Privacy Policy

Last updated: December 2024

1. Introduction

GetYourGP Limited ("we", "us", "our") is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our online healthcare services.

We are registered in Ireland and comply with the General Data Protection Regulation (GDPR), the Data Protection Acts 1988-2018, and all applicable Irish and EU data protection legislation.

2. Data Controller

GetYourGP Limited is the data controller for the personal data we process. Our contact details are:

  • Email: privacy@getyourgp.ie
  • Address: Dublin, Ireland

3. Information We Collect

3.1 Personal Information

  • Full name, date of birth, and gender
  • Contact details (email address, phone number, postal address)
  • PPS Number (for prescription purposes only)
  • Payment information (processed securely via Stripe)
  • Account login credentials

3.2 Health Information

  • Medical history and current conditions
  • Medications and allergies
  • Consultation notes and clinical assessments
  • Prescriptions issued
  • Test results and referral information

3.3 Technical Information

  • IP address and browser type
  • Device information
  • Usage data and cookies
  • Video consultation recordings (if consent provided)

4. How We Use Your Information

We process your data for the following purposes:

  • Healthcare provision: To provide medical consultations, prescriptions, and healthcare services
  • Legal obligations: To comply with medical record-keeping requirements (minimum 7 years retention in Ireland)
  • Communication: To send appointment reminders, prescription updates, and important health information
  • Payment processing: To process payments for our services
  • Service improvement: To improve our platform and services (using anonymised data)
  • Safety: To ensure patient safety and identify potential drug interactions or contraindications

5. Legal Basis for Processing

We process your data based on:

  • Contract: Processing necessary to provide our healthcare services
  • Legal obligation: Compliance with healthcare regulations and medical record requirements
  • Vital interests: In emergency situations to protect your health
  • Consent: For marketing communications and optional data uses
  • Legitimate interests: For fraud prevention and service improvement

6. Data Sharing

We may share your information with:

  • Healthcare professionals: GPs, specialists, and pharmacies involved in your care
  • Pharmacies: To fulfil prescriptions (with your consent)
  • Payment processors: Stripe for secure payment processing
  • Regulatory bodies: Irish Medical Council, HIQA, or other authorities as required by law
  • Emergency services: In case of medical emergencies

We will never sell your personal data to third parties.

7. Data Security

We implement robust security measures to protect your data:

  • End-to-end encryption for all data transmission
  • Encrypted storage of all personal and health data
  • Regular security audits and penetration testing
  • Strict access controls and authentication
  • Staff training on data protection
  • GDPR-compliant data processing agreements with all service providers

8. Data Retention

We retain your data for the following periods:

  • Medical records: Minimum 7 years (as required by Irish law), or 8 years for minors after they reach 18
  • Payment records: 6 years for tax purposes
  • Account information: Until you request deletion (subject to legal retention requirements)
  • Marketing consent: Until withdrawn

9. Your Rights

Under GDPR, you have the following rights:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate personal data
  • Right to erasure: Request deletion of your data (subject to legal requirements)
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a portable format
  • Right to object: Object to certain types of processing
  • Right to withdraw consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@getyourgp.ie.

10. Cookies

We use cookies to improve your experience on our website. For detailed information, please see our Cookie Policy.

11. International Transfers

Your data is primarily stored within the European Economic Area (EEA). Where we use service providers outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

12. Children's Privacy

Our services are available to patients of all ages. For patients under 16, parental or guardian consent is required. We take additional care to protect the privacy of minors.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our platform. The date of the last update is shown at the top of this policy.

14. Complaints

If you have concerns about how we handle your data, please contact us first at privacy@getyourgp.ie. You also have the right to lodge a complaint with the Data Protection Commission:

15. Contact Us

For any questions about this Privacy Policy or our data practices, please contact:

GetYourGP Limited

Dublin, Ireland

Email: privacy@getyourgp.ie

General enquiries: support@getyourgp.ie