Privacy Policy

1. Who We Are

Naas Cardiology & Endocrinology Clinic is a private specialist medical clinic located at Suite 5, Vista Primary Care Clinic, Ballymore Road, Naas, Co. Kildare, W91 E6H2. We provide consultant specialist services in cardiology, endocrinology, diabetes, and obesity medicine.

We are the data controller for personal data collected through this website. Our consultants are registered with the Medical Council of Ireland and operate within Irish healthcare law.

2. What Data We Collect

Appointment Enquiry Form

When you submit an appointment request through our website, we collect:

• Full name
• Email address
• Phone number
• Date of birth (optional)
• Reason for referral / clinical concern (free text)
• GP practice information (if provided)
• Consent confirmation (required checkbox)

Technical / Automatic Data

When you visit our website, certain technical data may be automatically collected through cookies and similar technologies. See Section 7 (Cookies) for details.

Data We Do Not Collect

We do not collect payment card data through this website. We do not offer telemedicine, remote diagnosis, or online prescription services.

Patients are asked not to include urgent symptoms, detailed medical history, test results, images, or highly sensitive clinical information in the website enquiry form. GP referral letters and patient-identifiable clinical correspondence should be sent securely via Healthmail where appropriate.

3. Legal Basis for Processing

Under Article 6 of the GDPR, we process your personal data on the following lawful bases:

• Consent (Art. 6(1)(a)): You provide explicit consent when submitting the appointment enquiry form by ticking the consent checkbox.
• Legitimate interests (Art. 6(1)(f)): General clinic operations, responding to enquiries, and maintaining appointment records in the ordinary course of operating a regulated medical practice.
• Legal obligation (Art. 6(1)(c)): Retaining clinical records as required by Irish healthcare law and HSE guidelines.

Where we process special category data (health information), we rely on Article 9(2)(h) GDPR — processing necessary for the purposes of healthcare provision — and your explicit consent under Article 9(2)(a).

4. How We Use Your Data

• To respond to your appointment enquiry and arrange a consultation
• To communicate with your referring GP (with your knowledge)
• To maintain clinical records as required by Irish healthcare regulation
• To comply with our legal and regulatory obligations as a registered medical practice
• To analyse anonymous, aggregated website usage data to improve our services (analytics cookies, with consent only)

We do not use your data for marketing purposes. We do not sell your data to third parties.

5. Data Retention

• Clinical / patient records: Retained for a minimum of 7 years from last consultation, in line with Irish healthcare guidelines (HSE / Medical Council of Ireland requirements). Records for children may be retained until age 25.
• Appointment enquiry data (non-clinical): Retained for 2 years from the date of submission, after which it is securely deleted.
• Analytics data (if consent given): Retained per Google Analytics default settings (up to 14 months for aggregated data).

Clinical and patient records are retained in line with applicable Irish healthcare, medico-legal, professional indemnity and Medical Council guidance. In general, adult clinical records may be retained for at least 7 years after the last patient contact. Records relating to children or young people may be retained for longer where required.

6. Data Sharing and Third Parties

We may share your data with the following third parties, only as necessary:

Formspree (Form Processing)

Appointment enquiry forms are processed via Formspree, Inc., a US-based service. Formspree processes form submissions on our behalf and transmits them to our email. Formspree is subject to standard contractual clauses for international data transfers. See Formspree Privacy Policy.

Google Maps

We embed a Google Maps iframe to display our clinic location. When you interact with the map, Google may collect data per its own privacy policy. We do not share personal data with Google Maps. See Google Privacy Policy.

Google Fonts

We load fonts from Google Fonts, which may log your IP address as a technical request. No personal data is shared with Google Fonts for profiling purposes. See Google Fonts Privacy FAQ.

Google Analytics (Consent-Based)

We use Google Analytics 4 to understand how visitors use our website. This service is only activated if you accept analytics cookies via our cookie consent banner. Google Analytics may transfer data to the United States under standard contractual clauses. See Google Analytics privacy information.

Referring GPs

With your knowledge, we may communicate clinical information with your referring GP as part of normal clinical practice. This is done within the framework of Irish healthcare law.

We do not share your data with any other third parties for commercial or marketing purposes.

7. Cookies

Essential Cookies

These cookies are necessary for the website to function. They do not collect personal data and cannot be disabled.

• cookieConsent — Records your cookie consent choice. Stored in localStorage. Reviewed every 6 months.
• Session cookies — Standard browser session management. Expire when you close your browser.

Analytics Cookies (Consent Required)

If you accept analytics cookies, Google Analytics 4 sets the following cookies:

• _ga — Distinguishes users. Expires after 2 years.
• _ga_[ID] — Maintains session state. Expires after 2 years.

You can withdraw consent at any time by clearing your browser's localStorage (key: cookieConsent) and refreshing the page. The cookie consent banner will reappear.

You can also opt out of Google Analytics tracking using the Google Analytics Opt-out Browser Add-on.

Our cookie consent banner is re-presented every 6 months, as recommended by the Irish Data Protection Commission.

Third-Party Embeds

Google Maps (embedded iframe) and Google Fonts may set their own cookies. These are technical/functional and are not used to track individuals across websites for advertising.

8. Your Rights Under GDPR

As a data subject under the GDPR and the Irish Data Protection Act 2018, you have the following rights:

• Right of access (Art. 15): You may request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You may request correction of inaccurate personal data.
• Right to erasure (Art. 17): You may request deletion of your personal data, subject to our legal retention obligations.
• Right to restriction of processing (Art. 18): You may request that we restrict how we process your data in certain circumstances.
• Right to data portability (Art. 20): You may request your personal data in a structured, machine-readable format.
• Right to object (Art. 21): You may object to processing based on legitimate interests.
• Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at Syed.Kazmi@healthmail.ie or 089 656 7597. We will respond within one calendar month as required by GDPR.

9. Complaints

If you have a concern about how we handle your personal data, please contact us first at Syed.Kazmi@healthmail.ie and we will aim to resolve it promptly.

You also have the right to lodge a complaint with the Irish supervisory authority:

10. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Form submissions are transmitted via HTTPS and processed through reputable third-party services subject to their own security standards.

Clinical records are handled in compliance with the Medical Council of Ireland's Guide to Professional Conduct and Ethics.

11. International Transfers

Some of our service providers (Formspree, Google) are based in the United States. Data transferred to the US is protected by Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent safeguards. We do not transfer data to countries without adequate data protection frameworks without appropriate safeguards.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the website after any changes constitutes acceptance of the revised policy.

13. Contact Us

For any questions about this Privacy Policy or your personal data:

• Email: Syed.Kazmi@healthmail.ie
• Phone: 089 656 7597
• Address: Suite 5, Vista Primary Care Clinic, Ballymore Road, Naas, Co. Kildare, W91 E6H2