hospitals and health professionals where you transfer or are referred to our service.
Why do we collect this information?

We collect the information in order to provide you with our services.

We will use this information as follow: 

Patients:

  • To set you up as a patient on our systems.
  • To provide you with dental services.
  • To carry out internal clinical audits.
  • To ensure payment of our invoices.

Prospective Employees:

  • To create a candidate profile for you if you are a prospective employee.
  • To process employment applications, including by assessing qualifications, verifying information, conducting reference or other employment-related checks, and notifying you of future opportunities that might be of interest to you.

Prospective Students:

  • To create a candidate profile for you if you are a prospective student.
  • To process student applications, including by assessing qualifications, verifying information, and conducting reference and other related checks. 

Website users:

  • To administer and improve the content on our website and for internal operations.
  • As part of our efforts to keep our website safe and secure.
  • To make suggestions and recommendations to you and other users of our website about services that may interest you or them.

The legal bases for the processing of your data are:

  • Processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract, e.g. a contract of employment; or a contract to provide dental services.
  • Processing necessary for compliance with a legal obligation to which we are subject.
  • In the exercise of official authority vested in us by virtue of our statutory functions as set out in S.I.129 of 1963 under the Health (Corporate Bodies) Act 1961.

The legal bases for processing your sensitive personal data (medical/ dental data) are:

  • Processing necessary to provide you with dental/health services.
  • Processing necessary for the establishment, exercise or defence of legal claims.
  • Processing necessary for reasons of public interest in the area of public health.
Who do we share this information with?

We may share your personal data with other healthcare professionals, e.g. GDPs or other hospitals and further to our reporting obligations to organisations like the Health Products Regulatory Authority (HPRA) or the State Claims Agency.

Disclosure of your information

We may ask certain entities to process your information on our behalf including:

Suppliers and sub-contractors for the performance of any contract we enter into with them or you.

We attach at Schedule 1 a list of all entities that may process your personal data on our behalf.

Schedule 1

How long do we keep hold of your information?

The time periods for which we retain your information depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.

For further information on the periods for which your personal data is kept, please see our data retention schedule which can be accessed here [Link is being updated].

Do we transfer your information outside the European Union or European Economic Area

No.

What are your rights with respect to your personal data?

You have the following rights:

  • The right to access the personal data we hold about you.
  • The right to require us to rectify any inaccurate personal data about you without undue delay.
  • The right to have us erase any personal data we hold about you in circumstances such as where it is no longer necessary for us to hold the personal data or, in some circumstances, if you have withdrawn your consent to the processing.
  • The right to object to processing personal data for profiling or direct marketing. The DDUH does not engage in profiling or direct marketing.
  • The right to ask us to provide your personal data to you in a portable format or, where technically feasible, for us to port that personal data to another provider provided it does not result in a disclosure of personal data relating to other people.
  • The right to request a restriction of the processing of your personal data.

Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.

You may exercise any of the above rights by contacting the DPO at dataprotection@dental.tcd.ie

You may lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission. The website is www.dataprotection.ie

What will happen if we change our Privacy Notice?

This notice may change from time to time, and any changes will be posted on our website and will be effective when posted. Please review this notice each time you use our website or our services.  This notice was last updated August 2023.

When was our Privacy Notice last updated?

This notice was last updated in March 2022.

How can you contact us?

Queries in relation to your data stored (patient records held on file) can be sent to the DPO at dataprotection@dental.tcd.ie

Postal Address: Dublin Dental University Hospital, Lincoln Place, Dublin 2, D02 F859.

Your records and Retrospective Chart Reviews

                                                               NOTICE TO PATIENTS

                                          RESEARCH AND RETROSPECTIVE CHART REVIEWS

The Dublin Dental University Hospital would like to notify patients that from time to time the personal and health information that we collect from patients may be used by the hospital for the purpose of a Retrospective Chart Review study.

This is a low risk research study carried out by authorized staff and students in the hospital on personal information only that has already been obtained during the provision of dental care.

The following safeguards apply:

  1. Personal information accessed for this research may not be disclosed to another person unless that information is fully anonymized;
  2. Any findings from the study that are published may not identify an individual whose personal information was used in the study and;
  3. The study will be reviewed and approved by a research ethics committee prior to commencement of the study.

This notice is displayed in accordance with and pursuant to:

S.I. No. 18/2021 - Data Protection Act 2018 (Section 36(2)) (Health Research) (Amendment) Regulations 2021