DYNOMED Privacy Statement
We are DYNOMED Limited a company incorporated in Ireland (registered no. 547534) with registered office at Ballycleary Farm, Kilmore, Co Wexford, Y35XW50 (“DYNOMED”, “us”, “we”, or “our”). We supply sleep and respiratory products to Irish patients (the “Products”). At DYNOMED we are committed to protecting and respecting your privacy. This Privacy Statement will let you know how we look after the personal data which we collect from you in connection with your use of the Products, and any related content, products and services. This Privacy Statement also informs you as to our obligations and your rights under data protection law.
1. Who is responsible for your personal data?
For the purposes of the EU General Data Protection Regulation (EU Regulation 679/2016) (the “GDPR”), DYNOMED is the data controller with regard to the personal data described in this Privacy Statement. “Data controllers” are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed, who/which make independent decisions in relation to the personal data and/or who/which otherwise control that personal data. In particular, we have appointed a Data Protection Officer within DYNOMED to monitor compliance with our data protection obligations and with this Privacy Statement and related policies. If you have any questions about this policy or about our data protection compliance, please contact us.
2. What personal data do we collect?
“Personal data” means any information relating to an identified or identifiable natural person. Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions and/or behaviour.
“Special categories of personal data” of particularly sensitive personal data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data. When you register for and use our Products: When you register to use our Products you will be asked to provide the following information: Administrative:
- Name
- Date of Birth
- Email address
- Postal address
- Contact number
- Next of kin name & contact number
- Financial details
- Record of billable services provided
- Billing and payment records
Special categories of personal data:
- Details of your sleep/respiratory condition which you/physician/referring hospital provide at the time of registering for use of our Products
- Hospital Number
- GMS number (where relevant)
- Information collected from the Products during your use of same
Through our website: We have a contact portal on our website (www.Dynomed.ie) through which you may elect to make the following information available to us:
- Name
- Email address
- Comments which you submit which might occasionally contain personal data
In addition to the above we may collect, use, store and transfer different kinds of personal data about people using our website which we have grouped together as follows:
o Analytical Information: includes information on how you interact with the website, such as IP address, date, time, information about your browser, operating system and computer or device, pages viewed and items clicked. We may also collect location information, including location information automatically provided by your computer or device.
3. How do we collect your personal data?
We collect the administrative and special categories of personal data directly from you, your physician, referring hospital and from the Products. On certain occasions we may receive personal data from your GP or medical provider. We collect certain personal data via our website through use of contact forms and use of cookies.
4. For what purposes do we process your personal data and what is our legal basis?
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.
Type of data
Name, email, phone number, postal address
Purposes of processing
o So that we can communicate with you with regard to the delivery and set up of the Products.
o To send you any additional information or replacement parts you might need
Lawful basis for processing
Necessary for the purposes of performing our contract with you.
Type of data
Financial details: billing records, payment records etc
Purposes of processing
o To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us
Lawful basis for processing
Necessary for the performance of a contract with you; and Necessary for our legitimate interests (to recover debts due to us)
Type of data
Details of your sleep/respiratory condition which you provide at the time of registering for use of our Products
Purposes of processing
o To ensure that the Product which you are registering for is appropriate for your use.
o To input the relevant details into the Product to tailor it to your use
Lawful basis for processing
Explicit consent and necessary for the purposes of performing a contract with you.
Type of data
GMS number
Purposes of processing
o To communicate with you GP or other health service provider where necessary
Lawful basis for processing
Explicit consent and for the purposes of performing our contract with you.
Type of data
Information collected from the products during your use of same
o To provide you with information collected in relation to your sleep/respiratory condition from the Products. This is one of the key parts of the services we provide.
Lawful basis for processing
Explicit consent and for the purposes of performing our contract with your explicit consent and for the purposes of performing our contract with you.
Type of data
Name, email, comments
Purposes of processing
To respond to you where you have provided comments to us or asked us questions via our website.
Lawful basis for processing
Consent
Type of data
Analytical information
Purposes of processing
To make our website function more efficiently and effectively in order to improve your online experience with us
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security etc.)
Lawful basis for processing
Consent
Where we need to collect personal data under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the Products or associated services). In this case, we may have to cancel a Product or service you have with us, but we will notify you if this is the case at the time. Where we rely on consent as a legal basis, you may withdraw consent at any time by contacting us. Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal. We use cookies to facilitate the use of our website. For detailed information on the cookies we use and the purposes for which we use them, see our cookie policy here.
5. Do we share your personal data with anyone else?
With the online application “SleepHalo”, we (Dynomed Ltd), your equipment provider, physician, hospital, sleep lab or other service provider is able to monitor your sleep diagnosis and / or therapy from a distance. You will separately be asked to explicitly consent to DYNOMED sharing your personal data with SleepHalo.
We may also share your personal data with the following parties in connection with our processing of your personal data:
o Third party service providers for the purpose of system support
o Your doctor or other health care provider
We require all third parties to enter into a data processing agreement/data sharing agreement with us which complies with our obligations under the GDPR. This agreement requires third parties to have appropriate security systems in place and only to use your personal data on our instructions and in accordance with data protection law. Under certain circumstances, DYNOMED may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
6. Links to third party websites
Our website may contain links to and from websites operated by third parties unaffiliated with DYNOMED. We do not control these third-party websites and we make no endorsements, warranties, or representations whatsoever regarding, nor do we assume any responsibility whatsoever in respect of, such third-party websites or the materials, information and content contained therein. We strongly advise that you carefully review the terms and conditions and privacy policies of all linked third-party websites. We also reserve our right to discontinue any and all links to our website from third party websites, at any time, at our sole and exclusive discretion
7. Keeping your personal data secure
We take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. We limit access to your personal data to those employees, agents and other third parties who are required to have access to your personal data and where they have agreed that they are subject to a duty of confidentiality.
We have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We have procedures in place to deal with actual and suspected data breaches which include an obligation on us to notify the supervisory authority and/or you, the data subject, where legally required to do so.
8. Transferring personal data out of the EEA
We do not currently transfer any of your personal data out of the European Economic Area. If circumstances arise in which we have to transfer your personal data out of the European Economic Area for the purposes of carrying out the services we provide to you, we will always ensure that there are appropriate safeguards in place to protect your personal data such as:
o the European Commission has issued a decision confirming that the country to which we transfer the personal data ensures an adequate level of protection for the data subjects’ rights and freedoms;
o appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from us on request;
o you have provided explicit consent to the proposed transfer after being informed of any potential risks; or
o the personal data is being transferred to a company in the US which has self-certified its compliance with the EU-US Privacy Shield which has been found by the European Commission to provide an adequate level of protection to the personal data of EU citizens.
9. For how long do we keep your personal data?
Your personal data will be deleted when it is no longer reasonably required for the purposes described above or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data. In determining our retention period for categories of personal data we at all
times will consider our obligations under the data protection legislation, guidance from the Data Protection Commission, any other specific legislative requirements as well as the amount and nature of the data itself.
10. Your data protection rights
Under certain circumstances, by law you have the right to:
o Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
o Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
o Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
o Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
o Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
o Object to automated decision-making including profiling, that is not to be the subject of any automated decision-making by us using your personal information or profiling of you. We do not engage in any
automated decision making.
o Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
o Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
In the event that you wish to make a complaint about how your personal data is being processed by DYNOMED, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority who can be contacted as follows:
Contact
Data Protection Commission
Telephone +353 57 8684800 / +353 761 104 800
Email info@dataprotection.ie
Post
Data Protection Commission 21 Fitzwilliam Square South Dublin 2 D02 RD28 Ireland
11. Contact us
You can contact us with any queries, complaints or requests to exercise your data protection righ
Contact/Subject
Data Protection Commission
Telephone
+353 (0)53 900 7951
Email hello@dynomed.ie
Post
Ballycleary Farms, Kilmore, Co Wexford, Y35 XW50
12. Updates to this Privacy Statement
Our Privacy Statement may change from time to time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information