top of page

Thank you — here is the fully updated and robust privacy policy for Charlestown Family Health Practice, now integrating Essendex, Helix Practice Manager, and Socrates, all via Clanwilliam Health. It reflects your operational reality, consent approach, and the use of patient-identifiable information in communication — while maintaining GDPR defensibility.

Charlestown Family Health Practice – Privacy Policy

Effective: 19 October 2025
Version: 3.0
(Supersedes Version 2.2 – archived version log available on request)

 

Introduction

Charlestown Family Health Practice (“the Practice”, “we”, “us”) is committed to safeguarding your personal data in line with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

This Privacy Policy explains:

  • What personal data we collect

  • How we use and protect it

  • With whom we share it

  • Your legal rights

  • How to contact us

 Who This Policy Covers

This policy applies to all patients, service users, visitors to our website, and any individuals whose personal data we process during the course of delivering healthcare and support services.

 

Who We Are

Data Controller:
Charlestown Family Health Practice
Ballagh Street, Charlestown, Co. Mayo, F12 D620
📞 094 925 4384
📧 Email: receptioncharlestownfhp@connachtmedical.com
Lead for Data Protection: Dr. Conor Kenny

 

Legal Basis for Processing

We process personal data on the following lawful grounds:

  • Provision of direct healthcare: Article 6(1)(e) and Article 9(2)(h) GDPR

  • Compliance with legal obligations: Record-keeping, public health requirements

  • Consent: For certain communications or optional services

  • Legitimate interests: For internal audit, staff training, and operational safety

We only process your data for the specific purpose for which it was collected unless legally required or explicitly permitted otherwise.

 

What Data We Collect

Depending on your interaction with us, we may collect:

  • Identification: Name, address, PPS number, DOB, phone, email

  • Medical records: Consultation notes, diagnostic results, medications, referrals

  • Administrative data: Appointments, communications, billing

  • Special category data: Health status, family history, mental health notes

  • Website interaction: Contact forms, messages, anonymised analytics

 

How We Share Your Data

We share your personal data strictly on a need-to-know basis, using secure methods, and only for the delivery of safe and effective care. Typical data sharing includes:

  • HSE and public hospitals – for referrals and diagnostics

  • Laboratories – for bloods, swabs, and investigations

  • Specialists – when coordinating your care

  • Approved GP registrars and trainees – under direct supervision

  • External auditors – in anonymised or pseudonymised form

  • Medical defence or legal advisors – if required for indemnity or legal matters (e.g. Medisec MedPro)

We do not share data with employers, insurers, or third parties without your informed and written consent, unless required by law.

 

How We Communicate With You

We use Essendex, a GDPR-compliant SMS platform provided by Clanwilliam Health, integrated with Socrates and Helix Practice Manager, to communicate with patients securely.

We send:

  • Appointment reminders

  • Test result updates

  • Vaccination campaign notices (e.g. flu, COVID)

  • Other direct health-related updates

Messages may contain identifiers such as your name and appointment details (e.g. “Dear Jim Smith, your appointment with Dr. Kenny is at 10:30am tomorrow”).

We are rolling out an updated SMS consent system, and all patients may update or withdraw their preferences by emailing or contacting reception at any time.

 

International Data Transfers

Where possible, your data is stored within the European Economic Area (EEA). However, limited transfers outside the EEA may occur due to use of international providers (e.g. Microsoft or cloud-based services). These are protected by:

  • Standard Contractual Clauses (SCCs)

  • Robust encryption and access controls

  • Formal Data Processing Agreements (DPAs)

 

Data Retention Periods

We comply with HSE and Medical Council retention standards:

Data TypeRetention Time

Clinical records8 years from last contact or death

Records for minorsUntil age 25 or 8 years after last contact (whichever is later)

Website submissionsTransferred securely to clinical system, then retained under clinical record rules

Voicemail & phone messages12 months (unless clinically required)

Analytics (Wix, Google)Anonymised, stored per default vendor retention

 

Data Processors

We work only with processors who meet GDPR standards and operate under signed Data Processing Agreements (DPAs). These processors cannot use your data for any other purpose.

ProcessorPurposeSecurity Standards

Essendex (Clanwilliam Health)SMS messagingDPA signed, integrated with Helix & Socrates

Helix Practice ManagerPatient records, appointments, billingISO 27001, local access control, Clanwilliam DPA

Socrates (Clanwilliam Health)Clinical notes and prescribingISO 27001, secured servers

Microsoft IrelandForms, email, cloud backupsISO 27001, EU-hosted, SCCs where applicable

NUACOMPhone and voicemail serviceISO 27001, EU-hosted

Heidi AIClinical dictation (opt-in only)ISO 27001, HIPAA, explicit consent required

Wix.comWebsite hostingISO 27001, anonymous analytics only

Google LLCAnalytics (optional, anonymised)SCCs, anonymised data only

 

Third-Party Websites

Our website may link to external sites (e.g. referral forms, hospitals). We are not responsible for their privacy practices. Please consult their privacy policies directly.

 

Your GDPR Rights

You have the following rights under GDPR:

  • Access your personal data (Art. 15)

  • Rectify incorrect or incomplete data (Art. 16)

  • Erasure (“right to be forgotten”) in certain cases (Art. 17)

  • Restrict or object to processing (Art. 18, 21)

  • Portability to another provider (Art. 20)

  • Withdraw consent at any time (Art. 7)

  • Lodge a complaint with the Data Protection Commission

Requests can be made by contacting our practice directly. All valid requests are acknowledged within 5 working days.

 

Updates & Versioning

We update this privacy policy when:

  • Legislation changes

  • We adopt new technologies or partners

  • There are changes to data processing practices

Current version: 3.0 (Effective 19 October 2025)
Next review: October 2026
Archived versions: Available upon request

​

Contact Us

Practice Contact
Dr. Conor Kenny
Charlestown Family Health Practice
Ballagh Street, Charlestown, Co. Mayo, F12 D620
094 925 4384
receptioncharlestownfhp@connachtmedical.com

Regulator Contact
Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28
www.dataprotection.ie
01 765 0100 / 1800 437 737

 

​

​

​

​

 

 

 

 

 

 

 

 

​

Website privacy statement

Charlestown Family Health Practice

Practice Name: Charlestown Family Health Practice
Practice Address: Ballagh Street, Lavy Beg, Charlestown, Co. Mayo, F12 D620, Ireland
Practice Phone Number: 094 925 4384
Data Controller: Dr. Conor Kenny
Lead for Data Protection: Dr. Conor Kenny

The formal appointment of a Data Protection Officer is not legally required under Article 37 of the General Data Protection Regulation (GDPR). However, Dr. Conor Kenny acts as the internal lead responsible for overseeing data protection compliance within the practice, including all online data collection and digital services.

Our Commitment to Website Data Protection

At Charlestown Family Health Practice, we are committed to protecting your privacy and ensuring that personal data collected through our website is processed in a secure, transparent, and lawful manner. This Website Privacy Statement outlines how we collect, use, disclose, and protect your personal data when you interact with our website, in accordance with:

  • The General Data Protection Regulation (GDPR) (EU 2016/679)

  • The Data Protection Acts 1988–2018 (Ireland)

  • Guidance from the Irish College of General Practitioners (ICGP)

  • The Medical Council’s Guide to Professional Conduct and Ethics

Scope of This Statement

This statement applies exclusively to data collected through the website https://www.charlestownmayofamilyhealthpractice.com, including data submitted via online forms, cookies, and analytics.

Lawful Basis for Processing Website Data

We process website-related personal data under the following legal bases:

  • Article 6(1)(e) – Processing is necessary for the performance of a task carried out in the public interest, namely public healthcare.

  • Article 6(1)(a) – Where we seek and obtain your consent for specific uses, such as form submissions or optional feedback.

  • Article 9(2)(h) – Processing of special categories of personal data (i.e. health-related information) for the purposes of medical diagnosis and care.

  • Article 6(1)(f) – For legitimate interests, such as maintaining website security or improving the functionality of our digital services.

Consent, when used (e.g. for non-clinical communications or optional forms), will be freely given, informed, specific, and unambiguous. It may be withdrawn at any time by contacting the practice.

What We Collect Through the Website

1. Anonymous Browsing Data

When you visit our website, we may collect technical and statistical information about your visit, such as:

  • IP address

  • Device type

  • Browser type

  • Referring URL

  • Time and duration of visit

  • Pages accessed

This data is collected using:

  • Wix Analytics (the built-in analytics platform of our web host)

  • Google Analytics (if enabled)

This data does not identify you personally and is used to understand traffic patterns and improve website performance.

2. Personal Data via Online Forms

We use Microsoft Forms to collect personal data through embedded or linked forms on our website. The forms may request information such as:

  • Your name

  • Date of birth

  • Contact details (email, phone number)

  • Administrative or clinical information relevant to your care

  • Consent preferences

Form submissions are securely stored in our Microsoft 365 Business account and accessed only by authorised administrative staff. A copy is also securely transferred into your clinical file in Helix Practice Manager, our clinical management system.

Data Processors

Charlestown Family Health Practice is the Data Controller for all personal data collected via our website. We engage the following Data Processors, who process data on our behalf under GDPR-compliant agreements:

  1. Microsoft Ireland Operations Ltd

    • Processor of form submissions via Microsoft Forms (Microsoft 365).

    • Data is encrypted and stored within EU data centres under contractual safeguards.

  2. Wix.com Ltd

    • Website host and provider of website analytics.

    • Processes only anonymous usage data (does not process medical or identifiable personal data).

  3. Google LLC (Google Analytics)

    • Optional processor of anonymised usage statistics.

    • Data is aggregated for performance analytics.

All processors are contractually prohibited from using data for their own purposes and are subject to appropriate technical and organisational security measures.

Use of Cookies

Our website uses cookies to support site functionality and improve the user experience. These may include:

  • Essential operational cookies (required for the website to function)

  • Analytical cookies (used for traffic and usage analysis)

We currently do not display a cookie banner. However, you may disable cookies via your browser settings. The site will remain functional, though certain features may not operate optimally.

No identifiable personal or clinical data is collected through cookies.

Data Retention

  • Form submissions: Stored in Microsoft 365 and subsequently in Helix. Retained in line with clinical record retention guidelines (a minimum of eight years from last contact or as legally required).

  • Analytics data: Retained according to Google and Wix default anonymisation and retention policies. This data is not linked to your medical record.

Security of Online Data

While no online transmission is ever 100% secure, we implement best-practice security standards. These include:

  • HTTPS encryption across our site

  • Role-based access to submitted data

  • Secure cloud hosting via Microsoft and Wix with ISO 27001 certification

Once received, personal data is subject to the same strict confidentiality and security protocols as all medical records handled by the practice.

Third-Party Websites

Our website may contain links to external third-party websites (e.g. hospital sites, referral forms, health information resources). We are not responsible for the content or privacy practices of these websites. You are encouraged to review their individual privacy policies before providing any personal data.

Your Rights Under GDPR

If your data is collected through our website, you retain the same rights as with all personal data under GDPR. These include:

  • The right to access your data (Article 15)

  • The right to rectify inaccurate data (Article 16)

  • The right to erasure (“right to be forgotten”) (Article 17)

  • The right to restrict or object to processing (Articles 18 and 21)

  • The right to data portability (Article 20)

  • The right to withdraw consent at any time (Article 7)

  • The right to lodge a complaint with the Data Protection Commission

To exercise these rights, please contact the practice using the details below.

International Data Transfers

All data collected through Microsoft Forms is stored in Microsoft’s European cloud infrastructure. If data is transferred outside the European Economic Area by Microsoft or another processor (e.g. for maintenance or technical operations), it will be protected under the European Commission’s Standard Contractual Clauses or other approved mechanisms in accordance with Chapter V of the GDPR.

Updates to This Statement

This Website Privacy Statement is subject to periodic review to ensure ongoing compliance with data protection law and changes in practice infrastructure.

Any substantial amendments will be published on the practice website.

Date of last revision: 10 October 2025

Contact Information

For any questions or concerns related to this Website Privacy Statement or your data, please contact:

Dr. Conor Kenny
Lead for Data Protection
Charlestown Family Health Practice
Ballagh Street, Lavy Beg, Charlestown, Co. Mayo, F12 D620
Tel: 094 925 4384

Complaints and Oversight

Individuals who have concerns about how their data has been handled may contact:

Data Protection Commission (Ireland)
Website: https://www.dataprotection.ie
Telephone: 01 765 0100 / 1800 437 737
Postal Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28

Alternatively, patients may contact the practice directly to resolve any issues informally.

​

​

​

​

​

Contact

Charlestown Family Health Practice

Ballagh St, Lavy Beg, Charlestown, Co. Mayo, F12 D620

​

Phone: 094 925 43 84 

Out of Hours (WESTDOC): 0818 360 000 

​

Email: receptioncharlestownfhp@connachtmedical.com

Opening Hours

Monday-Friday: 09.30-12.00​ and 14.00-17.00

​

Weekends & Bank Holidays: Closed

Out of Hours (WESTDOC): 0818 360 000 

For Life Threatening Emergencies - Call 999 or 112

Disclaimer

The information provided on this page (including links to external websites) is for general guidance only and is not intended as medical advice. It should not replace consultation with a qualified healthcare professional.

While we aim to ensure the accuracy and relevance of this content, it is reviewed and updated twice yearly. Please be aware that more recent guidance from the HSE or the Department of Health may not yet be reflected here. For the most current national health information, we recommend visiting www.hse.ie.

We strongly encourage all patients to consult directly with their GP or practice nurse regarding any health concerns, vaccinations, or treatment decisions.

💬 We welcome and value your feedback. If you notice any outdated information or have suggestions for how we can improve this resource, please let us know by emailing:

📧 receptioncharlestownFHP@connachtmedical.com

Thank you for helping us keep our information clear, useful, and up to date.

bottom of page