The Privacy Statement defines how we collect, use, share, store, our legal basis, how long we keep your data and outlines your rights.  Any information that we process will be held in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act, 2018 and other Irish or EU Data Protection legislation.


When you are a visitor to the premises to purchase goods / services we will process the following personal data about you:

  • Your first name, surname, address, telephone/mobile number and e-mail address;
  • A record of the information that you provide to us;
  • Conversations you have when you call us;
  • Home and work address if applicable (to contact you to arrange timely delivery of goods purchased.).
  • Next-of-kin (for clients who need assistance with purchase/rental agreements).
  • When you agree to stand in for a group photograph which we will use on our social media accounts;
  • Marketing profiles, including what events and communications we think you might be interested in..
  • .When you complete a feedback form, on product trialed or purchased.
  • Relevant life, educational and work experience (for access to QQI

Your Business Information




Supplier, Business Relationship Documents, Contracts, SLA’s, Audits, Reviews, etc.

Propose of a Contract. (Article 6(1)(b))

7 years

Training provided via Grant Aid Funding

Legal Obligation. (Article 6(1)(c))

6 years


Records/Documents related to any litigation

Legal Obligation. (Article 6(1)(c))

10 years

Infection Control Records

Legal Obligation. (Article 6(1)(c))

7 years

Data Breech Incident Forms

Legal Obligation. (Article 6(1)(c))

7 years


Patient Details: Some or all of these will be given to OFM depending on customer:
1) Name
2) Address
3) Telephone Number
4) Alternative point of contact and Contact Number
5) E-mail
6) Eircode
7) MRN
8) PO
9) Misc patient details as provided by customer

Legal Obligation. (Article 6(1)(c))

7 years

Customer information

Legal Obligation. (Article 6(1)(c))

7 years

Credit Card Details of customers if phoned in

Legal Obligation. (Article 6(1)(c))

7 years

Credit Card Details of Customers if faxed

Legal Obligation. (Article 6(1)(c))

7 years

Merchant Copies – Visa

Legal Obligation. (Article 6(1)(c))

7 years

Potential Customer Quotations & Log

Legal Obligation. (Article 6(1)(c))

7 years

Potential Deals on Pipedrive

Legal Obligation. (Article 6(1)(c))

7 years

ScrubEx user/administrator names

Legal Obligation. (Article 6(1)(c))

7 years

Fleet Management – Transpoco –

Legal Obligation. (Article 6(1)(c))

7 years

Clinical Evaluation Forms
Post Trial

Legal Obligation. (Article 6(1)(c))

7 years



7 years

Customer Specific Reports:
1) Point Prevalence Audit Information
2) OT Assessment reports


7 years

Customer Complaint

Legal Obligation. (Article 6(1)(c))

7 years

CCTV Recording

Legal Obligation. (Article 6(1)(c))

30 days unless reason to hold longer

Rental Asset Management Information

Legal Obligation. (Article 6(1)(c))

7 years



[O Flynn Medical] is a business-to-business service directed to and intended for use only by those who are 18 years of age or over. We do not aim our services at children, and we do not knowingly collect any personal data from any person under 16 years of age.


Processing is necessary for compliance with a legal obligation such as Taxation laws. We collect financial data required to comply with Irish Tax law such as V.A.T. numbers, account details to pay and sending invoices.


Your information will be disclosed where we are obliged by law to do so. We may also disclose your information where we are allowed by law to protect or enforce our rights or the rights of others and for the detection and prevention of crimes, such as fraud.


There are some activities where we process personal information with your permission, which you can withdraw at any time, although if you do, we may not be able to provide the product or service you have requested. An example is where we want to use your photograph to promote our business. We would ask your permission first and you can withdraw your consent at any time.


Where we may rely on consent to use your information, you have the right to revoke that consent for that processing activity at any time. However, we may have the right to rely on an alternative legal basis for the processing activity and will inform you of that.

A withdrawal of consent may still allow the processing of your data if:

  • Processing is necessary for the performance of a contract with you.
  • Processing is necessary for compliance with a legal obligation.
  • Processing is necessary to protect your vital interest or that of another person.
  • Processing is necessary for the performance of a task carried out in the public interest.
  • Processing is necessary for the legitimate interests pursued by the controller or a third party; except where such interests are overridden by your interests or fundamental rights and freedoms.


 You have rights in respect of our processing of your personal data which are:

  • To access your personal data and information about our handling of it.  You also have the right to request a copy of your personal data (but we will need to remove information about other people).
  • To rectify incorrect personal data that we are processing.
  • To request that we erase your personal data if:
  • We no longer need it;
  • If we are processing your personal data by consent and you withdraw that consent;
  • If we no longer have a legitimate ground to process your personal data; or
  • We are processing your personal data unlawfully
  • To object to our processing if it is by a legitimate interest.
  • To restrict our processing if it was by legitimate interest.
  • To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.

If you want to exercise any of these rights, please contact us at info@oflynnmedical.com

How do we collect information from you?

Visitors to our websites

When someone visits www.oflynnmedical.com we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identity of people visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source.

If we want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Client & Customer Information

Contact information, addresses, telephone numbers, email addresses and VAT registration numbers are held securely by O Flynn Medical to efficiently and continuously operate business and transactions between itself and its clients and customers.

IP Addresses

O Flynn Medical collect IP addresses from visitors to the O Flynn Medical Website. This allows for identification of location of users, to block disruptive use and to establish the number of visits from different countries. O Flynn Medical analyse this data to identify trends, such as which parts of the Website users are visiting and how long they spend on it.

O Flynn Medical collate information on our Website traffic, that is represented in aggregate format through cookies. This is achieved using third parties such as Google Analytics to collect user information, including the use of cookies (flash and non-flash) and web beacons. They help us to improve our Website and to deliver many of the functions that make your browser experience more user friendly. A list of cookies used and the purposes for which they are used, are available in the tables below:

Compliance with Legislation

O Flynn Medical have an obligation to abide by all Irish legislation and relevant legislation of the European Community. The relevant acts, which apply in Irish law to Information Systems Security, include but are not limited to:

  • GDPR – General Data Protection Regulation (25th May 2018)
  • Article 25 of Medical device Regulation 2017/745
  • The Data Protection Act (1988/2002)
  • European Communities Data Protection Regulations, (2001)
  • European Communities (Data Protection and Privacy in Telecommunications) Regulations (2002)
  • Data Protection EU Directive 95/46/EC
  • Criminal Damages Act (1991)
  • Child Trafficking and Pornography Act (1998)
  • Intellectual Property Miscellaneous Provisions Act (1998)
  • Copyright and Related Rights Act (2000)
  • Health and Safety Act (1989)
  • Non-Fatal Offences Against the Person Act (1997)
  • Electronic Commerce Act (2000)
  • Ecommerce Directive (2000/31/EC)
  • Regulations entitled European Communities (Directive 2000/31/EC) Regulations 2003 (S.I. No. 68 of 2003)

The requirement for compliance devolves to all users, who may be held personally responsible for any breach of the legislation.  The most relevant legislation is available from Quality Control or the associated website.

Policy Distribution & Awareness

This policy and its supporting policies, are available via O Flynn Medical network. Hard copies of the policy and its supporting policies, standards and guidelines will be available on request by emailing info@oflynnmedical.com

O Flynn Medical line operations manager will ensure that all existing and new staff, contractors, subcontractors, agency staff and third party commercial service providers who report to them are made aware of and have access to the policy and its supporting policies, standards and guidelines

Individuals requiring clarification on any aspect of the policy and its supporting policies, standards and guidelines and/or advice on general I.T. security matters may email their queries to info@oflynnmedical.com

Legal Implications

Any breach of security of an Information System could lead to loss of security of personal information. This would be an infringement of the Data Protection Act 1988 to 2018 and could lead to civil or criminal proceedings. It is vital, therefore, that users of O Flynn Medical Information Systems must comply, not only with this policy, but also with OFM’s Data Protection Guidelines.

 Further information is available on www.dataprotection.ie

 Review & Update

This policy will be reviewed and updated annually or more frequently if necessary to ensure any changes to O Flynn Medical’s organization structure and business practices are properly reflected in the policy.


If you have any queries or would like to make a Data Subject Access Request or have any other queries please send an email to the following address



We shall keep your information for as long as necessary for the uses set out in this Privacy Statement as outlined above or while there is a legitimate business reason for doing so.



Where we are unable to help, you can complain to the Data Protection Commission (DPC) in Ireland or the Statutory Authority in your country of residence, who will be able to liaise with the Data Protection Commission.

The Data Protection Commission (DPC) can be contacted at:

Post: Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois, Ireland, R32 AP23.

Telephone: +353 (0) 57 8684800

Telephone: +353 (0)761 104 800

Lo-Call Number: 1890 252 231

E-mail: info@dataprotection.ie

O’Flynn Medical gather a certain amount of data from you in order to provide to you with a best in class service. We gather the information provided by you on registration forms and information we learn from your use of this website (the “Site”) and your use of our services and other sites accessible from our site. From time to time we may also gather information relating to promotional activity and any information you provide when contacting us. We also review usage patterns and use of the Site to help us improve our services to you. We respect your right to privacy and take the responsibility of protecting your data and using it only in a way that you would expect, very seriously.

The purpose of this policy (the “Privacy Policy”) is to outline how we deal with any personal data you provide to us while visiting the Site. By visiting this Site, you are accepting the terms of this Privacy Policy. 

We hope that you will find everything you need to know about how we protect your personal data and what uses we make of it below.


Personal Information: What we Collect and Why

We only ask you for the information we need to effectively respond to your contact, question or enquiry. Personal data’ means information which relates to a living person who can be identified from that data on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data.

We will collect and use the following types of personal data about you (where applicable):

  • your contact details such as name, address, email address, telephone number etc;
    • funding information;
    • card payment details;
    • contact details of somebody acting on your behalf (e.g. a family member, your next of kin, some other person, your power of attorney) and their relationship to you;
    • details of any health/social care professionals and/or organisations or other professionals and/or organisations involved/previously involved in your care and support;
    • images from the Company’s CCTV if you visit the Company’s premises;
    • any other category of personal data which we may notify you of from time to time.

We may obtain your personal data from you or from somewhere else such as somebody acting on your behalf (e.g. a family member, your next of kin, some other person, your power of attorney), a health/social care professional and/or organisation or any other professional and/or organisation involved/previously involved in your care and support, another provider of healthcare products and/or services, a funding organisation, a charity, or it could be created by us.



We may use your personal data (including special categories of personal data) for the following reasons (where applicable):

managing our relationship with you; determining which products and/or services we can offer; providing our products and/or services to you; for administration and accounts purposes; carrying out any contracts between us; marketing; dealing with any enquires, compliments, concerns and complaints; liaising with whoever is acting on your behalf; liaising with health/social care professionals and/or organisations or other professionals and/or organisations involved/previously involved in your care and support; liaising with funding organisations, liaising with charities; enabling us to meet any legal and other regulatory obligations imposed on us; providing information to regulatory authorities or statutory bodies, and our legal or other professional advisers including insurers; retaining a record of our dealings; establishing quality, training and compliance with our obligations and best practice; complying with health and safety law and other laws which affect us; monitoring and protecting the security of the Company, of you, our other staff, customers and third parties if you visit and have permission to be our premises; running our business and planning for the future; for Company operations; maintaining safety; safeguarding; preventing and detecting fraud or other criminal offences; defending the Company in respect of any investigation or litigation and complying with any court or tribunal orders for disclosure; audit usage of our website; to conduct data analytics studies to review and better understand how we provide our products and services; and for any other reason which we may notify you of from time to time.


We will only hold your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. To determine the appropriate retention period for personal data, we shall consider:

the amount, nature, and sensitivity of the personal data; the purposes for which we process your personal data and whether we can achieve those purposes through other means; whether the law, our regulatory obligations, accounting or any reporting requirements require us to continue to process your personal data; if we need to keep your personal data in relation to establishing, exercising or defending a legal claim; whether we have any other need to continue to process your personal data; and the potential risk of harm from unauthorised use or disclosure of your personal data.


We do not Share your Data

The information we need about you is not shared with any third parties beyond our trusted partners such as website providers who need to have access to this data in order to provide our online services. 

Each of these partners is committed to protecting your data in line with the rigorous demands we place on them.

We may use and share non-personal non-identifiable information, as it relates to sets or groups of customers, to enhance our understanding of customer behaviour and enable us to improve our service in general.

We will disclose your personal data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.


Security of your Data

O’Flynn Medical are committed to keeping your data secure. We and our partners comply with the Data Protection Acts 1998 and 2003. The servers on which this data is stored are in a physically secure facility.

However the nature of the Internet is such that we cannot guarantee or warrant the security of information you transmit to us via the Internet. No data transmission over the Internet can be guaranteed to be 100% secure. However, as set out above, we will take all commercially reasonable steps (including appropriate technical and organisational measures) to protect your personal data which you provide to us.

We Respect Your Contact Information

We will contact you by phone if you have supplied your telephone number to us. We will contact you by Email if you have submitted a contact form or you have subscribed to our newsletter.

You can choose at any time not to receive such communication by following the unsubscribe instructions at the bottom of any written communication, email or by contacting us at 029 21799. You have the right to request a copy of your data currently held by us and to rectify or remove personal details, by contacting us. 

Non-personal Information

In addition to the personal information we need we also gather statistical and other analytical information of all visitors to our websites. We use this non-personal data gathered from visitors to our website in a collective form to improve the service we provide. This is not linked to your personal information and is completely anonymous.

Third Party Sites

From time to time we may provide links to other sites. These sites are not covered by our Privacy Policy and you should consult the privacy policy of any other site where available for more information.


A cookie is a small piece of information placed on your PC by this Site. It enables your computer to access information on this Site in a faster and more efficient manner. The cookies on this site cannot identify who you are. O’Flynn Medical uses cookies to recognise what country you are from, how long you stayed on the website, what pages you visited etc. We use this information to determine what content we provide is the most valuable to visitors. We also use cookies to monitor website activity as described above in the ‘Non-Personal Information’ section.

Our Site uses a number of cookies which broadly fall under the following:

Cookies required for Site Usage

We use cookies which are required to use the site and it will not function properly without them. You can change your cookie settings so that these cookies will not be set. You can also delete cookies which have previously been set. For more information on how to manage cookies, including opt-out of all site cookies please visit: http://www.aboutcookies.org/Default.aspx?page=1 

Site Analysis cookies

We also gather statistical and other analytical information of all visitors to our websites. We use this non-personal data gathered from visitors to our website in a collective form to improve the service we provide. This is not linked to your personal information and is completely anonymous. The service that we use for this purpose is Google Analytics. To see how you can opt out of Google Analytics visit https://tools.google.com/dlpage/gaoptout For more information on how to manage cookies, including opt-out of site analysis cookies please click here

Functional cookies

Our websites use a number of cookies which perform activities such as remembering your previous choices when visiting via mobile phone, remembering not to display the same warning repeatedly etc. For more information on how to manage cookies, including opting-out of functional cookies please click here.

Other third party cookies

If you use an embedded service on our site such as Google Maps, Sharing via Facebook or Twitter, Video via Youtube, cookies may be set which are beyond our control. As we do not control these cookies and cannot access them, you should check the cookie policies of these embedded services.

If you have any further questions on how we store or use information about you please feel free to contact us.


The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Changes to the Privacy Policy

Any changes to this Privacy Policy will be posted on this Site so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.



For some friendly advice contact us now.

1890 440 440 or email info@oflynnmedical.com

We are proud to have been the winner of numerous awards for our commitment to providing an excellent caring service for our valued clients.

Contact Us

Macroom Environmental Industrial Park,
Bowl Road,
Co. Cork
P12 YD92

UK Office
601 International House,
223 Regent Street,
London W1B 2QD,
T: 1890 440 440
E: info@oflynnmedical.com


Download our latest Medical Equipment Catalogue

Cork Chamber