Privacy Notice

Who are we?

We are Saint John of God Hospital CLG with an address at Granada, Stillorgan Road, Stillorgan, Co. Dublin. We are part of the Saint John of God Hospitaller Ministries Group, which has its headquarters in Rome.

Saint John of God Hospital CLG is the legal agency which determines the purposes and means of the processing of personal data for both Saint John of God Hospital and St Joseph’s Shankill.

Saint John of God Hospital provides mental health services to public and private patients in Ireland.

Saint Joseph’s Shankill provides person centred care to our residents with dementia specific needs.

We take your privacy seriously. This notice sets out the basis on which any personal data we collect from you, or from others, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

For the purpose of the General Data Protection Regulation (the GDPR) the data controller is Saint John of God Hospital CLG (Saint John of God).

Our Data Protection Officer (DPO) is:
Mr. Joe Kelly, Saint John of God Hospital CLG, Stillorgan, Co Dublin
Tel +353 1 2771513-

What Personal Information do we Collect from you?

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity of the individual has been removed (anonymous data).

“Special categories” refers to more sensitive personal data which require a higher level of protection. This sensitive data can only be processed under strict conditions, including a condition requiring the express permission of the person concerned.

All patient personal data is gathered by Saint John of God from many sources including that you may give us your personal at the point of admission or when you present to the hospital.
The personal information may be provided by the referring GP, another hospital or your consultant.

The type of information we collect includes:

• your name;
• address;
• date of birth;
• contact details of parents/guardians/next of kin;
• marital status;
• photograph;
• medical card number;
• PPS number;
• GP name and contact details;
• community pharmacy name and contact details;
• family support service provision;
• education;
• multidisciplinary team appointments and
• CCTV footage.

We may also collect the following Special Categories of Personal Data:

• Information relating to your mental health including diagnosis information; medication details; medical records; services provided by us; admission/discharge to Saint. John of God Hospital and other services; laboratory tests and results; clinical consultation recordings; current/future residential/day service provision and history; multidisciplinary team reports;
• In some circumstances, patients may disclose health data relating to their relatives;
• Information relating to your religious beliefs; and
• Details of your sexual orientation where you inform us of same in the course of providing healthcare services.
• Interacting with us when you are a next of kin of one of our patients. The type of information we may collect includes your name; phone number; address and email address.
• Visiting one of our patients at our hospital or any of our facilities.
• The type of information we may collect includes your name; the patient you are visiting and CCTV footage.
• Opting to receive information in relation to our organisation or our services by signing up at a fundraising event or where we listed our services in the Irish Medical Directory.
• Corresponding with us by phone, e-mail or otherwise. We ask you to disclose only as much information as is necessary to provide you with services or to submit a question/suggestion/comment in relation to our site or our services.
• Applying to work with us. The type of information you may provide in your CV, a cover letter, your name, address, e-mail address and phone number. CVs should include information relevant to your employment history and education (degrees obtained, places worked, positions held, relevant awards, and so forth).
• We ask that you do not disclose sensitive personal information (e.g. gender, height, weight, medical information, religion, philosophical or political beliefs, and financial data) in your application.
• Supplying us with products or services. Suppliers provide us with information which may include a contact name; email address; business address; telephone number and billing payment details.

What information about your do we obtain from others?

When you use our healthcare services, we may obtain the following categories of personal data from others:

  • name;
  • address;
  • date of birth;
  • phone number;
  • gender;
  • medical records;
  • reasons for referral;
  • medical/psychiatric history;
  • medications/treatment received to date and
  • next of kin details
Where did we get this information?

We obtain this information from:

  • Other hospitals and service providers (where you are being referred to us from another hospital or service provider)
  • Your referring GP and/or
  • Your family members/next of kin
Why do we collect this information?

We collect the information in order to provide you with our services, to market our services to you, to improve our website and to recruit staff.

We will use this information:

  • To provide you with healthcare services;
  • To communicate with you as part of our relationship with you or as per our contract with you;
  • To set your company up as a supplier on our systems;
  • To liaise with you about projects that we are undertaking with you;
  • To create a candidate profile for you if you are a prospective employee;
  • To administer and improve our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

For further information please see our Cookie Policy

  • As part of our efforts to keep our site safe and secure;
  • To deliver information about our services, where you have subscribed or consented to receiving same;
  • To carry out fundraising and marketing activity where you have consented to this;
  • To make suggestions and recommendations to you and other users of our website about services that may interest you or them;
  • To carry out clinical audits;
  • To ensure payment of our invoices;
  • To comply with applicable laws and regulations;
  • We use anonymised personal data for clinical audit purposes
  • We carry out patient satisfaction and experience surveys.

The legal bases for the processing of your data are:

  • The processing is necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract;
  • Where you have provided consent for the processing for one of more specified purposes, such as marketing, for example, when you opt-in to receiving this information;
  • The processing is necessary for compliance with a legal obligation to which we are subject;
  • The processing is necessary in order to protect the vital interests of you or of another natural person;
  • The processing is necessary for the purposes of the legitimate interests which we pursue prior to contract (for example, in providing you with information about our services) and post contract (for further details, see the section entitled ‘Who Do We Share This Information With?’) where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information.

The legal bases for the processing of your Special Categories of Personal Data are:

  • The processing is necessary for the provision of health care or treatment and for the purposes of medical diagnosis;
  • In some circumstances, where the processing is necessary for reasons of public interest in the area of public health;
  • The processing is necessary in order to protect your vital interests or that of another person where you are physically or legally incapable of giving consent;
  • If processing is necessary for the establishment, exercise or defence of legal claims or to comply with a legal obligation arising from substantial public interest.
With whom do we share this information?

We may share your personal data with our selected business associates/ suppliers and contractors to provide you with our services (data processors). For example, these business partners may include our web hosting provider, archive/shredding companies and our IT service providers.

In addition, we may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • If we or substantially all of our assets are acquired by a third party, in which case information held by us about our customers will be one of the transferred assets;
  • If we are under a duty to disclose or share your information in order to comply with any legal obligation e.g. to Mental Health Commission, HIQA, the Revenue Commissioners or in order to enforce or apply our terms of use and other agreements; or to protect our rights, property, or safety, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
  • As part of a project with other companies in the Saint John of God Hospitaller Ministries Group. We have devised a Schedule 1 which is a list of all entities with whom your personal data may be shared which can be obtained from the DPO, Mr Joe Kelly, Saint John of God Hospital CLG, Stillorgan, Co Dublin. Tel +353 1 2771513-
How long do we keep hold of your information?

The time periods for which we retain your information depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.

We have a Policy and Schedule in relation to the Retention of Records

For further information on the periods for which your personal data is kept, please see our data retention policy which can be accessed from the DPO, Mr Joe Kelly, Saint John of God Hospital CLG, Stillorgan, Co Dublin. Tel +353 1 2771513-

Do we transfer your information outside of the European Union or European Economic Area?


Do we use automated decision-making and profiling?


What are your rights with respect to your personal data?

You have the following rights:

  • The right to access the personal data we hold about you.
  • The right to require us to rectify any inaccurate personal data about you without undue delay.
  • The right to have us erase any personal data we hold about you in circumstances such as where it is no longer necessary for us to hold the personal data or, in some circumstances, if you have withdrawn your consent to the processing.
  • The right to object to us processing personal data about you such as processing for profiling or direct marketing.
  • The right to ask us to provide your personal data to you in a portable format or, where technically feasible, for us to port that personal data to another provider provided it does not result in a disclosure of personal data relating to other people.
  • The right to request a restriction of the processing of your personal data.

Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.

You may exercise any of the above rights by contacting the DPO- Mr. Joe Kelly, Saint John of God Hospital CLG, Stillorgan, Co Dublin – Tel +353 1 2771513-

You may lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission. The website is


What will happen if we change our privacy notice

This notice may change from time to time, and any changes will be posted on our site and will be effective when posted. Please review this notice each time you use our site or our services. This notice was last updated on 8 May 2018.

How can you contact us?

Our Data Protection Officer is : Mr. Joe Kelly,

Address: Saint John of God Hospital CLG, Stillorgan, Co Dublin –

By phone: +353 1 2771513

Or by email: