ABOUT O’ FLYNN MEDICAL LIMITED
Established in 2000, O’ Flynn Medical is now the premier medical equipment business in the country (also referred to as “we,” “our”, “us”) is the Data Controller when you provide your personal data to us.
Our Compliance Officer can be contacted as follows:-
Telephone: 0818 440 440
Post: O’ Flynn Medical Limited, Macroom Environmental Industrial Park, Bowl Road, Macroom, Co. Cork P12 YD92.
O’ Flynn Medical Limited fully respects your right to privacy. O’ Flynn Medical Limited is committed to ensuring that your privacy is protected, and we wish to be transparent on how we process your data. Please read the following carefully to understand our views and practices regarding your personal data and how we treat it.
RETAINING YOUR DATA
We will only store personal data for as long as necessary for the purposes for which it was obtained. The criteria used to determine our retention periods include
- The length of time we have an ongoing relationship and/or provide our services;
- Whether there is a legal requirement to which we are subject; and
- Whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
We will keep personal data contained in application files in line with our Retention Schedule. It will be retained in a secure environment and access to it be restricted.
|Type of Document/Record||Lawful Basis||Retention Period|
|Accident books, Accident and/or Incident Report Forms (First name, surname, address, mobile phone, email address, medical condition, signature)||Legal Obligation. The Safety, Health and Welfare at Work (General Applications) Regulations 1993, at section 60, provides for a 10 year retention period from the date of an accident.||10 years from last entry if no claim is made in the interim.|
|Personal injury claims||Legal Obligation & Purpose of a Contract. Personal injury claims (including claims for psychological damage such as stress) must generally be taken within 2 years of the date of the cause of action (i.e. the event that caused the damage). A minimum retention period of 3 years is generally recommended, again to allow for any claims which might be taken toward the end of the statutory period. Matters are somewhat complicated by the possibility of ‘latent injury’. If the injured employee is not, and could not, be expected to be aware of their injuries, the statutory time limit will only start to run when they become so aware. For this reason, if employees are coming into contact with potentially hazardous chemicals or substances, the potential effects of which are not yet known, or which are known to give rise to latent illness, the relevant records might be retained indefinitely. It should be noted that the risk of latent injury does not justify the indefinite retention of all employee records.||End of relationship + 7 years due to their being a contract with the Rest Assured Service Clients (or longer in the event of possible legal action for which the documents may be needed as evidence).|
|Candidates short listed but not successful at interview or who are successful but do not accept offer:Interview Score Sheets, C.Vs and Cover Letters, Application Forms, Job Specification and Job Description||Legal Obligation. The Employment Equality Acts 1988 — 2008 prohibit, among other things, discrimination with respect to access to employment. An unsuccessful candidate, who is of the view that they were passed over for a position due to a protected ground, such as race, sexual orientation or gender, may seek to bring equality proceedings. Such proceedings must be brought within 6 months (extendable to 12 months for reasonable cause) from the last act of discrimination.||1 year fromthe date that the position is filled.|
|Supplier, business relationship documents, contracts, SLA’s, audits, reviews etc.||Propose of a Contract||End of relationship + 7 years|
|Records/documents related to any litigation.||10 years after the file is closed. As advised by the organisation’s legal advisor. All records to be reviewed.|
|Data Breach Incident Forms (First name, surname, address, mobile phone, email address)||Legal Obligation. The Compliance Officer should keep an ongoing log and clear report detailing the nature of the incident, steps taken to preserve any evidence, notes of any interviews or statements, the assessment of risk/investigation and any recommendations for future work/actions.||7 years from the date of the incident|
|CCTV Images||Legal Obligation. Safety, Health and Welfare at Work Act, 2005.||30 days. Data may be retained by O’ Flynn Medical Limited beyond a maximum of 30 days in circumstances where the data is required for evidential purposes and/or legal proceedings.|
|Fleet Management System (Geo Location)||Purpose of a Contract. It is part of the job requirement that the delivery van’s location is monitored for the purposes of organising pick-ups and drop-offs.||Outside of working hours, the delivery drivers can switch off the monitoring device.|
|Photographs, video footage and audio||Consent. Photograph of the employee and/or members of the public including their first name and surname are published on the company website.||7 years or until the identifiable individuals withdraw their consent. Whichever occurs first.|
|Questionnaire about an Outbreak, Pandemic and/or Acts of Nature||Legal Obligation. OFM has a legal obligation to protect its staff’s health under the Safety, Health and Welfare at Work Act, 2005. To identify the data subjects’ recent travel history concerning countries affected by the virus/disease and experiencing symptoms.||Duration of the outbreak, pandemic and/or acts of nature.|
|Visitors to Our Premises: Covid-19 Contact Tracing Log:Fáilte Ireland is acting on the HSE guidance, which permits us to process visitor’s personal data, including health data.||Public Interest. This is in the area of public health. Article 9(2)(i) GDPR and Section 53 of the Data Protection Act 2018.||The visitor’s information will be securely retained for 30 days after which it will be deleted/destroyed.|
|Infection Control Records||Legal Obligation. Safety, Health and Welfare at Work Act, 2005.||7 years|
|Purchase Rental Agreements: Your first name, surname, address, telephone/mobile, number and e-mail address, MRN. Next-of-kin (for clients who need assistance with purchase/rental agreements.||Purpose of a Contract||7 years|
|Testimonials||Consent. Testimonial from the customer including their first name and surname are published on the company website.||7 years or until the identifiable individuals withdraw their consent. Whichever occurs first.|
Customer Complaints (First name, surname, address, mobile phone, email address, signature)
|Purpose of a Contract.||7 years|
Garda Vetting Application forms processed by GVU
|Legal Obligation.||1 year|
Service Sheets/Reports for Hospitals (Signature)
Legal Obligation. The Companies Acts and Taxes Consolidation Act, 1997 provide for a 6 year retention period of tax records.
Purpose of a Contract.
Regulation 30: Inspection of work equipment (d) The results of inspections carried out are recorded and kept available for 5 years from the date of inspection, for inspection by an inspector.
|Competitions (First name, surname, address, mobile phone, email address)||Consent. The competitor decides to enter the competition.||The winner’s first name, surname, email, postal address and Eircode will be retained until the winner has received their prize.|
|Visitor Record Book (Name, Company, Car Reg, Visiting, Badge No. Time In and Time Out.||Legal Obligation. Safety, Health and Welfare at Work Act, 2005. Guests visiting your office or company, for fire and safety purposes it is important that they sign in and out of the building.||2 years|
|HSE Requisition Sheet: (Customer/requester’s first name, surname, department and ward).||Purpose of a Contract.||Current year plus 6 years|
Photographs, video footage and audio of paid professional models
|Purpose of a Contract. Photograph of the paid professional models including their first name and surname are published on the company website and brochures.||7 years|
Minutes of Meetings
|Accounting records detailing company transactions, including supporting documents.||Legal Obligation.||7 years|
|1. Statutory books, 2. Board minutes 3. Resolutions||Legal Obligation.||Indefinitely|
|Records documenting the firm’s relationships and responsibilities to statutory and/or regulatory bodies and its legal responsibilities.||Legal Obligation.||Indefinitely|
|Business documents, policies, procedures, strategies etc.||Legal Obligation.||Superseded + 6 years (then reviewed for archive value purposes).|
|Deliveries of goods purchased (First name, surname, telephone number, email address, postal address and Eircode, MPRN, PO).||Purpose of a Contract & Legal Obligation.||6 years|
If you would like more information about how long O’ Flynn Medical Limited holds your data, please e-mail email@example.com.
Additionally, if you submit Personal Data relating to other people – such as your colleagues and/or companions – in connection with the Services we provide, you are also deemed to be representing that you have the authority to do so and permit us to use their Personal Data for the purposes described in this Privacy Statement.
We do not knowingly collect personal information from children without proper parental consent. If you are aged 18 or under, please get your parent/guardian’s permission before you provide any personal information to us. Users without this consent are not allowed to provide us with personal information. If you believe that we may have collected personal information from someone under the age of 18 without parental permission, please let us know using the methods described in the ‘Contact Us’ section and we will investigate and address the issue promptly.
USE OF OUR WEBSITES
SHARING YOUR DATA
To provide our services and to comply with legal obligations imposed on us, it may be necessary from time to time for us to disclose personal data to third parties, including without limitation to the following:
- Our third-party service providers who provide services to us to help us administer and audit our services.
Where we need to share your personal information, we will do so in line with this Statement and our legal obligations, including ensuring that the third party we are sharing it with has appropriate technical and organisational measures and processes in place to keep your personal information secure, and that they only use it in accordance with our instructions.
Your personal data will be shared with the following organisations in the exercise of their public task, to make payments, to comply with our legal obligation and for the detection and prevention of fraud. Your consent for these purposes is not required.
- External Auditors
- Office of the Revenue Commissioners (ROI)
- An Garda Siochána
LINKED SERVICES, THIRD-PARTY SITES AND CONTENT
Right of access – you have the right to request a copy of the information that we hold about you in accordance with Section 86 of the Data Protection Act, 2018.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.
Right of erasure – in certain circumstances, you can ask for the data we hold about you to be erased from our records in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.
Right to portability – subject to certain restrictions, you have the right to have the data we hold about you transferred to another organisation where we hold it in electronic form. This right to data portability applies to: (i) personal data that we process automatically (i.e., without any human intervention) (ii) personal data provided by you; and (iii) personal data that we process based on your consent on in order to fulfil a contract.
Right to object – you have the right to object to certain types of processing such as, direct marketing.
TO ACCESS WHAT PERSONAL DATA IS HELD, IDENTIFICATION WILL BE REQUIRED
To access a copy of your personal data that is held by O’ Flynn Medical Limited, please contact the Compliance Officers, see section “Complaints, Questions and Assistance”.
For your protection, we will only implement requests with respect to personal information about you and we will need to verify your identity before we act on your request. We will comply with your request as soon as reasonably practicable and in accordance with applicable law.
You will need to provide some photographic identification (i.e., passport or drivers licence) together with proof of address (i.e., utility bill or official letter).
DATA TRANSFERS OUTSIDE OF THE EUROPEAN ECONOMIC AREA
Where we transfer your information, we do so in accordance with EU data protection law. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your information. We may rely on different legal mechanisms to ensure the transfer is lawful. If the recipient is in a country that is not deemed ‘adequate’ by the European Commission, we may enter into ‘Standard Contractual Clauses (SCCs) with the recipient. These are contracts that contain standard commitments approved by the European Commission protecting the privacy and security of the information which is being transferred.
HOW DO WE PROTECT YOUR INFORMATION
O’ Flynn Medical Limited will take appropriate legal, organisational and technical measures to protect your personal information. O’ Flynn Medical Limited takes it obligations very seriously and we take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:
- Restricted Access;
- IT Authentication;
- Firewalls; &
We adopt the strongest lines in relation to misuse of your information by any of its staff. Any breach of trust regarding the confidentiality of information is treated as serious misconduct under the Disciplinary Code and can lead to dismissal.
WHERE THE DATA SUBJECT DOES NOT PROVIDE THEIR PERSONAL DATA
If we cannot collect or process certain personal data, we may not be able to provide a grant or other supports or services. If you have any queries in respect of the consequences of not providing information, please contact us (see the section Complaints, Questions and Assistance).
CHANGES TO OUR PRIVACY STATEMENT
We reserve the right to modify this Privacy Statement at any time. Each time you use this website, you shall be bound by the then current Privacy Statement and accordingly you should review the Privacy Statement each time you use this website. This is a live document, under regular review. This policy was last updated in November 2021.
COMPLAINTS, QUESTIONS AND ASSISTANCE
You are encouraged to raise any issues with Conor O’ Flynn or Martina Golden (Compliance Officers):
O’ Flynn Medical Limited,
Macroom Environmental Industrial Park,
Telephone: 0818 440 440
COMPLAINING TO THE DATA PROTECTION COMMISSION (DPC)
In the event that you wish to make a complaint about how your personal data is processed by O’ Flynn Medical Limited or how your complaint has been handles, you have the right to lodge a complaint directly with the Data Protection Commission (DPC)
or to the Statutory Authority in your country of residence, who will be able to liaise with the DPC.
The Data Protection Commission can be contacted at:
Post: Data Protection Commission (DPC), Canal House, Station House, Portarlington, Co. Louth.
Telephone: +353 (0) 57 8684800
Telephone: +353 (0) 76 1104800
Lo-Call Number: 1890 252 231
We have set out below a list of third parties with whom we share your data.
- E-mail and cloud services
- Law firms (where appropriate)
- IT services – Radius Technologies
- Accounting: Software service providers, our auditor
- Insurance Services Providers
- Revenue Commissioners and other Regulatory Bodies
- Work Relations Commission (WRC)
- Cork Confidential Shredding
- RGC Technologies (Rental Software)
- Fastway Couriers