Menu Close
Last updated: 12 August 2024

SAVVY Health Privacy Policy

1. Introduction

At SAVVY Health, we recognise the critical importance of maintaining privacy and confidentiality for our clients. This policy outlines our commitment to safeguarding sensitive information and ensuring compliance with legal and ethical standards.

2. Principles

2.1 Privacy and Confidentiality

  • Privacy: Clients are assured that their personal details will be treated in complete confidence and consistent with the public interest and the right to privacy.
  • Data Protection Acts (1988 and 2003) + GDPR + Data Protection Act 2018: We adhere to these acts, which obliges us to safeguard individuals’ rights regarding the processing of their personal data.
  • Purpose Limitation: Personal information collected will only be used for the intended purpose or another directly related purpose.
  • Anonymisation: Data used for reporting and statistical purposes will be anonymised and aggregated, removing all identifiable information.

3. Implementation

3.1 Consent

  • Obtaining Consent: SAVVY Health will require client consent to this policy from the start and sessional clinical team members and staff accessing client information must do so in compliance with this policy.
  • Fact-Based Decisions: Decisions during the complaint management process must be supported by facts and evidence.

3.2 Confidentiality Clause

  • Sessional clinical team members and staff: All are bound by a confidentiality clause in their contracts.
  • Professional Confidence: A common-law duty to preserve professional confidence applies.

3.3 Data Security

  • Secure Storage: Medical records and other personal data, including feedback information will be securely stored and protected.

4. Data Collection

We collect personal data to provide and improve our services. The types of data we collect include:

  • Personal Identification Information: Name, address, email address, phone number, date of birth, etc.
  • Health Information: Medical history, dietary preferences, and other relevant health data.
  • Website Usage Data: IP address, browser type, pages visited, and other usage statistics through cookies and similar technologies.

5. Use of Personal Data

We use the collected data for the following purposes:

  • To provide and manage our health services.
  • To personalise your experience and improve our services.
  • To communicate with you, including responding to inquiries and sending updates.
  • To comply with legal obligations and protect our rights.

6. Legal Basis for Processing Data

We process personal data based on one or more of the following legal grounds:

  • Providing Services: When our team are conducting health assessments and tests and providing ongoing coaching and other supports.
  • Consent: When you provide consent for specific processing activities.
  • Legal Obligation: When processing is required to comply with the law, including the GDPR and the Irish Data Protection Act 2018.
  • Legitimate Interests: When processing is necessary for our legitimate interests, provided your rights and interests do not override these.

7. Data Protection and Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. This includes encryption, secure servers, and regular security audits.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal, regulatory, and internal policy requirements.

9. Your Data Protection Rights

You have the following rights regarding your personal data:

  • Right to Access: You can request copies of your personal data.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure: You can request deletion of your personal data under certain conditions.
  • Right to Restrict Processing: You can request restriction of processing under certain conditions.
  • Right to Object: You can object to processing based on legitimate interests.
  • Right to Data Portability: You can request transfer of your data to another organisation.

To exercise these rights, please contact us at hello@savvyhealth.ie.

11. Compliance with GDPR and the Irish Data Protection Act 2018

We adhere to the principles of the GDPR and the Irish Data Protection Act 2018, ensuring that personal data is:

  • Processed lawfully, fairly, and transparently.
  • Collected for specified, explicit, and legitimate purposes.
  • Adequate, relevant, and limited to what is necessary.
  • Accurate and kept up to date.
  • Retained only as long as necessary.
  • Processed securely to maintain confidentiality and integrity.

12. Cyber Security Policy

12.1 Overview

SAVVY Health Ireland is committed to protecting its information and systems from cyber threats. This Cyber Security Policy outlines our measures to safeguard data and ensure the integrity and security of our digital assets.

12.2 Security Measures

  • Access Control: Only authorised personnel have access to sensitive data. Access is granted based on role and necessity.
  • Encryption: All sensitive data is encrypted in transit and at rest using industry-standard encryption protocols.
  • Regular Audits: We conduct regular security audits and vulnerability assessments to identify and mitigate potential threats.
  • Firewalls and Anti-Malware: Robust firewalls and anti-malware software are in place to protect our systems from external and internal threats.
  • Incident Response: A detailed incident response plan is in place to address any security breaches promptly and effectively.

12.3 Employee Responsibilities

  • Training: All sessional clinical team members and staff receive regular training on cybersecurity best practices and are required to follow our security protocols.
  • Reporting: Employees and sessional staff must report any suspicious activity or security incidents immediately to the IT department.
  • Device Security: Employees and sessional staff are responsible for securing their devices, including using strong passwords, enabling multi-factor authentication, and keeping software up to date.

12.4 Third-Party Vendors

  • Due Diligence: We conduct thorough due diligence on third-party vendors to ensure they comply with our cybersecurity standards.
  • Contracts: All contracts with third-party vendors include clauses on data protection and cybersecurity obligations.

12.5 Data Backup and Recovery

  • Regular Backups: Data is backed up regularly to ensure it can be restored in case of data loss or corruption.
  • Disaster Recovery Plan: A comprehensive disaster recovery plan is in place to ensure business continuity in the event of a cyber incident.

13. Changes to This Policy

We may update this Privacy and Data Protection Policy from time to time. We will notify you of any significant changes by posting the new policy on our website and updating the effective date.

14. Contact Us

If you have any questions or concerns about our privacy practices or this policy, please contact us at:

SAVVY Health Ireland

Email: hello@savvyhealth.ie

SAVVY Health remains committed to maintaining confidentiality, respecting privacy, ensuring transparency in our healthcare services, and protecting against cyber threats.

Effective Date: 12/08/2024