Data Protection

This information will tell you how to get a copy of records from the hospital and how the hospital collects, stores and uses personal data.

Privacy Policy

Privacy Statement

The Rotunda Hospital is committed to processing all personal data in compliance with prevailing Data Protection legislation. We prioritise safeguarding personal data and employ robust measures to ensure the security, confidentiality, and integrity of all patient information, accessed strictly by those with a legitimate cause.

Information we collect and how we use it
Our healthcare team—including doctors, midwives, and nurse maintain comprehensive records regarding your health and care, documented both on paper and in electronic formats. Medical information related to your care, including pregnancy and newborn data, is securely managed within the HSE’s Maternity & Newborn Clinical Management System (MN-CMS) housed on HSE Owned secure network.

Data Categories Collected
The personal data we collect includes but is not limited to:
Contact information (e.g., name, address, date of birth, next of kin, and GP details)
Medical records, such as visit history, health assessments, test results, and treatment notes
Information from external referrals, appointments, hospital admissions, and completed forms
This data is essential for ensuring high-quality, safe, and effective care. Please keep us updated with any changes to your information to facilitate accurate and timely service.

Data Retention
Your information is retained on the MN-CMS only for legally mandated periods as outlined in the HSE’s Record Retention Policy, available on the HSE website.

Use of Personal Data in Direct and Indirect Care
Our primary use of your information is to deliver and coordinate care, ensuring that healthcare professionals have access to accurate and up-to-date information to assess and provide appropriate treatment. This includes sharing necessary information with other healthcare providers directly involved in your care, such as your GP, unless you object.

For indirect care purposes, we may use your information to:
Review and enhance the quality of services provided
Forecast service requirements
Manage complaints and legal claims
Fulfill financial billing processes
Compile performance statistics and conduct audits
Support health research through anonymized data
We only conduct research using identifiable data with your explicit consent, as approved by the Rotunda Research Ethics Committee. Aggregated data may be shared with entities like the National Treatment Purchase Fund (NTPF).

Data Sharing and Legal Obligations
In specific situations, we may share your information without consent to meet legal obligations, such as:
Registering births with the General Register Office
Preventing serious harm to you or others
Complying with court orders
Supporting the investigation of severe crimes
Meeting public health reporting requirements (e.g., for infectious diseases)

Appointment Reminders and CCTV  
To assist in managing appointments, we may use your phone number to send SMS reminders. You may opt-out of this service by contacting us. Additionally, we employ CCTV on hospital premises to protect individuals and property and to ensure a safe environment. CCTV recordings are retained only as legally necessary, with disclosures strictly limited to legal requirements.

Data Security
We prioritise the security and confidentiality of your data through advanced protective measures. While we take extensive precautions to secure data, complete security cannot be guaranteed. We continuously review and enhance our security protocols as new technologies emerge.

Your Rights and Data Accuracy   
You have rights regarding your personal data, including the right to access, correct, or request the deletion of your data. You may also restrict or object to its processing or sharing. While we will respect these rights, we will inform you of any potential implications for your care. Please contact the Freedom of Information Unit at 01-817-1751 or [email protected]  if you believe any information we hold is inaccurate.

Our Data Protection Officer (DPO) is available to address any concerns regarding data management, risks, or incidents. For queries or complaints, please contact the DPO at [email protected]  or 01-817-6811. If unsatisfied with our response, you may file a complaint with the Data Protection Commissioner (www.dataprotection.ie).

Accessing Your Records  
You have the right to access your personal data. Requests can be submitted in writing to The Freedom of Information Unit, The Rotunda Hospital, 1-2 Cavendish Row, Dublin 1, D01 K883, or by email to [email protected]. Additionally, under the Freedom of Information Act 2014, you may request information held by the hospital, subject to legal exemptions. 

Updates to Our Privacy Statement 
This Privacy Statement is reviewed periodically and may be amended without prior notice. We encourage regular reviews of this statement to stay informed on how we protect and manage your data.

Online Privacy Policy

Online Privacy Notice
The Rotunda Hospital is committed to respecting and safeguarding your privacy rights. All personal data processed by the Hospital staff is managed in strict adherence to applicable Data Protection legislation. This Privacy Policy explains how we collect, use, and protect any personal data you provide when you visit our website.
By accessing this website, you acknowledge and agree to the terms outlined in this Privacy Policy.

Privacy Statement
This Privacy Policy outlines how the Rotunda Hospital processes personal data collected through the official website, www.rotunda.ie.

The Rotunda Hospital is dedicated to protecting the privacy rights of all patients, staff, and visitors. We uphold stringent measures to ensure the fundamental rights and freedoms of individuals are preserved and safeguarded. This Policy also describes the choices available to you as a user regarding our use of your personal information, along with your rights to access, correct, or delete any data held by the Hospital.

Collection and Use of Personal Information on the Rotunda Hospital Website
The Rotunda Hospital does not collect any personal data about you on this website unless you choose to provide it. Any personal information you share with us is not disclosed to third parties without your explicit consent. We handle your inquiries with the highest standards of security and confidentiality, as required by Data Protection legislation.

Collection and Use of Technical Information
Cookies: This website does not use cookies, except for temporary “session” cookies. Session cookies allow a visitor’s web browser to remember which pages have been accessed during the visit. These cookies do not collect personal information and are deleted once the browser is closed. You may choose to disable cookies on your browser without affecting your experience on this website.

Technical Data: Details regarding your visit to our website, such as IP address and browser type, may be logged for statistical analysis. This technical information does not constitute personal data under Data Protection law and is collected solely for analytical purposes.

Links to Other Websites
Please note that:
When you access other websites through links on our site, you are subject to the privacy policies of those external sites;
Links provided to other websites do not imply an endorsement by the Rotunda Hospital; and
The Rotunda Hospital is not responsible for the content or privacy practices of any other websites linked on this site.
The Rotunda Hospital is committed to maintaining the trust and confidence of our users and continuously seeks to enhance our privacy and data protection practices.

Your Rights and Data Accuracy

Your Rights and Data Accuracy

You have the right to request access to, rectification/correction of or erasure of your personal data.  You also have the right to restrict or object to the processing or transfer of your personal data.  If you wish to exercise your right to refuse/withdraw consent to information sharing, we will fully explain the possible consequences of this to you, which could include delays in you receiving appropriate care.  In each case, these rights are subject to restrictions.

If you think any information we hold about you is inaccurate, please let us know by contacting the Information Governance Department by phoning 01 – 817 1751 or email [email protected].

At corporate level, we have appointed a Data Protection Officer (DPO) who is accountable for the management of our information systems and the data they hold. The DPO also makes sure that any associated risks or incidents are documented and investigated appropriately. The Data Protection Officer’s contact details are as follows: email [email protected], telephone: 01 – 817 6811.

If you have any concerns or queries about your privacy or you wish to make a complaint regarding impingement on your privacy, please contact Data Protection Officer. We will endeavour to respond to your complaint within a reasonable time. However, if you are not satisfied with our response, you can make a complaint to the Office of the Data Protection Officer (www.dataprotection.ie).

This cookie policy explains how the hospital will use any information you submit to us or that we obtain from you while you visit our website. You signify that you agree to these terms of use by using this website and by continuing to use it.

What are cookies?
A cookie is a piece of data stored on the user’s path through the site, and identifies repeat visits. It contains basic information about the user’s identity, but no personal information. When the user closes their browser, the cookie is destroyed.

How we use cookies?
We use cookies for various purposes, including:
Analytics: To gather data about how you use our website and improve its performance.
Third-Party Services: We may use third-party services, such as YouTube, to embed content on our site. These services may also set cookies to provide a personalized experience.
By using our website, you consent to the use of cookies in accordance with this notice. Below are the details of the cookies and what they are used for, there is also information about how you can control them.

Session Cookies

We use session cookies on this site. Session cookies are cookies that last for a session. A session starts when you launch a website or web app and ends when you leave the website or close your browser window. Session cookies contain information that is stored in a temporary memory location which is deleted after the session ends. Unlike other cookies, session cookies are never stored on your device. Therefore, they are also known as transient cookies, non-persistent cookies, or temporary cookies.

YouTube Cookies

Our website embeds YouTube videos to provide you with multimedia content. When you watch these videos, you may be subject to YouTube’s cookies and privacy policy. For more information about how YouTube collects and processes data, please review YouTube’s Privacy Policy.

Google Analytics Cookies

We use Google Analytics, a web analytics service provided by Google LLC, to collect information about how visitors use our site. Google Analytics uses cookies to gather data, such as user interactions with our website. This information helps us analyze website traffic and improve our services. You can learn more about how Google collects and processes data by reviewing Google’s Privacy Policy. If you prefer not to be tracked by Google Analytics, you can opt-out through Google’s Opt-Out Browser Add-on.

Technical Data
We collect statistical and other analytical data about all of our website visitors collectively, This Technical Data includes anonymous statistical information on how our website is used as well as user IP addresses, browser kinds, web search keywords, and other information that cannot be used to identify or contact you. Your computer’s unique online address, represented in “Internet Protocol” code (e.g., 192.168.75.46), is known as an IP address. IP addresses are specific to each machine that is connected to the Internet, albeit they could change from connection to connection. We do not utilise technical data for advertising, and we anonymize IP addresses so that we cannot associate them with any specific person. For statistics analysis, technical information related to website visits is recorded. For the purposes of Data Protection law, obtained statistical data does not qualify as “personal data.” You signify your acceptance of these terms of use by using this website and your commitment to follow them.

Cookies Setting
You can set your computer not to accept cookies, without the loss of any functionality on this website. Restricting cookies may change the way the website functions. You can manage (restrict or block) your cookie preferences through your browser settings or other tools. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit All About Cookies.

We may update this cookies consent notice from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The date at the bottom of this notice indicates when it was last updated.

Queries
Any queries or concerns you may have about the Cookie policy on this website should be addressed to:
Data Protection Officer
Rotunda Hospital
1-2 Cavendish Row
Dublin 1, D01 K883
Email
[email protected]
Telephone: (01) 817 6811

What This Means:

Under GDPR and Irish Data Protection law, you have the right to request a copy of your personal data held both electronically and in manual records.

How to Apply:

  • Complete the GDPR Form.
  • Provide valid photo ID if requested.
  • Sign the request form

Response Time:

  • A response will be issued within 30 calendar days of receiving a valid request.
  • Records are sent via encrypted email or secure password-protected link, unless hard copy delivery is requested.

Last updated 2nd September 2025.