Contact us

Privacy Policy

Data Protection and Privacy Policy, Beacon Consultants Sleep Health Clinic, Sandyford, Dublin 18

  1. Introduction
    Beacon Consultants Sleep Health Clinic is committed to protecting your personal and health information in accordance with:
    General Data Protection Regulation (GDPR)
    Data Protection Act 2018 (Ireland)
    Medical Council and professional ethical standards

    This policy explains how we collect, use, store, and protect your personal and health data.

  2. Personal Data We Collect
    We collect the personal data necessary to provide you with clinical care, diagnostic services, and treatment. This includes:
    Personal identifiers: name, address, phone number(s), email address, date of birth, emergency contact, and identification documents if needed.
    Health information: sleep history, medical and medication history, diagnostic test results (e.g., polysomnography, home sleep studies), or other therapy records, correspondence with other healthcare providers.

    Administrative information: appointment records, insurance details, forms completed on your behalf. Sleep health data is considered special category personal data under GDPR.

  3. Who May Access Your Data
    Your personal and health information may be accessed by:
    Our clinical staff directly involved in your care
    Referring doctors or consultants to whom you are referred
    Contractors or service providers assisting with IT, system administration, or diagnostics
    Suppliers providing therapy equipment
    Regulatory or government bodies as required by law
    All third parties are required to maintain GDPR-level security and confidentiality.

  4. Lawful Basis and Purpose of Processing
    We process your data for the primary purpose of providing safe and effective sleep health care.
    Lawful basis: Article 6(1)(b) GDPR – necessary for the provision of healthcare
    Special category data: Article 9(2)(h) GDPR – necessary for medical purposes If required data is not provided, it may prevent us from providing care or fulfilling legal obligations. In such cases, we will notify you.

  5. How We Use Your Data
    Your data is used for:
    Maintaining accurate medical records
    Communicating regarding appointments, treatment plans, or follow-up care
    Referring to other healthcare professionals or facilities when clinically necessary
    Completing forms for insurers or authorised third parties
    Compliance with legal obligations or emergency situations
    We will never use your data for marketing purposes without explicit consent.

  6. Data Storage and Security
    Electronic records are stored on encrypted, access-controlled servers on-site.
    Paper records are stored in locked filing cabinets with access limited to authorised staff.
    Access logs and audit trails are maintained for electronic systems.
    Measures include password protection, firewalls and physical security.
    Data breaches: Any breach will be handled according to GDPR, including notification to the Data Protection Commission if required.

  7. Cross-Border Data Transfers
    If personal data is processed or stored outside the European Economic Area (EEA), we will
    ensure:
    The receiving party provides GDPR-compliant protections

    Data is transferred under legally recognised safeguards, or explicit patient consent is obtained
    You can withdraw consent for such transfers at any time


  1. Retention of Data
    We retain records according to clinical and legal requirements:
    Adult patient records: 8 years after the last clinical encounter
    Minor patient records: until age 25 or 8 years after last treatment, whichever is longer
    Records no longer required will be securely destroyed: electronic files permanently deleted, paper files shredded

  2. Your Rights
    Under GDPR, you have the right to:
    Access your personal and health data
    Correct inaccurate or incomplete information
    Request deletion, subject to clinical or legal retention requirements
    Restrict processing of your data
    Data portability – receive your data in a structured, machine-readable format
    Withdraw consent at any time without affecting lawful processing before withdrawal
    Complain to the Data Protection Commission if your rights are not upheld
    Requests can be made by contacting the clinic’s Data Protection Officer (DPO).

  3. Website and Digital Services
    Personal data provided via our website (e.g., online bookings, contact forms) is used only for the purpose it was submitted.
    Temporary cookies may be used to improve functionality; they do not identify individuals.
    Third-party links may collect data; we are not responsible for external websites’ privacy practices.
    We take reasonable technical measures to protect digital data but cannot guarantee security during transmission.

  4. Contact Information
    Data Protection Officer: Richard Buckley
    Beacon Consultants Sleep Health Clinic
    Sandyford, Dublin 18
    Email: info@beaconshc.ie
    Phone: 01 255-4400
    Questions, access requests, or complaints can be directed to the DPO or to the Office of the Data
    Protection Commission (www.dataprotection.ie).