Privacy Policy

1. INTRODUCTION

Welcome to the Privacy Policy of OLIVE Health Services ("Company", "we", "us", or "our").

We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website or use our mobile application (the "Platform"), and explicitly covers how we handle sensitive health data for Online Consultations and Home Phlebotomy Services.

Who are we?

The Controller: OLIVE Health Services is the Data Controller for your account registration, billing, and technical data.
The Processor: When we store your medical notes, prescriptions, or blood test results, we act as a Data Processor on behalf of the independent healthcare professional (the "Clinician") who treats you. The Clinician remains the Data Controller of your medical record.

Contact Details

If you have any questions about this privacy policy, please contact our Data Protection Officer (DPO):

Email: info@olivesofthehealth.com
Phone: +353 86 385 2761
Postal Address: 47 The Green, Elsmore, Jigginstown, Naas, Co. Kildare, W91 X47D

2. THE DATA WE COLLECT ABOUT YOU

A. Standard Personal Data

Identity Data: First name, last name, date of birth, gender
Contact Data: Email address, telephone number, postal address
Financial Data: Payment card details (processed via Stripe or PayPal), billing address
Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, platform, and device information

B. Special Category Data (Health Data under GDPR Article 9)

We collect, store, and process health data on behalf of the Clinician:

Medical History: Symptoms, diagnoses, prescriptions, allergies, and chronic conditions
Consultation Records: Notes taken during online consultation appointments
Audio/Video Data: Stored recordings of teleconsultation sessions (if you consent to recording). These are stored securely and used only for clinical reference and continuity of care
Pathology Data: Blood test results from home phlebotomy service appointments

3. HOW WE USE YOUR DATA (LEGAL BASIS)

We will only use your personal data when the law allows us to. Under the GDPR and Irish Data Protection Act 2018, the most common lawful bases for processing your data are:

Purpose / Activity	Type of Data	Legal Basis for Processing
Register you as a new patient	Identity, Contact	Performance of a contract with you
Process and deliver our healthcare services (consultation, blood tests, results)	Identity, Contact, Health, Financial, Technical	Performance of a contract with you Your explicit consent (for health data) Necessary for provision of healthcare (Art. 9(2)(h))
To process payment and recover debts	Identity, Contact, Financial	Performance of a contract with you Legitimate interests (to recover debts)
Send appointment reminders via email/SMS	Contact	Performance of a contract with you Your consent (for marketing preferences)
Improve our platform and services	Technical, Usage	Legitimate interests (to study how patients use our services, to improve and develop new services)

4. DISCLOSURE OF YOUR PERSONAL DATA

We may disclose your personal data to the following categories of recipients:

A. Healthcare Providers (Core Service)

Independent Clinicians: The doctor or nurse who treats you (they remain the Data Controller of your medical records).
Laboratory Partners: For blood test analysis (home phlebotomy service).

B. Third-Party Service Providers

Stripe / PayPal: Payment processors for consultation fees.
Twilio / Zoom SDK: Teleconsultation and SMS reminders.
Amazon Web Services (AWS) / Google Cloud Platform (GCP): Data hosting and storage infrastructure.
Email Service Providers (e.g., SendGrid, Mailgun): Transactional emails (appointment confirmations, receipts).

All third-party processors are bound by Data Processing Agreements (DPAs) that comply with GDPR Article 28.

C. Legal Requirements

We may disclose your personal data if required by Irish law or in response to valid requests by public authorities (e.g., a court order, or a request from the Health Service Executive or An Garda Síochána).

5. INTERNATIONAL TRANSFERS

We primarily store your data within the European Economic Area (EEA), with servers located in Ireland.

In some cases, your data may be transferred outside the EEA (e.g., to cloud providers such as AWS or GCP). When this occurs, we ensure that:

The recipient country has been deemed by the EU Commission to provide an adequate level of data protection; OR
We use Standard Contractual Clauses (SCCs) approved by the EU Commission; OR
The recipient is certified under an approved framework (e.g., EU-US Data Privacy Framework).

6. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. These include:

Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256).
Access Control: Strict role-based access controls ensure that only authorised personnel can access your data on a need-to-know basis.

We also have procedures to deal with any suspected data security breach and will notify you and the Irish Data Protection Commission of a breach where legally required.

7. DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Medical Records: Minimum 8 years from the date of the last consultation (in line with Irish Medical Council guidance).
Account Data (for non-clinical purposes): Up to 6 years after account closure (to comply with tax and financial record-keeping obligations).
Account Deletion: You may request deletion of your account by contacting info@olivesofthehealth.com. Please note that medical records may be retained for the statutory period even after account deletion.

8. YOUR LEGAL RIGHTS

Under Irish and EU data protection law, you have the right to:

Request Access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you.
Request Correction of the personal data that we hold about you.
Request Erasure of your personal data (subject to legal retention requirements for medical records).
Withdraw Consent at any time where we are relying on consent to process your personal data (e.g., for consultation recordings).

If you wish to exercise any of the above rights, please contact us at: info@olivesofthehealth.com

You also have the right to lodge a complaint with the Irish Data Protection Commission if you believe we have not complied with data protection laws:

Website: www.dataprotection.ie
Email: info@dataprotection.ie
Phone: +353 57 868 4800

ACTIONABLE ADVICE: THE COOKIE BANNER

If your website uses cookies (e.g., for analytics, session management, or marketing pixels), you must:

Obtain Consent Before Placing Non-Essential Cookies: Use a cookie consent banner that allows users to opt-in or opt-out of specific categories (e.g., Analytics, Marketing).
Provide a Cookie Policy Link: Include a separate "Cookie Policy" page or section that lists:
- What cookies you use (name, purpose, duration, third-party provider)
- How users can manage or delete cookies
Respect the User's Choice: If a user declines cookies, do not set them (except strictly necessary cookies for site functionality).

Example Cookie Consent Banner Text:

"We use cookies to improve your experience on our site. By clicking 'Accept All', you consent to the use of all cookies. You can manage your preferences in our Cookie Settings."

PRIVACY POLICY