St Patrick’s Mental Health Services Privacy Notice

St Patrick’s Mental Health Services (SPMHS) is an independent, not-for-profit organisation that provides quality mental health care, promotes mental health awareness, and protects the rights and integrity of those suffering from mental illness. SPMHS is regulated by the Mental Health Commission.

St Patrick’s Mental Health Services Privacy Notice

St Patrick’s Mental Health Services Privacy Notice

St Patrick’s Mental Health Services (SPMHS) is an independent, not-for-profit organisation that provides quality mental health care, promotes mental health awareness, and protects the rights and integrity of those suffering from mental illness. SPMHS is regulated by the Mental Health Commission.

All personal data in possession of SPMHS is processed in accordance with the obligations of the European Union General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the Irish Data Protection Act 2018 which gives further effect to the GDPR in Ireland. SPMHS also processes personal data in accordance with the 2011 “e-Privacy Regulations” (S.I. No. 336 of 2011 – the European Communities (Electronic Communications Networks And Services) (Privacy And Electronic Communications) Regulations 2011).

We understand that you are aware of and care about your own personal privacy interests, and we take that very seriously. This Privacy Notice describes SPMHS policies and practices regarding its collection and use of your personal data and sets forth your privacy rights. We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

  • Data Protection Officer

    St. Patrick’s Mental Health Services has appointed an internal Data Protection Officer for you to contact if you have any questions or concerns about our SPMHS personal data protection policies or practices. The SPMHS data protection officer’s name and contact information are; John Woods, St Patrick’s Mental Health Services, James' Street, Dublin 8. Phone: +353 1 2493216. Email:

  • Purpose of Privacy Notice

    This privacy notice is a statement of St Patrick’s Mental Health Services commitment to protect the rights and privacy of individuals in accordance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018, and other relevant legislation.

  • How SPMHS Collect and Use (Process) Your Personal Information

    1. Provision of Quality Mental Health Care to our Service Users

    Personal and sensitive information of our service users is collected by us for the primary purpose of ensuring that service users receive quality mental health treatment whilst under our care. As a service user, we collect information regarding your demographics, health history, family history, lifestyle, cultural or ethnic background and test results to assist in providing mental health care to you.

    This information is collected by means of a GP Referral, on admission to our services, Dean Clinic Electronic Referral, telephone call to our Support & Information Service, phone enquiries to SPMHS Health Professionals or Staff, Prompt Assessment of Mental Health Needs Service telephone call to referred service users from SPMHS referral and assessment staff members.

    Our legal basis for the  above processing in regard to special categories of data (sensitive data) is under GDPR Article 9(2)(h) – Provision & Management of Health and under GDPR Article 6(1)(c) – Legal Obligation for general processing (non-sensitive e.g. demographic information). 

    2. Employees

    If you are employed by St Patrick’s Mental Health Services or if you have applied for a position at one of our facilities, we will collect information about your work history, contact details, referees and any other information that you submit in your job application. We collect similar background information about contractors, vendors, suppliers and health professionals who provide services to St. Patrick’s Mental Health Services and about students and volunteers that attend our facilities. All employees of SPMHS are required to obtain Garda Vetting clearance, and information from pre-employment medical screenings is also collected.

    St Patrick’s Mental Health Service collects, uses and discloses personal information about its staff in order to perform its obligations as an employer and as required by Irish employment law. Our lawful basis for processing of employee personal data by our Human Resources department is based under GDPR Article 6(1)(b) – Contract and under GDPR Article 9(2)(B) - Employment for the processing of sensitive data concerning employee’s. e.g. medical certs. The processing of employee personal data by our finance department for the purpose of payroll is done under the legal basis of GDPR Article 6(1)(c) – legal obligation.

    3. Students, Volunteers and Job Applicants

    We also collect personal information of job applicants, students and volunteers for the primary purpose of assessing their suitability for employment or undertaking work experience or clinical placement or providing other relevant assistance, as the case may be. Other purposes which we may use personal information about those individuals include to contact them, for insurance purposes and to satisfy our legal obligations. Our legal basis for the collection of this data is under GDPR Article 6(1)(b) – Contract.

    4. Health Professionals, Contractors and Suppliers

    St Patrick’s Mental Health Services collects personal information about contractors, suppliers and health professionals that provide services to St. Patrick’s Mental Health Services for the primary purpose of assessing and engaging their services or expertise and for other purposes where legally required. Our lawful basis for this processing is based under GDPR Article 6(1)(b) – Contract.

    5. St Patrick’s Mental Health Services Website

    When you visit our website, we do not attempt to identify you and we do not store your personal information. We will only collect and store your personal information if you choose to provide this to us via an online form or by email, for example through our general enquiry or contacts page. Please refer to our website privacy policy for more detailed information.

    6. Communications

    We will send communications in relation to but not limited to our services & developments, upcoming events, campaigns, education material, service user engagement opportunities, advocacy updates, press releases, etc that is not directly related to our service users direct care. These communications are disseminated via email or post through our various mailing lists that an individual has subscribed. We will always give the subscriber within each communication the option to opt-out of receiving any further communications. Our lawful basis for sending communications to our subscribers is based under GDPR Article 6(1)(a) – Consent.  

    7. Video Management Systems

    SPMHS use Video Management Systems (VMS) commonly referred to as CCTV throughout our organisation for the purpose of maintaining the safety and security of its staff, service users, visitors and other attendees. SPMHS CCTV systems may, but will not always, collect and store personal information. SPMHS will comply with the organisations CCTV policy and the Data Protection Act 2018 in respect of any personal information collected via its CCTV systems. 

    8. Service User IT Support (SUITS)

    The SPMHS SUITS team provide information technology (IT) support to our service users. The SUITS team members will provide IT support to service users who require assistance in registering or logging on to the service user portal. They will also provide IT support to service users who may encounter issues accessing our technology mediated services. The personal data collected by the SUITS team in order to provide this support includes; name, email address, phone number. The service user email address is required for service user access to their portal and video appointments on Microsoft Teams. The phone number is required to contact person in support of their query. The lawful basis for this processing is based under GDPR Article 6(1)(f) - Legitimate Interest.

  • Disclosure

    St Patrick’s Mental Health Services will only use or disclose your personal information for the primary purposes for which it was collected or for directly related secondary purposes which you would reasonably expect (or that we have told you) or as permitted or required by law. If there is any doubt about this expectation, then we will obtain your consent before using or disclosing your personal information for a secondary purpose.
    Personal data can be used or disclosed for some other purpose only where:
    • The individual concerned has given explicit consent to the proposed use or disclosure.
    • When information is to be communicated to other health care professionals involved in your care.
    • For the purposes of medical teaching. 
    • When there is a requirement to report to a statutory agency (e.g. an incident to the Mental Health Commission, a death to the Coroner, an adverse drug reaction to the Irish Medicines Board).
    • The healthcare professional reasonably believes the use or disclosure is necessary to lessen or prevent a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety.
    • Certain communicable diseases are notifiable by statute. Such notifications should preferably be made with the informed consent of the service user. In cases where informed consent is not provided, reporting should be to the relevant authority but should observe the service user’s confidentiality in all other respects.
    • The use or disclosure is required or authorised by law.
    • The information concerns a service user who does not have capacity and is normally a Ward of Court. Once appropriate documentation supporting this has been accepted by the DPO, information can be disclosed to a person responsible for the service user to enable appropriate care or treatment to be provided to the service user once adequate legal documentation supporting this has been accepted.
    • Any disclosure to a third party should be limited to that which is either authorised or required in order to achieve the desired statutory and organisational objective.
    • Personal data can be transferred to an individual or organisation outside the European Union only with your explicit consent. The SPMHS Data Protection Officer will ensure that you fully understand the risks to your data at the time of obtaining your explicit consent to data transfer.
    • Anonymised information, which cannot be traced back to the service user, is used in clinical audits within St Patrick’s Mental Health Services and is sent to other health care agencies such as the Mental Health Commission, the Health Research Board (HRB), Economic and Social Research Institute (ESRI), Irish Medicines Board, and the Coroner’s Office. This information is provided for regulatory, clinical audit and data analysis purposes and is regulated by statute including the Data Protection Acts.
    • Clinical records are sometimes shared with our legal counsel for obtaining legal advice when reviewing clinical records for release to data subjects in response to a data subject access request. Our lawful basis for this processing is made under section 47 of the Data Protection Act 2018. 

  • Responsibility

    Overall responsibility for ensuring compliance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018 rests with St Patrick’s Mental Health Services as the Data Controller. All employees and data processors of St Patrick’s Mental Health Services who separately collect, control or process the content and use of personal data are individually responsible for compliance with the GDPR and Data Protection Act 2018.  

  • Procedures and Guidelines

    St Patrick’s Mental Health Services is firmly committed to ensuring personal privacy and compliance with the Data Protection Act 2018, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.

  • How does SPMHS share and store your information?

    St. Patrick’s Mental Health Services records and maintains a record of your care and treatment, which may be held in manual form and/or in electronic format called an Electronic Health Record (EHR). All information collected and processed by St. Patrick’s Mental Health Services is treated with the strictest confidentiality and only shared with authorised personnel. Click here to view our EHR video and here to access our EHR booklet with answers to FAQ’s.

  • Your Portal

    Your Portal is our service user portal, which aims to empower our service users by giving you online access to record and share your own health-related information and to contribute to your mental health care and treatment planning at St Patrick’s Mental Health Services (SPMHS). Its purpose is to improve the journey of your mental health recovery, both during and after your care and treatment.

    Service users register to access the portal and view key information uploaded to the portal by their care team.  Your Portal is built to keep your information private and very secure. Only you, your care team at SPMHS, and anyone you choose to invite to it – such as a family member or GP - can access your record.

    Your Portal is hosted by Patients Know Best (PKB), which is one of the leading suppliers of personal health records in the United Kingdom and the Netherlands. PKB holds all data in an accredited data centre in the Netherlands, which protects your information behind a secure firewall. Your information is encrypted whether at rest in the portal or being sent to and from the portal. None of your portal information is processed outside of this secure PKB infrastructure.

    Click here to find out more about your portal.

  • Data Subject Rights

    The Data Protection Act 2018 and the GDPR provide certain rights for data subjects. A good explanation of them is available on the website of the Office of the Data Protection Commissioner. You are not obliged to provide personal data to SPMHS, however by not doing so, this may have an impact on the most appropriate services that can be offered to you.

    If you wish to confirm that SPMHS is processing your personal data, or to have access to the personal data SPMHS may have about you, please contact us at View our policy for data subject access requests, which also contains details on your data subject rights.

    You may also request in writing to our data protection officer information about: the purpose of the processing; the categories of personal data concerned; who else outside SPMHS might have received the data from SPMHS; what the source of the information was (if you didn’t provide it directly to SPMHS); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by SPMHS if it is inaccurate. Requests for access and amendment can be made by email, post or fax.

    You may request that SPMHS erase that data or cease processing it, subject to certain exceptions. You may also request that SPMHS cease using your data for direct marketing purposes. When technically feasible, SPMHS will—at your request—provide your personal data to you or transmit it directly to another controller.
    Reasonable access to your personal data will be provided at no cost to SPMHS service users, employee’s and others upon written request made to SPMHS. If access cannot be provided within a reasonable time frame, SPMHS will provide you with an explanation and date when the information will be provided. If for some reason access is denied, SPMHS will provide an explanation as to why access has been denied. Where we allow access, the data protection officer will arrange to give you access to your personal information in the manner you have requested, if it is reasonable or practicable to do so.

  • Data Quality

    St Patrick’s Mental Health Services takes reasonable steps to ensure that the personal information that we collect, and hold is accurate, complete and up-to-date. We maintain and update the personal information we hold as necessary or when you have advised us that your personal information has changed.

  • Protecting Your Data

    We take very seriously our obligations to protect the personal information we hold against interference, misuse, loss and unauthorised access. St. Patrick’s Mental Health Services implements rigorous organisational and technical measures including administrative, physical and technical access restrictions to records containing personal information, with only authorised people able to access records on a need to know basis. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information.

  • Data Retention & Disposal

    When personal information is no longer required, it will be destroyed, deleted or de-identified securely in line with our data retention and destruction policy and accepted document disposal schedules. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact the SPMHS data protection officer.

  • Queries, Concerns, Complaints

    If you have any queries or concerns about your privacy or wish to make a complaint regarding an impingement on your privacy, please contact our Data Protection Officer. Your complaint should be in writing and you should provide sufficient details together with any supporting material regarding your complaint.
    On receipt of your complaint, the data protection officer will take steps to investigate the issue and will notify you of the outcome. We will endeavor to respond to your complaint within a reasonable period. If you are not satisfied with our response, you can contact us to discuss your concerns further or make a complaint to the Office of the Data Protection Commissioner see

  • Privacy Notice Review

    The SPMHS Privacy Notice will be reviewed regularly in light of any legislative or other relevant developments. We reserve the right to change this Privacy Notice from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Statement. 

    We encourage you to regularly review this Privacy Notice to make sure you are aware of any changes and how your information may be used.

    Last Updated

    This Privacy Notice was last amended 30th June, 2020.

Continue to…

Website Privacy Policy