TCP Homecare’s Privacy Statement:

YOUR PERSONAL DATA

Personal data means any information relating to an identified or identifiable living natural person. TCP Homecare at all times will seek to ensure that any and all personal data that is obtained and/or retained in relation to you and your medical history will be treated in the strictest of confidence.

The types of personal data that TCP Homecare may collect, store or process about you in connection with the delivery of our Service is:

  • Contact and other personal data, for example: your name, address, contact details, phone number, email address, date of birth, PPS number, gender, family relationships, and next of kin information.
  • Health data: your medical history and any prescribed medications; and any necessary health and medical information as is necessary and proportionate in the context of our Services including such information as may be gathered during any visit or included in the visit report.
  • Interactions data: if you interact with us, we will record your details of these interactions (meetings, phone calls, emails, hard copy correspondence)
  • Website use and enquiries: when you interact with us using our website, any data that you may provide to us and any automatically collected data such as IP address and type of device. Further details as to how we process your data when you access or use our website are available at:www.tcp.ie

WHERE DO WE RECEIVE YOUR PERSONAL DATA FROM?

We may collect your personal data directly from:

  • Your treating team – your personal data may be provided to us by the healthcare professional/hospital (“referring centre”) when referring you for our Service.
  • Your insurance provider
  • Our interactions directly with you
  • Your use of our website and enquiries when you interact with us using our website.

LOCATION OF YOUR PERSONAL DATA

Your personal data will be held securely in written and/or electronic format at TCP Homecare premises and/or at the premises of our approved electronic hosting provider in Ireland.

TCP HOMECARE, REFERRING CENTRES AND SPONSORS OF THE SERVICES

As outlined in more detail below, TCP Homecare may process your personal data:

  • as data processor on behalf of the referring centre supporting your treating team who are the data controller
  • in our own capacity as a data controller
  • TCP Homecare may also forward certain information about your treatment to sponsors of the applicable Service such as the manufacturer of the product used in our Service or your insurance provider who are each independent data controllers. Please see details below

TCP HOMECARE PROCESSING YOUR PERSONAL DATA ON BEHALF OF THE REFERRING CENTRE

When TCP Homecare processes your personal data on behalf of the referring centre, the referring centre is the data controller. Please contact your treating team/referring centre or visit referring centre’s website to access privacy notice and contact details of the Data Protection Officer of the referring centre.

Before your engagement with TCP Homecare: Your treating team asks for your consent for TCP Homecare to contact you in respect of our Services and to forward your health information in relation to this referral. Only after receipt of the referral from your treating team, TCP Homecare will contact you to arrange the appointment.

During your engagement with TCP Homecare: TCP Homecare may process your personal data on behalf of the referring centre including but not limited to the following purposes as applicable to our Service. It is the referring centre who sets out the legal basis for such processing and other details in relation to your personal data controlled by the referring centre in their privacy notice.

  • to schedule an appointment with you.
  • to access your home for the purpose of carrying out your treatment/education/support as prescribed by your treating team.
  • to obtain your consent to provide medical treatment to you/educate you in accordance with a valid prescription from your treating team.
  • to allow TCP Logistics to deliver your medicinal product to your pharmacy.
  • to allow TCP Pharmacy and Logistics to dispense and deliver your treatment/equipment to your home/location of your choice.
  • to provide a medical treatment subject to your consent to such treatment.
  • to allow us to contact you by phone to provide support in relation to your treatment or provide such support and education in person.
  • to inform your General Practitioner (GP) /Consultant, Public Health nurse and/or, if necessary, pharmacist or other health care professional that you are receiving treatment within your home.
  • to write and forward a report (either in electronic form or a hard copy) regarding each visit, detailing your treatment and any relevant medical information to your doctor and/or their treating team.
  • to report to the referring centre and the sponsor of the Service on the volume of products dispensed.
  • to forward (where applicable) details of any adverse event/reaction/other reportable event to the health care professional.
  • to report on your treatment to your health insurance provider.
  • to check if your treatment is covered by your health insurance provider.
  • to report on your treatment to the HSE or to a specific hospital (other than your referring hospital) in respect of the HSE or other hospital led programmes (subject to you participating in such programmes)
  • in the provision of your personal information to any successor service provider who will be delivering the Service where TCP Homecare are no longer contracted to provide the Service to ensure continuity of patient care, it being acknowledged that you will be informed prior to any such transfer.
  • in the provision of your personal information to any successor of TCP Homecare to ensure continuity of patient care in the event that TCP Homecare decides to reorganise or divest its business through a sale or other means of transfer
  • in the provision of Service activity, quality and customer satisfaction reports to the referring centre
  • in the provision of Service activity, quality and customer satisfaction reports to a sponsor the Service (subject to such sponsor of the Service entering confidentiality agreement) where your data will be presented in an aggregated format without identifying you to demonstrate service uptake and benefits of the Service or in the provision of such reports to the referring centre.

SPONSORS OF THE SERVICE AS DATA CONTROLLERS

MANUFACTURER

If the sponsor of our Service is the manufacturer of the product used in our Service, then the manufacturer is a data controller in respect of your personal data shared by TCP Homecare with such manufacturer. Please contact us if you wish to access the privacy notice of the applicable manufacturer.

The manufacturer may request from us:

  • pharmacovigilance reports containing certain limited data identifiers and including details of any adverse events or adverse reactions experienced by the patient or any other reportable events. Such pseudonymised information is shared with the manufacturer subject to your consent. The manufacturer is a data controller of such data from the moment such data is received by the manufacturer from TCP Homecare. The manufacturer is obliged to report such pharmacovigilance data to the relevant authorities.

INSURANCE PROVIDER

If the sponsor of our Service is your insurance provider, then your insurance provider is a data controller in respect of your personal data. Please contact us if you wish to access the privacy notice of such applicable insurance provider.

The insurance provider may request from us to provide the following on behalf of the referring centre:

  • all your data in respect of the treatment

OTHER SPONSORS

If it is applicable to our Service, the sponsor of our Service may be a hospital which is not your referring centre or the Health Service Executive in Ireland. In such cases, we are asked to forward your personal data to such Sponsor in relation to our Service on behalf of the referring centre.

TCP HOMECARE PROCESSING PERSONAL DATA AS DATA CONTROLLER

TCP HOMECARE PATIENT PRIVACY STATEMENT

TCP Homecare may process your personal data for the following purposes as data controller and based on the following legal basis.

Contact

TCP Homecare as data controller: TCP HOMECARE, 2-3 Westland House, Westland Business Park, Willow Road, Clondalkin, D12EA03, Dublin, Ireland,Data.Protection@tcp.ie

TCP Homecare Data Protection Officer: Fiona Joyce, United Drug House, Magna Drive, Magna Business Park, Citywest, D24XKE5, Dublin 24, Ireland,Data.Protection@tcp.ie

General purpose

We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Irish Data Protection Acts and other applicable data protection provisions. Personal data is processed only insofar as is necessary and permitted under data protection law, for example to enable us to provide our Service, fulfil our contractual obligations or to the extent that you consent to data processing.

Specific purpose and legal bases

We process your personal data as data controller for the following purposes based on the following legal bases or as otherwise based on your consent.

Purpose Legal Basis
To create pseudonymised reports containing pharmacovigilance data (if applicable) including adverse reaction or adverse event data or any other reportable event data and to forward such reports to the manufacturer of the product used in the provision of our Service who is obliged to report such data to relevant authorities. Follow up of an event may be made directly to the patient or their health care provider In accordance with the data minimisation principle, our reports include only identifiers such as your initials, age, gender (a process known as pseudonymisation where your name is not disclosed to prevent identification) Necessary to comply with a legal obligation to which we are subject pursuant to Art 6.1(c) GDPR
To create aggregate activity, quality and customer satisfaction reports in respect of our performed Services Such reports contain aggregate data and do not directly identify any of our patients. We usually provide such reports to the referring centre or to the sponsor of the Service who cannot identify you based on such aggregate data. However, we may also process your personal data in this respect as a controller for our own business management purposes Necessary to pursue our legitimate interests pursuant to Art. 6.1(f) GDPR: to enable us to run our business and manage our services effectively Necessary to manage the health services pursuant to Art. 9(h) GDPR and S. 52 (1)(e) DPA 2018
To monitor the quality of our Service To provide information to an authorised third party (subject to such third-party entering confidentiality agreement) for the purposes of compliance and/or quality auditing We usually provide quality and audit reports to the referring centre or to the sponsor of the Service. Such reports contain aggregate data and do not identify our patients. However, we may also process your data in this respect as a controller for our own purposes such as monitoring quality of our business and services as whole Necessary to pursue our legitimate interests pursuant to Art. 6.1(f) GDPR: to enable us to run our business, to monitor the quality of our services, to check that all processes are being followed Necessary to manage the health services pursuant to Art. 9(h) GDPR and S. 52 (1)(e) DPA 2018
To contact you in respect of and carry satisfaction surveys (optional) in respect of our Service being delivered which may involve personal data being passed to an independent third party so as to enable us to get your feedback on our Service. This will be carried out through written format or by telephone call. We may process your personal data in this respect as a controller for our own purposes such as monitoring quality of our business and services as whole. However, we may also pass aggregate results of the survey not identifying you as a person to the referring centre or to the sponsor of our Services Only if you consent
Website use and enquiries Further details as to how we process your data when you access or use our website are available at:www.tcp.ie

Personal data recipients

Your personal data will be shared with TCP Homecare internal departments or organisational units to the extent that this is necessary for the fulfilment of our Service.

Your personal data will be shared with the following external recipients:

  • Referring centre
  • sponsor of our Service: for example, manufacturer, insurance provider, hospital other than the referring centre, HSE
  • regulatory bodies or manufacturers of products that we use in our Service in order to report pharmacovigilance data including details of adverse events or adverse reactions or other reportable events (if applicable)
  • replacement service providers
  • external service providers who are acting as processors on our behalf or who perform various functions for us (e.g. technology providers, IT service providers, data centres, companies that destroy data or courier services). Such processing is necessary to pursue our legitimate interests pursuant to Art. 6.1(f) GDPR: to enable us to provide our Service and if your health data is processed (pursuant to Art. 9(h) GDPR and S. 52 (1)(e) DPA 2018 to enable us to manage the health services)
  • we may also share your personal data with third parties as specified in your consent.

Transfers to third countries

Our technology providers may carry out some processing activities (for example support function) from the ‘third countries’ (countries outside the EU or the EEA or outside of countries subject to adequacy decision of the European Commission) which is a ‘transfer’ of your personal data to third countries under the GDPR. If we ‘transfer’ your personal data to such third countries, we will ensure that appropriate measures are in place to protect your personal data and to comply with our obligations under the data protection law. This may mean that we enter into contracts in the form approved by the European Commission, and that we implement appropriate technical and organisational measures in respect of such transfers. If you would like to receive further details about measures, we have taken in relation to the transfer of your personal data to third countries, or copies of the agreements that we have put in place in relation to transfers, please contact us atdata.protection@tcp.ie

Data deletion and storage duration

We do not keep your personal data longer than it is necessary for the purpose for which we collect it. We also keep your personal data in accordance with the legal requirements imposed on us which means the retention period differs depending on the type of personal data. In determining the retention periods, we may take into account whether we need to retain your personal data in order to: (a) meet statutory requirements, (b) defend any legal claims, (c) meet our reasonable business requirements.

Your rights as a data subject

You may assert your rights listed below at any time.

Right of access

You are entitled, pursuant to Art. 15 GDPR, to obtain following information from us at any time and free of charge: your personal data that we process, the purposes of the processing, the categories of recipients of your personal data, the envisaged period for which your personal data will be stored or, in the case of transfer to a third country, the appropriate safeguards. You are also entitled to obtain a copy of your personal data.

Right to rectification, erasure, restriction of processing

Should the personal data we process about you be inaccurate or incomplete or if the processing is unlawful, you can request that we rectify, supplement or restrict the processing of your personal data or erase your personal data to the extent permitted by law, Art. 16, 17 and 18 GDPR. There is no right to erasure if the processing of your personal data is necessary (i) to exercise the right of freedom of expression and information, (ii) to comply with a legal obligation to which we are subject (e.g. statutory retention periods), (iii) to establish, exercise or defend legal claims, (iv) in the public interest, (v) in the exercise of official authority vested in the controller, (vi) for health or social care purposes, for public health purposes in the public interest.

Right to personal data portability

If you have provided us with your personal data on the basis of your consent or as part of an existing contractual relationship with us, we will, at your request, make your personal data available to you in a structured, commonly used and machine-readable format or, where technically feasible, will transmit them to a third party named by you.

Right to object

If we process your personal data in order to pursue a legitimate interest, you may object to this processing on grounds relating to your particular situation, Art. 21 GDPR. The right to object may be exercised only within the confines of Art. 21 GDPR. Moreover, our interests may override the cessation of processing, meaning that, despite your objection, we are entitled to process your personal data.

Right to lodge a complaint

You are welcome to contact our Data Protection Officer named in Section 2 with questions, suggestions and complaints.

You are also entitled, subject to Art. 77 GDPR, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The right to lodge a complaint applies regardless of any other administrative or judicial remedies.

The supervisory authority in Ireland is:

Office of the Data Protection Commissioner.

Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland

Phone +353 (0761) 104 800

LoCall 1890 25 22 31

Fax +353 57 868 4757

Email:info@dataprotection.ie

Consent/rights of withdrawal

In the event that you give or have given us your consent to the collection, processing or use of your personal data, you can withdraw this consent at any time by notifying us. An email is sufficient, but you can reach us via any a preferred method. You also have the right, on grounds relating to your particular situation, to object to the processing of your personal data on the basis of Art. 6, para. 1(e) (performance of a task carried out in the public interest) or Art. 6, para. 1(f) GDPR (legitimate interests pursued by the controller); the same applies to profiling pursuant to those provisions. In this event, we will no longer process your personal data, unless we can demonstrate compelling and legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims. If the personal data concerning you is processed in order to engage in direct marketing, you have the right to object at any time to the processing of your personal data for the purposes of such marketing. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for those purposes.

Amendments

We reserve the right to amend this Privacy Statement at any time.

Updated 02 February 2024