Privacy Policy

O’Flynn Medical Privacy Policy


Established in 2000, O’ Flynn Medical is now the premier medical equipment business in the country (also referred to as “we,” “our”, “us”) is the Data Controller when you provide your personal data to us.

Our Compliance Officer can be contacted as follows:-

Telephone: 0818 440 440

E-mail: info@oflynnmedical.com

Post: O’ Flynn Medical Limited, Macroom Environmental Industrial Park, Bowl Road, Macroom, Co. Cork P12 YD92.

O’ Flynn Medical Limited fully respects your right to privacy. O’ Flynn Medical Limited is committed to ensuring that your privacy is protected, and we wish to be transparent on how we process your data. Please read the following carefully to understand our views and practices regarding your personal data and how we treat it.


We will only store personal data for as long as necessary for the purposes for which it was obtained. The criteria used to determine our retention periods include

  • The length of time we have an ongoing relationship and/or provide our services;
  • Whether there is a legal requirement to which we are subject; and
  • Whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).


We will keep personal data contained in application files in line with our Retention Schedule. It will be retained in a secure environment and access to it be restricted.

Type of Document/Record Lawful Basis Retention Period
Accident books, Accident and/or Incident Report Forms                 (First name, surname, address, mobile phone, email address, medical condition, signature) Legal Obligation. The Safety, Health and Welfare at Work (General Applications) Regulations 1993, at section 60, provides for a 10 year retention period from the date of an accident. 10 years from last entry if no claim is made in the interim.
Personal injury claims Legal Obligation & Purpose of a Contract. Personal injury claims (including claims for psychological damage such as stress) must generally be taken within 2 years of the date of the cause of action (i.e. the event that caused the damage). A minimum retention period of 3 years is generally recommended, again to allow for any claims which might be taken toward the end of the statutory period. Matters are somewhat complicated by the possibility of ‘latent injury’. If the injured employee is not, and could not, be expected to be aware of their injuries, the statutory time limit will only start to run when they become so aware. For this reason, if employees are coming into contact with potentially hazardous chemicals or substances, the potential effects of which are not yet known, or which are known to give rise to latent illness, the relevant records might be retained indefinitely. It should be noted that the risk of latent injury does not justify the indefinite retention of all employee records. End of relationship + 7 years due to their being a contract with the Rest Assured Service Clients (or longer in the event of possible legal action for which the documents may be needed as evidence).
Candidates short listed but not successful at interview or who are successful but do not accept offer:Interview Score Sheets, C.Vs and Cover Letters, Application Forms, Job Specification and Job Description Legal Obligation. The Employment Equality Acts 1988 — 2008 prohibit, among other things, discrimination with respect to access to employment. An unsuccessful candidate, who is of the view that they were passed over for a position due to a protected ground, such as race, sexual orientation or gender, may seek to bring equality proceedings. Such proceedings must be brought within 6 months (extendable to 12 months for reasonable cause) from the last act of discrimination. 1 year fromthe date that the position is filled.
Supplier, business relationship documents, contracts, SLA’s, audits, reviews etc. Propose of a Contract End of relationship + 7 years
Records/documents related to any litigation.   10 years after the file is closed. As advised by the organisation’s legal advisor. All records to be reviewed.
Data Breach Incident Forms (First name, surname, address, mobile phone, email address) Legal Obligation. The Compliance Officer should keep an ongoing log and clear report detailing the nature of the incident, steps taken to preserve any evidence, notes of any interviews or statements, the assessment of risk/investigation and any recommendations for future work/actions. 7 years from the date of the incident
CCTV Images Legal Obligation. Safety, Health and Welfare at Work Act, 2005. 30 days. Data may be retained by O’ Flynn Medical Limited beyond a maximum of 30 days in circumstances where the data is required for evidential purposes and/or legal proceedings.
Fleet Management System                 (Geo Location) Purpose of a Contract. It is part of the job requirement that the delivery van’s location is monitored for the purposes of organising pick-ups and drop-offs. Outside of working hours, the delivery drivers can switch off the monitoring device.
Photographs, video footage and audio Consent. Photograph of the employee and/or members of the public including their first name and surname are published on the company website. 7 years or until the identifiable individuals withdraw their consent. Whichever occurs first.
Questionnaire about an Outbreak, Pandemic and/or Acts of Nature Legal Obligation. OFM has a legal obligation to protect its staff’s health under the Safety, Health and Welfare at Work Act, 2005. To identify the data subjects’ recent travel history concerning countries affected by the virus/disease and experiencing symptoms. Duration of the outbreak, pandemic and/or acts of nature.
Visitors to Our Premises: Covid-19 Contact Tracing Log:Fáilte Ireland is acting on the HSE guidance, which permits us to process visitor’s personal data, including health data. Public Interest. This is in the area of public health.  Article 9(2)(i) GDPR and Section 53 of the Data Protection Act 2018. The visitor’s information will be securely retained for 30 days after which it will be deleted/destroyed.
Infection Control Records Legal Obligation. Safety, Health and Welfare at Work Act, 2005.  7 years
Purchase Rental Agreements: Your first name, surname, address, telephone/mobile,  number and e-mail address, MRN. Next-of-kin (for clients who need assistance with purchase/rental agreements. Purpose of a Contract 7 years
Testimonials Consent. Testimonial from the customer including their first name and surname are published on the company website. 7 years or until the identifiable individuals withdraw their consent. Whichever occurs first.

Customer Complaints                   (First name, surname, address, mobile phone, email address, signature)


Purpose of a Contract. 7 years

Garda Vetting Application forms processed by GVU


Legal Obligation. 1 year

Tax Records





Service Sheets/Reports for Hospitals                                        (Signature)



Legal Obligation. The Companies Acts and Taxes Consolidation Act, 1997 provide for a 6 year retention period of tax records.



Purpose of a Contract.

6 years





Regulation 30: Inspection of work equipment (d) The results of inspections carried out  are recorded and kept available for 5 years from the date of inspection, for inspection by an inspector.

Competitions                                           (First name, surname, address, mobile phone, email address) Consent. The competitor decides to enter the competition. The winner’s first name, surname, email, postal address and Eircode will be retained until the winner has received their prize.
Visitor Record Book                         (Name, Company, Car Reg, Visiting, Badge No. Time In and Time Out. Legal Obligation. Safety, Health and Welfare at Work Act, 2005. Guests visiting your office or company, for fire and safety purposes it is important that they sign in and out of the building. 2 years
HSE Requisition Sheet: (Customer/requester’s first name, surname, department and ward). Purpose of a Contract. Current year plus 6 years

Photographs, video footage and audio of paid professional models


Purpose of a Contract. Photograph of the paid professional models including their first name and surname are published on the company website and brochures. 7 years

Minutes of Meetings


Legal Obligation. Indefinitely
Accounting records detailing company transactions, including supporting documents. Legal Obligation. 7 years
1. Statutory books, 2. Board minutes 3. Resolutions Legal Obligation. Indefinitely
Records documenting the firm’s relationships and responsibilities to statutory and/or regulatory bodies and its legal responsibilities. Legal Obligation. Indefinitely
Business documents, policies, procedures, strategies etc. Legal Obligation. Superseded + 6 years (then reviewed for archive value purposes).
Deliveries of goods purchased (First name, surname, telephone number, email address, postal address and Eircode, MPRN, PO). Purpose of a Contract & Legal Obligation. 6 years


If you would like more information about how long O’ Flynn Medical Limited holds your data, please e-mail info@oflynnmedical.com.

Additionally, if you submit Personal Data relating to other people – such as your colleagues and/or companions – in connection with the Services we provide, you are also deemed to be representing that you have the authority to do so and permit us to use their Personal Data for the purposes described in this Privacy Statement.


We do not knowingly collect personal information from children without proper parental consent. If you are aged 18 or under, please get your parent/guardian’s permission before you provide any personal information to us. Users without this consent are not allowed to provide us with personal information. If you believe that we may have collected personal information from someone under the age of 18 without parental permission, please let us know using the methods described in the ‘Contact Us’ section and we will investigate and address the issue promptly.


O’ Flynn Medical Limited’s website collects specific information automatically and stores it in log files. The information may include Internet Protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of O’ Flynn Medical Limited website, including a history of the pages you view. We use this information to help us design our site to suit our users’ needs better. We may also use your IP address to help diagnose problems with our server and to administer our websites, analyses trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. See the Cookie Policy on our websites for more details.


To provide our services and to comply with legal obligations imposed on us, it may be necessary from time to time for us to disclose personal data to third parties, including without limitation to the following:


  • Our third-party service providers who provide services to us to help us administer and audit our services.


Where we need to share your personal information, we will do so in line with this Statement and our legal obligations, including ensuring that the third party we are sharing it with has appropriate technical and organisational measures and processes in place to keep your personal information secure, and that they only use it in accordance with our instructions.

Your personal data will be shared with the following organisations in the exercise of their public task, to make payments, to comply with our legal obligation and for the detection and prevention of fraud. Your consent for these purposes is not required.

  • External Auditors
  • Office of the Revenue Commissioners (ROI)
  • An Garda Siochána


In some of our articles, videos and blogs, we may reference other websites and provide links which are outside of our control. This Privacy Statement does not cover these other websites and links. O’ Flynn Medical Limited does not accept any responsibility or liability for other sites’ privacy notices, statements, or policies. If you access other websites using the links provided, please read their specific notices before submitting any of your personal information. Please refer to YouTube’s Terms of Service and Google’s Privacy Policy


Right of access – you have the right to request a copy of the information that we hold about you in accordance with Section 86 of the Data Protection Act, 2018.


Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.


Right of erasure – in certain circumstances, you can ask for the data we hold about you to be erased from our records in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.


Right to restriction of processing – where certain conditions apply to have a right to restrict the processing in accordance with Section 87 and Section 89 of the Data Protection Act, 2018.


Right to portability – subject to certain restrictions, you have the right to have the data we hold about you transferred to another organisation where we hold it in electronic form. This right to data portability applies to: (i) personal data that we process automatically (i.e., without any human intervention) (ii) personal data provided by you; and (iii) personal data that we process based on your consent on in order to fulfil a contract.


Right to object – you have the right to object to certain types of processing such as, direct marketing.


To access a copy of your personal data that is held by O’ Flynn Medical Limited, please contact the Compliance Officers, see section “Complaints, Questions and Assistance”.


For your protection, we will only implement requests with respect to personal information about you and we will need to verify your identity before we act on your request. We will comply with your request as soon as reasonably practicable and in accordance with applicable law.


You will need to provide some photographic identification (i.e., passport or drivers licence) together with proof of address (i.e., utility bill or official letter).


Where we transfer your information, we do so in accordance with EU data protection law. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your information. We may rely on different legal mechanisms to ensure the transfer is lawful. If the recipient is in a country that is not deemed ‘adequate’ by the European Commission, we may enter into ‘Standard Contractual Clauses (SCCs) with the recipient. These are contracts that contain standard commitments approved by the European Commission protecting the privacy and security of the information which is being transferred.


O’ Flynn Medical Limited will take appropriate legal, organisational and technical measures to protect your personal information. O’ Flynn Medical Limited takes it obligations very seriously and we take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:

  • SSL;
  • Restricted Access;
  • IT Authentication;
  • Firewalls; &
  • Anti-Virus/Malware


We adopt the strongest lines in relation to misuse of your information by any of its staff. Any breach of trust regarding the confidentiality of information is treated as serious misconduct under the Disciplinary Code and can lead to dismissal.


If we cannot collect or process certain personal data, we may not be able to provide a grant or other supports or services. If you have any queries in respect of the consequences of not providing information, please contact us (see the section Complaints, Questions and Assistance).


We reserve the right to modify this Privacy Statement at any time. Each time you use this website, you shall be bound by the then current Privacy Statement and accordingly you should review the Privacy Statement each time you use this website. This is a live document, under regular review. This policy was last updated in November 2021.


You are encouraged to raise any issues with Conor O’ Flynn or Martina Golden (Compliance Officers):


Compliance Officer,

O’ Flynn Medical Limited,

Macroom Environmental Industrial Park,

Bowl Road,


Co. Cork

P12 YD92


Telephone: 0818 440 440

E-mail: info@oflynnmedical.com


In the event that you wish to make a complaint about how your personal data is processed by O’ Flynn Medical Limited or how your complaint has been handles, you have the right to lodge a complaint directly with the Data Protection Commission (DPC)

or to the Statutory Authority in your country of residence, who will be able to liaise with the DPC.


The Data Protection Commission can be contacted at:


Post: Data Protection Commission (DPC), Canal House, Station House, Portarlington, Co. Louth.

Telephone: +353 (0) 57 8684800

Telephone: +353 (0) 76 1104800

Lo-Call Number: 1890 252 231

E-mail: info@dataprotection.ie


Schedule 1

We have set out below a list of third parties with whom we share your data.

  • E-mail and cloud services
  • Law firms (where appropriate)
  • IT services – Radius Technologies
  • Accounting: Software service providers, our auditor
  • Insurance Services Providers
  • Revenue Commissioners and other Regulatory Bodies
  • Work Relations Commission (WRC)
  • Cork Confidential Shredding
  • Zoom
  • RGC Technologies (Rental Software)
  • Fastway Couriers

For some friendly advice contact us now.

0818 440 440 or email info@oflynnmedical.com

We are proud to have been the winner of numerous awards for our commitment to providing an excellent caring service for our valued clients.

Contact Us

Macroom Environmental Industrial Park,
Bowl Road,
Co. Cork
P12 YD92


Download our latest Medical Equipment Catalogue