PRIVACY POLICY
Last Updated: April 2026
1. ABOUT US
This Privacy Notice applies to Link Healthcare Limited with our address at
Address: Unit 1, Westpoint Business Centre, Link Road,
Ballincollig, Cork, Ireland, P31HF29.
Phone: +353 21 201 1752
Email: info@linkhealthcare.ie
We are a team of nurses and clinicians who provide clinically led community based care from home support and nursing care to GP and Diagnostic services in Cork
Link Healthcare strives to provide the highest standard of clinical and homecare services for our patients. We understand that a Healthcare provider is a trusted community based organisation governed by an ethic of privacy and confidentiality.
Our approach is consistent with various relevant national regulations, along with HIQA standards and guidelines and Medical Council Guidelines and the privacy principles of the Data Protection Regulations. It is not possible to undertake clinical care without collecting and processing personal data and data concerning health.
2. CONTACT DETAILS
We have appointed a Data Protection Officer. If you have any questions about this Privacy Notice or the way in which your Personal Data is being used by us, please contact:
The Data Protection Officer:
Email: dpo@linkhealthcare.ie
Telephone: +353 21 201 1752
By Post: Unit 1, Westpoint Business Centre, Link Road,
Ballincollig, Cork, Ireland, P31HF29, Attention DPO
- THE PURPOSE OF THIS PRIVACY NOTICE
This Privacy Notice applies to Personal Data. The definition of Personal Data is as follows:
“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The purpose of this privacy notice is to explain how we collect and use personal data for the provision of our services and the day-to-day running of this healthcare practice.
Please read this Privacy Notice carefully to understand our views and practices regarding the Personal Data we collect, as controllers under the GDPR, and how we will treat it.
3. WHO THIS PRIVACY NOTICE APPLIES TO
This Privacy Notice provides specific information relating to the following individuals whose Personal Data we process:
- Patients (Service users) to whom we provide our services; “Patients”
- Relatives, carers, volunteers and friends who provide various supports to patients using our services and with whom we interact; “Carers”
- business contact data including the HSE, our suppliers, partners, shareholders, investors and business prospects “Business Contacts”;
- users/guests of our Website “Website Users”.
Personal Data of employees of the Company is dealt with in a separate internal Data Protection notice.
4. SOURCES OF PERSONAL DATA
SERVICE USERS PERSONAL DATA
We collect personal data directly:
- When you are referred to Link Healthcare by the HSE or another healthcare provider.
- When you enter into a contractual relationship with Link Healthcare for any of our Healthcare services.
- During the delivery of our services;
- When you book an appointment for a clinic or out-of-hours GP service.
- When you write, email, phone us or otherwise contact us.
- When you visit our offices.
We collect personal data indirectly:
- Via the HSE who has asked us to make contact with an individual for the purpose of providing or exploring the potential to provide Link Healthcare services to that individual.
- Via a referrer who, with consent, has asked us to make contact with an individual for the purpose of entering into, or for taking steps to enter into, a contractual relationship with Link Healthcare.
- Via relatives, carers, volunteers and friends who may contact or share information with Link Healthcare on behalf of a patient.
BUSINESS CONTACT PERSONAL DATA
We collect Business Contact Personal Data from our business contacts including the HSE and other Healthcare Service providers (“HSPs”) , suppliers, partners, shareholders, board members, and business prospects.
We source Business Contact Personal Data in order to serve the business relationship. We will only ever source Personal Data that is necessary and in a way that would be generally expected.
We receive Personal Data about Business Contacts from a variety of sources, as follows:
- the Personal Data is often provided by the Business Contact as part of the business relationship;
- the Personal Data may be collected from public sources like LinkedIn;
- the Personal Data may be collected indirectly from another person within the company of the Business Contact;
- the Personal Data may be collected through our website;
- the Personal Data may be collected indirectly from a website or from a third party.
We will only ever source Personal Data in a way that would be generally expected.
WEB DATA
We may collect Website User Personal Data from all visitors to our website in order to improve our services and develop the Website.
For more details please refer to our Cookie Notice.
5. CATEGORIES OF PERSONAL DATA
We process the following categories of Personal Data. For each category we have included an example of the type of Personal Data that may be part of that category:
| Personal Data Category | Description |
| Identification Data | may include a person’s name, photograph, date of birth, driver’s license and passport information. |
| Contact Data | may include a person’s email address, phone number, postal address, other communication details (e.g. Social Media links) |
| Health Data | May include information about health conditions, information relating to your treatment and care; notes and reports about your health which assist our staff in providing care and treatment to you; results of investigations, such as x-rays and blood tests. |
| Communication Data | may include phone calls, texts, email correspondence and hard copy correspondence. |
| Financial Data | may include Identification Data, Contact Data and payment related information or bank account details and financial data received as part of the services that we provide. |
| Web Data | may include Personal Data provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. |
6. OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA
We process all Personal Data lawfully and in accordance with the requirements of the law. The GDPR sets out the legal grounds for processing Personal Data.
Link Healthcare’s lawful basis for processing personal data of service users is as follows.
CONTRACT
Processing is necessary for the performance of a contract or to take steps to execute a contract with you as the data subject as per Article 6(1)(b) of the GDPR. This would apply to the provision of our Healthcare services
CONSENT
For certain processing activities we may rely on your consent.
Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.
When we look for your consent for any processing activity we will inform you how to withdraw consent. Additionally, you can withdraw consent provided by you at any time by contacting us at dpo@linkhealthcare.ie
LEGITIMATE INTEREST
At times we will need to process your Personal Data to pursue our legitimate business interests, for example for administrative purposes, This would apply to the provision of basic administrative services and the performance of office tasks, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights.
We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.
You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at dpo@linkhealthcare.ie and we will review our processing activities.
LEGAL OBLIGATION
If we have a legal obligation to process Personal Data, such as the payment of taxes, we will process Personal Data on this legal ground.
LEGAL BASIS FOR PROCESSING SPECIAL CATEGORY HEALTH DATA
Special categories of data are defined by the GDPR and include things like racial or ethnic origin, religious or philosophical beliefs, genetic data, biometric data, health data, sex life details and sexual orientation. The processing of special categories of personal data is permitted in circumstances as set out in Article 9 of the GDPR.
We will only process special categories of personal data where it is necessary:
- for the purposes of preventative or occupational medicine,
- for medical diagnosis,
- for the provision of healthcare, treatment or social care,
- for the management of health or social care systems and services, or contract with a health professional pursuant to a contract with the health professional.
Processing is lawful where it is undertaken by or under the responsibility of:
- a health practitioner, or
- a person who, in the circumstances, owes a duty of confidentiality to the data subject that is equivalent to that which would exist if that person were a health practitioner, for example, a homecare assistant.
If the purpose of the processing of special category health data is for a reason other than the reasons outlined above, we will seek explicit consent to process your sensitive personal data (referred to as special categories of data under the GDPR).
7. OUR PROCESSING ACTIVITIES
We use your Personal Data to provide you with our services and to assist us in the operation of our Healthcare services. Under data protection law, we must ensure that the purpose of processing is clear.
We have set out below the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing.
| Purpose of Processing | Categories of Personal Data | Lawful Basis |
Delivering Link Healthcare Homecare Services
| Identification Data Contact Data Communications Data Health Data | Contract Legitimate Interest For the purposes of preventative or occupational medicine (9.1.h) |
Delivering Link Healthcare Clinical and Diagnostic Services
| Identification Data Contact Data Communications Data Health Data | Contract Legitimate Interest For the purposes of preventative or occupational medicine (9.1.h) |
To maintain and develop our services to the highest standard
| Identification Data Contact Data Communications Data Health Data | Legal Obligation Legitimate Interest For the purposes of preventative or occupational medicine (9.1.h) |
Online booking
| Identification Data Contact Data Communications Data | Contract |
Website Delivery
| Identification Data Contact Data Communications Data Health Data | Contract Legitimate Interest For the purposes of preventative or occupational medicine (9.1.h) |
Administration of Patient Relationship
| Identification Data Contact Data Communications Data Health Data | Contract Legitimate Interest For the purposes of preventative or occupational medicine (9.1.h) |
Management and Administration of our business
| Identification Data Contact Data Communication Data Financial Data | Contract Legitimate Interest Legal Obligation |
8. DISCLOSURE OF PERSONAL DATA
In certain circumstances, we may disclose Personal Data to third parties as follows:
- We may need to pass some of this information to other health and social care professionals in order to provide you with the treatment and services you need. Only the relevant part of your record will be released. These other professionals are also legally bound to treat your information with the same duty of care and confidentiality that we do.
- Disclosure of information to Employers, Insurance Companies and Solicitors. In general, work-related Medical Certificates from your GP and/or from our out of hours GP Service will only provide confirmation that you are unfit for work, with an indication of when you will be fit to resume work. Where it is considered necessary to provide additional information, we will discuss that with you. However, Department of Social Protection sickness certificates for work must include the medical reason you are unfit to work
- In the case of disclosures to insurance companies or requests made by solicitors for your records, we will only release the information with your signed consent.
- to the HSE (or any health authority);
- to business partners and subcontractors for the performance of any contract relating to our services, including email, Communication Platforms, Customer Relationship Management system, web developers, payment processors, data aggregators, hosting service providers, external consultants, auditors, IT consultants and lawyers;
- if we or substantially all of our company is merged with another company or acquired by a third party, in which case Personal Data held by us will be one of the transferred assets;
- if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation (including tax, audit or other authorities), or in order to enforce or apply any contracts that we have;
- to protect our rights, property, or safety, or that of our Service Users or Business Contacts or others. This may include exchanging Personal Data with other companies and organisations for the purpose of fraud protection. When we engage another organisation to perform services for us, we may provide them with information including Personal Data, in connection with the performance of those functions. We do not allow third parties to use Personal Data except for the purpose of providing these services.
9. SECURITY MEASURES
We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Privacy Notice and the relevant law, including the GDPR.
In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.
We monitor for and do everything we can to prevent security breaches of the Personal Data that we process.
Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.
We also use secure connections to protect Personal Data during its transmission.
If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.
10. TRANSFERS OUTSIDE THE EEA
In order to provide our products and services we may need to transfer Personal Data outside the European Economic Area (EEA). We ensure that any transfer of Personal Data outside the EEA is undertaken using legally compliant transfer mechanisms and in accordance with the GDPR.
If we transfer Personal Data outside of the EEA, we generally rely on the Standard Contractual Clauses under Article 46.2 of the GDPR adopted by the EU Commission. We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR.
11. RETENTION
In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate business interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.
Further information about our retention practices are set out below:
| Record type | Retention period |
| GP medical record (adult) | 8 years after last contact |
| Community care clinical notes (nursing, wound care, physio, OT, etc.) | 8 years after last episode of care |
| Referrals, care plans, treatment notes | 8 years after closure |
| Any clinical record relating to a child | Until 25th birthday (or 26th if aged 17 at last contact) |
| Xray images & reports (adults) | 8 years after last attendance |
| Imaging referrals & justifications | 8 years |
| Xray images & reports (children) | Until 25th birthday (or 26th if aged 17 at last contact) |
| Wound assessments, photos, progress notes | 8 years after care ends |
| Dressing logs & treatment plans | 8 years |
| Outcome/discharge summaries | 8 years |
| Appointment schedules | 2 years |
| Billing / claims (healthcare) | 6 years (Revenue requirement) |
| Complaints (clinical) | 8 years after closure |
| Incident reports (patient safety) | 10 years (risk & claims defence) |
In certain cases, we may retain Personal Data for longer than specified here if required under relevant laws or in the event of any legal claim.
YOUR RIGHTS
You have various rights relating to how your Personal Data is used.
Right of access to the Personal Data we hold on you
You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.
We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.
We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.
Right of rectification of Personal Data
You should let us know if there is something inaccurate in your Personal Data.
We may not always be able to change or remove that Personal Data, but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
Right of erasure of Personal Data (right to be forgotten)
In some circumstances you can ask for your Personal Data to be deleted, for example, where:
- your Personal Data is no longer needed for the reason that it was collected in the first place
- you have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
- there is no lawful basis for the use of your Personal Data
- deleting the Personal Data is a legal requirement
Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.
Please note that we can’t delete your Personal Data where:
- we are required to have it by law
- it is used for freedom of expression
- it is used for public health purposes
- it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing
- it is necessary for legal claims.
Right to restrict what we use your Personal Data for
You have the right to ask us to restrict what we use your Personal Data for where:
- you have identified inaccurate Personal Data, and have told us of it
- where we have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase the Personal Data altogether
When Personal Data is restricted it can’t be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it’s for important public interests.
Right to have your Personal Data moved to another provider (data portability)
You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
This right only applies if we’re using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.
Right to object
You have the right to object to processing of your Personal Data which is based on public interest or legitimate interest processing. We will no longer process the Personal Data unless we can demonstrate a compelling ground for the processing.
Right not to be subject to automated decision-making
You have the right not to be subject to a decision based solely on automated processing. This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent or the processing is authorised by law.
You can make a complaint
You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.
Contact Details for the relevant Supervisory Authorities are set out below for your information:
Data Protection Commission
Online Form: https://forms.dataprotection.ie/contact
Address: 6 Pembroke Row, Dublin 2, D02 X963,
Tel: +353 578 684 800 or +353 761 104 800
12. AMENDMENTS TO THIS PRIVACY NOTICE
We will post any changes on the Website and when doing so will change the effective date at the top of this Privacy Notice. Please make sure to check the date when you use our services to see if there have been any changes since you last used those services.
In some cases, we may provide you with additional notice of changes to this Privacy Notice, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.
Thank you for reading our Privacy Notice. Please Contact Us if you have any questions. If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached